Educause Security Discussion mailing list archives
Re: pfSense
From: Jim Cheetham <jim.cheetham () OTAGO AC NZ>
Date: Mon, 31 Oct 2011 10:12:38 +1300
Excerpts from Kellogg, Brian D.'s message of Sat Oct 29 14:05:15 +1300 2011:
Anyone out there running pfSense 2.0 for their firewall/VPN gateway? We have simple needs; two site to site IPSEC VPNs, SSL VPN clients. Our connection will be upgraded to 300Mbps shortly as well.
I've got it deployed in much smaller non-education environments, running OpenVPN but not IPSec. IPv4 only, on tiny hardware (single-board PC Engines Alix). No experience with AD integration, sorry.
Just wondering if anyone is using it in production in a similar setup and how stable/effective it has been?
In general, I've found v2.0 to be just as stable as the previous v1.2.3. The only problems that I've had have been hardware related (a CF drive died, and rendered the firewall unstable when the configuration was updated; one machine cannot activate changes without a reboot -- but a copy of the system works fine in a VM environment, therefore it's the hardware not the software, but I don't know where yet). Because pfSense is 'so cheap', you should take the time to implement CARP redundancy as early as possible. -jim -- Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z. ✉ jim.cheetham () otago ac nz ☏ +64 3 470 4670 ☏ m +64 21 227 0015 ⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605 ✔ NZ BeSTGRID RAO ✔ CAcert.org Assurer
Attachment:
signature.asc
Description:
Current thread:
- pfSense Kellogg, Brian D. (Oct 28)
- Re: pfSense Jim Cheetham (Oct 30)
- Re: pfSense Kevin Wilcox (Oct 31)
- Re: pfSense Jim Cheetham (Oct 30)