[Vpn-help] pfSense communications issues ...

Matthew Grooms mgrooms at shrew.net
Fri Nov 28 11:58:24 CST 2008

lartc wrote:
> Hi Matthew,
> Thanks for this fantastic study ... 
> I actually am experiencing the same problem with a pfsense box running
> 1.0.1 (haven't been able to get to clients box to upgrade).
> Is there a BSD equivalent to your finding ??

Not that I am aware of. The current stable versions of pfSense are not 
very remote access friendly. It uses the ipsec-tools racoon daemon which 
supports everything required to build a good VPN gateway solution but 
doesn't expose all the relevant features. I did some testing with an 
older version ( 1.2 ) a while back and was able to configure the client 
to communicate with the private network without too much difficulty. You 
can find the writeup here ...


Future versions of pfSense will be very compatible with the advanced 
features of the Shrew Soft VPN client. I took a personal interest in 
this platform and re-wrote the user management, certificate management 
and IPsec support to ensure this. The idea is to eventually have a solid 
open source companion gateway product that is easy to configure and will 
offer support for all the advanced features of remote access IPsec VPN 
clients. But these changes won't make it into a major release until 2.0 
which is a ways off. For more information, please see this entry in the 
pfSense digest ...


NOTE: The blog entry refers to pfSense 1.3 but this has since been 
renamed to 2.0 due to the enormous amount of changes.

I have more patches to commit to pfSense that cleanup the user interface 
and convert IPsec to use the centralized certificate management system. 
Unfortunately, my free time has been scarce lately. I hope to be able to 
make more time for it again in the not too distant future.



More information about the vpn-help mailing list