Most recent edit on 2008-04-18 01:31:45 by JesseBower [ddns ipsec]

Additions:
1) No support for DDNS remote GW on ipsec vpn

---

Edited on 2007-10-18 12:37:51 by OlafKlein

Additions:
1) Cannot filter on OpenVPN tunnels

---

Edited on 2007-09-24 15:09:32 by PaulMansfield

Additions:
1) OpenVPN access is unfiltered so you cannot use it to provide limited access ('extranet' services) to 3rd parties

---

Oldest known version of this page was edited on 2007-08-18 23:07:15 by ChrisBuechler []

Why pfSense Sucks

This page is meant to be a constructive area to point out big gaping flaws in pfsense. This page is not for silly comments like "It's not linux", etc. It should serve as a good area for a person investigating if pfSense is right for them. In a nutshell this should be a good place for "seasoned users" to sound off on how pfSense can be better. Please note that we serve the right to remove an item if we feel its not a legitimate issue (ie: not a bug/feature). Nor is this page meant to gripe about timeline and or roadmap.

Current items/areas that sucks:

1. PPTP issues - Cannot have more than 1 pptp sessions outbound through nat at the same time to the same server. This only applies to outbound sessions to a single PPTP server. You can connect a million clients to a million different PPTP servers, but only one client at a time to the same PPTP server. If you have the PPTP server enabled on pfsense you cannot connect out to any PPTP server on the Internet.
2. Traffic shaping limitations - Lack of support for trafficshaping/filtering inside IPSEC-Tunnels, multi-interface shaping not supported
3. FTP on multi-wans do not work w/ the FTP helper.
4. Higher layer capabilities - no existing ability for any layers higher than L4. Application layer inspection would be a substantial improvement.