[ previous ] [ next ] [ threads ]
 
 From:  Sven Brill <madde at gmx dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN on 1.2 or later
 Date:  Mon, 12 Jun 2006 18:39:54 -0400
Don Munyak wrote:
>
> Nope, just doing some research on alternatives to IPSEC and came
> across your thread. I am currently running 1.21-generic-pc. Do you
> have a recommendations for dropping back to your openvpn package?
>

I am running 1.21-ovpn1 (the last one Peter made, afaik), and I can say,
it works flawlessly. I have configured openVPN to run over TCP rather
than UDP, because I travel a lot and run into all kinds of firewalls,
and tunneling a tcp connection through something else is just easier,
udp gets blocked more often, for whatever reason (not to mention IP
protocol 50 for IPSec - try to get that through a client's firewall). At
home, I have my wireless segment firewalled off except for port 1194. On
that segment, I push the default gateway, and as soon as the tunnel is
up, the wireless clients have full access to the world. Everything is
set up with certificates, not shared secrets. have not tried CRLs yet.
couldn't be happier.

just my two cents.

Sven