this is a short post to announce, that the currently in development core update no. 65 has been pushed into the testing tree, from where you can install it easily if you want to help us testing it.
Along with a minor bugfixes in the proxy report generator
calamaris (#10259) and some preparation work for new addons that will be released soon, the majority of changes has been done in the OpenVPN area.
Path MTU Discovery
The first of the two new features is called Path MTU Discovery which can be used for net-to-net and roadwarrior connections. It enables the client and server to automatically detect the best packet size that both use to encapsulate the data.
The benefit from this detection mechanism is that the throughput of an OpenVPN connection increases. In our experiments we gained one additional Mbit/s on a 5 MBit/s DSL link. In other words, the currently used default settings limit your usable bandwidth to 4 MBit/s which is technically not necessary.
The feature has already been described by Stefan Schantl. You need to manually enable it for your existent connections.
Client Configuration Directory
Behind this cryptic name hides a very powerful feature for the OpenVPN roadwarrior server. Basically, each client can have its own configuration file with its own configuration settings that may differ from the default OpenVPN server settings.
For example, you could use this to push an extra route to only one client, which should be able to access the DMZ, because he needs to administer the servers in there. Or you could assign a static IP address to one client to identify it easily on the network (just as the DHCP static leases).
The feature has been introduced by Erik Kapfer a while ago, but it was not available in the configuration interface. Alexander Marx from Ostangler Versicherungen has been working on this very interface that should be used in his company soon.
So here is – very briefly – what you could do with this:
- Configure static IP addresses for your OpenVPN roadwarrior clients.
- Create networks to group clients (e.g. admin network, clients that use the Terminal Server).
- Enable clients to access the GREEN, BLUE or ORANGE network. One of those or all.
- Push DNS or WINS server addresses to individual clients.
We would be very glad, if you give us a hand testing these new features. OpenVPN is very commonly used in an IPFire setup and we think that these new functionalities make it even more powerful and a much more handy tool.