Archive for March, 2008

Couple nice write ups on pfSense

Saturday, March 29th, 2008

First a user from the forum who has replaced his Cisco PIX firewall with pfSense. This is far from the first person who has replaced a PIX with pfSense, we know of numerous others ranging from the small office PIX 501 to the enterprise class PIX 535. In most networks, pfSense can do everything the PIX can, and at a significantly lower cost even with commercial support.

Another person with a blog entry with a nice multi-WAN howto.

Write up something about pfSense on your site you would like to share? Email a link to us, we’d be glad to link it here.

Registration now open for BSDCan and pfSense Tutorial!

Sunday, March 23rd, 2008

BSDCan 2008 registration is now open, including registration for the pfSense Tutorial on May 14, 2008 at 9:30 AM local time in Ottawa (same as Eastern US).

In addition to our 4 hour pfSense training session, there are many more compelling tutorials and sessions.

This looks to be another great year for BSDCan, make your plans now!  Travel information can be found on the BSDCan site.

Those of you who register for the pfSense tutorial, please email us to let us know you have registered. We’d like to know those who will be attending ahead of time, and we won’t find out until that day otherwise. Also include anything specific that is a priority for you to get out of the session. We will try to accommodate any specific requests from attendees.

The night after the tutorial we’ll be at one of the local bars within walking distance from the residence where we’ll be staying, and we invite everyone to join us. We’ve had some great discussions with pfSense users in past years that has helped shape the project.

A note for US citizens looking to attend
You will need a Passport to make the trip, however don’t let that hold you back. It’s a painless process. You can get the picture taken at Walmart for like $8, and find the rest of the information you need on the US State Department Passport site. Customs has never been a problem.

For those of you not in the US, unfortunately I’m not familiar with your requirements for travel. The travel page on the BSDCan site has information that may be helpful.

We look forward to seeing you at BSDCan!

Anybody still using BigPond WAN type?

Saturday, March 15th, 2008

The BigPond WAN type was reportedly phased out last November. It has been removed from pfSense, but I wanted to post here to make sure everyone who was previously using BigPond on their WAN has now switched to DHCP, static IP, or one of the other supported methods. If your ISP still requires BigPond configuration on your WAN, please let us know.

What’s coming in 2.0

Saturday, March 15th, 2008

This release already contains some significant new features. Among them:

  • Traffic shaper completely rewritten – now supports any number of internal interfaces and multiple WAN interfaces. This work is 99% finished and is working exceptionally well in our testing. Thanks to Ermal Luçi for doing the work, and the numerous people who contributed to the bounty to make this happen!
  • User manager – multiple administrative users can be created, with varying levels of access. Access groups can be defined to easily grant identical access rights to multiple users. Rights can be defined individually for each page in the web interface.
  • LDAP authentication – LDAP is integrated into the user manager so pfSense can authenticate from any LDAP server. Microsoft Active Directory and Novell eDir have been throughly tested, though any LDAP server should work. You can even define groups in your directory and assign rights in pfSense to those groups.
  • Significant OpenVPN improvements – these are still a work in progress, more info to come.
  • Routing improvements – still a work in progress as well, but will allow more flexible routing capabilities.

Packages all fixed

Saturday, March 15th, 2008

Over the past couple days, the packages have all been fixed bit by bit. As of right now they should all be working. If there are any that still do not work please let me know.

We also have all the packages pointing to our servers now, so packages will break far less frequently from now on. Virtually all package breakage in the past has been related to disappearing or moving files on servers we don’t control, which will no longer be an issue.

Some packages are broken

Wednesday, March 12th, 2008

FreeBSD removed 6.2 packages from all their mirrors, which broke a few of our packages. I fixed as many as I could with files we already had, or that I could still find, but some are still not working. We’ll have to build these packages ourselves, and it’ll be this weekend before anyone will have time to do so.

Going forward we are only going to use package files from our servers so we don’t get bitten by similar situations in the future.

USB CD-ROM support coming in next release

Tuesday, March 11th, 2008

FreeBSD now has a fix for the long standing issue preventing installations using USB CD-ROMs from working properly! Thanks to John Baldwin for his efforts to fix this, and assisting Scott with getting this into our custom FreeBSD 7.0 builds. This isn’t available in FreeBSD 7.0, but our releases based on 7.0 should support this (though we haven’t tested it yet).

Server move this weekend

Saturday, March 8th, 2008

I’m migrating all the pfSense sites over to a new server this weekend. The main site and blog won’t experience any outages, but the forum will be down at times on Saturday.

Seeking suggestions on presentation topic for NYCBSDCon

Wednesday, March 5th, 2008

NYC*BUG is again putting on the NYCBSDCon conference this October 10 and 11. The call for presentations has gone out, and the organizers, who know Scott and me from past BSDCan conferences, have contacted us to suggest we submit a proposal. I’m looking for suggestions on topics (whether or not you can be there, you’re welcome to comment).

Each talk is 45-50 minutes including time for questions, and from our past presentations at BSDCan we know the questions alone can easily run 30 minutes. So our primary challenge is finding something that will fit into 35-45 minutes, since we want to leave at least 5-10 minutes for group questions. We always talk to numerous attendees after our presentations as well (about 20 people lined up afterwards at BSDCan last year), so we don’t have to fit all the questions into the time alloted.

Strictly introductory material probably wouldn’t be best because pfSense is so widely known and used amongst the BSD community. I expect that possibly more than half of the attendees will be running it somewhere. But any topic chosen would start with at least a 5-10 minute introduction to the project for those who have not used it before. Also would spend about 5 minutes discussing the features currently in development for upcoming releases. We can use pieces of our pfSense Tutorial session for BSDCan 2008, but not nearly all of it since that’s a 4 hour session.

I’m looking for ideas on where to go from there. Whether or not you could attend this particular conference, if you were attending a 45-50 minute talk on pfSense, what would you want to hear about?

PCEngines ALIX boards and pfSense

Tuesday, March 4th, 2008

We have been receiving a lot of requests for help in getting pfSense working on the ALIX board.  The good news is that it does work if you have the latest BIOS version.

Anyone looking to install pfSense on an ALIX, please see this link.