[ previous ] [ next ] [ threads ]
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  mono at fabiand dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP VPN Newbie Question
 Date:  Wed, 19 Oct 2005 11:16:51 +0200
Hi Daniel!

Am Mittwoch, den 19.10.2005, 10:56 +0200 schrieb Daniel Fabian:
> Thanks for the answer, and sorry if this reply is messed up
I do my best in rearranging the posting ;-)

> What exactly do I need for OpenVPN over PPTP?
Wrong question, see below.

> Am I correct to assume that I need an additional OpenVPN server,
You are free to do the encryption and decrytion on an extra machine
behind your firewall/router.

> or does it run on m0n0?
It did it before 1.2. OpenVPN was removed from m0n0wall in 1.2. Use my
images from [1]. They have much better support for OpenVPN anyway.
Images based on 1.2final are expected by the end of this week. You can
find prereleases in the testing subdirectory.

>  If the first is the case, I would only allow PPTP users to
> connect to my OpenVPN Server, and if they are authenticated
> there, they get access into my LAN. Is that correct? Do
> you have any references for running OpenVPN over PPTP with m0n0?

OpenVPN has nothing in common with PPTP (or IPSec). In short: A CA
provides each of your clients with a valid certificate and key.
When connecting to the OpenVPN Server, the certificate is checked
and if valid, the client can send and receive encrypted packets to
and from the main site. OpenVPN uses udp (or even tcp) based
communication for that, so that it isn't any problem to tunnel these
packets through a router which does NAT (no need for an own IP protocol
like GRE or ESP/AH). Look at [2] for a much deeper description of what
OpenVPN is and can do.

Ciao ...
	... PIT ...

[1] http://www.protec-t.de/m0n0wall/downloads/
[2] http://openvpn.net

 copyleft(c) by |   _-_     Why use Windows, since there is a door? (By
 Peter Allgeyer | 0(o_o)0   fachat at galileo dot rhein dash neckar dot de, Andre Fachat)