What does /g/ think of pfSense?
About three months ago, my router went tits up, and so I stuck an extra NIC card in a spare computer and put pfSense on it.
I'm mostly happy with it so far. Anyone have any experiences with it?
>>57225199
it's great for home and soho, i don't see why not use if just maintaining one or a few installs
if only they would someday port to arm but meh, x86 stronk
>>57225199
It's ok, but a lot of the default settings are nonsensical and it just doesn't function as well as the commercial offerings.
>>57225199
Using it since 3 years and never used anything else.
pfBlockerNG with Adblock and sn0rt are some great packages.
Also using CapitivePortal.
>>57225253
I have found the traffic monitoring options kind of lacking. You'd think there'd be pretty comprehensive and customizable monitoring, but there's really not. At least not out of the box.
>>57225283
Yep. There's also weird hardware settings like I believe disabling SpeedStep and whatnot. It was always annoying when setting up a new machine (luckily, thanks to the excellent easy back up system, once set up a machine tended to stay setup through anything). The available packages is pretty lacking and sometimes don't work properly, either. Could never get NUT to work, for instance.
>>57225199
Run it on a HP thin client with a quad gig Ethernet pci card. 30TB of internet traffic and counting still running good. VPN setup is simple and works great.
Run a identical setup in 2 businesses I support zero issues besides thin client IDE flash drives fail swapped with 1.8" sata units
could never get smtp notifications to work with my smtp server using starttls. It would bitch about the self signed cert even adding the root cert to the ca-list. I guess it was something to do with php5.6 but I couldn't find a solution.
>>57225199
I like the ease of use, but don't really like the fact that it's been designed so that things should only be done from the GUI. I'd rather just use OpenBSD, at least then I have an up to date version of pf.
>>57225199
I run pf as a VM and it's been rock solid but I've seen it do weird things even on a fresh install. Usually it just doesn't want to pass traffic, no settings changed no firewall rules added just doesn't work - install it again and its magically fixed. Seen it on a few different instances now running completely different systems.
>>57225199
It's good. Better than anything Linux has to offer, but I'd just use OpenBSD instead. It comes with pf as part of the base. The base has everything you need out of the box to build a router or firewall. This is one of the areas OpenBSD shines the most. Not even Cisco's top of the line enterprise routers really hold a candle to an OpenBSD router.
A lot of people recommend Soekris boards for it, but you can use pretty much any old PC or Laptop, as long as it has two Ethernet ports. If you need more but don't have them, or you need wireless, use your old router as an access point.
>>57225199
Better just use vanilla FreeBSD.