IPSEC in pfSense 1.2.1
As I been perusing the forum, it is obvious the release of 1.2.1 is coming 'soon.' With that said, a couple of question to those who have already deployed or tested IPSEC in 1.2.1 beta/rc.
1. How does it interoperate with another vendor (using site-to-site) - does it work with Cisco, Sonicwall - please provide the other vendor you verified with (yes I have similar question for 1.2).
NOTE: Not sure it matters since its based off of FreeBSD 7 release which went towards only Fast IPSEC - no longer KAME - hence a question on interoperability.
2. Does Shrew client work fine with this release?
We were already using fast_ipsec in 1.2 so no change there.
We have wildly differing reports on operability. I work mostly with Draytek routers or other pfSense machines with site-site tunnels.
I do know of atleast one Cisco 3005 VPN concentrator I am connecting 2 site to sites on.
The Shrew Soft client works with pfSense 1.2.x but in a degraded fashion. That said, I don't think other clients would work any better. The major shortcoming is that the 1.2.x versions of pfSense do not take advantage of the ipsec-tools features which improve compatibility with mobile clients. For a bit more detail, please see the issues section of the Shrew Soft Zywall howto ( it has many similar problems ). http://www.shrew.net/support/wiki/HowtoZywall#KnownIssues
The 1.3 version of pfSense will address most of the 1.2.x shortcomings. Please see this blog entry for more details …