Hi everyone, I can't remember how I made it to this project, but it's one of the best things I've seen in a while. I'm using m0n0wall where I can throughout the company but there were a few 'shortcomings' (probably not a fair word to use given it's intended use) that I was sure could be be overcome if the focus changed a bit. Kind of in the direction that pfSense is headed :)
I've just stuck it on a test machine and will play with it today, but I'm curious if it can do some of the stuff m0n0wall couldn't, so if anyone has a few minutes to yea or nay this list it would be appreciated... I wanted to use multiple WAN connections (using 1 router per connection, all attached to the firewall). The primary reason was to support lots of IPSec VPN connections so I could have them all concentrated on one endpoint rather than deploying a new firewall for every, say, 6 VPN's. Now this looks to be possible going by a blog post I saw and some entries on the mailing list. Also, I saw a checkbox in the web interface labelled "outbound load balancing" - does this actually redistribute outbound traffic over multiple WAN connections (ie. does it work?). The other things that were 'broken' were to do with the way IPSec tunnels were 'kludged' into the kernel (as one person said) and therefore stop me from using the IPSec tunnels to do cool stuff. Has any of this changed now that FreeBSD 6 is used as opposed to 4.11 as a base? I wanted SNMP traffic stats reported back to an NMS but this couldn't be done over the IPSec tunnel unless I did some odd static routing to route the traffic back to the IPSec interface, and when lots of m0n0walls got involved this made pings and traceroutes look very strange. I also wanted to traffic shape stuff before it entered the tunnel, but as I found out the only thing the shaper could see was ESP traffic, not what was encapsulated within. I remember Chris replied to me on the m0n0wall list saying it might never be feasible, but that was before pfSense appeared. However, even without these features, having failover with CARP and finally having a Squid proxy has already given me enough to ditch the ailing SmoothWall's that still burn on the edges of the network :) I shall play away today. Cheers all! Kev --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
