[ale] OPNsense vs pfSense: was Recommendation Request - Router / MiniPC

Steve Litt slitt at troubleshooters.com
Sun Nov 10 14:37:17 EST 2019


Thanks Preston,

You answered my question with both completeness and precision. I now
have one more question, aiming in a slightly different direction and
not related specifically to pfSense or OPNsense:

What's your opinion on a straight OpenBSD/pf firewall/router? That
would be the reputedly very secure OpenBSD OS with the pf firewall (pf
is to BSD as nftables or iptables is to Linux)? I've done it before,
it's very simple to do, but for a guy like me who doesn't know pf well,
it was a struggle. If I could get better at pf it would be less of a
struggle. With OpenBSD/pf, it's trivial to set up a dhcpcd server and
ssh server on the OpenBSD box.

I'm also going to research a Linux/nftables firewall. I know Linux
better than BSD, so if I can learn nftables I should be in good shape.

So many excellent choices.

Thanks,

SteveT

Steve Litt
November 2019 featured book: Manager's Guide to Technical
Troubleshooting Second edition
http://www.troubleshooters.com/mgr




On Sat, 9 Nov 2019 12:06:51 -0600
Preston Boyington <preston.lists at gmail.com> wrote:

> Apologies if this comes off disjointed, I’ve revisited it a few times
> and had to pull some things from memory.
> 
>  
> 
> When pfSense announced their planned inclusion of AES-NI hardware
> requirement I started following several other projects (OPNsense,
> IPFire, etc.) because the older Netgate box I had worked great with
> 2.3.5 but would be unsupported when the next version was released
> (This seems to have been delayed still as of March 2019 pfSense
> 2.5.0). The license change and focus also became a concern of mine
> since I’d used and recommended it for several years. I stumbled
> across OPNsense after checking back with the m0n0wall project I had
> used previous to see it had ended and Manuel Kasper had given his
> blessing to the OPNsense project.
> 
>  
> 
> Overall, you will see similar features on each. OPNsense seems to
> bring features and security updates in faster than pfSense. I like
> how the system updates and being able to select my mirrors for my
> packages. OPNsense has a partnership with the HardenedBSD project and
> tries to keep as close as they can to mainline FreeBSD whereas
> pfSense appears to customize things more. With this partnership I get
> several nice features (ASLR, PIE, SEGVGUARD) and an I can use
> LibreSSL easily. 2FA isn’t kludgy (maybe has changed in newer pfSense
> versions). Easy to view changelogs. The interface looks more polished
> and seemed “snappier” on my hardware although initially I stumbled
> around because of being used to pfSense so I used the search bar a
> good bit. I’m interested in ZeroTier.
> 
>  
> 
> If you want to use pfBlocker features check out this
> https://www.routerperformance.net/opnsense/using-pfblocker-features-in-opnsense/
> 
> There have also been… shenanigans  around the pfSense/OPNsense
> communities. Many accusations thrown on both sides. Probably the one
> that made me swing to watching OPNsense more was when Netgate
> registered the opnsense.com domain and set it up as a “parody” site
> (http://web.archive.org/web/20160314132836/http://www.opnsense.com/).
> After an appeal to the WIPO it now redirects to the true OPNsense
> project (https://en.wikipedia.org/wiki/PfSense). At the end of the
> day, I found the OPNsense license and community to be a “friendlier”
> place.
> 
>  
> 
> I don’t feel you can go “wrong” with either project, but I’m liking
> the direction of OPNsense currently.
> 
>  
> 
> Preston
> 
>  
> 
> --
> 
> Be who you are and say what you feel, because those who mind don’t
> 
> matter and those who matter don’t mind.
> 
> -Dr. Seuss
> 
>  
> 
>  
> 
> From: Steve Litt via Ale
> Sent: Friday, November 8, 2019 6:28 PM
> To: ale at ale.org
> Subject: [ale] OPNsense vs pfSense: was Recommendation Request -
> Router / MiniPC
> 
>  
> 
> On Fri, 8 Nov 2019 10:10:49 -0600
> 
> Preston via Ale <ale at ale.org> wrote:
> 
>  
> 
> > I've been planning on ordering a couple of these. Will be running
> 
> > OpnSense.
> 
>  
> 
> What's the difference between OPNSense and pfSense?
> 
>  
> 
> I've read this:
> 
>  
> 
> https://www.firewallhardware.it/en/pfsense-vs-opnsense-technical-comparison/
> 
>  
> 
> My only problem with pfSense is it seems that not only did they change
> 
> their license, but they seemed to de-priortize people who want to use
> 
> pfSense without paying for service. The OPNsense web page at looks
> 
> kinda commercial, but at least they have an independent section called
> 
> "Users".
> 
>  
> 
> How do you feel about OPNsense vs pfSense?
> 
>  
> 
> Thanks,
> 
>  
> 
> SteveT
> 
>  
> 
> Steve Litt
> 
> November 2019 featured book: Manager's Guide to Technical
> 
> Troubleshooting Second edition
> 
> http://www.troubleshooters.com/mgr
> 
> _______________________________________________
> 
> Ale mailing list
> 
> Ale at ale.org
> 
> https://mail.ale.org/mailman/listinfo/ale
> 
> See JOBS, ANNOUNCE and SCHOOLS lists at
> 
> http://mail.ale.org/mailman/listinfo
> 
>  
> 



More information about the Ale mailing list