OPNsense versus pfSense

Started by bimmerdriver, June 23, 2018, 03:51:42 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
June 23, 2018, 03:51:42 AM
I'm not asking a rhetorical question or trying to start a controversy, but I'm wondering if someone would provide an explanation of why one would go with OPNsense rather than pfSense. I gather there are some philosophical differences, functionality differences, different objectives, etc., but these are not obvious merely by comparing the GUIs of OPNsense and pfSense. I would be interested to have a better understanding of this.
June 23, 2018, 09:24:03 AM #1
The weather is better here and we have biscuits with our tea.


Good well reasoned article.


https://eerielinux.wordpress.com/2017/06/25/building-a-bsd-home-router-pt-6-pfsense-vs-opnsense/

OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
June 23, 2018, 10:14:54 AM #2
It depends on when you ask. We pioneered multiple efforts to modernise in 2015 and 2016 which we deemed necessary, most of all the removal of the deprecated ALTQ framework, MVC framework for rapid development, embracing pkgng replacement, rewriting the IPS and web proxy integration to be core components just to name a few.

2017 and 2018 have been quieter... the features offered are equally balanced on both sides and perfectly viable for use in today's network settings.

The kicker for me is that we have succeeded in retaining the original m0n0wall/pfSense license which also aligns with BSD in general. A fun fact is that comparing side by side OPNsense has the longest running stable licensing.

For end users, there is no reason to sway a certain way. People should use what they like and what works. For people who want to build products and plugins OPNsense has a clear advantage of allowing anyone to use the product's framework and build tools in any way that is compatible with the 2-Clause BSD license. We provide working tools and free support for them as time permits.

We do hope that the last point also benefits end users mid-term and long-term, building a better network security world that we would like to see.

Maybe some of the older folks here can shed a light on how they have perceived the course of OPNsense in the last couple of years and whether we have come closer to the goals that we have been openly discussing ever since we started.


Cheers,
Franco
June 23, 2018, 04:10:35 PM #3
I started using OPNsense (purely at home) after coming from m0n0wall and then pfSense.
But I never liked the WebGUI of pfSense. Too chaotic. This was before pfSense also switched to the MVC framework, after they first claimed OPNsense was only a prettier looking pfSense.

But also the pfSense forums is a mess, made that way by the owners.
And after the fork they got really, really nasty and hostile to the point I just didn't want anything to do with pfSense anymore.

Coming over to OPNsense was very friendly. The IRC channel is serious and also with humour.
The forums are actually providing good information.

They both can do good things, but how pfSense does things is plain nasty on so many levels, and my personal reason to stick to OPNsense.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
June 27, 2018, 06:09:23 PM #4
I'm currently making the migration to OPNsense. While my last upgrade was yet again botched, I'm just generally tired of the mood of the pfSense forum. I constantly see the same snarky attitude from the same people (pretty sure you know who I'm talking about). I see new people get ripped a new one constantly. It's kind of comical to be honest. I joined a Solar Electricity forum once and one time the owner tried to call me out on something. I  professionally responded and stated I didn't appreciate his tone. He not only deleted my account, he also tried to burn me on another similar forum. Just the attitude I don't have time for.

While I don't look forward to migrating from scratch, I'm hopeful for a better community.
June 27, 2018, 09:05:15 PM #5
Just to add, while already experienced with this kind of appliances, and with a relatively very simple home network, after looking/testing some consumer routers with DD-WRT, m0n0wall, pfSense, and OPNsense, I rapidly felt a huge stability and responsiveness with OPNsense myself with my rather old E7600 and 4GB RAM, setting things up is a breeze and it just works, no frills at all here also BSD licese.

Currently running ClamAV, Traffic Shaper, SSH, PF, Suricata/IDS, DNS etc. and the CPU mostly sitting at 5% with some random 25~35% peaks sometimes, and 35% RAM usage after a while.

Note that I'm running OPNsense 18.1.10-amd64 RootOnZFS with Boot Environments hence abit more RAM due the ZFS ARC usage which is expected, still don't feel the need to add more RAM though.

Overall a pretty solid product, an easy and functional clean interface, did I mentioned the BSD license.

Regards
July 04, 2018, 03:22:10 PM #6 Last Edit: July 04, 2018, 03:32:25 PM by BenKenobi
For me PFSense started down a road I wasn't interested in following, they decided that PFSense was no longer going to be an all encompassing barrier and excluded a number of useful add ons, the devs also developed an arrogance that I have no time for - 'we do not care what you think or want - we are right you are wrong' - well fine, I'm outa here. I moved to OPNSense and retain the last decent version of PFsense to use as an MTA - although that may soon be retired now that OPNSense has gained Postfix.

Firefox / Mozilla has gone the same way, if you dare to challenge they're almost abusive - I'm afraid that arrogance in software departments I live with day to day as part of the day job - I have no time whatsoever for it.

So now I'm OPNSense and Waterfox, I like where the two are going, they fit MY needs not the developers so I'm happy to tag along.

July 04, 2018, 03:48:25 PM #7
I wouldn't call it arrogance .. perhaps sometimes also just frustration. The problem is, the more user you get, the more ppl have extra wishes and expect them asap .. where also commercial distributions doesn't offer half of your features :)

Just my opinion but I can also be totally wrong  ;D
July 04, 2018, 05:11:28 PM #8
The arrogance part for me is when they arbitrarily decide to go down a certain path then slag off anyone that dares to speak out or have a contrary opinion.

Sure you can't please all users at all times but not all users are dummies and to treat all users as low grade morons that somehow don't have a valid opinion is arrogance. Then to tell flagrant untruths to justify a position merely confirms the arrogance - when they dropped postfix from V2.3 is such a position - claiming that the plugin wasn't maintained, Marcelloc devoted hours to it, he even had a new version waiting to go. That isn't frustration, that's arrogance.

I don't want a hundred damn boxes when one will do - but that's the route PFSense have gone.

So to some extent I do agree frustration can play a role, but there are ways to handle user needs, open honesty and not treating them like fools goes a long way.
July 06, 2018, 06:14:14 PM #9
My reason for choosing OPNsense is simple.  With pfsense I spent probably 10 hours across several days trying to get traffic shaping to work properly and actually help my bufferbloat without creating new issues.  With OPNsense I had it up and running in about 20 minutes helping with my latency challenges.  I didn't have to fight with fine-tuning queues or floating rules.
July 06, 2018, 11:13:25 PM #10
To be fair this can happen to any project. We have had our share of "it's too confusing, I'm going back to (intelligible)" but tastes differ as well as tools so we will do what we can for the people that want to be part of this community because they believe in the goals and spirit. :)


Cheers,
Franco
July 21, 2018, 09:27:20 PM #11
I've done the migration today. My reason for this was that pfSense drops support of "older" hardware in the next release again. With OPNsense my APU board will be still full supported.

But there are some parts that I like more in pfSense like the LDAP support.
July 21, 2018, 09:42:45 PM #12
Quote from: iam on July 21, 2018, 09:27:20 PM
But there are some parts that I like more in pfSense like the LDAP support.

Feel free to discuss that in a separate thread. Telling us that is waste of time (yours and ours) because nobody can guess what your problem is. If you can describe it, somebody may fix it if the problem is relevant enough or we think it is a good idea to change it.
July 24, 2018, 10:35:19 PM #13
Quote from: fabian on July 21, 2018, 09:42:45 PM
Feel free to discuss that in a separate thread. Telling us that is waste of time (yours and ours) because nobody can guess what your problem is. If you can describe it, somebody may fix it if the problem is relevant enough or we think it is a good idea to change it.

My intention wasn't to discuss this (the missing LDAP group feature was mentioned often enough). My intention was to explain that I had a good reason to migrate, but that I'm still no totally convinced by OPNsense. The OP asked about that.
July 24, 2018, 11:00:30 PM #14
And you still haven't told us what has not convinced you. ???
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
Print
Go Up Pages1 2
User actions