[ previous ] [ next ] [ threads ]
 From:  Richard Morrell <dick at dickmorrell dot com>
 To:  Dany Nativel <dany underscore list at natzo dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Statement regarding m0n0wall features
 Date:  Tue, 27 Jan 2004 19:20:18 +0000
Dany Nativel wrote:

> Manuel,
> I think the "to do / Wishlist" on your website clearly shows the path.
> Bring us OpenVPN and certificates for IPSec and we'll be all set.
> I've tried e-smith, smoothwall and lately IPcop on an old PC. I got 
> tired about noise, size and power consumption. I'm about to receive a 
> 4501 for  monowall and will be using a mini-itx 533MHz board in an 
> ultra-small case for the file server (and maybe IPsec for WLAN if the 
> 4501 is too slow).

Let me calm down and tell you why Dany's posting is so up his own a*s 
that it's enough to make you want to scream.

"Bring us OpenVPN" - hmmm - do you have any idea of the implementation 
of OpenVPN properly tested, compiled and tied into a web gui frontend 
and also then working out what that implementation breaks on existing 
builds ?

Then you mention IPSec CA

Well there you go - OpenVPN AND Freeswan IPSec with Cert Auth - thats 
two technologies - not one - two. OpenVPN doesn't interoperate properly 
with most IPSec gateways. Not OpenVPNs fault - its just Watchguard 
(whose labs I've spent a lot of time in) and 
Cisco/Checkpoint/Sonicwall/blah blah gateways all have their "own idea" 
of what an IPSec stack looks like. IPSec is a screwed up standard - it 
truly is. Interoperability of IPSec is a pain, OpenVPN is a piece of 
crap anyway - it's a toy that should be well avoided. FreeSWAN is what 
I've used and funded since 1998. It works, it's really very intelligent 
- and the logging and auditing of FreeSWAN as well as updates and 
responses from the developers is cool. OpenVPN is a flavour of VPN - 
it's cool for home users but this stuff shouldn't ever get into the 
marketplace - it's introducing yet one more breakable module.

It's just not production ready.