Posted: Tue Jul 05, 2011 6:55 Post subject: IP-Sec as Professional Paid Feature?
he guys,
since is receive a lot of requests adding ip-sec to ddwrt i decided to let you poll if its worth or not.
but since flash is rare on most platforms and we need to have ip6 somer or later IP-Sec wont make it to every device. i expect only professional units would be able to have support. which means unist with >=16mb flash, cause we see space limits on 8mb units now.
what do i mean by paid IP-Sec service? since most professional vendors licence their ipsec solutions per client (and maybe month or year), we think about having to activate the IP-Sec service (like the superchannel feature) in the builds.
you will get a pre configured IP-Sec GUI (a dropdown to choose or similar) for the most popular vendors (e.g. cicso, avm, etc) and their settings or a common setup for a IP-Sec server. some sort of fire and forget setup, so you wont have to go through the complicated process of setting up IP-Sec.
the small fee you will have to pay will give us the chance to achive this goal (maybe in a very short period).
But keep in mind if this is should be voted as a free feature it might never make it into DD-WRT. its much work, coding and testing costs a lot. btw thats 2 of the major causes why its still not there.
Posted: Tue Jul 05, 2011 12:30 Post subject: CONFIG_XFRM
According to another thread, the key piece that is missing is to compile the kernel with CONFIG_XFRM, which adds 50kb to the kernel image and surely wouldn't be a problem adding to the mega build.
After that, you need the proper kernel modules and optware ipkgs. Lots of routers have external storage (eg usb flash) and would easily accommodate the size.
Any webgui and/or preconfigured defaults is just gravy.
Any idea what kind of performance we could get out of a router (I know this is router specific)? I wouldn't think that most routers would be able to handle more than 10-15 Mbps.
I don't get it. Nobody needs to buy any license when using strongswan or isakmpd or stuff like this. This is what you should focus on and not connecting to vendor-specific devices. Ipsec is the missing link for integrating a dd-wrt roter in my vpn, too.
I don't get it. Nobody needs to buy any license when using strongswan or isakmpd or stuff like this. This is what you should focus on and not connecting to vendor-specific devices. Ipsec is the missing link for integrating a dd-wrt roter in my vpn, too.
Sash isn't saying that NewMedia-NET needs to license anything, he's saying that other vendors charge for it as a professional feature so if the DD-WRT developers were to spend their already thinly stretched time implementing an easy GUI for it, then they would want to monetize it the same way other vendors do.
IMO some of the bigger builds should be compiled with CONFIG_XFRM so that people can use optware packages if they put in the effort to, and then builds with it all built in with a GUI could be a paid feature. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Posted: Tue Jul 12, 2011 4:00 Post subject: Re: IP-Sec as Professional Paid Feature?
Sash wrote:
he guys,
since is receive a lot of requests adding ip-sec to ddwrt i decided to let you poll if its worth or not.
but since flash is rare on most platforms and we need to have ip6 somer or later IP-Sec wont make it to every device. i expect only professional units would be able to have support.
what do i mean by paid IP-Sec service? since most professional vendors licence their ipsec solutions per client (and maybe month or year), we think about having to activate the IP-Sec service (like the superchannel feature) in the builds.
you will get a pre configured IP-Sec GUI (a dropdown to choose or similar) for the most popular vendors (e.g. cicso, avm, etc) and their settings or a common setup for a IP-Sec server. some sort of fire and forget setup, so you wont have to go through the complicated process of setting up IP-Sec.
the small fee you will have to pay will give us the chance to achive this goal (maybe in a very short period).
But keep in mind if this is should be voted as a free feature it might never make it into DD-WRT. its much work, coding and testing costs a lot. btw thats 2 of the major causes why its still not there.
discussion is welcome.
but as alwasy this is NO i want this, that and other things topic. just focus on IP-Sec
Posted: Wed Jul 13, 2011 19:07 Post subject: IP Sec
FWIW, I want ip sec for use with Netopia Cayman routers using their built-in SafeHarbor setup.
Quote:
SafeHarbour VPN IPSec Tunnel provides a single, secure tunnel to be terminated at the Gateway, available to all LAN connected Users. This eliminates the need for client applications on individual PCs, reduces the complexity of configuration of tunnels, and makes ongoing maintenance of secure tunnel service to remote locations easier. This tunnel features secure encryption in both directions. The VPN software implementation is built to the IPSec and IKE standards, allowing the other side of the tunnel to be either another Netopia Gateway or another IPSEC/IKE based security product.
Posted: Mon Jul 18, 2011 20:16 Post subject: Re: IP-Sec as Professional Paid Feature?
Sash wrote:
he guys,
since is receive a lot of requests adding ip-sec to ddwrt i decided to let you poll if its worth or not.
Yes please...I am bound to a Fritzbox on one of my sites with the current Broadband provider (because of
the bundled IP-Telephony that comes with it) and IPsec is the only official VPN supported.
I would like to see this feature for my Buffalo WHR-HP- G54 sites in order to connect through.
I voted paid. This feature would actually convince me license my DD-WRT routers.
IMO some of the bigger builds should be compiled with CONFIG_XFRM so that people can use optware packages if they put in the effort to, and then builds with it all built in with a GUI could be a paid feature.
Thanks for your reply.
Yes, I've heard about freetz, but cannot find confirmation that it will actually run with
my fritzbox (KDG Homebox) and without disabling the
tr69 provisioning feature which my provider needs.