On 4/29/2013 12:11 PM, David Burgess wrote:
On Mon, Apr 29, 2013 at 10:01 AM, Chris Bagnall
<pfse...@lists.minotaur.cc <mailto:pfse...@lists.minotaur.cc>> wrote:
On 29/4/13 2:35 pm, j...@millican.us <mailto:j...@millican.us> wrote:
I have a task to connect a number of small/home offices via
VPN (OpenVPN
is preferred but could be IPSEC) to a central location that has a
pfSense box as its FW/Router. Does anyone have any
recommendations
based on their personal experiences as to which brands/models
to look at
first?
Honestly, your best best is to use pfSense to connect to another
pfSense.
I've spent goodness knows how many hours over the last few years
trying to persuade various Netgear, Draytek, Buffalo, etc. etc.
routers to talk to pfSense, and it's just not worth the hassle.
Stick a litle embedded pfSense at each remote location (ALIX
boards are an economical choice) and it'll Just Work (TM).
It could just be my own ignorance, but I have had little success
trying to connect a pair of pfsense firewalls via OpenVPN. On the
other hand, I had little trouble connecting an instance of pfsense to
a Tomato router, with the former acting as OpenVPN client.
db
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
Seriously, these days it is SUPER simple to setup OpenVPN and use OSPF
to route. Take a look around the wiki and forum and there are step by
step directions posted. The M1n1wall's from netgate are my go-to branch
office appliances.
The only downside I have seen with pfSense in a setup like this is its
inability to traffic shape the vpn. Say you have voice and data, the
best thing I was able to accomplish was a separate openvpn tunnel for
each type and then prioritizing the port that was being used for the
voice tunnel. You can't get granular control like you can with a few
other vendors (that cost a lot more).
Jonathon
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list