Archive > 17.1 Legacy Series

OPNsense vs. pfSense article - any thoughts on that?

(1/7) > >>

kraileth:
Hi everyone,

Having followed pfSense on and off for years, I was a little biased towards it when the fork happened. I took a look at both operating systems, though, but soon stopped due to a lack of time. Now I've revisited this case and decided to write a little series about it (I may link the relevant parts in the howto section, too). I've come to really like OPNsense and will definitly write more about it to keep spreading the word and make it more popular.

However I'm a newcomer and I'm not sure that I got everything right (I end up recommending OPNsense over pfSense in the end so it cannot be that bad, eh? ;)). Still I would appreciate some feedback, taking my first steps in the community. If you're interested, please have a look here: pfSense vs. OPNsense.

So far I have had little luck on the forums with the few posts that I made. I have a FreeBSD background and like to tinker with things. And I like to become part of the community of a project that I use and thus would love to find my place with OPNsense, too. The next topics that I intend to write about are jail management and building additional packages on more powerful hardware.

AdSchellevis:
Hi kraileth,

Nice article, thanks!
It's true that we don't like the webgui to run as root, but to be honest, it still requires quite some time to unravel all code behind it.
At the moment our system still requires the user interface to run as root, although we're aiming to fix that as soon as possible. We've cleaned-up a lot of code (we now share roughly 10% with pfSense), making it easier to read and we removed as much side affects as possible. Eventually we'll get there.
Plugins using our new architecture and guidelines are automatically compatible for a non root web gui.

Best regards,

Ad

kraileth:
Hi Ad and thanks for clarifying the status of priv separation for the GUI! I've edited my post accordingly to mention that it's currently a work in progress.

fabian:
Note that all new plugins (and some core components) are controllable by the API. So you can automate some tasks if you like.

sthames42:
Hi kraileth,

I too have been a devoted user of pfSense. I've worked with router/firewall software for many years. Three years ago, tired of the terrible service from Watchguard, I went looking for an open-source router solution for my IT department. Found pfSense and been using it ever since.

However, over time, I have looked at the pfSense code and have found a lot of it to be stream of consciousness hacking and often wondered that it worked at all. Having a vast experience in software engineering, I have found it an axiom that good, clean coding results in a good, reliable product, and that the reverse is true, as well. That being said, pfSense has always worked well for me.

The latest version of pfSense did not port a package that I was using so I set out to do the port myself. It works well and I use it for my company routers. I put in a pull request to have the package included in the official source and got into an argument with one of the gatekeepers who appears to be a tyrant. Don't get me wrong, he had some points in his criticism, and I made several of the changes he requested. But we argued about one change, that I would have made, useless as it was, until he became insulting and hit me with a "do it my way or get out" attitude. They appear to not be interested in my contributions, now. It's just as well as I have no wish to improve their product, anymore.

I discovered OPNSense a couple of months ago, by accident, when I learned it's implementation of Suricata is superior. Didn't consider switching but I am considering it now.

I am an extremely good developer and love open source. But I have found that OS developers do not tend to take argument well. I love the debate of ideas and consider arguments over coding styles and approaches conducive to the very best results. But all parties must be willing to listen, consider, and above all, treat each other with civility and respect.

I have two questions or you, and anyone else reading this:

One, your article seems to describe both OPNSense and pfSense as good router software for a home router. Is it your contention that a different choice should be made for commercial use?

Two, I would very much like to contribute to a good OS product as highly useful as a UI router package like pf/OPNSense. Will I find the contributors here are just as inflexible and petulant as I have found with pfSense?

Navigation

[0] Message Index

[#] Next page