Yes you can certainly run it virtual for production use, easier if you either have enough physical NICs to devote one to WAN.
Alternatively if only one NIC, if you use switch that does VLAN tagging, pfSense can tag WAN and LANs to keep them properly isolated on a single physical interface.
With VMs and or VLANs, the more offloading a NIC can do, the less important CPU is for throughput.
For a work project we ran it as a VM in production use for at least a year, admittedly the hardware was plenty beefy enough and had 4 NICs.
Yes it is BSD and derived from mm0n0wall, and it's fairly well established having reached 120,000+ live installs around this time last year.
For client to site VPN, IPSec (config for mobile client) works ok or OpenVPN if you prefer (PPTP as a last resort). I use the ShrewSoft VPN client for Windows as it is more configurable but the native clients of Android and iOS will also work with the right choices on the router side.
prompt $P - Invalid drive specification - Abort, Retry, Fail? $G
prlzx on iDNET: ADSL2+ / 21CN at ~4Mbps / 700kbps with IP4/6
Edited by prlzx (Tue 26-Feb-13 15:08:30)