Supports a wide variety of network operational support and functionality.

  • low-cost, high-quality alternative
  • IPSec
  • IPComp
  • IPsec-encapsulated ethernet bridging
  • high speed data transfer support
  • jumbo frame support
  • 802.1Q VLAN Tagging and Interfaces
  • highly extensible Packet Filter
    • Queuing
    • NAT
    • Layers 3-7 Redundancy
    • Load balancing
    • Layer7 Load Balancing
  • 802.11 access point mode
  • Real-time Failover and State Synchronization

Routing and other Protocol Support

  • BGP
  • OSPF
  • RIP
  • SNMP
  • IPv6
  • Netflow


IPsec allows connectivity with any device supporting standard IPsec. This is most commonly used for site to site connectivity to other VPN.AC installations, other open source firewalls, FreeBSD, OpenBSD, Linux and most all commercial firewall solutions (Cisco, Juniper, etc.). It can also be used for mobile client connectivity.


PPTP is a popular VPN option because nearly every OS has a built in PPTP client, including every Windows release since Windows 95 OSR2.The PPTP Server can use a local user database, or a RADIUS server for authentication. RADIUS accounting is also supported. Firewall rules on the PPTP interface control traffic initiated by PPTP clients.


VPN.AC supports both local authentication, and authentication via RADIUS enabling authentication against Microsoft Active Directory, or LDAP.


Packet Filter aka PF is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization. PF is the most advanced firewall available on the planet.


CARP from OpenBSD allows for hardware failover. Two or more VPN.AC devices can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. VPN.AC also includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall. VPN.AC ensures the firewall's state table is replicated to all failover configured firewalls. This means your existing connections will be maintained in the case of failure, which is important to prevent network disruptions.

Load Balancing


Inbound load balancing is used to distribute load between multiple servers. This is commonly used with web servers, mail servers, and others. Servers that fail to respond to ping requests or TCP port connections are removed from the pool.


Outbound load balancing can be acheived via the use of multi-homed routing. load balancing and failover capabilities. Traffic is directed to the desired gateway or load balancing pool on a per-firewall rule basis.