[ previous ] [ next ] [ threads ]
 
 From:  Kris Maglione <bsdaemon at comcast dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN, switching to m0n0
 Date:  Sun, 18 Sep 2005 00:26:27 -0400
JP M wrote:

>What I suggest for bridging:
> - add a checkbox near the fields that serves the
>server-bridge directive. Call that "[ ] Use m0n0 for
>bridging" or some. The checkbox is enabled when the
>selected interface is tap, else disabled. When enabled
>and checked, the "server-bridge" field is disabled
>(and commented in the conf file).
> - make Openvpn's server interface (tun or tap)
>invisible or impossible to edit from the Interfaces
>menu.
>  
>
I suggest that OVPN interfaces are a different kind of optional 
interface. I haven't given enough thought to the details of where what 
configuration options should be. I think, though, that stuff like 'use 
m0n0 [OpenVPN?] for bridging' should be transparent. If it's bridged, it 
just works differently. As for separating the two networks (default 
route, ip ranges, etc...), should that be handled on the OpenVPN screen, 
the DHCP server screen, ...? If they have different IP ranges, etc, 
should the DHCP server handle the differences, or should OpenVPN? In 
this case, the benefit of always using the DHCP server is that you don't 
necesarily have to boot all VPN clients. The problem with OpenVPN is 
that it's so damned complex. Maybe there should just be three distinct 
senerios. Ethernet tunnel, IP tunnel, Ethernet bridge; one can't be 
changed on the fly to another and they act and are implemented in 
completely different ways.

I know a lot of thought has gone into the implementation and that a lot 
is yet to be figured out, so I'm just throwing out thoughts.