For the love of jebus please give us IPSEC & PPTP!

[woode]

I don't grant much sympathy for use of devices that lock you in to the degree that all Apple products do. You bought the things... now you're stuck dealing with them.

Sorry, but that's a two-way street, buddy. The same can be said for people who bought Untangle, and are stuck with dealing with the fact that it only supports OpenVPN, and no other industry standard VPN.

Those of us who implemented Untangle for free, and later discovered we needed something other than OpenVPN, may not have quite the financial investment, but we do have an significant investment in time, resources, and frustration. Thanks for blowing us off. Shows how much you don't really give a crap.

[mrunkel]

Sorry, but that's a two-way street, buddy. The same can be said for people who bought Untangle, and are stuck with dealing with the fact that it only supports OpenVPN, and no other industry standard VPN.

Those of us who implemented Untangle for free, and later discovered we needed something other than OpenVPN, may not have quite the financial investment, but we do have an significant investment in time, resources, and frustration. Thanks for blowing us off. Shows how much you don't really give a crap.

You know that sky-knight doesn't work for untangle right? He volunteers his time here for free.

[mrunkel]

So to summarize, you want IPSEC to:

1.) Work with every other vendors IPSEC implementation for site to site.
2.) Work with Windows, OS X, and linux IPSEC native clients. Oddly, it's the windows one that would be hardest.

This is a big project. Let me ask you this, would you be willing to pay for this feature if we went and licensed an existing solution?

[YeOldeStonecat]

So what exactly do you guys want? Site to Site IPSEC? Windows IPSEC client support? Because most IPSEC setups (like monowall) don't support that today.

Which other IPSEC clients should we support?

As for PPTP, I don't see that on the roadmap for Untangle, but I'm just one guy here. It's yesterday's technology that didn't provide what it said it should long ago.

An opinion from an SMB consultant that could increase the amount of Untangle deployments (and thus sales and money for you)...
My vote...."Site to Site IPSec".

I could care less about Windows IPSec client support, and I could care less about other IPSec software client support. For remote users, you have your OpenVPN and that's fine. Browser based SSL VPN such as Juniper has in their SSL appliances is great.

I can live without PPTP VPN, it's not a dealbreaker, although it's nice to have from a support standpoint.

But back to my point....supporting router to router IPSec VPN tunnels would greatly increase my ability to implement your product in more clients of mine. Just a standard method like Linksys/Cisco does with their RV0 series of routers.

A lot of us have clients with existing hardware, existing WANs, and they are running on hardware that does the site to site tunnels. If we need to add a new satellite office, or get the opportunity to replace one of the units...we have no means of introducing Untangle, because it lacks IPSec support. Unless we tried to convince the client to replace ALL their appliances with a new fleet of Untangle boxes...and you know how likely that will be to happen!

I like how PFSense did their VPN, both PPTP and IPSec.....please take a peek at it. It works well with existing hardware at clients sites. Just a middle of the road compatible IPSec system would be great.

Having site to site IPSec support will REALLY increase our ability to get your product out there in the market you are targeting. By not having this support, IMO you're losing from 30-50% of opportunities.

[fasttech]

This is a big project. Let me ask you this, would you be willing to pay for this feature if we went and licensed an existing solution?

I would hope you UT folks would offer ipsec without removing the openvpn option, allowing the install choice of one or the other, ie: clam (free) and kaspersky (paid).

[woode]

You know that sky-knight doesn't work for untangle right? He volunteers his time here for free.

Yes.

Is the only issue with OpenVPN support that it isn't available on the iPhone? In what application does the iPhone require vpn support? I'm guessing HTTPS isn't sufficient for these applications?

No. Read back up in the thread where other users mention that they need to integrate Untangle with existing infrastructure. VPN support on the iPhone needs to be available system wide, as it is with IPSec. That way I can check my locked away servers, workstations, and other stuff (like PC-based lab equipment), using whatever apps on my iPhone that I want.

Would an Untangle OS X openvpn client setup (like we do for windows) help things?

At least change the docs to include Viscosity in addition to TunnelBlick (which sucks). Viscosity may be $9 a pop, but it works way better. I've tried both. That still doesn't help if we need IPSec, though.

The argument that the reports option in Untangle has been worked on since March doesn't make me feel better, since Untangle users and (especially!) potential users have been asking for IPSec/PTPP since, oh, at least 2007 on these very forums. It really, really, really looks like you guys have a beef with any VPN that's not OpenVPN, and Untangle simply refuses to support it for "religious reasons."

Yeah, I'm one of those whiny freebie users. You can bet your bippies, though, if I had a clue about how to code an IPSec app for Untangle, I woulda done it long ago. Me, though, I just hack Ruby. Sorry I can't contribute.

[sky-knight]

Hmm it just dawned on me...

Yes I know I'm slow.

If the concern on the Untangle side of the fence is the support costs imposed by the IPSec protocol... then make the IPSec module a paid module.

[kmlan]

Hmm it just dawned on me...

Yes I know I'm slow.

If the concern on the Untangle side of the fence is the support costs imposed by the IPSec protocol... then make the IPSec module a paid module.

I've read your posts.
Nothing slow about you buddy.

How about free basic IPSec, tick boxes for non-standard implementations + money ?

[sky-knight]

That could work... but from the earlier Dev post it sounds like support for the IPSec module should be a separate thing?

How far down that road do you travel? At some point it just feels like you're nickle and dimeing people to death.

I know where they are coming from. With all the protocol and encryption settings involved with IPSec, it really is a mess. Untangle doesn't want to walk that road unless they can do it well. But, on the flip side, doing "well" means limiting the features. Not to mention the network interface limit...

There is more here that needs to be thought about...

[kmlan]

That could work... but from the earlier Dev post it sounds like support for the IPSec module should be a separate thing?

How far down that road do you travel? At some point it just feels like you're nickle and dimeing people to death.

I know where they are coming from. With all the protocol and encryption settings involved with IPSec, it really is a mess. Untangle doesn't want to walk that road unless they can do it well. But, on the flip side, doing "well" means limiting the features. Not to mention the network interface limit...

There is more here that needs to be thought about...

Hi.
Some or most of us are un-initiated to the complexities if IPSec.
Surely there is a standard for IPSec. Why not implement that and let others be compliant ? If you never get the i@rap market it's their fault.