Some question about features

[knebb]

Hi,

I am considering to migrate to OPNSense (currently two PFSense 2.6.0 CE). There might be only minor differences but I want to make sure.
Reading the Wiki I still have some questions:


Currently I use the bind dns plugin and are maintaining my own local zones through two sites (master-slave DNS). I noticed there is a bind plugin for OPNSense but does it offer full bind functionality (own zones, per zone configured as forwarder or master/ slave, notifies)? If not, do you have an idea how I can maintain my local network by hostnames?

A VPN connection as client AND as server for multiple road warrirors at the same time? Is this possible (yes, different ports, obviously)? Is there such a nice think like the "VPN Exporter" which exports the clients configuration files so they can be used directly on Linux/Win/Mac clients?

Hardware related- will OPNSense run on same hardware as pfsense does? Especially hardware crypto?

Will I be able to easily add static DHCP leases?


Thanks a lot!

/KNEBB

[Patrick M. Hausen]

Currently I use the bind dns plugin and are maintaining my own local zones through two sites (master-slave DNS). I noticed there is a bind plugin for OPNSense but does it offer full bind functionality (own zones, per zone configured as forwarder or master/ slave, notifies)? If not, do you have an idea how I can maintain my local network by hostnames?

Primary and secondary zone support exists. Forward zones are currently in the works and expected in one of the next updates.

A VPN connection as client AND as server for multiple road warrirors at the same time? Is this possible (yes, different ports, obviously)? Is there such a nice think like the "VPN Exporter" which exports the clients configuration files so they can be used directly on Linux/Win/Mac clients?

Yes and yes as far as I know. There were some posts of people experiencing difficulties with the exported client configuration.

Hardware related- will OPNSense run on same hardware as pfsense does? Especially hardware crypto?

If it is Intel/AMD based, most probably yes. ARM not yet for production. IIRC some appliances sold by Netgate are ARM based.

Will I be able to easily add static DHCP leases?

Define "easily"  ;) Show list of dynamic leases in the UI, find the client, click on a small "+" on the right hand side to be taken to the static lease form for that client.

If you have an Intel/AMD based desktop/laptop at hand that can run VirtualBox I suggest you just give OPNsense a spin to get a feeling for the UI and its features:
https://github.com/punktDe/vagrant-opnsense

HTH,
Patrick

[knebb]

Hi,

Primary and secondary zone support exists. Forward zones are currently in the works and expected in one of the next updates.

Sounds good. I might give it a try.

Yes and yes as far as I know. There were some posts of people experiencing difficulties with the exported client configuration.

Looks like I have to test this before... a lot of work but ok. Needs to be done. I was hoping to know it for sure without testing.

Define "easily"  ;) Show list of dynamic leases in the UI, find the client, click on a small "+" on the right hand side to be taken to the static lease form for that client.

That is easy, indeed. I did not ask for more. Thanks!


I will have to set up a virtual machine first to see if it works fine. But requirements seems to be met already.

Thanks for your information!

/KNEBB

[Patrick M. Hausen]

Just use my Vagrant project linked above for the virtual machine - easy peasy.