Re: [pfSense] SOHO Router for VPN to pfSense

Mon, 29 Apr 2013 09:30:21 -0700 

On 4/29/2013 12:11 PM, David Burgess wrote:
On Mon, Apr 29, 2013 at 10:01 AM, Chris Bagnall <pfse...@lists.minotaur.cc <mailto:pfse...@lists.minotaur.cc>> wrote: 

    On 29/4/13 2:35 pm, j...@millican.us <mailto:j...@millican.us> wrote:

        I have a task to connect a number of small/home offices via
        VPN (OpenVPN
        is preferred but could be IPSEC) to a central location that has a
        pfSense box as its FW/Router.  Does anyone have any
        recommendations
        based on their personal experiences as to which brands/models
        to look at
        first?


    Honestly, your best best is to use pfSense to connect to another
    pfSense.

    I've spent goodness knows how many hours over the last few years
    trying to persuade various Netgear, Draytek, Buffalo, etc. etc.
    routers to talk to pfSense, and it's just not worth the hassle.
    Stick a litle embedded pfSense at each remote location (ALIX
    boards are an economical choice) and it'll Just Work (TM).




It could just be my own ignorance, but I have had little success 
trying to connect a pair of pfsense firewalls via OpenVPN. On the 
other hand, I had little trouble connecting an instance of pfsense to 
a Tomato router, with the former acting as OpenVPN client.


db



_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Seriously, these days it is SUPER simple to setup OpenVPN and use OSPF 
to route. Take a look around the wiki and forum and there are step by 
step directions posted. The M1n1wall's from netgate are my go-to branch 
office appliances.



The only downside I have seen with pfSense in a setup like this is its 
inability to traffic shape the vpn. Say you have voice and data, the 
best thing I was able to accomplish was a separate openvpn tunnel for 
each type and then prioritizing the port that was being used for the 
voice tunnel. You can't get granular control like you can with a few 
other vendors (that cost a lot more).


Jonathon



_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list























					Reply via email to