IPSEC in pfSense 1.2.1



  • As I been perusing the forum, it is obvious the release of 1.2.1 is coming 'soon.'  With that said, a couple of question to those who have already deployed or tested IPSEC in 1.2.1 beta/rc.

    1.  How does it interoperate with another vendor (using site-to-site) - does it work with Cisco, Sonicwall - please provide the other vendor you verified with (yes I have similar question for 1.2). 
        NOTE:  Not sure it matters since its based off of FreeBSD 7 release which went towards only Fast IPSEC - no longer KAME - hence a question on interoperability.

    2.  Does Shrew client work fine with this release?

    Thank you.



  • We were already using fast_ipsec in 1.2 so no change there.

    We have wildly differing reports on operability. I work mostly with Draytek routers or other pfSense machines with site-site tunnels.

    I do know of atleast one Cisco 3005 VPN concentrator I am connecting 2 site to sites on.



  • The Shrew Soft client works with pfSense 1.2.x but in a degraded fashion. That said, I don't think other clients would work any better. The major shortcoming is that the 1.2.x versions of pfSense do not take advantage of the ipsec-tools features which improve compatibility with mobile clients. For a bit more detail, please see the issues section of the Shrew Soft Zywall howto ( it has many similar problems ). http://www.shrew.net/support/wiki/HowtoZywall#KnownIssues

    The 1.3 version of pfSense will address most of the 1.2.x shortcomings. Please see this blog entry for more details …
    http://blog.pfsense.org/?p=211


Locked