OPNsense Forum

English Forums => General Discussion => Topic started by: geek on June 08, 2016, 04:38:53 pm

Title: Reasons why I am seriously considering switching to OpnSense
Post by: geek on June 08, 2016, 04:38:53 pm
This is my first post.

Don't want to start a war here. Just a first impression" IMHO.

Am currently evaluating OPNsense and what I have found so far. I am waiting for the July update (mainly because of the https proxy feature)!

1) PfSense's license!
many of us resell hardware in many forms (rebranding, customizations etc)

I respect their trademark and their names "Pfsense, etc" However,
This is the line that annoys me the most:

"All advertising materials mentioning features or use of this software must display the following acknowledgment:
"This product includes software developed by the pfSense Project for use in the pfSenseĀ® software distribution.
(http://www.pfsense.org/)."


2) OpnSense's excellent integration of 'packages' like suricata and squid / filter.
moreover, I believe future packages that you are adding to the base has the same gui (in the sense its not 'disconnected' from the core)

3) Nice documentation and wiki - for a relatively new distro, the documentation is well written

4) MOST important - Excellent builder tools and step by step instructions on how to build your own!
Most people may not require building from source, but some of us do. Even though pfSense's 2.3 build tools are now available, there is NO documentation on how to build with your own product name.
(most people who attempt it will find that it will fail few minutes after you attempt to build and they have to make their own repositories for packages which again lacks documentation)

on one hand they don't want you to use the word pfSense in the product name (which I respect and agree) But then they are not making it easy to use something else too.

Somehow I get the feeling they don't want you to build from source even if you are willing to respect ALL of their 6 clause license! most people requesting assistance in this matter on the development thread on their forums get no responses either.

5) Netflow Exports! I haven't used this or seen this yet (I downloaded 16.1.8) but it looks good from the screenshots in the manual. most people using pfsense were using darkstat / bandwidthD which is not integrated and runs on a separate GUI which is slightly annoying. The base system has no reporting on bandwidth used by ip addresses whatsoever which makes a sysadmin "blind" in his own network.

=====================
At this point I am just waiting for the quagga ospf package to be integrated in the GUI as I have about 15 sites depending on it.
Title: Re: Reasons why I am seriously considering switching to OpnSense
Post by: jschellevis on June 08, 2016, 05:06:15 pm
Hi geek,

First of all you don't need to wait for the release in July as the https proxy (transparent SSL mode) and the Netflow Exporter/Analyser is already in the current version (upgrade using the firmware upgrade feature to 16.1.16).

See also the docs on both subjects here:

https://docs.opnsense.org/manual/how-tos/proxytransparent.html (https://docs.opnsense.org/manual/how-tos/proxytransparent.html)
https://docs.opnsense.org/manual/netflow.html (https://docs.opnsense.org/manual/netflow.html)

As for Quagga there are currently no plans to create a GUI for it.. but you can easily install and configure it manually, see also:

https://docs.opnsense.org/manual/how-tos/quagga.html (https://docs.opnsense.org/manual/how-tos/quagga.html)

Cheers,

Jos
Title: Re: Reasons why I am seriously considering switching to OpnSense
Post by: franco on June 11, 2016, 10:01:07 am
4) MOST important - Excellent builder tools and step by step instructions on how to build your own!

Thanks. Ideas for this started in 2013 and were supposed to help pfSense make a jump forward. That we had to go the detour was an unfortunate but necessary step after all the things that happened over there ever since Scott left. It has never been the same.

Most people may not require building from source, but some of us do. Even though pfSense's 2.3 build tools are now available, there is NO documentation on how to build with your own product name.

Coincidentally, having the pfSense build tools freely available in mid 2015 after they disappeared in early 2014 was one of the greatest success stories that we have to offer in terms of benefiting pfSense users and downstream vendors. :)

At this point I am just waiting for the quagga ospf package to be integrated in the GUI as I have about 15 sites depending on it.

Quagga is quite extensive, what are you looking for specifically? A plugin is a good idea, but will eventually require both external testing and sponsoring. We are happy about all external help and coders, and Deciso could also offer targeted development efforts.

Well, what I'm trying to say: do or don't, because waiting for better days may not be a viable option. :)


Cheers,
Franco
Title: Re: Reasons why I am seriously considering switching to OpnSense
Post by: geek on June 15, 2016, 06:37:39 pm
Quote
Quagga is quite extensive, what are you looking for specifically? A plugin is a good idea, but will eventually require both external testing and sponsoring. We are happy about all external help and coders, and Deciso could also offer targeted development efforts.

I am using OSPF to route multiple openvpn tunnels for a fully redundant multi site vpn
Title: Re: Reasons why I am seriously considering switching to OpnSense
Post by: geek on November 23, 2017, 10:11:03 am
Quote
what I'm trying to say: do or don't, because waiting for better days may not be a viable option.

You can certainly tell the future!

I believe those of us on the fence have reached the breaking point! Atleast I know I have

I didn't want to switch to OPNSense because you can say that I was in the comfort zone. Having the familiarity of the PfSense GUI.

But now its no longer an option!
Today When I was installing pfsense for a client I was shocked  to see
"Absolutely No Commercial Distribution Is Allowed"

The whole issue back in 2015 with pfsense previously was basically "you can sell unmodified pfsense"
Which has now changed to "Absolutely No Commercial Distribution Is Allowed"

Reference: https://web.archive.org/web/20130107005752/https://doc.pfsense.org/index.php/Can_I_sell_pfSense

As much as I loved pfsense, hopefully by mid 2018 I am going to spend time migrating more than 80 boxes to OPNSense and advocate for this project.

Brief history as to how pfsense is now a commercial product like Cisco (atleast they are not hypocritical)
- tracking devices by adding netgate ID
- removed repo tools and asked for insane agreements to be signed
- now said don't compete with "Our Product" and don't sell pfsense.
to rationalize this agreement, netgate  guy says - ubuntu does the same thing.
WHAT? I don't remember seeing a giant notice where they said don't sell computer hardware with ubuntu pre-installed

- their dashboard of 2.4.2 now has a very big widget (biggest widget) of promoting netgate, support subscriptions.

While I absolutely have no problems companies promoting subscriptions, selling devices or anything to make money (and they should to fund the project). being evil and having a protectionist agenda feels like a betrayal.

P.S - I would love to see google search to stop saying: "Did you mean PfSense" whenever I search for OPNSense for some keywords (search the term: "opnsense dashboard")

Sorry for the rant! Let me know if I have violated any terms (not that I could think of any)
Title: Re: Reasons why I am seriously considering switching to OpnSense
Post by: Wayne Train on November 23, 2017, 10:34:35 am
Hi.

In the beginning I was a little sceptical about OPN, since I readt a lot of negative stuff on the web. After testing both over a period of time and seeing the pfsense behaviour and direction they were taking, I felt more and more uncomfortable with PF.
Furthermore OPN seemed a lot more friendly and open minded to me, so I decided to go with OPN.
Like with every software now and then, there are problems, but the experience I made in this forum is 100% positive and I'm still feel this decision was correct.

I think positive feedback in forum happens very seldom, since most of the people visit them for asking for solution for actual problems.

Therefore I want to leave a big "thank you for the great job" to Franco, Fabian, Mimugmail, JeGr and all the others I forgot, who seem to be always online and share their experience with others :-)

So if you're still just considering....

Believe me: OPNsense rocks!