Archive for 2009

The FreeBSD Foundation needs donations

Tuesday, December 29th, 2009

The FreeBSD Foundation needs donations to meet their 2009 goal. They provide very important funding to the FreeBSD project, which serves as the base of the pfSense project. They are a not for profit organization, so your contribution may be tax deductible.

Merry Christmas from the pfSense team – 2.0 now beta!

Saturday, December 26th, 2009

Our Christmas gift to the community is our 2.0 release reaching the beta milestone.

What does this mean? The release is feature complete, with no new features being added, and should stay relatively stable throughout the remainder of the development process. That’s not to say it’s production ready though, most of our developers are using it in production and have been for months, but unless you have a solid understanding of the underlying system and can manually verify the configuration, 2.0 is not yet for you.

To answer the inevitable “when will it be released?” – as always, “when it’s ready”. The release will happen sometime in 2010, but as for a more specific timeline, we can’t provide one at this time.
Read the rest of this entry »

pfSense on FLOSS

Thursday, December 24th, 2009

Scott and I are on FLOSS 101 discussing the project, check it out. Thanks much to Randal Schwartz and Leo Laporte for having us! FLOSS Weekly is a podcast covering free and open source software.

1.2.3 Release Available!

Thursday, December 10th, 2009

1.2.3 release is now available! This is a maintenance release in the 1.2.x series, bringing an updated FreeBSD base, some minor enhancements, some bug fixes, and a couple security updates. We’ve been waiting a few weeks in anticipation of a FreeBSD security advisory for the SSL/TLS renegotiation vulnerability, which came last week and allowed us to finalize the release.

Change list

The primary changes from 1.2.2 are listed below.
Read the rest of this entry »

Book foreword / first reviews out

Tuesday, November 10th, 2009

Glad to see two book reviews on Amazon already, both with five stars!

I was thrilled to have the foreword for the book written by one of my favorite authors, Michael W Lucas, the author of Absolute FreeBSD, Absolute OpenBSD, Cisco Routers for the Desperate, PGP & GPG, among other things. Thought I would share it here.

My friends and co-workers know that I build firewalls. At least once a month someone says “My company needs a firewall with X and Y, and the price quotes I’ve gotten are tens of thousands of dollars. Can you help us out?”

Anyone who builds firewalls knows this question could be more realistically phrased as “Could you please come over one evening and slap together some equipment for me, then let me randomly interrupt you for the next three to five years to have you install new features, debug problems, set up features I didn’t know enough to request, attend meetings to resolve problems that can’t possibly be firewall issues but someone thinks might be the firewall, and identify solutions for my innumerable unknown requirements? Oh, and be sure to test every possible use case before deploying anything.”

Refusing these requests makes me seem churlish. Accepting these requests ruins my cheerful demeanor. For a long time, I wouldn’t build firewalls except for my employer. pfSense lets me be a nicer person without having to actually work at it. With pfSense I can deploy a firewall in just a few hours — and most of that is running cables and explaining the difference between “inside” and “outside.” pfSense’s extensive documentation and user community offers me an easy answer to questions — “did you look that up?” If pfSense doesn’t support a feature, chances are I couldn’t support it either. But pfSense supports everything I could ask for, and with a friendly interface to boot. The wide userbase means that features are tested in many different environments and generally “just work,” even when interacting with the CEO’s kids’ Windows ME PC connected to the Internet by Ethernet over ATM over carrier pigeon. Best of all, pfSense is built on much of the same software I’d use myself. I trust the underlying FreeBSD operating system to be secure, stable, and efficient.

Security updates? Just click a button and reboot. You need new features? Just turn them on. pfSense handles clustering, traffic shaping, load balancing, integration with your existing equipment through RADIUS, IPsec, PPTP, monitoring, dynamic DNS, and more. Big-name industry suppliers charge outrageous fees to support what pfSense freely provides. If your employer insists on paying for support contracts, or if you just feel more secure knowing you can pick up the phone and scream for help, you can get pfSense support agreements very reasonably. If you don’t need a support contract, I happen to know that Chris, Jim, or anyone else with a pfSense commit bit will let grateful pfSense users buy them a beer or six.

Personally, I don’t build firewalls from scratch any more. When I need a firewall, I use pfSense.

– Michael W. Lucas

Happy 5th anniversary to pfSense

Thursday, November 5th, 2009

Five years ago today, the pfsense.* domains were first registered. The project actually hit 5 years since its inception about 2-3 months ago, living the first part of its life as projectx (some history here) with no website.We’ve come a long way!

Thanks to everyone who has supported the project in any fashion over the past five years. Here’s to even better things in the next 5 years!

And what better way to celebrate than picking up a fresh off the press copy of the pfSense book?

pfSense book now available for purchase!

Tuesday, November 3rd, 2009

Now available on Amazon

NOTE: The print book is still available, however being based on the 1.2.3 version, it is largely obsolete. The 2.1 PDF edition is immediately available for Gold Subscribers. It’s the recommended version for everyone, as it’s been greatly expanded and updated.

Click here for details.

Finally, comprehensive documentation for pfSense is available in print!

Table of contents is available here.

Authored by pfSense co-founder Chris Buechler and pfSense developer Jim Pingle, The Definitive Guide to pfSense covers installation and basic configuration through advanced networking and firewalling of the popular open source firewall and router distribution.

This book is designed to be a friendly step-by-step guide to common networking and security tasks, plus a thorough reference of pfSense’s capabilities. The Definitive Guide to pfSense covers the following topics:

  • An introduction to pfSense and its features.
  • Hardware and system planning.
  • Installing and upgrading pfSense.
  • Using the web-based configuration interface.
  • Backup and restoration.
  • Firewalling fundamentals and defining and troubleshooting rules.
  • Port forwarding and Network Address Translation.
  • General networking and routing configuration.
  • Bridging, Virtual LANs (VLANs), and Multi-WAN.
  • Virtual Private Networks using IPsec, PPTP, and OpenVPN.
  • Traffic shaping and load balancing.
  • Wireless networking and captive portal setups.
  • Redundant firewalls and High Availability.
  • Various network related services.
  • System monitoring, logging, traffic analysis, sniffing, packet capturing, and troubleshooting.
  • Software package and third-party software installations and upgrades.

At the end of this book, you’ll find a menu guide with the standard menu choices available in pfSense and a detailed index.

Buy now

Thanks for your support!

AnyTerm package added

Saturday, October 17th, 2009

A new package that provides a full terminal via webpage has been added.  This little gem of a package uses AJAX and provides full terminal emulation allowing for full screen terminal applications like vi, nano, top and so such to run perfectly!

The package also provides support for STUnnel.   However there is a known bug with STUnnel on the Certificates tab that we are working on but the default SSL Certificate works OK.

Check out a few screen shots

HAProxy package has landed!

Wednesday, October 14th, 2009

What started originally as a base system option written by Remco Hoef was rescued from the dead, brought up to the latest HAProxy standard and then turned into a full blown package so that it can run on 1.2.3 and 2.0!

Check out these screen shots:

http://twitpic.com/lgtba
http://twitpic.com/lgldl
http://twitpic.com/lgl3o
http://twitpic.com/lgkj3
http://twitpic.com/lgkid
http://twitpic.com/lgfea
http://twitpic.com/lgkjn

Install the package and let us know what you think!

1.2.3-RC3 now available!

Thursday, October 8th, 2009

After several months since the last official 1.2.3-RC release, because of some tough issues in the underlying software that are now resolved, 1.2.3-RC3 is now available.

The final release will be coming very soon, please help test.

The major changes since 1.2.3-RC1:

  • NAT-T support has been removed. Adding it brought out bugs in the underlying ipsec-tools, causing problems in some circumstances with renegotiation and completely breaking DPD. These issues are fixed in the CVS version of ipsec-tools, but it’s still considered alpha, and we found different problems when attempting to use it instead. NAT-T will be back in the 2.0 release, where it’s not as much of a pain since NAT-T is now in stock FreeBSD 8.
  • Read the rest of this entry »