On 11/11/2010 8:48 AM, Vick Khera wrote: [snip] > I think it would be really nice if the VPN endpoints would all behave > like the fixed endpoint IPsec connections so I did not need to add > rules to the LAN filter to avoid the failover pool rule. Barring > that, it would be really handy to have on the "destination" drop down > an item for OpenVPN and/or IPSec endpoints, similarly to how there is > one for PPTP clients.
IPsec does not route, OpenVPN does. That's one fundamental difference here. Another is that the policy route exclusion code can find the IPsec subnets easily, but OpenVPN subnets can be harder to pin down if you have them in custom options, as many people do. OpenVPN also wasn't as tightly integrated into the GUI in 1.2.3 as it is in 2.0. I thought that in 2.0 the OpenVPN subnets were added to the policy route exclusion, but I'm not seeing that on my router. It's on a month-old snapshot though. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org