I have symetrical gigabit internet at my house and have dabbled with the following firewalls off and on over the last year or so: pfSense, OPNSense, Sophos and Untangle.
All had pros and cons but eventually, I end up going back to my little Asus AX86U router as I prefer a simple UI and easy maintenance. The only demands I have of my router are port forwarding Plex, OpenVPN integration and QoS (QoS on my Asus is kind of garbo, more on that later).
Because I can never leave things alone, and like to tinker and wreck my home network from time to time :) .... I'm gearing up, again, to give OPNSense another shot.
One of the things I -love- about these firewalls is the ability to do geo IP blocking! Every so often, the TrendMicro plugin on my Asus router blocks various attacks and that got me to thinking..... how good is the TrendMicro/Asus security vs the security/IPS detection in OPNSense? Since Asus routers are allllllllllll over the place, I'm sure they put decent effort into securing their firmware and have partnered up with Trend but I don't think I've ever seen an article that dug deep into how secure a router firmware is vs. something like OPNSense. Anyone have a link that goes into detail along those lines?
QoS. The last time I played with OPNSense, I didn't mess with the QoS stuff. Whenever my server is doing a big download, and maxing out my 1 gig connection, everyone in the house complains that web browsing is super slow. Since my server is doing the downloading, and sometimes serving up files via FTP and used for Plex..... is there a way to configure QoS in OPNSense that if my server is hogging up 100% of the connection, if ANY OTHER APP OR DEVICE on my network needs 10Mbps of speed or 800Mbps.... my server connection will be throttled down to accommodate that?
I looked at some of the QoS docs on the OPNSense site and got confused on things. If I remember correctly (which I might not)..... I think I could configure things like..... device X needs this much bandwidth and device Y gets higher/lower...... but I just want to put my server dead last and have anything and everything else get priority over any traffic my server PC is using.
It's so open ended not sure where to begin...
Let's start up by hardware... So, how do you compare Asus/linksys/Net with each other.... Looking at what you got AX86U looks like you are happy with it... What's your Price point and what are you looking for in that spec?
you know you are not going to see any QoS when you got a gig pipe right? Unless you are a torrent King or something... LOL Or may be your problem is Wifi exhaustion due to 50+ devices trying to talk on the network which is.a no no...
you have to put in perspective that ANY home/consumer/prosumer AP gear can ONLY handle 24 devices MAX at a time.
Thanks for the reply!
I compare the various off-the-shelf routers by wifi quality, feature list, USB ports, how many LAN ports, how often is the firmware updated, 3rd party firmware support, RAM and CPU, and a few other categories. Price point.... when I'm buying a home router, anywhere from $100-$300+.
Every time I mess around with products like OPNSense, pfSense, etc.... I have a decommissioned server from work I install them onto. This thing is a beast. Dual Xeons (32 cores total I think), 512GB of RAM, RAID array.... it's a 1U blade server. With the BIOS adjustments I've made, and only having 3 of the SAS drives in use, power consumption hardly ever goes above 100W. Electricity isn't too expensive where I live so I don't sweat paying an extra dollar or 2 a month to have this thing running 24x7.
As for choking my 1 gig connection.... I pull a lot of stuff from Usenet and FTP servers. I absolutely utilize every bit of bandwidth from time to time and other people in the house notice it. I think we have less than 10 devices on wifi (video game consoles, a few phones, some smart TVs and an iPad).
Mainly, I'm just looking for articles that go into how secure consumer grade wifi routers are when compared against products like OPNSense and if I can configure OPNSense to make my server the last device on my network as far as traffic prioritization is concerned.
Quote from: lilsense on January 20, 2023, 01:25:20 AM
you have to put in perspective that ANY home/consumer/prosumer gear can ONLY handle 24 devices MAX at a time.
Huh?
Definitely not true for a Fritzbox. Where does that number 24 come from?
Sorry Patrick,
It's reference for Wifi ability. you can establish 50 - 100 devices but nothing more than 24 would actually have REAL thruput, unless you have additional radios which only shows up on higher end enterprise AP.
Quote from: road hazard on January 20, 2023, 12:42:25 AM
QoS. The last time I played with OPNSense, I didn't mess with the QoS stuff. Whenever my server is doing a big download, and maxing out my 1 gig connection, everyone in the house complains that web browsing is super slow. Since my server is doing the downloading, and sometimes serving up files via FTP and used for Plex..... is there a way to configure QoS in OPNSense that if my server is hogging up 100% of the connection, if ANY OTHER APP OR DEVICE on my network needs 10Mbps of speed or 800Mbps.... my server connection will be throttled down to accommodate that?
I looked at some of the QoS docs on the OPNSense site and got confused on things. If I remember correctly (which I might not)..... I think I could configure things like..... device X needs this much bandwidth and device Y gets higher/lower...... but I just want to put my server dead last and have anything and everything else get priority over any traffic my server PC is using.
Given the number of users in your network and the abundant overall bandwidth, what you probably need is only even sharing, which can be created using queues like described here (https://docs.opnsense.org/manual/how-tos/shaper_share_evenly.html) or here (https://docs.ibracorp.io/opnsense/). That approach also gets rid of buffer bloat (https://www.waveform.com/tools/bufferbloat).
While I don't have specific articles to recommend, I can share some insights on OPNsense compared to Asus, Linksys, and Netgear routers.
OPNsense is known for its robust security features, including advanced firewall capabilities, intrusion detection and prevention, and VPN support. It offers a high level of customization and control over your network settings, which can be appealing for tech enthusiasts and those looking for enhanced security.
Regarding your interest in Linksys routers, you can find information on how to access the Linksys router login (https://routerctrl.com/linksys-router-login/) page and configure your router settings on this helpful guide. This guide provides step-by-step instructions for accessing your router's settings and making changes to your network configuration.