[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Testing OpenVPN?
 Date:  Tue, 10 Aug 2004 15:52:22 -0700 (PDT)
On Tue, 10 Aug 2004, Vincent Fleuranceau wrote:

> Has anyone succeeded in replacing the official IPsec feature (based on 
> racoon) with the unofficial OpenVPN port, in gateway-to-gateway VPN 
> configuration?

Well, "replacing" would certainly be a bad idea, for at least a couple of

1) OpenVPN is less interoperable then IPsec, since you won't find it on
many commercial routers.

2) Tunneling through a user program is considerably more CPU-intensive,
which is a significant factor on hardware like Soekris and WRAP boards.

> More: is there a way to get a pre-build net4501 image with m0n0-ovpn, 
> for testing purpose?

How about just investigating what's wrong when your IPsec tunnel stops
working?  Did you ever get the PPTP link set up so you can view the state
of the remote without depending on IPsec?  Fixing something that almost
works is likely to be easier than implementing something entirely new.

					Fred Wright