-------- Original Message --------
>>Has anyone succeeded in replacing the official IPsec feature (based on
>>racoon) with the unofficial OpenVPN port, in gateway-to-gateway VPN
> Well, "replacing" would certainly be a bad idea, for at least a couple of
I'm very sorry if I let you think I wanted have IPSec replaced by
OpenVPN in official m0n0wall releases.
What I meant should have been written: "Has anyone succeeded in using
the unofficial OpenVPN port, in gateway-to-gateway VPN configuration?"
In fact, I must have thought and written too quickly. More, English is
not my natural language. Please apology for this "bug" ;-)
Sorry for that!
(Manuel: in fact I was starting a putsch, but I've been caught ;-)
More: IPsec does not work 100% of the time for me, but this does not
mean I will switch to OpenVPN and let other people find a solution for
me. I imagine other people are not satisfied with the situation too, so
I want to contribute and make IPsec work on m0n0wall. I won't give up so
> How about just investigating what's wrong when your IPsec tunnel stops
> working? Did you ever get the PPTP link set up so you can view the state
> of the remote without depending on IPsec? Fixing something that almost
> works is likely to be easier than implementing something entirely new.
This was a good "Plan B", but unfortunately, the PPTP integrated server
feature + IPSec tunnel does not seem to work at the same time on the
same box. I've tested it two times from different clients and with two
different m0n0 boxes. PPTP just work fine but the IPsec tunnel does not
establish anymore after the PPTP is running.
Can someone confirm ?
I may be doing something the wrong way, but I see no extra parameters in
my configs PPPoE (fixed IP) + DNS forwarder + DHCP server (with static
entries) + traffic shaper. No special filter rules, no OPT interface, no
As long as we have no way to keep the tunnel alive (I know, it's
coming...) I can't be sure what's wrong with racoon. Other VPN
implementations provide such a feature. Why IPsec does not?
Yes, racoon "almost" work. That's the problem. I just have sometimes to
call the secretary at our remote office and ask her to unplug the black
power cable on the ugly green box. Soekris users see what I mean.
To be objective, the official racoon's TODO file from 2000/10/04 reads:
TO BE TESTED.
Reboot recovery (peer reboot losing it's security associations)
So, this is a know problem. It's been 4 years now and it has not been
solved by the development team. I'm personally not able to write the
piece of code which would solve this issue. So, I just wonder if we
couldn't *try* something else *besides* racoon.
Thanks to all for your answers. Comments, suggestions are welcome.