pfSense vs OPNSense - Fanboy fued or real differences?

scotth

Sorry. Was at a site meeting a vendor for an installation. I'm catching up.

scottalanmiller

pfSense's maturity and market presence definitely make a big difference. And they have that add-on UTM deal.

scotth

@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:

pfSense's maturity and market presence definitely make a big difference. And they have that add-on UTM deal.

I have both running in VMs and am exploring.

black3dynamite

Squid is already part of OPNsense. Here a full list of plugins available.

Dynamic DNS Support
Let's Encrypt client
Get all peers connected to a local network
BIND domain name service
Apply a persistent 10 second boot delay
c-icap connects the web proxy with a virus scanner
Webserver cache
Antivirus engine for detecting malicious threats
Collect system and application performance metrics periodically
Debugging Tools
Flexible DNS proxy supportung DNSCrypt and DoH
RADIUS Authentication, Authorization and Accounting Server
The FRRouting Protocol Suite
Control ftp-proxy processes
Reliable, high performance TCP/HTTP load balancer
A sample framework application
IGMP-Proxy Service
IDS Proofpoint ET Pro ruleset (needs a valid subscription)
IDS PT Research ruleset (only for non-commercial use)
IDS Snort VRT ruleset (needs registration or subscription)
Connection speed tester
L2TP server based on MPD5
LCDProc for SDEC LCD devices
LLDP allows you to know exactly on which port is a server
Proxy multicast DNS between networks
Net-SNMP is a daemon for the SNMP protocol
Nginx HTTP server and reverse proxy
Prometheus exporter for machine metrics
Traffic Analysis and Flow Collection
Network UPS Tools
OpenConnect Client
SMTP mail relay
PPPoE server based on MPD5
PPTP server based on MPD5
End of life, superseded by FRR plugin
Redis DB
Relayd Load Balancer
RFC-2136 Support
Protect your network from spam
Secure socks5 proxy
Siproxd is a proxy daemon for the SIP protocol
SMART tools
End of life, superseded by Net-SNMP plugin
Agent for collecting metrics and data
The cicada theme - grey/orange
A suitably dark theme
The tukan theme - blue/white
Tinc VPN
The Onion Router
Universal Plug and Play Service
VMware tools
vnStat is a console-based network traffic monitor
Kerberos authentication module
Group and user ACL for the web proxy
Wake on LAN Service
Xen guest utilities
Enterprise-class open source distributed monitoring agent
Zabbix Proxy enables decentralized monitoring
Virtual Networks That Just Work

JaredBusch

FFS, so much stupid going all left, right, and center..

1. What are the WAN speeds involved.
   1. Ubiquiti sells nice gear, but there are potential speed limits depending on router configuration.
2. UTM at home? WTF is the point of such a complicated setup.
   1. There is no good free UTM anyway.
3. WTF are you doing for backups that is not already encrypted before going over the wire? You don't need a VPN for back ups.
4. You have an old Ubiquiti router but didn't say shit about the model. As mentioned it is a ROUTER, if you hated it because it didn't massage your dick, then that is your fault for not knowing WTF you bought.
   1. There is not a single model of Ubiquiti router that cannot be upgraded to the current firmware.
5. Software routers are silly things that burn power and time.

So what should you do?

Depending on your WAN speed needs, buy a Ubiquiti or Mikrotik router that will handle the needed speeds. I personally recommend the Ubiquiti ER-X for "technical" home use first, then the Ubiquiti ER-4 if you need more speed with the QoS enabled.

For normal home use, I recommend the Ubiquiti Amplifi Instant Mesh System for $179.

Buy a RaspberryPi 3 kit with case and card for $50 someplace and install Pi-Hole. Setup your Router to send all DNS to the Pi-Hole.

Setup MeshCentral for remote support

Setup ZeroTier for any point to point "vpn style" needs you may have.