General Questions

I've been interested in many of the features offered by pfsense but I'm reluctant to try it because I'd assume it's less stable with all the features. How have your experiences been with pfsense?

My main use is pretty simple - a few firewall and nat rules, basic traffic shaping... But I mainly want to use pfsense because of the dual WAN capability.

As widely used and well tested as pfsense is now, it's highly unlikely there are any widespread bugs in any of the functionality that exists in m0n0wall at a minimum. New functionality may or may not be an issue, most shouldn't be (other than known limitations). This is a question that's been addressed, and would be better addressed, on the pfsense forum.

well, if I asked the same thing on pfsense forum I'd expect a biased answer.

Maybe you would expect a biased answer but in fact you'd find a honest answer.
People at pfS are very professional and they will admit if there are any flaws, which apparently it's not the case.
I've been using pfS since the early betas and I haven't found any major bugs lately.
Both my offices use pfS on some old PCs and I keep m0n0 on my soekris boxes at home.
Everything works perfectly.
Cheers

thanks john, I think I'll try it out.

Speaking from my own personal experience, pfsense is not as stable as m0n0wall.  These may only seem like minor bugs, but with 1.0.1 I was unable to ftp into any ftp server regardless of port or procedure.  Then in upgrading to a newer build (albeit it wasnt' a final build) to attempt to fix the ftp problem some of my port forwards decided not to work while others seemed to work flawlessly.  Moving back to m0n0 resolved both of these problems.

Not to say pfsense isn't on the right track.  I think I still may end up switching, but as of right now I'm gunna stick w/ m0n0wall.

Speaking also from my own personal experience, pfsense is not bad at all but I also believe it is not as stable as m0n0wall. I switched to PfSense and had some DHCP issues which after much tweaking still could not resolve. I reverted back to Monowall and everything worked like a champ. I may still try PfSense again as it had features that I liked not present on Monowall. Personally I am going to wait a few versions then maybe I will try again.

@komoking & thx2000
I don't upgrade to unreleased builds of pfSense and I haven't had FTP or DHCP issues with it never ever.
I hope both of you have posted your problems either on the ML or the forums at pfS.

Last I tried pfsense, the PPTP sever was almost useless and the Traffic Shaper required a PHD in Computer Science to configure.

Roy...

pfSense did have DHCP issues with some ISP's who do really stupid stuff with their DHCP servers, up until pretty recently. Some people had serious problems because of that, but it's since been fixed, in the last month or so I believe. None of the devs could ever replicate the problem until the last month or so when we finally figured out a situation that caused it to happen repeatedly.

There seem to be some legit issues a few people have with FTP, but most people that refer to the forum posts on FTP that are out there get them resolved. That's something the devs are planning to look into and improve in the near future.

As for rpsmith's comments. There are some PPTP issues that are unresolved, the bulk of which also exist in m0n0wall. There are PPTP server issues that don't exist in m0n0wall. As for the traffic shaper, it's not really easy to dig into but the wizard should handle things for most circumstances. It needs some work, but it's a really difficult component to work with.

The PPTP server in m0n0wall works flawlessly.  I haven't tried it with pfsense lately but as of a month ago it was almost useless.  And as I recall, Scott said no one should even use PPTP and he was concidering removing it all together.  As for pfsense's traffic shaper, it may work fine if the wizard meets your needs but I found it near impossible to tweek.  To be fair, it took me several days of hard work to figure out m0n0wall's traffic shaper and when I realized pfsense's PPTP limitations there was no reason to spend days trying to figure out the traffic shaper.

Also, I have donated money and hardware on numerous ocassions to both pfsense and m0n0wall and will continue to support both.  But I always tell it like I see it. And yes, I could be wrong.

As for Scott's e-mail to me, I would have responded if I had seen it.  It may have went to my hotmail junk folder which I never check.

One final thought on pfsense: Try it for yourself and decide if it meets your needs better than m0n0wall. For me the answer was to reload monowall.

Roy...

I had problems with Captive portal, dual WAN, DHCP, and no help on their forums.  But there are many people that say it works.  I gave up on it.

As for Scott's e-mail to me, I would have responded if I had seen it.  It may have went to my hotmail junk folder which I never check.

Ok, that's fair. I gave you the benefit of the doubt and edited out some of my comment.

One final thought on pfsense: Try it for yourself and decide if it meets your needs better than m0n0wall. For me the answer was to reload monowall.

That's really what it comes down to - try things out, and see if they work in your specific situation. For all the happy m0n0wall users, there are probably hundreds if not thousands of people in the world who have tried m0n0wall and had no luck whatsoever. Most frequently user error, but certainly some people who have run into hardware compatibility issues, amongst other possibilities. 

You can't take one person's experience with any software or system and automatically think it applies to your situation. You're likely to have different systems, different hardware, a different Internet connection, a different network, etc. etc. etc. Not just talking about firewalls here either, this applies to pretty much any software or OS or about anything you'll run into in the IT world.

My problem with pfSense is the added hardware requirements. It doesn't run real well on a WRAP or Soekris solution. m0n0 on the other hand works wonderfully.

I use both monowall and pfsense and both are wonderful. Pfsense has many features intergrated into. Dual WAN, traffic shapper, Squid, Snort, and more encryption types to choose from for IPsec, but I have noticed little things like snort service just shutting down for no reason or squid not filtering traffic as it should. But on a stability aspect pfsense is really on the right path by offering corporate class options at no cost. PFsense will only get better just as monowall will as well.

Monowall is for a more embbed solution, remember where talking firewalls, the less you have to attack the stronger. Monowall is not designed for addtional packages to be added and it does it's job well. Just a simple strong stable firewall. I can't really say I have a preference over either or. To me both are just fine and it depends on what an individual needs to do at task.