|
||||||||
Hi folks! First of all gratulation to Manuel and the whole development team: M0n0wall is the best open-source firewall by far. As I work daily with firewalls like Cisco PIX, SecureComputing Sidewinder, Astaro ASL, ... i still something I'm missing in m0n0wall: service and host groups. Grouping hosts and/or services keeps the firewall rules shorter and easier to follow. With this additional feature m0n0wall would keep up with the "bigs". PS: regarding VPN and dynamic IP Running VPN with a dynamic allocated IP on m0n0wall works fine. The problem is build a VPN tunnel to a remote dynamic allocated destination. Without rebuild racoon or the IPsec implementation I see following solution: - monitor the VPN tunnel state (racoon logs to system log) - if the tunnel goes down lookup DNS to get the IP address of the remote end - set the new IP within racoon to rebuild the tunnel This could be done with a script using already present features. I did this on a Linux based firewall with the freeswan IPsec and worked very well. I would also doing it myself on m0n0wall but my knowledge of freeBSD are very poor (I'm learning...) regards ------------------------------------------------------------------ Daniele Guazzoni Network & System Engineer Cisco Certified Network Professional E-Mail: daniele dot guazzoni at gcomm dot ch Web: http://www.gcomm.ch ------------------------------------------------------------------ "Destiny is not a matter of chance, it is a matter of choice; it is not a thing to be waited for, it is a thing to be achieved." William Jennings Bryan |