[Vpn-help] pfSense communications issues ...
mgrooms at shrew.net
Fri Nov 28 11:58:24 CST 2008
> Hi Matthew,
> Thanks for this fantastic study ...
> I actually am experiencing the same problem with a pfsense box running
> 1.0.1 (haven't been able to get to clients box to upgrade).
> Is there a BSD equivalent to your finding ??
Not that I am aware of. The current stable versions of pfSense are not
very remote access friendly. It uses the ipsec-tools racoon daemon which
supports everything required to build a good VPN gateway solution but
doesn't expose all the relevant features. I did some testing with an
older version ( 1.2 ) a while back and was able to configure the client
to communicate with the private network without too much difficulty. You
can find the writeup here ...
Future versions of pfSense will be very compatible with the advanced
features of the Shrew Soft VPN client. I took a personal interest in
this platform and re-wrote the user management, certificate management
and IPsec support to ensure this. The idea is to eventually have a solid
open source companion gateway product that is easy to configure and will
offer support for all the advanced features of remote access IPsec VPN
clients. But these changes won't make it into a major release until 2.0
which is a ways off. For more information, please see this entry in the
pfSense digest ...
NOTE: The blog entry refers to pfSense 1.3 but this has since been
renamed to 2.0 due to the enormous amount of changes.
I have more patches to commit to pfSense that cleanup the user interface
and convert IPsec to use the centralized certificate management system.
Unfortunately, my free time has been scarce lately. I hope to be able to
make more time for it again in the not too distant future.
More information about the vpn-help