Dany Nativel wrote:
> I think the "to do / Wishlist" on your website clearly shows the path.
> Bring us OpenVPN and certificates for IPSec and we'll be all set.
> I've tried e-smith, smoothwall and lately IPcop on an old PC. I got
> tired about noise, size and power consumption. I'm about to receive a
> 4501 for monowall and will be using a mini-itx 533MHz board in an
> ultra-small case for the file server (and maybe IPsec for WLAN if the
> 4501 is too slow).
Let me calm down and tell you why Dany's posting is so up his own a*s
that it's enough to make you want to scream.
"Bring us OpenVPN" - hmmm - do you have any idea of the implementation
of OpenVPN properly tested, compiled and tied into a web gui frontend
and also then working out what that implementation breaks on existing
Then you mention IPSec CA
Well there you go - OpenVPN AND Freeswan IPSec with Cert Auth - thats
two technologies - not one - two. OpenVPN doesn't interoperate properly
with most IPSec gateways. Not OpenVPNs fault - its just Watchguard
(whose labs I've spent a lot of time in) and
Cisco/Checkpoint/Sonicwall/blah blah gateways all have their "own idea"
of what an IPSec stack looks like. IPSec is a screwed up standard - it
truly is. Interoperability of IPSec is a pain, OpenVPN is a piece of
crap anyway - it's a toy that should be well avoided. FreeSWAN is what
I've used and funded since 1998. It works, it's really very intelligent
- and the logging and auditing of FreeSWAN as well as updates and
responses from the developers is cool. OpenVPN is a flavour of VPN -
it's cool for home users but this stuff shouldn't ever get into the
marketplace - it's introducing yet one more breakable module.
It's just not production ready.