Thursday, August 26, 2010

IPCop 2.0 - Withered on the Vine?

Our friends who have worked so hard on the IPCop system seem to have run out of steam - whether it is a lack of community support (the project is too much for one man, I'm certain), or an over-crowded roll-your-own firewall space (pfSense, UnTangle, Shorewall, and M0n0wall, to name the more popular distributions), I'm not certain.  What I am certain of is that the others have continued development where IPCop has stalled.

I've had repeated issues with unstable 3rd party addons (Squid and Squidguard addons called AdvProxy and URLFilter), but have otherwise been happy with IPCop.  What is spurring my move is not performance (though I think I can see some performance improvements when using other distros - I wish I had a good metric!) but the ability of the firewall to handle client VPN traffic such as a user inside of the network connecting via PPTP to a remote network - iptables apparently can't handle such a situation and won't allow the connection.

I will be reviewing pfSense, but more info on UnTangle and the others would be nice - what do you think of these?

/Update 11-Apr-11

A new IPCop 2.0 Beta has been released!  Visit and try it out - don't put it on a production box as many features are incomplete but it is in a quite useable condition!

One thing that I've realized:  when comparing IPCop and pfSense it's important to consider the that the projects have different targets for their user base - IPCop is aimed at the small office/home office and pfSense is aimed at the big boys - the end products reflect this in their ease of configuration and available configuration options.

1 comment:

Chris Buechler said...

It's like most every other involved open source project that doesn't have much if any commercial backing. Eventually development slows to a crawl. m0n0wall has seen much the same the past few years. The most mature, actively developed open source options all have companies behind them employing people who work on the project (pfSense, Untangle, Vyatta). The first through funding from the community and resellers, the latter two from venture capital and selling licenses. There are a few others as well depending on the specific needs you're looking for.

It's obvious which project I prefer (pfSense, I'm the co-founder). :) I won't comment on the others. Try a variety, see what's the best fit for your specific environment, desires, and goals (and sometimes hardware). They all have differing capabilities to some extent.