Why pfSense Sucks

This page is meant to be a constructive area to point out big gaping flaws in pfsense. This page is not for silly comments like "It's not linux", etc. It should serve as a good area for a person investigating if pfSense is right for them. In a nutshell this should be a good place for "seasoned users" to sound off on how pfSense can be better. Please note that we serve the right to remove an item if we feel its not a legitimate issue (ie: not a bug/feature). Nor is this page meant to gripe about timeline and or roadmap.

Current items/areas that sucks:

1. PPTP issues - Cannot have more than 1 pptp sessions outbound through nat at the same time to the same server. This only applies to outbound sessions to a single PPTP server. You can connect a million clients to a million different PPTP servers, but only one client at a time to the same PPTP server. If you have the PPTP server enabled on pfsense you cannot connect out to any PPTP server on the Internet.
2. Traffic shaping limitations - Lack of support for trafficshaping/filtering inside IPSEC-Tunnels, multi-interface shaping not supported
3. FTP on multi-wans do not work w/ the FTP helper.
4. Higher layer capabilities - no existing ability for any layers higher than L4. Application layer inspection would be a substantial improvement. 1) OpenVPN access is unfiltered so you cannot use it to provide limited access ('extranet' services) to 3rd parties
   
5. Cannot filter on OpenVPN tunnels
6. No support for DDNS remote GW on ipsec vpn