Why PFsense sucks
-
PFsense works. Ok. but after that it's pretty much a maze.
Examples
It's really easy to switch a dynamic Ip address to a static ip address with one click. Ok. Then try finding any way to delete that static setting back to a dynamic setting. Good luck.
Go to the interfaces menu and choose WAN. Just click on the innocuously named 'insert local mac address' and voila your internet connection is gone, forever. Win 7 just will not reconnect under any circumstances (even a complete reinstall) because PF sense has turned your local system off. Hope you have a 2nd computer that can access PFsense and hope you have a backup of PFsense setting so you can fall back because if not you are SOL.
Try setting up WHS remote access (Windows Home server for those here who always ask what is WHS) Good luck. WHS UPnP setup works on every router available from $20 cheapstreet routers to $3,000 ones however PFsense accepts the settings from WHS and then simply ignores them (really)
and many many more.
I actually like PFsense and I use it but it truly sucks.
(oh yeah and i'm sure somebody here will say 'but it's so easy to do so & so' well yeah it may be 'for you' but that sort of makes my point (this being the PFsense user board)
-
I think the subject could be changed to Why Newbie/windows admins sucks.
If you can't configure your pfsense with your windows(arg!) services, buy some support hours from core team to do it for you.
As it is an open source firewall, you can get all your knowledge and help the project instead of complaining.
-
As you mentioned there is many other possibilities to use than only pfsense. Switch what ever you like
-
Go to the interfaces menu and choose WAN. Just click on the innocuously named 'insert local mac address' and voila your internet connection is gone, forever. Win 7 just will not reconnect under any circumstances (even a complete reinstall) because PF sense has turned your local system off. Hope you have a 2nd computer that can access PFsense and hope you have a backup of PFsense setting so you can fall back because if not you are SOL.
Sadly, that's a user problem. All you need to do is temporarily change the NIC mac on the windows system to re-access the box.
-
PFsense works. Ok. but after that it's pretty much a maze.
Examples
It's really easy to switch a dynamic Ip address to a static ip address with one click. Ok. Then try finding any way to delete that static setting back to a dynamic setting. Good luck.
Services > DHCP Server > oh shit, the mapping it's there and there is a one click button to delete it… too complicated...
Go to the interfaces menu and choose WAN. Just click on the innocuously named 'insert local mac address' and voila your internet connection is gone, forever. Win 7 just will not reconnect under any circumstances (even a complete reinstall) because PF sense has turned your local system off. Hope you have a 2nd computer that can access PFsense and hope you have a backup of PFsense setting so you can fall back because if not you are SOL.
You should know how to use a feature before you actually use it… its not pfsense problem.
Try setting up WHS remote access (Windows Home server for those here who always ask what is WHS) Good luck. WHS UPnP setup works on every router available from $20 cheapstreet routers to $3,000 ones however PFsense accepts the settings from WHS and then simply ignores them (really)
so, it's a bug? you are sure? REALLY???? then report it, the pfsense team will be very pleased to address this bug on the next update.
and many many more.
I actually like PFsense and I use it but it truly sucks.
(oh yeah and i'm sure somebody here will say 'but it's so easy to do so & so' well yeah it may be 'for you' but that sort of makes my point (this being the PFsense user board)
Many more like what?
And finally, if you dont like pfsense, there many more others open source firewall, give a try
Firewalls
http://www.endian.com/
http://www.smoothwall.org/
http://www.clearfoundation.com/
m0n0.ch/
http://www.ipcop.org/
http://www.brazilfw.com.br/and many more…
-
pfSense is not a perfect product, but with your help it can be made better. Unfortunately your post lacks the necessary details for anybody to offer any substantive help.
If you are sincerely seeking help with your issues then you would be wise to separate each one into a separate thread in the appropriate section of this forum, and there provide the standard information that one should include when posting in any help forum (software versions, expected/observed behaviour, steps to reproduce, etc).
If, on the other hand, you just came here to rant, then see the above responses. :)
-
Try setting up WHS remote access (Windows Home server for those here who always ask what is WHS) Good luck. WHS UPnP setup works on every router available from $20 cheapstreet routers to $3,000 ones however PFsense accepts the settings from WHS and then simply ignores them (really)
Do you ever setup NAT and Firewall rules? i'm using a http reverse-proxy on my box so I knew it would not work correctly with UPnP. Just create port forward rules for TCP 80, 443, 4125 and point them to your WHS box.
-
I hope you don't work in IT… People like you give us a bad name. Study up before you come on here spewing your bullshit.
-
It sounds like the complaint is this: "pfSense is powerful enough, and gives the user enough control, that the user is capable of shooting him/herself in the foot if they do something stupid." The poster would rather have a dumbed down appliance that does a whole lot less, while requiring less of the user.
I like power and control, and I understand that with that power comes risk.
It sounds like the OP would do better with a different solution. And no matter what, the OP should definitely stay away from any of the Unix/Linux versions out there. Did you know that if you log in as root (the only user the system comes stock with) and accidentally run "rm -rf" from the top directory you'll delete everything on the server? Worse, this bug has existed for more than 40 years! It must be total crap…"=
-
It sounds like the complaint is this: "pfSense is too powerful, and gives me to much control, that I am capable of shooting myself in the foot when I do something stupid."
There, fixed it for you.
I like power and control, and I understand that with that power comes risk.
And thus great responsibility.
-
Well..not worth saying that this kind of post should be avoided when dealing with any open source project. If you don't like a product clearly state why and, most important, how other porject faces the problem. Otherwise it is just like saying you don't like pfsense because of the icons in the web interface….
Now, to get it real, I was used to have several linux firewalls and hardware gateways (e.g., zywall). I switched to pfsense a few years ago, and I'm amazed. First of all FreeBSD is probably the best operating system in the open source landscape. Second, pf is surely the best packet filtering. Third, the support (even not commercial) is great. Of course, all you get for free requires at least you study and understand it. Do your homework.
Finally, what makes you thinking that is the pfsense product a mess and not your IT skills?
-
"PFsense works. Ok. but after that it's pretty much a maze. "
Seriously i hate saying this but talk like this makes you seem worse than a Newbie. You're the kind that thinks your an IT pro and can't tell your ass from your face. Pfsense is the least complicated thing out there to get working. If you don't know what port forwarding is then you should take up knitting and pay someone to help you.
If you came on here to ask Questions, use the search! But flat out saying it's complicated! disconnect your router turn off your pc firewall and plug your computer directly to your modem there is nothing to worry about.
:(
-
You know what? After using PFSense on and off in the past year or two, I agree with you. I did a lot of work with it when I needed to create a wireless (WAN) to wireless (LAN) bridged network. After frustrating native driver support, I decided to go with Win XP and NAT32 instead. It worked very well, especially since OEM driver support was WAY better than BSD. And, really, the lack of 802.11N on BSD was another buzz kill. Anyways, even when I got PfSense to work well with the wireless bridged network, I noticed a lot of cludgey or unstable things about PfSense. I've worked in IT for over 12 years with enterprise J2EE software. When we come across middleware that acts up when you change a setting, and STILL acts up after you revert back to the previous changes, we call that middleware UNSTABLE. I mean, a stable system should revert back to its initial conditions when all modifications or changes are rolled back. PfSense? Nuh uh.
Anyways, I've had to revert back to PfSense recently since WinXP only supports ad hoc networking for host ap mode. I figured things must have improved since I was on 2.0 beta a year ago. It did seem to be more stable at first and working well. However, I'm now realizing that PfSense does weird things under the covers that makes the system still unstable. For example, last night I connected our WAN to a new AP and made some changes to the WAN settings–I selected to block private networks. I also have the WAN persist changes. When I reboot, it starts up fine and connects to the AP; but, I'm no longer able to go out to the Internet. WTF? I also notice that PfSense can no longer detect updates. So, that means it's not able to connect to the remote build server. So, I try to ping from the machine to the yahoo.com. No response. I remember in the past, when things like this go awry on the wireless WAN interface, rebooting several times some how miraculously works. So, I reboot a couple of times, and lo and behold, it's working again. WTF???
Oh, and another weird thing I've noticed is that before, if you scan for wireless networks and the wireless interface is on a certain channel, PfSense will only detect AP's on that channel. It was like that in Beta and in the final release build. Some time since last night, and I did not update the build since I first installed PfSense a couple of months ago, I've noticed that no matter what channel I put the interface on (not auto), it will now scan ALL channels on the wireless status page. WTF??? When did THAT change? I mean, I'm not upset by that, because I think that's how it SHOULD work; but, it wasn't working like that before.
I could go on and on about weird, quirky things like this in PfSense. But, what's the point? At the very least, though, I think people should be aware that it's somewhat cludgey and unstable.
-
I was a bit surprised to see Windows XP, although chunking up lots of CPU usage compared to PfSense on the small Asus 2g, actually held its own in terms of battery performance. Both builds run approximately 2+ hours on an old battery. Pretty impressed.
And now you do a 180…
I think Im more in agreement with marcelloc...
I think the subject could be changed to Why Newbie/windows admins sucks.
If you want to express your input on the project, why dont you use your 12 years experience and help by helping to fix any alleged problems.
1. Bring your problems to light.
2. Show how to reproduce.
3. Help by testing the fixes.
What you have complained about would be good to understand and get fixed if it exists. The devs here have built a first class product and would not want to have issues hanging out there.
-
Go to the interfaces menu and choose WAN. Just click on the innocuously named 'insert local mac address' and voila your internet connection is gone, forever.
"I created a MAC address conflict, why does my network no longer work?"
Obviously you have no idea what you're doing. What you did there will break every network device on the planet.
-
I was a bit surprised to see Windows XP, although chunking up lots of CPU usage compared to PfSense on the small Asus 2g, actually held its own in terms of battery performance. Both builds run approximately 2+ hours on an old battery. Pretty impressed.
And now you do a 180…
No, not really. I was actually surprised that Win XP wasn't as much of a drain on the battery as I thought it would be. I am pretty damn impressed by the way Win XP runs on that little guy as compared to a X-Windows-less system like PFSense on FreeBSD.
Yes, and I still stick by my assertion now: I really do think PfSense, although nicely architected, is poorly implemented. For instance, just now I could not log onto the LAN interface. I was connected to the host_ap interface and received a DHCP lease on that subnet. So, why wasn't I able to log on web configurator much less ssh or ping that machine??? Even after many reboots and debugging exercises, I had to move config.xml to / and then restore the entire system from factory default. Then, after it rebooted and I went through that whole initial config spiel, I recopied config.xml from / to cf/conf. I rebooted and only THEN was I able to get on web configurator. I mean, WTF??? It was working fine one minute, then completely hosed the next?? I don't get it.
And the weirdest thing is, I think the entire firewall table is hosed now. I can see that the wireless WAN interface has a DHCP lease from our AP; I can see the IP information through ifconfig; but I can't ping any host on the Internet. I went to check the NAT and firewall rules and everything seems to be make sense. So, I deleted all the rules, etc…, and recreated them, rebooted, and I still cannot ping any host on the Internet. WTF???
You know what? I give up. I'm going back to Win XP and NAT32. To hell with infrastructure AP. I'm telling my guys to use their tablets at home.
-
More then 100.000 installs and you realy think the problem is with pfsense?
I don't think so.Windows xp is old, unsecure and bug full.
Real IT Administrators don't use Windows xp for nothing.
Try something else, grow up your nowledge.Go to console, do some tcpdumps.
-
As a standard install I would expect Windows XP to have far better power management than pfSense.
pfSense is not expecting to be running on a laptop. By removing or disabling many power management features that are present in FreeBSD the standard pfSense install is more stable and more secure.
That doesn't mean to say that you can't add those same features back in you install. I have reduced the power consumption of my own box quite considerably by playing with the options but I also crashed it a number of times by enabling things that weren't fully/correctly supported by my hardware.I will agree with you that wireless is networking is not pfSenses strongest feature! I am using a mini-PCI card as an AP myself but I had to do some tweaking to get it running reliably.
I'm sorry that your pfSense experience hasn't been a good one. :(
Steve
-
I can't decide if this was a troll or if this guy was legitimate. I'm not sure which would be funnier.
-
@submicron:
I can't decide if this was a troll or if this guy was legitimate. I'm not sure which would be funnier.
My thoughts exactly…
Hmmm, pfSense or WinXP+NAT32, that's a tough decision ;D
