How Good is Pfsense now?
-
Thanks for all your comments so far.
Any one else got a positive story to tell?
Mark
-
I didn't have a good experience with PFsense.
I'm currently running a WISP with about 100-150 users on m0n0wall. I'm using the captive portal + RADIUS. I've been wanting to move away from captive portal to PPPoE. I noticed that PFsense had PPPoE server built in, so I tried it out.
One thing I noticed right away was very slow FTP session. Games had a really hard time working well also. And the captive portal was very, very slow. If 5 or more people were logging in at the same time it would just die. The box would just die about twice a day. I'm running on a 1GHz system with 512MB RAM. It should be flying.
The RADIUS accounting didn't work either. It would show users logged in multiple times and didn't track their usage very well.
PPPoE would have been great, but there is no per user bandwidth monitoring. No RADIUS interim updates.
I only used it for a week, and I just could not get around the problems. I switched back to m0n0wall and things are fine now. I will keep my eye on PFsense and continue to test it, but I can't use it in my production environment.
-
Can you tell us what version you used that showed these problems? Concerning the captive portal I have to agree that it is slower than m0n0's CP atm. We haven't found the issue yet. The CP is nearly a 100% copy of the m0n0 code so all other features should work the same way like with m0n0. However I hope that we'll find the issue that causes the capture page to be that slow.
-
I'll say this again, I have a site that has 3000 users, 300 concurrent sessions on the captive portal and the site operator has never complained about it being slow…
-
Can you tell us what version you used that showed these problems? Concerning the captive portal I have to agree that it is slower than m0n0's CP atm. We haven't found the issue yet. The CP is nearly a 100% copy of the m0n0 code so all other features should work the same way like with m0n0. However I hope that we'll find the issue that causes the capture page to be that slow.
These tests actually have been done on wraps and on these platforms the CP is slower compared to m0n0wall. pfSense doesn't aim at these platforms but I hope we can speed it up there as well some day. ;)
-
I've run 1.0b2 for 6months without a problem functioning in the following fashion, before that beta .84 for at least 4 months. Both downtimes were not because of pfsense….one was from a failure in the generator to kick in and the other was someone tripping on the cord....oooops.
1. PPTP server for about 5 users (with using LDAP to AD2003)
2. IPSEC site-to-site link with two sites
3. DHCP
4. DNS
5. NATDell Poweredge 1550
dual 10/100 nics
512megs ramOlder versions had problem with the web config crashing.....ssh in and kill the hung php process....no downtime though. Since version 1.0beta2 I haven't had any problems running the stuff mentioned above, the only areas of problems that come for me are with my atheros wireless card (trying to run an all-in-one box at home) where the driver takes a dive when transfering large files.
-
Hi ZGamer
That sounds very promising. I'm looking at putting PFSense on a DELL PE860 2.8GHZ Pentium D with 512MB RAM. I'm hoping the hardware will work with the latest build.
Anyone got any good reports on running 2 boxes with CARP, mainly for failover. I'm also considering doing this.
-
http://forum.pfsense.org/index.php/topic,3331.msg20183.html#msg20183
-
It's the best…..really
I have many clusters over the world now... with one site with more than 4K users and more than 50K sessions per second full time. Some of them running pptp server with more than 50 concurrent connections, some having outgoing loadbalancing over multiple WAN...
Pfsense is stable, reliable and fucking powerful
It Roxxxxxxxxxxxxxxx
-
It's the best…..really
I have many clusters over the world now... with one site with more than 4K users and more than 50K sessions per second full time. Some of them running pptp server with more than 50 concurrent connections, some having outgoing loadbalancing over multiple WAN...
Pfsense is stable, reliable and fucking powerful
It Roxxxxxxxxxxxxxxx
;D :) ;D :)
-
I don't know what I did wrong with my config then, because I can't get 100 users on a PFsense box without it blowing up on me. I would like to take a look at your config.xml file for one setup with load balancing + captive portal. FTP and Games must work to keep customers happy. M0n0wall works great, but does not do load balancing, so we have to run two boxes and split our network up.
When I configured mine, FTP would not work right, or was very slow, and games didn't work. The biggest problem I had was the captive portal blowing up and crashing the box. We are using the Perimeter
B2/B4 Firewall (1GHz VIA C7, 256MB DDR2 533, 256MB IDE-Flash). We have 100 users, normally 60-70 at a time. -
pfsense 1.0.1 is running rock solid for 157 days (with UPS) without error as my NAT PPPOE router and PPPTP VPN server at home on old hardware and has transfered around 100 GB + by now.
look at attached Screenshots for some more details.
i'm using pfsense since pre 1.0 without much hassle execept for some trouble with outgoing ftp connections through nat (ftp helper doesn't work very well) Games working flawless with pfSense.
System Specs:
Version: 1.0.1 release
Platform: pfsense (HDD)
Packages: snort, openntp and some more
Total Uptime: about 200 Day's +
CPU: Intel P1-233MHz
RAM: 128MB
NIC: 3x 3Com 3C905C
WAN Type: PPPOE, dynamic IP, German ISP with 24 disconnectGreat work pfsense team, keep it going on!
 -
Yeah, pfsense is bitchin. I've been using 1.2 Beta 1 for 3 months now and haven't had a single failure. I moved off Microsoft's ISA 2004 firewall.
-
I moved off Microsoft's ISA 2004 firewall.
:o thank goodness for that! :)
back in the day, I setup OpenBSD at my network edge and built the pf.conf by hand, mainly to learn, and liked it a lot. eventually got lazy, and setup a soekris/m0n0wall, but wished it was openbsd based or at least had pf. then I heard about pfsense, but I just sort of followed the progress forever and never tried it. eventually my network expanded and outgrew m0n0 and I required some of pfsense's better features like loadbalance, and I'm pretty impressed. I don't use captive portal nor have tons of users, I just have a handful of very bandwidth hungry users and I wouldn't use anything other than pfsense at this point