IP-Sec as Professional Paid Feature?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2, 3, 4  Next

Should IP-Sec be a Paid Option?
Paid Service is fine. I want IP-Sec.
50%
 50%  [ 87 ]
No i dont want/need to pay.
33%
 33%  [ 59 ]
I dont care.
5%
 5%  [ 10 ]
I dont care about IP-Sec.I use an other solution.
10%
 10%  [ 18 ]
Total Votes : 174

Author Message
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Tue Jul 05, 2011 6:55    Post subject: IP-Sec as Professional Paid Feature? Reply with quote
he guys,

since is receive a lot of requests adding ip-sec to ddwrt i decided to let you poll if its worth or not.

but since flash is rare on most platforms and we need to have ip6 somer or later IP-Sec wont make it to every device. i expect only professional units would be able to have support. which means unist with >=16mb flash, cause we see space limits on 8mb units now.

what do i mean by paid IP-Sec service? since most professional vendors licence their ipsec solutions per client (and maybe month or year), we think about having to activate the IP-Sec service (like the superchannel feature) in the builds.
you will get a pre configured IP-Sec GUI (a dropdown to choose or similar) for the most popular vendors (e.g. cicso, avm, etc) and their settings or a common setup for a IP-Sec server. some sort of fire and forget setup, so you wont have to go through the complicated process of setting up IP-Sec.
the small fee you will have to pay will give us the chance to achive this goal (maybe in a very short period).

But keep in mind if this is should be voted as a free feature it might never make it into DD-WRT. its much work, coding and testing costs a lot. btw thats 2 of the major causes why its still not there.

discussion is welcome.
but as alwasy this is NO i want this, that and other things topic. just focus on IP-Sec

_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!


Last edited by Sash on Tue Aug 16, 2011 13:09; edited 6 times in total
Sponsor
bskchaos
DD-WRT User


Joined: 07 Feb 2009
Posts: 198

PostPosted: Tue Jul 05, 2011 11:07    Post subject: Reply with quote
I would pay for other features:
An easier way to handle multiple WAN
Mesh VPN implementation
packetmangler
DD-WRT Novice


Joined: 19 Mar 2009
Posts: 17

PostPosted: Tue Jul 05, 2011 12:30    Post subject: CONFIG_XFRM Reply with quote
According to another thread, the key piece that is missing is to compile the kernel with CONFIG_XFRM, which adds 50kb to the kernel image and surely wouldn't be a problem adding to the mega build.

After that, you need the proper kernel modules and optware ipkgs. Lots of routers have external storage (eg usb flash) and would easily accommodate the size.

Any webgui and/or preconfigured defaults is just gravy.

Please compile the mega build with CONFIG_XFRM!
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Tue Jul 05, 2011 12:56    Post subject: Reply with quote
we´re not focused on using bad external storage media for vital OS data (this excludes ftp/samba features).
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
packetmangler
DD-WRT Novice


Joined: 19 Mar 2009
Posts: 17

PostPosted: Tue Jul 05, 2011 13:03    Post subject: Reply with quote
Not sure what you are talking about wrt "bad external storage". Nobody is asking you to "focus" on it anyway.

Simply, release the mega build kernel with CONFIG_XFRM. You'll need to do that anyway if you're going to try to sell any IPSEC solution.
jblack
DD-WRT User


Joined: 02 May 2011
Posts: 172

PostPosted: Tue Jul 05, 2011 19:28    Post subject: Reply with quote
Any idea what kind of performance we could get out of a router (I know this is router specific)? I wouldn't think that most routers would be able to handle more than 10-15 Mbps.
raix
DD-WRT Novice


Joined: 15 Oct 2009
Posts: 3

PostPosted: Mon Jul 11, 2011 19:11    Post subject: Reply with quote
I don't get it. Nobody needs to buy any license when using strongswan or isakmpd or stuff like this. This is what you should focus on and not connecting to vendor-specific devices. Ipsec is the missing link for integrating a dd-wrt roter in my vpn, too.
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Tue Jul 12, 2011 2:24    Post subject: Reply with quote
raix wrote:
I don't get it. Nobody needs to buy any license when using strongswan or isakmpd or stuff like this. This is what you should focus on and not connecting to vendor-specific devices. Ipsec is the missing link for integrating a dd-wrt roter in my vpn, too.

Sash isn't saying that NewMedia-NET needs to license anything, he's saying that other vendors charge for it as a professional feature so if the DD-WRT developers were to spend their already thinly stretched time implementing an easy GUI for it, then they would want to monetize it the same way other vendors do.

IMO some of the bigger builds should be compiled with CONFIG_XFRM so that people can use optware packages if they put in the effort to, and then builds with it all built in with a GUI could be a paid feature.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
daniel1
DD-WRT User


Joined: 03 Feb 2011
Posts: 53

PostPosted: Tue Jul 12, 2011 4:00    Post subject: Re: IP-Sec as Professional Paid Feature? Reply with quote
Sash wrote:
he guys,

since is receive a lot of requests adding ip-sec to ddwrt i decided to let you poll if its worth or not.

but since flash is rare on most platforms and we need to have ip6 somer or later IP-Sec wont make it to every device. i expect only professional units would be able to have support.

what do i mean by paid IP-Sec service? since most professional vendors licence their ipsec solutions per client (and maybe month or year), we think about having to activate the IP-Sec service (like the superchannel feature) in the builds.
you will get a pre configured IP-Sec GUI (a dropdown to choose or similar) for the most popular vendors (e.g. cicso, avm, etc) and their settings or a common setup for a IP-Sec server. some sort of fire and forget setup, so you wont have to go through the complicated process of setting up IP-Sec.
the small fee you will have to pay will give us the chance to achive this goal (maybe in a very short period).

But keep in mind if this is should be voted as a free feature it might never make it into DD-WRT. its much work, coding and testing costs a lot. btw thats 2 of the major causes why its still not there.

discussion is welcome.
but as alwasy this is NO i want this, that and other things topic. just focus on IP-Sec



please sash We Need IP-Sec i have one Smile
2ndgenirish
DD-WRT Novice


Joined: 04 Mar 2011
Posts: 4

PostPosted: Wed Jul 13, 2011 19:07    Post subject: IP Sec Reply with quote
FWIW, I want ip sec for use with Netopia Cayman routers using their built-in SafeHarbor setup.

Quote:
SafeHarbour VPN IPSec Tunnel provides a single, secure tunnel to be terminated at the Gateway, available to all LAN connected Users. This eliminates the need for client applications on individual PCs, reduces the complexity of configuration of tunnels, and makes ongoing maintenance of secure tunnel service to remote locations easier. This tunnel features secure encryption in both directions. The VPN software implementation is built to the IPSec and IKE standards, allowing the other side of the tunnel to be either another Netopia Gateway or another IPSEC/IKE based security product.


Bill
P3X-749
DD-WRT Novice


Joined: 05 Jun 2009
Posts: 23

PostPosted: Mon Jul 18, 2011 20:16    Post subject: Re: IP-Sec as Professional Paid Feature? Reply with quote
Sash wrote:
he guys,
since is receive a lot of requests adding ip-sec to ddwrt i decided to let you poll if its worth or not.


Yes please...I am bound to a Fritzbox on one of my sites with the current Broadband provider (because of
the bundled IP-Telephony that comes with it) and IPsec is the only official VPN supported.
I would like to see this feature for my Buffalo WHR-HP- G54 sites in order to connect through.

I voted paid. This feature would actually convince me license my DD-WRT routers. Wink
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Wed Jul 20, 2011 7:32    Post subject: Reply with quote
with freetz u will have openvpn support...
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Apokrif
DD-WRT User


Joined: 22 Aug 2007
Posts: 64

PostPosted: Sun Jul 24, 2011 2:18    Post subject: Reply with quote
phuzi0n wrote:
IMO some of the bigger builds should be compiled with CONFIG_XFRM so that people can use optware packages if they put in the effort to, and then builds with it all built in with a GUI could be a paid feature.

I agree!
Sash - could you comment it, please?
2ndgenirish
DD-WRT Novice


Joined: 04 Mar 2011
Posts: 4

PostPosted: Sun Jul 24, 2011 12:15    Post subject: ip-sec as paid service - how much? Reply with quote
What kind of costs are we considering here??
P3X-749
DD-WRT Novice


Joined: 05 Jun 2009
Posts: 23

PostPosted: Tue Jul 26, 2011 18:27    Post subject: Reply with quote
Sash wrote:
with freetz u will have openvpn support...

Thanks for your reply.
Yes, I've heard about freetz, but cannot find confirmation that it will actually run with
my fritzbox (KDG Homebox) and without disabling the
tr69 provisioning feature which my provider needs.
Goto page 1, 2, 3, 4  Next Display posts from previous:    Page 1 of 4
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum