Needs some features before its really ready

[Lee Sharp]

This is a very nice solution for a inexperienced user. However, for someone with a healthy dose of clue, it can be a challenge. For example, it took an unreasonably long time to enable ssh access. While ssh is used to "Remotely Access" the server, it is not an option under "Remote Access." It is hidden in "Support" with only references to your support team, and no mention of ssh. Searching the forums leads to a lot of false starts before stumbling on the answer. I love the box in that I can set it up for unsophisticated users, and they can do most things without bothering me. However, there are many things it could do better. And, yes, it is in bridge mode behind a router that supports ipsec. (m0n0wall in most cases) It seems silly that to have a solid solution in a single box, I need to shove a viaC3 system with m0n0wall in a drive bay. However, that is an amazingly stable solution!

[pvcrisp]

One of the features of the new version is going to be improved SSH with it separate from "support"

[mdh]

Lee,

I thought I'd make a few comments which you can take or leave as you see fit. Your first sentence sums up the intent of the Untangle server. I don't think it was really planned for use by the expert user, though several have gravitated towards it. ssh is not really something that the small business owner would want, need or even have in their vocabulary. As a result, access to it was worded in a way that would be more meaningful to them, and also be buzzword/acronym-free. Your experiences with Untangle and unsophisticated users show the intent pretty well. Judging by the comments you have made on the board since you joined, you are not a rookie, and people who are more seasoned have different expectations and paradigms that they frame products such as Untangle in. The user base has evolved (and continues to), and we also are evolving. Yes, there are holes - some of them glaring - and they're being taken care of in (for the most part) an orderly manner. Sometimes, what may seem like an easy thing to fix can take on different meaning when fitting that into a framework of the current development model, new features, and smooth transitions from the old to the new. We definitely don't want to break something in order to fix something else. I don't know if you have read on the forums that 5.1 is around the corner. A lot of effort is going in that direction. Keep reading, keep playing with the product, and share your comments and constructive criticism. We pay attention, and the best evolution of a product is when the product addresses the needs of the user rather than make the user adapt. Welcome aboard!

[Lee Sharp]

Thanks! I know that I might not be exactly in your target market. More like a reseller. But my daddy always said, "Never trust a carpenter with just a hammer in his toolbox." It may not be the best at everything, but Untangle is a fantastic tool for the somewhat savvy business owner that wants to manage his internet use. (Or a home user with difficult kids) I scope it, build it, install it, and configure it. He calls me when he needs help, and we call you and pay the $50 if I need help. (May I suggest a per incident support cost, and a reseller monthly support cost?)

However, it would be handy to have a "hackers quickstart guide" somewhere. (I might even work on that)

[mdh]

Lee,

The quickstart guide just came up today and I'm going to start working on it. We have quickstart guides, but a quickstart wiki to accompany it is the current plan...the most common questions get answered in one place, then the wiki/FAQ and forums take it from there.

You got me laughing with the last sentence of paragraph 1. I think you meant incident rather than indecent...I got this vivid vision of what would constitute indecent support, and I'm gonna leave it to your imagination as well.

[thzone]

lawl cyb0r

[EricBaenen]

I looked through the documentation, wiki, forums, etc. - but couldn't find a feature roadmap anywhere, so perhaps one does not exist in the 'public' Untangle space.

Since it's been six months since the last post on this thread - I was curious if there was any additional consideration being made for IPSEC VPN capability native within Untangle (as in the open source, but FreeBSD based pfSense firewall/VPN/router) -- in addition to perhaps incorporating the open source version of the Cisco VPN client. Not only would it make Untangle interoperable with other environments - but it would allow organizations a transition path... replacing existing devices in phases or gradually with Untangle systems. In addition - for those sites with high performance considerations - IPSEC based VPN's considerably outperform OpenVPN based connections.

In one project supporting a government agency that I finished a couple months ago - we evaluated a number of open source firewall/router/VPN products including Untangle, pfSense and eBox Platform. We ended up going with pfSense because of the lack of IPSEC support in Untangle - which otherwise would have been our first choice.

[fsala]

Eric, I fully agree with you: IPSEC should be added as soon as possible, because it really "makes the difference" in some situations.

We too had to choose a different appliance for a customer for the same issue (we used Endian Firewall, Linux based and IPSEC ready...): we had to connect to hw routers and firewalls (ZyXEL, NetGear) and no one supported OpenVPN.

OpenVPN is really fantastic for mobile users (no NAT issues...) and, to some extents, can be used for site-to-site software UTM appliances connection...but no HW standard appliances use it!

Hope there will be some good news in the future...

[sky-knight]

IPSEC/L2TP/PPTP passthroughs are available. There isn't anything stopping you from putting a VPN service on a server and running UT in front of it. I agree this stuff should be in the VPN module but I see more than a few hurdles to overcome because of the unique way in which UT is deployed.

[YeOldeStonecat]

Gotta chime in and say I'd love to see an IPSec VPN Module too. Lots of clients I could utilize Untangle on at their mothership, where they have remote sites with existing boxes that do IPSec VPN.