Help finding the right firewall distro

N

nand11

n00b
Joined
Jun 24, 2012
Messages
11
I have been looking for a simple and easy to use firewall distro that also has the features I am looking for. I am currently using pfsense which is anything but simple, but "seems" so be capable of doing what I want, but I need something that is as simple as your standard store bought router, or close to it. I have computer knowledge, just very little networking expericence.

I need to beable to connect the distro to a VPN so that all connected lan computers go through the vpn (three weeks and I still havent been able to do this in pfsense). An easy to configure QoS would be nice, but not that important. And I have a Dlink DIR655 router that is configured as an AP.

I am looking at Endian community edition, but it stated that it doesnt do wifi.

Can anyone help me out a little here? pfsense is just way to over complicated for me to want to continue to use on a daily basis.

EDIT: the VPN service uses OpenVPN
 
Last edited:
pfsense is probably the best distro around, unfortunately no distro can teach your want you need to know ;-)

You can give m0n0wall a spin which is a "baremetal" version of pfsense (pfsense kinda derived from m0n0wall).
//Danne
 
Could try untangle, thats fairly simple, and the gui is easy to use. the "lite" pack should solve all his issues easy and free.
 
diizzyy said:
pfsense is probably the best distro around, unfortunately no distro can teach your want you need to know ;-)

You can give m0n0wall a spin which is a "baremetal" version of pfsense (pfsense kinda derived from m0n0wall).
//Danne
Click to expand...

+1 to PFSense.
Based on FreeBSD 8.1 for v2.0.1, one of the most rock-solid UNIX firewalls I've seen.
Just make sure to install the SMP-kernel.
 
I probably should have mentioned the pc is a 600MHz Celeron, with 512MB SDRAM and for just that reason I wouldnt mind sticking with pfsense because its light weight, but I just cant figure out the simplist things. If someone could possibly aid me in setting up my VPN connection I might just stick with pfsense. The service i use is called VPNReactor these are their setup instructions here, but they dont seems to give me enough info to setup the connection in pfsense. I have read countless tutorials on how to setup a VPN connection but with no luck at all.

Also does pfsense offer any kind of QoS? I dont see it in the webui.
 
Thanks for all the amazingly quick replys, and the tip about the traffic shaper. If I could just get my VPN connection setup I will probably stick with pfsense. Anybody have any ideas? Ive tried every tutorial I could find, and no luck so far.
 
nand11 said:
Thanks for all the amazingly quick replys, and the tip about the traffic shaper. If I could just get my VPN connection setup I will probably stick with pfsense. Anybody have any ideas? Ive tried every tutorial I could find, and no luck so far.
Click to expand...

how are you testing it ?

you have 2 public ip's at home
 
dashpuppy said:
how are you testing it ?

you have 2 public ip's at home
Click to expand...

I dont understand your question, I only have one public IP, its a single cable internet connection. I am trying to send all my internet traffic through a VPN connection. I currently use the VPN on my main comuter running Ubuntu 12.04 and it works great. But Im trying to have the router (pfsense) connect to the VPN instead of my desktop, so that all of the computers on my lan will go through the vpn, instead of just my main system. Im using a paid subscription VPN service called VPNReactor, there website is vpnreactor.com if you need more info.
 
nand11 said:
I dont understand your question, I only have one public IP, its a single cable internet connection. I am trying to send all my internet traffic through a VPN connection. I currently use the VPN on my main comuter running Ubuntu 12.04 and it works great. But Im trying to have the router (pfsense) connect to the VPN instead of my desktop, so that all of the computers on my lan will go through the vpn, instead of just my main system. Im using a paid subscription VPN service called VPNReactor, there website is vpnreactor.com if you need more info.
Click to expand...

you are nuts..
 
How so? is what im wanting to do not possible? I know there is a guide to do this on DDWRT, but it actually seems like even more of a hassle. Like I said I am very experienced when it comes to computer hardware and software, but networking in general is a terratory ive never really messed with aside from your basic ftp servers and such. If what I'm wanting to do is completely assanine let me know. This is a real learning experience for me, frustrating, but fun none the less.
 
nand11 said:
How so? is what im wanting to do not possible? I know there is a guide to do this on DDWRT, but it actually seems like even more of a hassle. Like I said I am very experienced when it comes to computer hardware and software, but networking in general is a terratory ive never really messed with aside from your basic ftp servers and such. If what I'm wanting to do is completely assanine let me know. This is a real learning experience for me, frustrating, but fun none the less.
Click to expand...

more pointless than anything, why are you doing this ? you do know if you do this, that your internet browsing will be very slow.
 
I just like having the added layer of protection, I dont like the idea that my ISP can easily monitor what I'm doing online. Im not really doing anything bad mind you, I just like staying as private as possible online.

As far as my speed goes I have been using this service for a few weeks now and I generally get between 18MB/s - 28Mb/s, which is about the same speed I get without the VPN.

I have been browsing the forum here between checking for replies and found this guide here, its too late here to take it on now, but I'm going to take a crack at it when I get home from work tomorrow.

Also, I have been to this forum quite a bit just from doing google searches over the years, but I've never actually checked out what all is here, this forum is absolutely awesome, I cant believe I never made an account before.
 
nand11 said:
I just like having the added layer of protection, I dont like the idea that my ISP can easily monitor what I'm doing online. Im not really doing anything bad mind you, I just like staying as private as possible online.

As far as my speed goes I have been using this service for a few weeks now and I generally get between 18MB/s - 28Mb/s, which is about the same speed I get without the VPN.

I have been browsing the forum here between checking for replies and found this guide here, its too late here to take it on now, but I'm going to take a crack at it when I get home from work tomorrow.

Also, I have been to this forum quite a bit just from doing google searches over the years, but I've never actually checked out what all is here, this forum is absolutely awesome, I cant believe I never made an account before.
Click to expand...

So you don't trust your isp, but you trust some vpn service provider ? Weird, personally, id just build a proper firewall ( yes build and pick a distro ) and call it a day.

I know where you are going with this, but it's kinda pointless.
 
I'm curious as to why people use VPN services just to "hide" their internet traffic. Whether through your ISP or through the VPN provider, if "they" want your information "they" will get it somehow. I'm not bashing the OP, I'm just curious.
 
True, if "they" really want my information they can get it. The way I'm looking at it, the more roadblocks they have to go through to get my information the less likely they are to bother with me. Even I know how to find some basic info just using someones IP address, but it is much harder to get any info at all from a VPN IP address, 100's of other people could all be using the same IP. It's not bullet proof in the least, but it does make it less likely that anyone would bother with me.
 
@ Red Falcon
The SMP kernel is pretty much useless if you "just" use the firewall and QoS (altq) since its single threaded. :)
//Danne
 
The only vpn service I would trust is one that I manage myself off a server that is leased or collocated. I can understand wanting to do this with the RIAA and MPAA being completely insane lately, but they can as easily tell a vpn service provider to spill the beans as they can tell your ISP. At least if you run the VPN service, you'll know that they want in as they'll be contacting you demanding access. Though guess technically they could just contact the data enter directly, as well and do it under your nose. So it's a tough battle.

As for the original question, I'll give a +1 to pfsense. I use it at home and it's rock solid and very customizable.
 
untangle has what you want...

i'd say it's even simpler than a lot of store bought routers (i'd take the job of configuring an untangle box way before a Zyxel router)

that said i may be slightly biased as i've deployed a LOT of untangle boxes...

tired of the bloat and nickel and diming of untangle... moving on to pfsense and Mikrotik now...


EDIT: after reading the rest of your thread..... nm... you should get a device that connects to your VPN directly...
 
Last edited:
+1 vote for Untangle. It does not have all the bells and whistles of pFsense but it is dead simple to use.

P.S. I switched from pFsense to Untangle due to my inability to really master pFsense.
 
goodcooper said:
untangle has what you want...

i'd say it's even simpler than a lot of store bought routers (i'd take the job of configuring an untangle box way before a Zyxel router)

that said i may be slightly biased as i've deployed a LOT of untangle boxes...

tired of the bloat and nickel and diming of untangle... moving on to pfsense and Mikrotik now...


EDIT: after reading the rest of your thread..... nm... you should get a device that connects to your VPN directly...
Click to expand...

THATS WHAT HE IS TRYING TO DO !

trying to Setup his home firewall to his vpn provider..
 
It is OpenVPN (I really should have mentioned that in the op, ill edit it.) I have actually tried untangle in VirtualBox but the OpenVPN client software in untangle wants me to import some configuration file that I dont have, and there is no other way to set it up, atleast not that I can see. There was no place for me in input the server address, user name, pass, nothing.

I also didnt like how untagle charged annual fees to do certain things that other distros do for free. On the note of paid firewall distros, both DDWRT and Endian have free x86 versions, but they both state that they dont support wifi hotspot with the free version, since im using a seperate AP for my wifi would I beable to still use my wifi AP with the free version of either? or would it not allow it?
 
nand11 said:
It is OpenVPN (I really should have mentioned that in the op, ill edit it.) I have actually tried untangle in VirtualBox but the OpenVPN client software in untangle wants me to import some configuration file that I dont have, and there is no other way to set it up, atleast not that I can see. There was no place for me in input the server address, user name, pass, nothing.

I also didnt like how untagle charged annual fees to do certain things that other distros do for free. On the note of paid firewall distros, both DDWRT and Endian have free x86 versions, but they both state that they dont support wifi hotspot with the free version, since im using a seperate AP for my wifi would I beable to still use my wifi AP with the free version of either? or would it not allow it?
Click to expand...

you can't export your information from the site that gives you the vpn ? that should be able to be imported into untangle,

BTW you want untangle on it's own box at your house ....
 
dashpuppy said:
you can't export your information from the site that gives you the vpn ? that should be able to be imported into untangle,

BTW you want untangle on it's own box at your house ....
Click to expand...

Im not sure what information to export, or in what format it requires it, the only file I can get from the site is "ca.vpnreactor.crt", but I dont think that what untangle is looking for.

Also I do run a dedicated box, I just use virtualbox to test out the different distros before I do a full install. I only have the one system, so when its offline my entire house is offline, so I only want to do a reinstall if I know I'm going to stick with with it. I dont want to distro hop all day on my router, I have a few other people in the house that would probably get pretty angry :D
 
dashpuppy said:
you can't export your information from the site that gives you the vpn ? that should be able to be imported into untangle,

BTW you want untangle on it's own box at your house ....
Click to expand...

untangle's "zip" file for vpn settings is more or less proprietary... it's all open so it wouldn't be too hard to figure out what is going on, but it's NOT going to be as simple as him getting a .zip from his provider and uploading it to his untangle box... unless of course the place expressly states that it supports untangle...


nand11 said:
Im not sure what information to export, or in what format it requires it, the only file I can get from the site is "ca.vpnreactor.crt", but I dont think that what untangle is looking for.

Also I do run a dedicated box, I just use virtualbox to test out the different distros before I do a full install. I only have the one system, so when its offline my entire house is offline, so I only want to do a reinstall if I know I'm going to stick with with it. I dont want to distro hop all day on my router, I have a few other people in the house that would probably get pretty angry :D
Click to expand...

however you do it op, it's not going to be easy to configure setup... but pfsense WILL do what you need probably easier than untangle will...

i tried for a while getting untangle openvpn to work w/ other devices and it was incredibly frustrating... at least pfsense has a lot more documentation on the lower level side of things...

untangle's openvpn is fantastic (i've got ~20 boxes deployed all connected via VPN) as long as you're only using other openvpn boxes or the software clients to connect...
 
I believe Mikrotik will connect to an OpenVPN tunnel. I'd personally go that route.
 
YeOldeStonecat said:
Since this "VPN Reactor" service supports other types of VPN..such as PPTP.https://www.vpnreactor.com/wxp_pptp.html

And....PFSense supports PPTP...can someone confirm if PFSense can be a PPTP VPN client? If so..there ya go!
Click to expand...

I have considerd that, except that I have heard that PPTP tends to be slower than OpenVPN, but secondly with pptp if the VPN connection drops at any point then I will still be connected to the internet without the VPN, but with openVPN if the connection drops then I cant access the internet until I reconnect to the VPN or disable it. Of course I have used their PPTP connection before and my speeds werent bad at all.

I dont know, are there any solid advantages to openVPN vs. PPTP? Of course the drop issue would have to be solved 1st because that happend to me twice during my free trial, but it hasent happend one since i actually signed up and started using openVPN.
 
I stil cant get this connection to work. I followed the guide I linked to the other day until I realized its not what Im trying to do...again. I messed around a little on my own and still came up with nothing.
 
I like astaro which is now sophos. I am running beta 9 which is now a release candidate version and it is what we use for all of our new clients. In fact we are getting ready to change over all clients running untangle to astaro.
 
mds2004 said:
I like astaro which is now sophos. I am running beta 9 which is now a release candidate version and it is what we use for all of our new clients. In fact we are getting ready to change over all clients running untangle to astaro.
Click to expand...

I downloaded it and installed it too :)

I didn't look yet but does it do vlan ? Or just multiple interface..
 
You must log in or register to reply here.
Back
Top