On 11/13/06, Stefan Tunsch <[EMAIL PROTECTED]> wrote:
I have seen several posts in the forum stating that tun or tap interfaces
should not be assigned to an interface of pfSense.
That any/any firewall rules are automatically created when openvpn client
establishes connection.
And that no traffic will flow if static routes wheren't defined on BOTH
sides of the tunnel.
This supposes a problem for me. I have a centralized server infraestructure
where an openvpn server is running.
This server serves connections for different offices.
Route push options. Look in the forum where this is also talked about.
If I have to set up static routes on the server to each of these offices,
the first problem I have is that several of them are using the same network
settings. In this scenario, I have to either make sure each office uses a
different network or this will not work.
It sounds strange not to be able to establish outbound natting on the
tunnel.
Not being able to establish firewall rules to control who gets access to the
tunnel also sounds weird.
This was a known problem going into 1.0. We cannot make everyone
happy overnight.
Scott
