but I think that a basic IPSEC VPN should be made available from the GUI if Clear is to taken seriously as a gateway appliance.
It is - it's called Dynamic VPN
Experience showed us that a plain old IPsec VPN connections did not work with dynamic IPs and were often (but not always) unreliable in the real world. The demand for a reliable VPN solution in ClarkConnect was strong and Dynamic VPN was born many years ago.
Fast forward to today and the need for IPsec is still strong. However, we're not too keen on putting out a solution that's going to be crap. It may be okay for some to reset a stuck unmanaged VPN connection every few weeks, but that's untenable for most businesses. Nobody on the development team has touched that old IPsec code in years
(,.. looks through ClarkConnect archive... at least 7 years!) As David noted, it uses the old 4-tunnel style connections (yes, 4 VPN tunnels per connection) instead of the standard 1-tunnel with advanced routing (like Dynamic VPN). Why? That's the way it was done back in the day and nobody has touched the code.
To make a long story short, the app was dropped due to lack of a project champion and a record of poor reliability. Keep in mind, the API is still there and anyone is welcome to run with it.
Personally, I would prefer to see energy put into an OpenVPN solution for ClearOS-to-ClearOS systems:
- NAT in the way? No problem for OpenVPN.
- Dynamic IP? No problem for OpenVPN
- Reliability? OpenVPN is more robust -- the protocol defines a keepalive process.
- Network MTU issues? OpenVPN can handle it. MTU issues continue to plague IPsec connections.
- Better firewall management? You betcha.
There will also be energy put into IPsec connections to 3rd party IPsec appliances, but that will be part of the Dynamic/Managed VPN app.