OPNsense Forum

English Forums => General Discussion => Topic started by: bimmerdriver on June 23, 2018, 03:51:42 am

Title: OPNsense versus pfSense
Post by: bimmerdriver on June 23, 2018, 03:51:42 am
I'm not asking a rhetorical question or trying to start a controversy, but I'm wondering if someone would provide an explanation of why one would go with OPNsense rather than pfSense. I gather there are some philosophical differences, functionality differences, different objectives, etc., but these are not obvious merely by comparing the GUIs of OPNsense and pfSense. I would be interested to have a better understanding of this.
Title: Re: OPNsense versus pfSense
Post by: marjohn56 on June 23, 2018, 09:24:03 am
The weather is better here and we have biscuits with our tea.


Good well reasoned article.


https://eerielinux.wordpress.com/2017/06/25/building-a-bsd-home-router-pt-6-pfsense-vs-opnsense/ (https://eerielinux.wordpress.com/2017/06/25/building-a-bsd-home-router-pt-6-pfsense-vs-opnsense/)

Title: Re: OPNsense versus pfSense
Post by: franco on June 23, 2018, 10:14:54 am
It depends on when you ask. We pioneered multiple efforts to modernise in 2015 and 2016 which we deemed necessary, most of all the removal of the deprecated ALTQ framework, MVC framework for rapid development, embracing pkgng replacement, rewriting the IPS and web proxy integration to be core components just to name a few.

2017 and 2018 have been quieter... the features offered are equally balanced on both sides and perfectly viable for use in today's network settings.

The kicker for me is that we have succeeded in retaining the original m0n0wall/pfSense license which also aligns with BSD in general. A fun fact is that comparing side by side OPNsense has the longest running stable licensing.

For end users, there is no reason to sway a certain way. People should use what they like and what works. For people who want to build products and plugins OPNsense has a clear advantage of allowing anyone to use the product's framework and build tools in any way that is compatible with the 2-Clause BSD license. We provide working tools and free support for them as time permits.

We do hope that the last point also benefits end users mid-term and long-term, building a better network security world that we would like to see.

Maybe some of the older folks here can shed a light on how they have perceived the course of OPNsense in the last couple of years and whether we have come closer to the goals that we have been openly discussing ever since we started.


Cheers,
Franco
Title: Re: OPNsense versus pfSense
Post by: weust on June 23, 2018, 04:10:35 pm
I started using OPNsense (purely at home) after coming from m0n0wall and then pfSense.
But I never liked the WebGUI of pfSense. Too chaotic. This was before pfSense also switched to the MVC framework, after they first claimed OPNsense was only a prettier looking pfSense.

But also the pfSense forums is a mess, made that way by the owners.
And after the fork they got really, really nasty and hostile to the point I just didn't want anything to do with pfSense anymore.

Coming over to OPNsense was very friendly. The IRC channel is serious and also with humour.
The forums are actually providing good information.

They both can do good things, but how pfSense does things is plain nasty on so many levels, and my personal reason to stick to OPNsense.
Title: Re: OPNsense versus pfSense
Post by: lysol on June 27, 2018, 06:09:23 pm
I'm currently making the migration to OPNsense. While my last upgrade was yet again botched, I'm just generally tired of the mood of the pfSense forum. I constantly see the same snarky attitude from the same people (pretty sure you know who I'm talking about). I see new people get ripped a new one constantly. It's kind of comical to be honest. I joined a Solar Electricity forum once and one time the owner tried to call me out on something. I  professionally responded and stated I didn't appreciate his tone. He not only deleted my account, he also tried to burn me on another similar forum. Just the attitude I don't have time for.

While I don't look forward to migrating from scratch, I'm hopeful for a better community.
Title: Re: OPNsense versus pfSense
Post by: Jose on June 27, 2018, 09:05:15 pm
Just to add, while already experienced with this kind of appliances, and with a relatively very simple home network, after looking/testing some consumer routers with DD-WRT, m0n0wall, pfSense, and OPNsense, I rapidly felt a huge stability and responsiveness with OPNsense myself with my rather old E7600 and 4GB RAM, setting things up is a breeze and it just works, no frills at all here also BSD licese.

Currently running ClamAV, Traffic Shaper, SSH, PF, Suricata/IDS, DNS etc. and the CPU mostly sitting at 5% with some random 25~35% peaks sometimes, and 35% RAM usage after a while.

Note that I'm running OPNsense 18.1.10-amd64 RootOnZFS with Boot Environments hence abit more RAM due the ZFS ARC usage which is expected, still don't feel the need to add more RAM though.

Overall a pretty solid product, an easy and functional clean interface, did I mentioned the BSD license.

Regards
Title: Re: OPNsense versus pfSense
Post by: BenKenobi on July 04, 2018, 03:22:10 pm
For me PFSense started down a road I wasn't interested in following, they decided that PFSense was no longer going to be an all encompassing barrier and excluded a number of useful add ons, the devs also developed an arrogance that I have no time for - 'we do not care what you think or want - we are right you are wrong' - well fine, I'm outa here. I moved to OPNSense and retain the last decent version of PFsense to use as an MTA - although that may soon be retired now that OPNSense has gained Postfix.

Firefox / Mozilla has gone the same way, if you dare to challenge they're almost abusive - I'm afraid that arrogance in software departments I live with day to day as part of the day job - I have no time whatsoever for it.

So now I'm OPNSense and Waterfox, I like where the two are going, they fit MY needs not the developers so I'm happy to tag along.

Title: Re: OPNsense versus pfSense
Post by: mimugmail on July 04, 2018, 03:48:25 pm
I wouldn't call it arrogance .. perhaps sometimes also just frustration. The problem is, the more user you get, the more ppl have extra wishes and expect them asap .. where also commercial distributions doesn't offer half of your features :)

Just my opinion but I can also be totally wrong  ;D
Title: Re: OPNsense versus pfSense
Post by: BenKenobi on July 04, 2018, 05:11:28 pm
The arrogance part for me is when they arbitrarily decide to go down a certain path then slag off anyone that dares to speak out or have a contrary opinion.

Sure you can't please all users at all times but not all users are dummies and to treat all users as low grade morons that somehow don't have a valid opinion is arrogance. Then to tell flagrant untruths to justify a position merely confirms the arrogance - when they dropped postfix from V2.3 is such a position - claiming that the plugin wasn't maintained, Marcelloc devoted hours to it, he even had a new version waiting to go. That isn't frustration, that's arrogance.

I don't want a hundred damn boxes when one will do - but that's the route PFSense have gone.

So to some extent I do agree frustration can play a role, but there are ways to handle user needs, open honesty and not treating them like fools goes a long way.
Title: Re: OPNsense versus pfSense
Post by: richardm on July 06, 2018, 06:14:14 pm
My reason for choosing OPNsense is simple.  With pfsense I spent probably 10 hours across several days trying to get traffic shaping to work properly and actually help my bufferbloat without creating new issues.  With OPNsense I had it up and running in about 20 minutes helping with my latency challenges.  I didn't have to fight with fine-tuning queues or floating rules.
Title: Re: OPNsense versus pfSense
Post by: franco on July 06, 2018, 11:13:25 pm
To be fair this can happen to any project. We have had our share of "it's too confusing, I'm going back to (intelligible)" but tastes differ as well as tools so we will do what we can for the people that want to be part of this community because they believe in the goals and spirit. :)


Cheers,
Franco
Title: Re: OPNsense versus pfSense
Post by: iam on July 21, 2018, 09:27:20 pm
I've done the migration today. My reason for this was that pfSense drops support of "older" hardware in the next release again. With OPNsense my APU board will be still full supported.

But there are some parts that I like more in pfSense like the LDAP support.
Title: Re: OPNsense versus pfSense
Post by: fabian on July 21, 2018, 09:42:45 pm
But there are some parts that I like more in pfSense like the LDAP support.

Feel free to discuss that in a separate thread. Telling us that is waste of time (yours and ours) because nobody can guess what your problem is. If you can describe it, somebody may fix it if the problem is relevant enough or we think it is a good idea to change it.
Title: Re: OPNsense versus pfSense
Post by: iam on July 24, 2018, 10:35:19 pm
Feel free to discuss that in a separate thread. Telling us that is waste of time (yours and ours) because nobody can guess what your problem is. If you can describe it, somebody may fix it if the problem is relevant enough or we think it is a good idea to change it.

My intention wasn't to discuss this (the missing LDAP group feature was mentioned often enough). My intention was to explain that I had a good reason to migrate, but that I'm still no totally convinced by OPNsense. The OP asked about that.
Title: Re: OPNsense versus pfSense
Post by: marjohn56 on July 24, 2018, 11:00:30 pm
And you still haven't told us what has not convinced you. ???
Title: Re: OPNsense versus pfSense
Post by: guest18611 on July 25, 2018, 08:15:56 am
Hi,

I'm new here, but you just need to read in their forum/blog...nasty stuff.

For me: i don't want to support such a project and I really like the spirt here, real open source and a friendly community! 8)
Title: Re: OPNsense versus pfSense
Post by: iam on July 25, 2018, 11:21:24 pm
And you still haven't told us what has not convinced you. ???

I have: Different as in pfSense in OPNsense LDAP groups aren't evaluated.

EDIT: Added missing word group
Title: Re: OPNsense versus pfSense
Post by: mimugmail on July 26, 2018, 06:04:04 am
I'd suggest you open a new thread and tell what you want to achieve and what went wrong. Then we can start fixing it
Title: Re: OPNsense versus pfSense
Post by: iam on July 26, 2018, 09:07:26 am
I'd suggest you open a new thread and tell what you want to achieve and what went wrong. Then we can start fixing it

https://forum.opnsense.org/index.php?topic=9249.0
Title: Re: OPNsense versus pfSense
Post by: jclendineng on July 27, 2018, 03:20:23 pm
Used pfsense for a good while, and while it has many features, seemed to crash a lot with me.  Forums are a mess, but that's normal for BSD, as BSD gurus are usually quite arrogant.  I love BSD, use it a lot on my network, but my goodness.  This is about the only forum that seems respectful.  I installed opnsense after a rather bad week with pfsense and have not looked back.  Monowall was great and opnsense has been better for me in literally every way.  Highly recommend to everyone I come across.  Love the work being done, love the forums.  Sidenote, I prefer BSD over linux, just wouldn't recommend it for new users based on the points above.  Keep up the good work guys!
Title: Re: OPNsense versus pfSense
Post by: AhnHEL on July 28, 2018, 06:34:19 am
Long time pfSense User, almost ten years.  Just finished migrating my settings to OPNsense for my home network on FIOS.  Perfectly happy with the transition and I’m here to stay.  I wanted to introduce myself and applaud the Project.as well.  I tested OPNsense when it was first introduced years ago bc of what pfSense was turning into but OPNsense was still very new and not as featured so I wound up returning to pfSense.  You guys have come a long way and have a lot to be proud of, thank you.  I made a modest donation yesterday and look forward to participating in the forum. 

While trying to remember how long I was a pfSense user, I stumbled upon this statement in Wikipedia for pfSense:

“In November 2017, a World Intellectual Property Organization panel found that Netgate had been using the domain opnsense.com in bad faith to discredit OPNsense, a competing open source firewall, and compelled Netgate to transfer the domain to Deciso, the developer of OPNsense.[7]”

I never knew that until just a few moments ago.  Features aside, now I know getting away from pfSense was the correct choice.