Feature Requests

For my needs (and my clients needs), m0n0wall replaces sonicwall and cisco products in every respect except for IPSEC VPN's. Specifically:
 
- Lack of filter/firewall on incoming traffic across IPSEC VPN. Just as often as I setup site-to-site VPN's for two offices  within a company, I am asked to setup a site-to-site VPN with a third party. I can never implicitly trust the third party so I have to get a cisco or sonicwall device to do the VPN so I can filter incoming traffic.

- Lack of NAT support across IPSEC tunnel. In the case of network address collision across a VPN, it's usually impractical to renumber the whole LAN to make the VPN work. Again, in this case I have to fall back to cisco or sonicwall.

- Lack of support for multiple non-contiguous subnets. This can be done with multiple tunnels in m0n0wall, but with more than a few subnets/hosts, it's just not practical. Sonicwall/cisco do this with one tunnel.

I'm not sure what can be done about these limitations, but I would really love to see them addressed if possible, as it would allow me to replace sonicwalls and ciscos in about 99% of networks I administer. I really appreciate m0n0wall and all the work done by Manuel and all other contributors.

I agree with RE.

I would love to see the non-contiguous subnets trought one VPN connection rule and NAT support for IPSEC tunnels.

- Lack of filter/firewall on incoming traffic across IPSEC VPN. Just as often as I setup site-to-site VPN's for two offices  within a company, I am asked to setup a site-to-site VPN with a third party. I can never implicitly trust the third party so I have to get a cisco or sonicwall device to do the VPN so I can filter incoming traffic.

This is supported since m0n0wall 1.3b6.