PfSense vs IPCop…

dovad

I've been running an IPCop firewall/router since December. For the most part it's been a good setup however I've become more aware of the BSD's in recent times and feel from my reading that the BSD's may be a more stable platform than Linux in general. I've also noted that the BSD's are the choice of many ISP's and other "large network" entities.

I have become very fond of IPCop's multi LAN segments i.e. Green for trusted nodes, Blue for segregation of WiFi from Green and Orange for servers more exposed to the WAN (I have Vonage and Gizmo VoIP boxes on the Orange segment) and the firewalling between these LAN segments. From what I can see pfSense has the abilities to add additional LAN segments with separate subnets, please correct me if I'm wrong. An issue that I have with IPCop and am hopeful that pfSense will be better at is that the IPSec VPN on my IPCop box often will not work when I am away and need it until I SSH in and reset the box, then it again works.

I am not a professional system admin but a newbie to Linux and BSD.  I am trying to learn UNIX and have started to read "FreeBSD 6 Unleashed".  I'm also planning on setting up a FreeBSD server at home to store files, serve an Intranet and do other network tasks as I learn more.

If anyone has any input on some of the differences in features between IPCop and pfSense and doesn't mind taking the time to post a response I'd be grateful. As I've inferred above, I'm pretty "green" on UNIX but have a strong desire to learn.

Thanks…
Dave Ovad

hoba

IPCOP and pfSense are not really compareable. The underlaying system is completely different (linux/freebsd) and the featureset is as well. IPCOP also has a pretty different design attempt. pfSense can run from livecd with the config stored on a thumbdrive or floppy. Give it a try and judge for yourself. You don't have to install it for just playing around with it before you get addicted  ;D

cmb

You don't need to know anything about Unix or BSD to use pfsense. It's more important to have an understanding of routing and firewalling. pfsense is more flexible and capable in most areas than IPcop, but a consequence of that is it can be more complex. You can have a lot more interfaces in pfsense than IPcop, and you can configure them however you desire.

For remote access VPN, you can use IPsec, but I prefer OpenVPN and would suggest it over IPsec. It's less troublesome because firewalls the client is behind are less likely to break it than IPsec.

Also make sure you use 1.2 beta for new installs, it's a better choice than 1.0 as it's much less buggy.

dovad

I really appreciate the input and I am going to give pfSense a whirl.  Running from a CD to test is a terrific idea and I can do it with my box running IPCop.  Thanks for the suggestion!

In regard to OpenVPN I believe I noted that the port can be specified, is that correct?  I used a flavor of OpenVPN that was using an obscure port (in the 8500 area I believe).  The reason that I've preferred IPSec VPN's is that most hotels don't dare block port 500 due to their corporate customers requirement to connect to their companies networks and IPSec being prevalent.  I will also have to find a client to use with my MacBook.  The last time that I looked the only client available was still not updated to accommodate the Intel Mac's.

Great stuff, and thanks for the input!

Dave

cmb

Yeah most places are going to allow IPsec out, but you can run OpenVPN on any port you wish. By default it's 1194. It's UDP though, so running it on like port 80 may not be helpful if the network only allows TCP 80. But you can run it on UDP 500 if you want, then it should definitely work on any network that allows IPsec.