OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Opnsense on OpenBSD
« previous next »
  • Print
Pages: [1]

Author Topic: Opnsense on OpenBSD  (Read 4360 times)

joeculler

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Opnsense on OpenBSD
« on: September 21, 2020, 05:23:34 am »
I'm wondering if anyone tries to port opnsense on OpenBSD?
I'd like to try to do that, thanks.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17656
  • Karma: 1610
    • View Profile
Re: Opnsense on OpenBSD
« Reply #1 on: September 21, 2020, 01:46:30 pm »
It was a discussion a long time ago. Relevant bullet points from the top of my head:

* HardenedBSD migration and LibreSSL option reduced the need for OpenBSD as opposed to FreeBSD
* Certain technologies require rewrites (IPsec/Strongswan is not common on OpenBSD)
* Certain technologies are not available (Netmap and ZFS never made it to OpenBSD)
* Packaging, ports and build infrastructure is different, with pkg_add lacking functionality that pkg(ng) has for automating builds and updates
* Interface code would have to be rewritten and restructured to make sense in the years to come as it has had too much organic growth unfortunately
* Supporting more than one BSD is out of scope for a single project considering the complexity of it all

For me personally the reasons are that FreeBSD has good networking support and contributors (Intel, Netflix, etc.), the release cycles of FreeBSD are a bit longer and conservative than OpenBSD which gives more time to prepare a release (although their EoL policy is worse). Suricata with Netmap is very popular with users, especially since we have ET Pro Telemetry.

This shouldn't prevent anyone from trying. The only I want to say is that think about why you would be doing it and if there is a valid reason please do. :)


Cheers,
Franco
Logged

AveryFreeman

  • Newbie
  • *
  • Posts: 23
  • Karma: 2
    • View Profile
Re: Opnsense on OpenBSD
« Reply #2 on: January 27, 2021, 07:56:02 am »
I found this thread wondering the same question.  Thanks for chiming in about that, Franco, it was really interesting!
Logged

marcquark

  • Full Member
  • ***
  • Posts: 103
  • Karma: 5
    • View Profile
Re: Opnsense on OpenBSD
« Reply #3 on: January 27, 2021, 07:04:48 pm »
Sort of a hijack, but have there been similar discussions about porting to Linux? From a very naive perspective it looks like Linux would have a lot of advantages like better hardware support and a generally vast ecosystem. The obvious cons are whether or not iptables can be as sophisticated as pf (thinking about policy routing, multi WAN etc.) and that a lot of defaults that people have gotten used to over the years would probably change. But i feel like somebody somewhere surely must have thought about this some more. Would be very interesting to read for sure :)
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17656
  • Karma: 1610
    • View Profile
Re: Opnsense on OpenBSD
« Reply #4 on: January 28, 2021, 10:08:26 am »
We joke about it from time to time internally that this would have been the best route, but you basically start at zero and work your way through it. Too many people already did this and look where we are.

Personally, I also don't feel like forking a nice Linux firewall to take it somewhere else. Maybe I'm getting old. :)


Cheers,
Franco
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Opnsense on OpenBSD
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2