Dany Nativel wrote:

> Manuel,
>
> I think the "to do / Wishlist" on your website clearly shows the path.
>
> Bring us OpenVPN and certificates for IPSec and we'll be all set.
>
> I've tried e-smith, smoothwall and lately IPcop on an old PC. I got 
> tired about noise, size and power consumption. I'm about to receive a 
> 4501 for  monowall and will be using a mini-itx 533MHz board in an 
> ultra-small case for the file server (and maybe IPsec for WLAN if the 
> 4501 is too slow).

Let me calm down and tell you why Dany's posting is so up his own a*s 
that it's enough to make you want to scream.

"Bring us OpenVPN" - hmmm - do you have any idea of the implementation 
of OpenVPN properly tested, compiled and tied into a web gui frontend 
and also then working out what that implementation breaks on existing 
builds ?

Then you mention IPSec CA

Well there you go - OpenVPN AND Freeswan IPSec with Cert Auth - thats 
two technologies - not one - two. OpenVPN doesn't interoperate properly 
with most IPSec gateways. Not OpenVPNs fault - its just Watchguard 
(whose labs I've spent a lot of time in) and 
Cisco/Checkpoint/Sonicwall/blah blah gateways all have their "own idea" 
of what an IPSec stack looks like. IPSec is a screwed up standard - it 
truly is. Interoperability of IPSec is a pain, OpenVPN is a piece of 
crap anyway - it's a toy that should be well avoided. FreeSWAN is what 
I've used and funded since 1998. It works, it's really very intelligent 
- and the logging and auditing of FreeSWAN as well as updates and 
responses from the developers is cool. OpenVPN is a flavour of VPN - 
it's cool for home users but this stuff shouldn't ever get into the 
marketplace - it's introducing yet one more breakable module.

It's just not production ready.

Dick