Just the other week, Chris, I setup an IPSEC site-2-site tunnel between my house in Franklin, and my dad’s house in Murfreesboro with pfSense on both ends. It took all of 5 minutes to run the wizard on both ends. Both pfsenses in my case are virtualized. The new pfSense 2.2 now uses StrongSWAN (replacing Racoon) which supports L2Tp over IPSEC. So, it now becomes possible to use the native, builtin IPSEC VPN client in Windows 7/8 to do mobile IPSEC with pfSense 2.2. I haven’t done it myself, yet, but many have reported getting this to work successfully on the pfSense forums during the beta and release candidate phases of version 2.2. I’ve used OpenVPN in the past too, but not having to have an additional, 3rd party VPN client will definitely be attractive to some of my clients.
From: [email protected] [mailto:[email protected]] On Behalf Of Chris McQuistion Sent: Tuesday, February 03, 2015 10:42 AM To: nlug-talk Subject: Re: RE: [nlug] I never saw this form of Windows 10 coming! pfSense supports VLAN interfaces, so you can set it up on a single-NIC device and it works great, but you do have to have some kind of managed switch to plug it into. That is what Curt is doing. I run a little Atom box at home that has two onboard NICs and one PCI card NIC and I run pfSense and have multiple WAN connections feeding my single LAN. It also runs OpenVPN and I get great throughput from my office to my home, over that VPN. I love pfSense for these kinds of applications. Chris On Tue, Feb 3, 2015 at 10:26 AM, Mark J. Bailey <[email protected]> wrote: Mike, My interest was the possibility that the Pi 2 might be good/stable/capable enough to serve as an embedded device for pfSense (free FreeBSD-based firewall akin to Tomato or DD-WRT). I had not looked up through yesterday, but in digging on it more, it only has the 1 NIC, which makes it not as useful for this for me. I see how Curt is using another compact style, single NIC ATOM-based unit for this very same thing, but being a single NIC, either the LAN packets or the WAN packets have to be trunked with a VLAN using a physical smartswitch that supports VLANs (most of the times, kinda pricey, and overkill, for most small offices – at least ~$100+ just for an entry-level 8-port unit and rarely available off-the-shelf in retail outlets). I suppose one could use a USB-based NIC to add a second one. The need here is minimally a NIC for LAN and a NIC for WAN/Internet (like you see on consumer-grade Netgear and Linksys Internet routers in the office supply stores or a Best Buy). The plus for pfSense is that a) it’s FREE, and b) it brings with it enterprise-grade networking functions. I know I can always turn to a multi-NIC version of an ATOM-based unit similar to what Curt’s using, but was hoping the dirt cheap and ultra-compact RasPi2 might be suitable for this. While pfSense may be overkill for most small offices, everywhere I’ve ever deployed it became AND remained a much less problematic client’s site! :) Obviously, the notion is mostly a novelty one for me at this point, as for a business critical item such as an Internet router, most, if not all businesses would just pay whatever for whatever gets the job done. But, typically, short of having to special order compact ATOM-based units like the one Curt’s using, pfSense would be setup with consumer-grade PC hardware (and older hardware at that), or virtualized, but neither of these approaches is conducive to a small office with a tiny, wall-mounted “IT area” on the side-wall of the closet back by the back door or in the kitchen. So, something like a RasPi2 would be well suited for limited space scenarios. Mark From: [email protected] [mailto:[email protected]] On Behalf Of Michael L Sent: Monday, February 02, 2015 6:21 PM To: [email protected] Subject: Re: RE: [nlug] I never saw this form of Windows 10 coming! Mark J. Bailey, about the FreeBSD NIC setup. Guess I don't yet know how to participate in the discussion. -M T-mobile. America's First Nationwide 4G Network Curt Lundgren <[email protected]> wrote: Michael L - who is the question directed to? On Mon, Feb 2, 2015 at 2:14 PM, Michael L <[email protected]> wrote: might I learn more about your interesting possibility? Mike T-mobile. America's First Nationwide 4G Network -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] <mailto:nlug-talk%[email protected]> For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] <mailto:nlug-talk%[email protected]> For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
