Great idea. You got me to look at it anyway, and I would not have before.
It looks possible to achieve the idea with openvpn. I have a test setup At the moent for ipsec I will try it out with openvpn tunnels and see if it works. Will post performance tests of results in a few days. Any configurations that you or anyone has of working openvpn configs would be helpfull > -----Original Message----- > From: jonathan gonzalez [mailto:[EMAIL PROTECTED] > Sent: 22 October 2005 18:54 > To: [email protected] > Subject: Re: [pfSense Support] ipsec > > i'm working also in the openvpn implementation in my box so if either > each one obtain good result would be grateful to post the good news in > the list, don't you think? ;) > > Regards, > > jonathan > > > > alan walters wrote: > > Yep I use an email address as the cn. > > Open vpn would be great but this seems to still not be available. > > Even a gre tunnel would do what I require but again not built into > pfsense. > > > > So I persevere this way. The only security concern that I can see is the > the vpn hub. This is a concern but pfsense seems to be reasonably well > locked down. > > > > The whole point of the hub is to be able to get a central public block > to a large number of remote sites that I cannot route blocks to. > > > > I might take you advise though and try with openvpn if I can get the > devel options to work and enable it. > > > > > >>-----Original Message----- > >>From: jonathan gonzalez [mailto:[EMAIL PROTECTED] > >>Sent: 22 October 2005 17:57 > >>To: [email protected] > >>Subject: Re: [pfSense Support] ipsec > >> > >>Hi guys, > >> > >>i know that this question may seem to be silly but, if what you want is > >>to establish an ipsec tunnel in a roadwarrior-fashion why don't you use > >>any other type of CN? > >> > >>i mean, use a dyndns name, an email address, etc... > >> > >>In contrary case you can use OpenVPN, that is not ipsec but will enable > >>you easily achieve what i think you need. > >> > >>Just to finnish, 0.0.0.0 is not a good idea because you use ipsec to > >>setup net-to-net tunnel... Using 0.0.0.0 you likely be a vpn hub that is > >>something 'weird' from the security point of view. > >> > >>That's my 0.02€ ;) > >> > >>Regards, > >> > >>jonathan > >> > >> > >> > >> > >> > >>alan walters wrote: > >> > >>>>This must have got overwritten when we sync'd to m0n0wall for their > >>>>certificate support. Do a update_file.sh > >>>>/usr/local/www/vpn_ipsec_edit.php and all should be well again (I > >>>>hope). > >>>> > >>>>Scott > >>> > >>> > >>>[alan walters] > >>> > >>>I copyed that file from the releng branch of the cvs but stillthe same. > >>>The box is isolated from the internet so no way to update it apart from > >>>manually. This still produced the same error. Remote subnet bits cannot > >>>be zero. > >>> > >>> > >>> > >>>>On 10/21/05, alan walters <[EMAIL PROTECTED]> wrote: > >>>> > >>>> > >>>>> > >>>>>I know some time ago we looked at ipsec tunnels with 0.0.0.0/0 > >>> > >>>subnets. > >>> > >>> > >>>>I > >>>> > >>>> > >>>>>upgraded to 0.86.4 and again to 0.88.0 > >>>>> > >>>>>Neither seem to support the following configuration in gui any more. > >>>>> > >>>>> > >>>>> > >>>>>The will not work: > >>>>> > >>>>> > >>>>> > >>>>>Localnet 192.168.1.1/24 remotegateway: > >>> > >>>public > >>> > >>> > >>>>>address > >>>>> > >>>>>Remotenet 0.0.0.0/0 > >>>>> > >>>>> > >>>>> > >>>>>But this works : > >>>>> > >>>>> > >>>>> > >>>>>Localnet 0.0.0.0/0 remotegateway: > >>>> > >>>>public > >>>> > >>>> > >>>>>address > >>>>> > >>>>>Remotenet 192.168.1.1/24 > >>>>> > >>>>> > >>>>> > >>>>>Regards. > >>>>> > >>>>> > >>>>> > >>>>>Hope you can help me with this. > >>>> > >>>>--------------------------------------------------------------------- > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
