I've been using m0n0wall for almost a year and I really like it. Tt
works far better than most other similar tools I've encoutered. I use it
mainly to connect remote offices to our SIP PBX. I started out with
IPSec but as soon as I got OpenVPN to work I switched to that instead.
It is much easier to administrate, ability to push routes, no need to
know remote ip, etc.
As long as everything else is working as expected, operation is smooth.
But recovery after failure is not good in 2 specific cases:
1. If the tunnel breaks and one of the phones tries to connect to the
SIP server while the tunnel is down, that phone will not be able to
connect to the SIP server once the tunnel is up. I have found 2 ways to
a. Force a cold boot of the phone. The phone will do a TFTP download
and after that operation is normal.
b. Log in to the m0n0 and flush the state tables.
I guess that the state tables could get flushed whenever a tunnel gets
up. But I'm not sure about the cause of this issue, so this is maybe not
the Right Solution.
2. If the SIP service is down for some reason and one of the phones
tries to contact the SIP server, m0n0 dies. It does not respond on any
of the network interfaces. I haven't had chance to hook up a serial
cable to a m0n0 which died this way to see if was still running. The
cure is cycling the power.
I'm a bit puzzled by this one. Why should an unreachable service at the
far end of the tunnel mess up everything (or maybe just the interfaces)?
I use the 1.2-ovpn2 image. I have tried 1.21 but PPTP fails on this one
if I'm using OpenVPN. I have one 1.21-ovpn1 running at home though and
the same problems applies to this one too.
I'm using the net48xx platform only. The server where all the m0n0s
connect to is running Debian stable with OpenVPN 2.0