[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  OpenVPN for m0n0wall suggestion
 Date:  Mon, 12 Feb 2007 10:26:13 -0600
It is my understanding that OpenVPN has been dropped from m0n0wall  
because how it plugged-in to m0n0wall's interface model, problems  
occur when OPT interfaces are added or removed.

Could I be so bold as to suggest adding OpenVPN back into m0n0wall,  
but instead at the interface level, place OpenVPN *behind* the  
m0n0wall interfaces.

The user could choose which segment to place OpenVPN into, specify  
it's reserved IP address (aka PPTP), and non-overlapping network.   
The NAT Rule, Firewall Rule and Static Route could be automatically  
generated, or left to the user.

Since OpenVPN does not have the NAT firewall problems as IPSec and  
PPTP does, placing OpenVPN behind the firewall does not present such  
issues.

Does this make sense?

Lonnie