The only one I haven’t seen mentioned here that is a requirement for me is OPNsense. I’ve been using it for a couple years, and pfSense before that for a very long time. Never going back to commercial routers and their shitty / buggy / backdoored software. I highly recommend OPNsense over pfSense for the UI improvements alone, but there are other reasons to use/support OPNsense over pfSense.
On my network it handles internet firewall, internal firewall, and all routing across 5 VLANs and between two internet gateways. It does 1-1 NAT for my public IPs, inbound VPN, outbound VPN for my *arr stack, and RDNS blocklists with the data source being a script I wrote that merges from several sources and deduplicates the list. It is my internal certificate authority (I don’t miss you at all, Windows CA), DHCP for the guest wifi, and does pihole-like ad blocking via DNS for my entire network. And it does all that running in a VM with 2GB of RAM, of which it only uses about 60% on my install.
It is an incredibly powerful tool, not terribly difficult to learn, has a pretty damn good UI for FOSS, and in my opinion is a fantastic foundation for a complex home network / homelab. Unlike pfSense, which corrupted itself twice over the years I ran it, it has never let me down. And every update has been painless over the years.
This was the website that pfsense maintainers made as soon as OPNsense was announced. They sniped the name, derided the project and only ended up handing over the domain after they were legally compelled to.
One person affiliated with Netgate in particular can be seen around forums and social media and has serious axes to grind. He’s… not pleasant.
Add to that Netgate’s practices (IIRC secret proprietary blob required to build pfsense, double-check that fact / unremovable installation tracking) and the picture painted is one of petulance and anger.
Eh, I’ve forgotten a lot of the details and it’s drama that I don’t care to relearn about. Easy to find online with some basic searching if you want to read about it.
It’s a VM so technically none I guess, but my hypervisor hosts have a 4 port gigabit card and a 10 gig fiber card, plus another gigabit port on the motherboard.
OPNsense is using 6 interfaces, 2 WAN and 4 LAN, but it’s all virtualized.
The only one I haven’t seen mentioned here that is a requirement for me is OPNsense. I’ve been using it for a couple years, and pfSense before that for a very long time. Never going back to commercial routers and their shitty / buggy / backdoored software. I highly recommend OPNsense over pfSense for the UI improvements alone, but there are other reasons to use/support OPNsense over pfSense.
On my network it handles internet firewall, internal firewall, and all routing across 5 VLANs and between two internet gateways. It does 1-1 NAT for my public IPs, inbound VPN, outbound VPN for my *arr stack, and RDNS blocklists with the data source being a script I wrote that merges from several sources and deduplicates the list. It is my internal certificate authority (I don’t miss you at all, Windows CA), DHCP for the guest wifi, and does pihole-like ad blocking via DNS for my entire network. And it does all that running in a VM with 2GB of RAM, of which it only uses about 60% on my install.
It is an incredibly powerful tool, not terribly difficult to learn, has a pretty damn good UI for FOSS, and in my opinion is a fantastic foundation for a complex home network / homelab. Unlike pfSense, which corrupted itself twice over the years I ran it, it has never let me down. And every update has been painless over the years.
I’m still using pfsense and considered switching over to opnsense but I found out it doesn’t have something similar to pfblocker.
I understood some of those words. It make network go?
It make network go very good.
Second OPNsense. pfSense also is maintained by some pretty shitty individuals.
Why “shitty individuals”?
https://web.archive.org/web/20160314132836/http://www.opnsense.com/
This was the website that pfsense maintainers made as soon as OPNsense was announced. They sniped the name, derided the project and only ended up handing over the domain after they were legally compelled to.
One person affiliated with Netgate in particular can be seen around forums and social media and has serious axes to grind. He’s… not pleasant.
Add to that Netgate’s practices (IIRC secret proprietary blob required to build pfsense, double-check that fact / unremovable installation tracking) and the picture painted is one of petulance and anger.
[edit] oh yeah, and this gem! https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/
Yeah I hinted at it but didn’t feel like going into it. It’s why I switched though, and happily I found OPNsense to just be better anyway.
Can you list or summarize some of the other reasons?
Eh, I’ve forgotten a lot of the details and it’s drama that I don’t care to relearn about. Easy to find online with some basic searching if you want to read about it.
https://lemmy.sdf.org/comment/15885125
Thanks for that info, @[email protected]
How many NICs do you have on your opnsense machine?
It’s a VM so technically none I guess, but my hypervisor hosts have a 4 port gigabit card and a 10 gig fiber card, plus another gigabit port on the motherboard.
OPNsense is using 6 interfaces, 2 WAN and 4 LAN, but it’s all virtualized.
Went to try pfSense. Need to register to their shop to buy a free download link.
Then during installation it won’t install unless it can phone home and report.
OpnSense all the way.
That’s new, it didn’t used to do that back in the days when I used it but that was a couple years ago. Sounds like it’s just getting worse.