[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  JP M <jpm underscore tmp2 at yahoo dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN, switching to m0n0
 Date:  Mon, 19 Sep 2005 13:41:53 +0200
Hi JP!

Am Montag, den 19.09.2005, 03:46 -0700 schrieb JP M:
> => Yes, I think it is. The tunnel must use either tun
> or tap at both ends. Client drivers have an impact. If
> I remember right, mac OS X prior to 10.3 can't use
> tap; windows can't do tun.
Yes, ok (altough not checked this point), but the real question is:
is there any good reason, to use an "Ethernet tunnel" w/o bridging
(let's call an "Ethernet tunnel" /w bridging an "Ethernet bridge")
it to a physical interface? 

> In Ovpn 2, which works in client server fashion that
> is solved using custom configuration rules in a "ccd"
> directory with per-client rules for server side (and
> possibly client side via "push").
This is true for multi-client mode only.

>  2) Under Ovpn 1.x I had about 10 tunnels, which meant
> 10 tap devices on the server, and 20 conf files. Ovpn
> 2 has simplified that, but I *still* use 2 Ovpn
> deamons.
For several reasons I've implemented that this way at the
moment. Simplifying (multi-client) is on the TODO list.

> So. Could a solution be to have the current and nice
> GUI for general cases, and expose the configuration
> file on the floppy for experts ?
That would break the idea of m0n0wall having the hole configuration in
one file. I would prefer - for experts only - saving the contents of an
own configuration file in an own section under <ovpn><server><tunnel>.
The certificate and key files are generated this way at the moment.

BR,
   PIT


---------------------------------------------------------------------------
 copyleft(c) by |   _-_     Call me bored, but don't call me boring.  --
 Peter Allgeyer | 0(o_o)0   Larry Wall in <199705101952 dot MAA00756 at wall dot org>
---------------oOO--(_)--OOo-----------------------------------------------