First, I have to say that I really like Opnsense and I have been using it for a few years now. I love the tinkering and figuring things out and since 24.7 it is also a lot nicer to work with as well.
However, I still feel that I lack knowledge to use Opnsense as intended and I am considering a switch. I realise this maybe isn't the best forum to discuss a switch from Opnsense but I will give it a try.
Would a Unifi cloud gateway ultra be an option for me as an intermediate user? My setup is that I have some Unifi AP's that works really well.
Happy to hear pros and cons and I want to point out again that it's not about Opnsense as a product, it's about my lack of knowledge that has triggered this thought.
Unifi is actually sub-par to OpnSense as it offers way less features.
Missing are at least (among others):
- HAProxy
- Caddy
- Zenarmor
- Traffic inspection in general
Nowadays, you can at least have local DNS in Unifi, as well as OpenVPN and Wireguard. Despite the lack of features, the Unifi interface can still be a little confusing, but needless to say, it is way less complex than OpnSense.
If the feature-set is sufficient for you, then why not, but only you can decide if it fits your bill.
Thanks for the heads up, navigating the interface should not be a problem. What I never could get around with opnsense is how different settings relate to each other, making no sense to me :)
Make a list of features so you can compare side by side and highlight those that are requirements for you, and those that are nice to have. Like a moscow if you've come across it.
It all depends on what is important to you. There are good options out there. The ones based on linux will be the ones more performant out of the box and with more hardware compatibility.
Good luck in your quest.
I've moved from the unifi usg to opnsense, because of the lack of options and control.
I do miss the unified pane of glass where you see and control it all, but I'd never go back.
Quote from: devilkin on August 25, 2024, 12:40:19 PM
I've moved from the unifi usg to opnsense, because of the lack of options and control.
I'm moving from Ubiquiti in general, because - it's become a burden. The routers were never there really feature-wise, so never used them except for emergencies when HW broke. Ok, some other people can live with that. What I cannot live with are the never solved issues (such as being stuck with 5.76 or something on most switches because otherwise they start eating DHCP packets due to never properly solved bugs and misfeatures in their firmware. There are perpetual regressions on their APs.
And - there is the
controller, eeeerm, network application. Starting with Java + Mongo combo, destined for disaster from the very beginning. The GUI perpetually moving, perpetually buggy and perpetually getting more and more dumb, focused on useless bells and whistles instead of getting work done. Meaningless undocumented "metrics" like the "experience" score, instead of proper tools to diagnose issues.
Sanity lost in the company. Developers outsourced to India or whatever. No proper bug tracker, complaints on forums and bugs reported there ignored / lost over and over again. Ugh.
</rant>
@doktornotor what do you have in mind as a replacement? I am quite satisfied with RouterOS (Mikrotik), but I have only three devices at home. For the company LANs something with a single management pane would be preferrable. RouterOS + Ansible is of course possible but a heck of a lot of work. The community module does not know about configuration artefacts so instead of "vlan:, name: LAN, tag: 1, state: present" or something like this you need to send plain commands over SSH.
Is Omada (TP-Link) there, yet?
Quote from: Patrick M. Hausen on August 25, 2024, 01:36:48 PM
@doktornotor what do you have in mind as a replacement? I am quite satisfied with RouterOS (Mikrotik), but I have only three devices at home. For the company LANs something with a single management pane would be preferrable. RouterOS + Ansible is of course possible but a heck of a lot of work. The community module does not know about configuration artefacts so instead of "vlan:, name: LAN, tag: 1, state: present" or something like this you need to send plain commands over SSH.
Is Omada (TP-Link) there, yet?
Depends on use case and $$$$ really. Mikrotik might be fine but there's a learning curve and it's rather, hmmm... specific. If the OP is overwhelmed with options and wants something really simple, I guess even DD-WRT might be fine.
Those SDNs, I guess I'd never make use of the router part myself, always limiting me somehow. Omada as UniFi replacement for UniFi (sans the router part) - yeah, any time. Ubiquiti really at this point seems like overpriced (definitely no longer disturbing the market) and never finished - new and new models being released with features buggy/missing altogether, perpetual beta tester feeling. Stock availability is an issue all the time. Once somehow stable setup is found, I try to not touch it for the remaining deployments, no FW upgrades, nothing.
Quote from: doktornotor on August 25, 2024, 02:31:21 PMOmada as UniFi replacement for UniFi (sans the router part) - yeah, any time.
We use only switches and APs. Router is OPNsense - of course. ;)
So thanks, I'll keep that in mind.
Quote from: stuffu on August 23, 2024, 09:11:39 AM
Would a Unifi cloud gateway ultra be an option for me as an intermediate user?
Try replicating your firewall rules from OPNsense to a Unifi gateway and you will probably give up this option quickly. I've had great success with Unifis switches and APs, but there's no way for me to go back to Unifi gateways.
Hmm it might be the wrong choice then, thanks for all input!
Keeping software up to date is crucial, but that's another thing I'm stuck in a loop with. I probably have "keep things updated ocd" and spend way too much time updating or checking updates and it's not always the best option to be on the bleeding edge... but can't help myself ;D