Educause Security Discussion mailing list archives
Re: pfSense
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Mon, 31 Oct 2011 16:58:42 -0400
On Sun, Oct 30, 2011 at 5:12 PM, Jim Cheetham <jim.cheetham () otago ac nz> wrote:
Excerpts from Kellogg, Brian D.'s message of Sat Oct 29 14:05:15 +1300 2011:
Anyone out there running pfSense 2.0 for their firewall/VPN gateway? We have simple needs; two site to site IPSEC VPNs, SSL VPN clients. Our connection will be upgraded to 300Mbps shortly as well.
I've got it deployed in much smaller non-education environments, running OpenVPN but not IPSec. IPv4 only, on tiny hardware (single-board PC Engines Alix). No experience with AD integration, sorry.
We're running FreeBSD + pf (the two items at the core of pfSense) on some pretty serious hardware (for what it's doing) fronting our 15k students. No redundancy at that level but no hiccups either. The machines run 8.2 with a few patches for NAT logging, some homegrown scripts to handle default routes in the event something upstream breaks and BIND. I have an OpenVPN install on "base" FreeBSD 8.2 with openvpn and openvpn-auth-ldap installed from ports, it works great with authenticated AD but it's having issues over SSL. Still, it works if you don't need to encrypt your AD interaction. kmw -- Kevin Wilcox GPEN, GCIH Network Infrastructure and Control Systems Appalachian State University Email: wilcoxkm () appstate edu Office: 828.262.6259
Current thread:
- pfSense Kellogg, Brian D. (Oct 28)
- Re: pfSense Jim Cheetham (Oct 30)
- Re: pfSense Kevin Wilcox (Oct 31)
- Re: pfSense Jim Cheetham (Oct 30)