[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] SSL VPN?
 Date:  Mon, 22 Dec 2008 17:56:34 -0500
On Mon, Dec 22, 2008 at 2:53 PM, Quark IT - Hilton Travis
<Hilton at quarkit dot com dot au> wrote:
> G'day Michael,
> M0n0wall had previously included the OpenVPN code, however it was
> removed (from memory) because of stability issues.  Weird, I know,
> because OpenVPN is used by a lot of others without issue, such as the
> DD-WRT guys in their replacement OS for the Linksys WRT-series (and
> others) router devices.

It was related to how m0n0wall works with OPT interfaces, it created
problems. Don't remember specifically, but it created bugs. No one was
interested in fixing it.

I agree, that's the best option for SSL VPN.

Though OpenVPN isn't what most people are after when they say "SSL
VPN". Yes, it does use SSL, but most have had the marketing term "SSL
VPN", or "clientless VPN" (utter garbage, there is no such thing)
shoved down their throat by commercial vendors' marketing departments
to mean something completely different.

There are a couple open source SSL VPN with web based client
distribution options (more technically correct description than "SSL
VPN" or "clientless VPN", but it sure doesn't have a nice ring, eh?).
But, they all require Java, which screams bloat and maintenance
headaches. Java in and of itself is significantly bigger than all of
m0n0wall, so I wouldn't expect to ever see that. Besides, you probably
really don't want a SSL VPN with web based client distribution (ahem).
Discussion of why here:
http://www.mail-archive.com/support at pfsense dot com/msg13595.html