WISH LIST for OPNsense

[Supermule]

Hi there

Currently testing OPNsense in a home environment to get familiar with it. When compared to pfsense, then I would like to suggest some improvements to OPNsense.

1: Packages. I need Snort, Squid, Lightsquid, Cron, Open VMtools and a file manager to easy edit files.
2: GUI. Themes and widescreen support. I scroll a lot in OPNsense compared to pfsense.
3: Widgets. Ability to move them around would be great. So would having System Log widget available.

More to come later :)

[DownloadDeviant]

Totally agree with all of the above! I'll add to this -

Forgive my constant referencing of pfSense, as it is the only FREEBSD exposure I have ever had router-wise.

#1 - EDITABLE THEMES -
easily accessed and EASILY edited/customized. I don't care about re-branding, though obviously some would love that. I would like it more for general reasons. Example - the webconfig login screen will show the product is OPNsense. I would love to be able to easily 'vanilla' this with my own image and create a generic login page that does not give any clue as to the router OS. I have a client whose employee went to the login page of the pfSense gateway, saw that it was pfSense, and began Googling the various hacks to bypass it. And he did! When confronted (before he was fired) he admitted that the "login page gave it away". If the page had just a pretty picture that said WELCOME! Login: Password: and nothing more he would have been stumped. Security aside, maybe for goofy fun, I would like to put pictures of mountains or oceans or maybe a theme that allows me to use a router name/description (Router - 1st Floor - Library Building) so I know which one I just connected to without actually having to login. This shouldn't be hard or compromise performance or security so I cannot imagine why it could not easily be integrated.

#2 - DOCUMENTATION -
One thing pfSense seems to have dropped the ball on is proper documentation. Unless I am mistaken, you either have to pay $100 (GOLD STATUS) to get their book and keep paying every year for the regular updates or search and comb through myriads of unclear forum pages. Their online handbook is not a bad start and certainly helps a lot, but it still leaves much to be desired and is often left at generic boilerplate levels of detail with no case study or use examples. OPNsense should not make this mistake.

#3 - CRON JOB STORAGE -
One thing that frustrates me with pfSense is that I cannot store CRON jobs in a disabled state for later use. I can setup and store Firewall Rules and just set them as disabled. Couldn't the same be done for CRON jobs? Or just offer some kind of 'storage' for them and a simple CRON tab with an ADD/REMOVE section?

Currently I keep various CRON jobs in an Excel spreadsheet then copy/paste as needed. Sooooooo 1995! lol

#4 - AUTO RESET STATES -
pfSense seems hit or miss on this. You setup rules to throttle bandwidth or shut off internet access but someone doing something a bit meatier like a Skype session will remain connected LONG after the rule went into effect. So, you have to cron job to either reset all states or just reset for a certain ALIAS group. Why isn't that just automatically incorporated into a firewall rule and programmed to comply with the ALIAS of that rule only? Example - Terminate internet access at 11PM for alias -  IP ADDRESS GROUP - then a state reset runs and only resets 'IP ADDRESS GROUP' and leaves everyone else untouched. Talk about making the life of an admin easier! High end firewalls terminate when told to terminate. I would think PF and OPN could do this too.



That is about all I can think of for now. Will add more if I think of any.

[chol]

Hello, nice to have you two guys!

Every insightful suggestion and constructive critique is very well appreciated, you know other commercial companies spend millions on customer compliance and new ideas.

Now, we at OPNsense are not commercial and get it for free from you, a great thank you for that :)

Please keep in mind, that our OPNsense project just started and tries to shift from the legacy pfSense codebase up to a more FreeBSD alligned rock solid secure manageable code base. This all needs work and time and hands and a community. So our project needs helpful developers, editors, testers, and design critiques like the one from you guys as well ...

Again a warm wellcome to our project. We will do what we can to get a good free product out, promised!

[Supermule]

We know :)

Trying our best to help.

We just need a more business oriented setup so the project can begin its journey.

I really dig the update function that works very well!

[DownloadDeviant]

Please keep in mind, that our OPNsense project just started

No excuse! You should have started perfectly from day one! LOL  :P

All kidding aside - I love to see people like you start these new projects! Competition is a wonderful thing. You are based in The Netherlands. I am from America and I have direct personal experience seeing what damage can come from a lack of it - mergers, acquisitions and monopolies - it is destroying growth and innovation here. As an example - in most states here, generally,  there is no choice when it comes to broadband access. You can either choose the local cable company monopoly or the telco DSL service.  That is not a choice and as un-American as it can get.

So, I always try to educate family, friends and clients about open source and projects like this one. It is wonderful to see new ideas and innovation! Icing on the cake? It's free! WOW!

[chol]

All kidding aside - I love to see people like you start these new projects! Competition is a wonderful thing. You are based in The Netherlands. I am from America and I have direct personal experience seeing what damage can come from a lack of it - mergers, acquisitions and monopolies - it is destroying growth and innovation here. As an example - in most states here, generally,  there is no choice when it comes to broadband access. You can either choose the local cable company monopoly or the telco DSL service.  That is not a choice and as un-American as it can get.

Want to hear a secret? Listen good and come closer: There is a hidden conspirative plan why you have the socialist/europeanoid Canadians on one side and the penetrating Spaniards/Mexicans on the other side! lol ;)

[norspang]

We can have a lot of wishes, but the highest wish from me is a stable system, a system that do not crash when a power outage happens..
except from that i'll support all of the other suggestions.

[Supermule]

Buy a UPS and the damn thing stays online when the power is gone and then does a graceful shutdown and voila ;)

[norspang]

Well Supermule That might be the easy fix.... BUT ...... USERS...... it is a router and most users just disconnect the power if they think that something is wrong, like if it was a netgear, cisco, asus og any other kind of router....

[Supermule]

 8)

Yes but its not a Cisco box. So you have to live with what you have and make the best use of it.

Maybe in the future it will be more hardened towards power failures, but a router OS shouldnt bug down like some of the SOHO routers out there.

[norspang]

no it is not a cisco box, but as far as i have read, the BSD 10.X have a problem with ufs and fsck that zfs do not have in the same extend.
or maby it is possible to have a double file system, one witch will be copied to active on boot, as i have seen it it is not the config file that gets corrupted but the OS.....
But But But..... i am NOT a developer i am just an idea person and as the subject suggest this is about wishes....

[franco]

1: Packages. I need Snort, Squid, Lightsquid, Cron, Open VMtools and a file manager to easy edit files.

Will be back. The packages system needs a proper face lift, most of the old code is gone, including PBI. Squid is in the base installation, Suricata on the way, Open VM tools are available through pkg, file manager I really do not deem appropriate. Why risk editing files? It points to a different problem, namely rigidity of the implementation.

2: GUI. Themes and widescreen support. I scroll a lot in OPNsense compared to pfsense.

Agreed. Who'll be on point?

3: Widgets. Ability to move them around would be great. So would having System Log widget available.

Agreed:

https://github.com/opnsense/core/issues/210
https://github.com/opnsense/core/issues/211


The caveat: if there are no new contributors, this will progress at the current pace, which is probably not what one would expect. It's a lot of work.

[Supermule]

I know Franco.

I paid a guy to do the widescreen theme before it got implemented in pfsense.

I use filemanager a lot to upload files very easily and edit them directly.

I am a bsd noob so I need some click and edit options :D

[weust]

Supermule, what files do you want to manually edit then?
That's what the WebGUI is for.

[Supermule]

files like loader.conf and currently some files belonging to the theme of pfsense to change the color since I hate the red one they use :D