OPNsense Forum

English Forums => General Discussion => Topic started by: DownloadDeviant on June 03, 2015, 05:24:21 am

Title: New here and just saying Hello!
Post by: DownloadDeviant on June 03, 2015, 05:24:21 am
Just stumbled across OPNsense. WOW! I just got done reading "So why did we fork?" All I can say is WOW!

Pretty new to pfSense, been a dedicated user for over almost 2 years, prior to that I was a long time DD-WRT user.

My story is likely typical. Grew sick of the consumer junk and DD-WRT let myself and my clients have an advanced, feature rich yet affordable solution. As time went by, the website/mission of DD-WRT became more and more of a mess. It was time to move on. pfSense has filled that void quite nicely. However, I find myself sailing the same troubled waters! Although pfSense has improved tremendously, I still hesitate to update because I never know if it will go smoothly or if it will fail and present me with hard to resolve gremlin issues that take forever to fix.

These two lines from the "fork" article -
"As much as we love the functionality/feature set of pfSense, we do not enjoy the code quality and anarchistic development method."
"Fully reworked the GUI to a modern Bootstrap based one that is also easier to customize if you want to."

caught my attention enough to make me immediately register as a forum member(I did!)and want to set up an OPNsense VMWARE machine, try it, test it(I will!) and eventually migrate to it.


So, if you will pardon me, I have some research to do! lol
Title: Re: New here and just saying Hello!
Post by: franco on June 03, 2015, 09:26:42 pm
Hi there and thanks for your kind words,

I still hesitate to update because I never know if it will go smoothly or if it will fail and present me with hard to resolve gremlin issues that take forever to fix.

we do have these too, but our upgrades are mostly working(tm). ;) We've made it a habit to release early and often, hardening the upgrade procedure in the process. We also have workarounds to go back to old versions or to hotfix issues as long as we get reports and a few minutes of the people's time to walk them through the command line. The packaging approach using pkgng has really paid off in that regard.

So, if you will pardon me, I have some research to do! lol

If you have questions just ask here in the forum or on Freenode #OPNsense -- someone is always around to help. Enjoy! :)


Cheers,
Franco
Title: Re: New here and just saying Hello!
Post by: DownloadDeviant on June 06, 2015, 01:57:59 am
Thank you kindly Franco for the words and the welcome.

Yes, I understand upgrades, etc. don't always go well and I don't expect perfection. I think my point was that there is maybe a bit too much 'chaos' with pfSense at this time. Again, I hate to judge because I only know Windows. That is my world. I work with it, in it, every day. FreeBSD is such a strange world to me. I plan on taking small bites at it when I can over the next few years and try to become more educated/skilled. I realize the *BSD wizards out there can make pfSense and OPNsense dance to any tune they desire.

All of that said, I look at the OPNsense GUI and it is so much more lovely! I guess Bootstrap is today what Ajax was or could have been? Sorry if I am ignorant...I am a network guy, not a programmer. lol I have literally just started to play with WordPress to revamp my corp. website.


Question -
I have installed OPNsense under VMWARE Workstation 11 yesterday and toyed a bit with it. Don't have VM TOOLS installed yet...but don't think I even need them...or do I for security/performance?

My next step is to wait for your road map release at July 1st that will allow pfSense configs to be imported. Then I am going to install to a spare HD I have and put it in my home router and go live for a week or so. If I have a problem, I can easily put the pfSense HD back in.

It also seems that OPNsense has WLAN support that is ahead of or better than PF. Just my impression from skimming your website and materials quickly. That is nice to see, because the main POV with the PF gurus is don't even bother, just get an AP and plug it into a port. Which is fine and what I prefer to do in the business world. However, it is definitely nice to see some progress toward newer technologies. Sometimes it seems like the PF crowd are happy living in the stone age...so to speak. Again, just my observations and not meant to put down any project. I enjoy options and look forward to seeing PF and OPN grow and progress successfully.
Title: Re: New here and just saying Hello!
Post by: chol on June 07, 2015, 03:56:16 pm

I hate to judge because I only know Windows. That is my world. I work with it, in it, every day. FreeBSD is such a strange world to me.

Have you tried PC-BSD? I have it on my PC on my kids PCs on my Laptop.. It just works (not with every new broadcom WiFi hardware unfortunately, for Broadcom is to blame here). Its KDE is almost better than Window$ ;) You will get ZFS boot and on root!

I can just say like my daughters ask : " Can we have games?" Build in for free games that do not make you all too stupid!

I plan on taking small bites at it when I can over the next few years and try to become more educated/skilled. I realize the *BSD wizards out there can make pfSense and OPNsense dance to any tune they desire.
Hey, you show interest for the basics: Try out a good book from Michael W. Lucas and get yourself a OpenBSD or FreeBSD OS on your spare PC!

Absolute OpenBSD, 2nd ed. (https://www.michaelwlucas.com/nonfiction/absolute-openbsd-2nd-edition)

My next step is to wait for your road map release at July 1st that will allow pfSense configs to be imported. Then I am going to install to a spare HD I have and put it in my home router and go live for a week or so. If I have a problem, I can easily put the pfSense HD back in.
That sounds very reasonable.

It also seems that OPNsense has WLAN support that is ahead of or better than PF.
OPNsenses WLAN hardwaresupport comes in line with the abilities of its base FreeBSD 10.1, see:
FreeBSD 10.1-RELEASE Hardware Notes (https://www.freebsd.org/releases/10.1R/hardware.html)

And PF, did you mean the pf firewall? Or did you relate to pfSense? While pfSense is compliant with FreeBSD10, the above said also applies.

Just my impression from skimming your website and materials quickly. That is nice to see, because the main POV with the PF gurus is don't even bother, just get an AP and plug it into a port. Which is fine and what I prefer to do in the business world.

The PfSense & OPNsense approach to the pf firewall software is to avoid to be called out midnight by a customer because you the admin will be the only person to fix some firewall rules in a native pf install on a OpenBSD or FreeBSD server. With the GUI attempt, other non-networking IT guys can play and fix with firewall rules as well. I have seen Physicians themselves fiddle around with it to secure their doctors IT. In a totally professional IT you would not need to have a pfSense at all in the first place!

However, it is definitely nice to see some progress toward newer technologies. Sometimes it seems like the PF crowd are happy living in the stone age...so to speak. Again, just my observations and not meant to put down any project. I enjoy options and look forward to seeing PF and OPN grow and progress successfully.
I see no stoneage, at all: Look up our LibreSSL aproach, our allignment with the crispy fresh stable long term supported FreeBSD 10.1, our attempts to secure by code out weak legacy custom kernel patches .. and on and on...

This is the modern edge ;) not stone age !
Title: Re: New here and just saying Hello!
Post by: DownloadDeviant on June 07, 2015, 07:29:56 pm
Just putting a place marker here. Running errands and going to the gym. When I get back I will respond to this. Some really great stuff here. Thanks!

#1 -
PC-BSD
Hmmmm, pretty neat. I will have to investigate it. Could this be a great way to learn FreeBSD without having to deal with the raw command line only *.BSD style OS?

#2 - OK. You mentioned some great starter tips there so I will check them out. I do have an insanely busy 2 months ahead of me so I have to temper my eagerness to dive in with my workload. Literally working 6-7 days a week to meet various client deadlines (sole proprietor here!) all fudged up due to construction delays. Several thousand feet of Cat6 to drop, a few hundred Keystone Jacks to put in, rack systems to set up, Synology NAS appliances, WiFi APs, and even a Ubiquiti NanoBeam AC to install to bridge 2 old buildings half a mile apart in a remote wooded campus. *Truth be told, that is going to be fun to do. I love doing the oddball stuff! Gets my blood flowing.

#3 -
"In a totally professional IT you would not need to have a pfSense at all in the first place!"

Yeah, true for sure. I like offering something like PF/OPNsense to the many small biz clients I deal with that really are on tight budgets. Although, I rarely find it affordable though because by the time I build and setup their custom rig, they could have bought a UTM like the ZyXel USG40. Still, I try to promote the open source items out there to build awareness and open minds.


#4 -
"I see no stoneage, at all: Look up our LibreSSL aproach"

Sorry, I was not clear. I meant that I feel that vibe from the pfSense project specifically, not the 'pf' world in general. Did I say that clearly or just confuse you further? lol I definitely get the impression OPN is trying to be more advanced....absolutely! Again, I don't want to criticize or armchair quarterback too much because I have very limited knowledge of these subjects and have no grounds to point fingers. And to be fair, I have been reading about their plans for 2.3 and it seems like they are going to be more progressive. Which also makes me wonder if that was their intention or did the OPN project motivate them? lol Either way, a fun ride for goofs like me.
Title: Re: New here and just saying Hello!
Post by: chol on June 08, 2015, 09:45:19 pm
#1 -
PC-BSD
Hmmmm, pretty neat. I will have to investigate it. Could this be a great way to learn FreeBSD without having to deal with the raw command line only *.BSD style OS?
More precise, you would be free to go the direction you want, GUI & click (i.e. for packets, ports, jails, TOR proxy) or commandline like in any FreeBSD install.
The one thing that is different that Linux is the conservativity inherent in it, with the shell tools not changing their places and the places of their config files predictable years after and so forth, the learning must be done just once and should last for a lifetime.

#2 - OK. You mentioned some great starter tips there so I will check them out. I do have an insanely busy 2 months ahead of me so I have to temper my eagerness to dive in with my workload. Literally working 6-7 days a week to meet various client deadlines (sole proprietor here!) all fudged up due to construction delays. Several thousand feet of Cat6 to drop, a few hundred Keystone Jacks to put in, rack systems to set up, Synology NAS appliances, WiFi APs, and even a Ubiquiti NanoBeam AC to install to bridge 2 old buildings half a mile apart in a remote wooded campus. *Truth be told, that is going to be fun to do. I love doing the oddball stuff! Gets my blood flowing.
Hey - but I got the impression, that you are the right man for these challenges :) And just wnat to add, that PC-BSD runs on my laptop, its a Lenovo Thinkpad Edge E145 w/ zfs (only the WiFi isn't working, but I got me an USB stick)! ANd even my kids run minecraft (the Linux package with patches and mods) on their PCs. It is an open BSD world that "just runs" these days. And the install to get it all up -even on a laptop- is just 1/2 an hour!

And to be fair, I have been reading about their plans for 2.3 and it seems like they are going to be more progressive. Which also makes me wonder if that was their intention or did the OPN project motivate them? lol Either way, a fun ride for goofs like me.
Yes, I can hear an open minded approach to this from you. And, ja, their roadmap is impressive, hopefully it will turn out not to be a burden, though! I wish them all the good and luck and success they can get, diversity is good! And hopefully we still can cooperate, the real challenges are elsewhere, e.g. *REAL* security, community, network monopolists, to name a few factors!