So the pfsense box I've been using for the last several years is starting to fail, I suspect a hardware issue. So I'm going to be building a new firewall soon and I'm giving serious thought to opensense.
There are a few must have things in order for me to be able to switch though, and I'm sure opensense can do them all, I just don't know how.
1. DNS over TLS, I have been using dns over tls since it launched with cloud flares 1.1.1.1 service. But I can't find any tutorials on setting it up with open sense.
2. I need to be able to import my Suricata settings, I have spent a LONG time tuning Suricata to remove false positives and I really do not want to start over again.
3. Sending only specific IPs through a VPN. I have PIA setup as a gateway on my pfsense box, and all I need to do is create a simple LAN rule to send specific Clients through the VPN tunnel instead of the WAN. I actually don't remember how I did this, and I cannot find a tut on how to do it in opensense.
4. PFblockerNG, Or alternative that can block ads, and block entire counties.
I'm honestly really hopeful that I can make the switch, but these things are must haves. Hope you guys can help out, your community seems to be much more active and friendly so fingers crossed. 😁
1) https://forum.opnsense.org/index.php?topic=7811.0
4) Should be available as a Firewall alias type
2) Suricata integration was rewritten from scratch. Sorry.
3) Assign your OpenVPN to an interface (OPTx) and use that interface in the firewall rules with this particular gateway set. Works the same way on both projects.
Cheers,
Franco
Dnscrypt-proxy plugin can encrypt DNS and has DNSBL also included