Ok, I am trying to sort out which Linux firewall distribution will best suit my needs. At the moment I have a Smoothwall, which works pretty well for me. My biggest problem with it is the lack of a built in client-server VPN solution (at least as far as I can tell). My biggest priorities are ease of setup and administration (I like to think of myself as being pretty good with computers, but hey, when is ease of setup a bad thing?), robust VPN capabilities (I assume I will be using IPSec or OpenVPN), and general variety of features. I want the variety of features to keep me occupied. I want to be able to set this thing up in a matter of an hour or two for basic functionality but, after initial setup a nice array of stuff to mess with would be nice. I like to play with features and try to implement new things. I also wouldn't mind being able to get into a web-administration page remotely via HTTPS, as SSH can be cumbersome. From what I have gathered I think I should be looking in the direction of IPCop of psSense. Untangle looks like it is way too dumbed down for me to have very much fun with it. I guess the main thing I want to know is the difference between setups in IPCop and pfSense.
IPCop is based on Linux (2.4), and pfSense is FreeBSD-based. IPCop has robust VPN capabilities, designed for both road-warrior and net-to-net VPN scenarios, even with dynamic IPs on both ends. pfSense supports a lot of advanced features like stateful failover and RADIUS authentication. IPCop can handle a little more throughput on the same hardware, and it has a great plugin system. pfSense enjoys a wider range of features out of the box, and has a very active community. So, both are very good and worthy of even very large networks. Either will be far more than adequate for home networks. One minor thing to note is that if you're using older hardware, look carefully at the minimum specs for both. IPCop requires at least a 486 with 24mb RAM, while pfSense requires at least a Pentium MMX with 128mb RAM. On fairly modern hardware they will perform very much alike; on older hardware (like that which I'm using for my firewall), pfSense will be noticeably slower than IPCop.
Ok, well, if I were to say that roadwarrior VPN with a dynamic DNS on one end was my primary concern would you tell me to use IPCop? Also, hardware is no issue for me, I have a nearly unlimited supply of P4's with 512 MB RAM.
If your router will use a dynamic IP, IPCop has special provisions that will make it feasible. Otherwise, both are a good choice. Play around with them and see which you like better.
