Re: pfSense

[Kevin Wilcox <wilcoxkm () APPSTATE EDU>]

On Sun, Oct 30, 2011 at 5:12 PM, Jim Cheetham <jim.cheetham () otago ac nz> wrote:
> Excerpts from Kellogg, Brian D.'s message of Sat Oct 29 14:05:15 +1300 2011:

> > Anyone out there running pfSense 2.0 for their firewall/VPN gateway?  We have simple needs; two site to site IPSEC 
> > VPNs, SSL VPN clients.  Our connection will be upgraded to 300Mbps shortly as well.

> I've got it deployed in much smaller non-education environments, running
> OpenVPN but not IPSec. IPv4 only, on tiny hardware (single-board PC
> Engines Alix). No experience with AD integration, sorry.

We're running FreeBSD + pf (the two items at the core of pfSense) on
some pretty serious hardware (for what it's doing) fronting our 15k
students. No redundancy at that level but no hiccups either. The
machines run 8.2 with a few patches for NAT logging, some homegrown
scripts to handle default routes in the event something upstream
breaks and BIND.

I have an OpenVPN install on "base" FreeBSD 8.2 with openvpn and
openvpn-auth-ldap installed from ports, it works great with
authenticated AD but it's having issues over SSL. Still, it works if
you don't need to encrypt your AD interaction.

kmw

-- 
Kevin Wilcox GPEN, GCIH
Network Infrastructure and Control Systems
Appalachian State University
Email: wilcoxkm () appstate edu
Office: 828.262.6259