Alternative to pfsense/Opnsense

[Maverick009]

I considered pfSense but decided to give Merlin a try and with Skynet and Diversion added it pretty much addresses the issues I was having. I haven't seen my router get too busy and make me think I need to offload any processes, and my networking doesn't have high requirements for subnets, VLANs etc. I anticipate the next steps in IOT and streaming may require me to re-evaluate my configuration. Right now, it's not broken - my Merlin config is getting it done.

What would be a primary consideration/advantage to use a pfSense device?

For me I am not using the full capacity or capabilities of Pfsense but I wanted for an advance firewall and router, that is there for what I need now, but also expands as my needs expand. I also like the fact I can segment my network down based on subnets and other factors.

Ultimately each person's scenario may be different and not exactly your scenario, but if you are looking at total control and expandability with enterprise based security and stability this is the best route to go as freeware is considered. Some alternatives are available but either cost money via licensing or are a tad more work to install and setup as I found out with this venture.

 

[Maverick009]

I tried Ipfire a long time ago maybe 15 years, when I was running my own email server so I ran it with IpCop. It was not my cup of tea. So, I only ran it for a week. I think Openwrt looks good from what I have read.

I would never run an OS for a router firewall as I want somebody else to keep up with security and writing the code. The same with DNS. I want somebody else to keep up with what is happening. I am trying to retire.

I actually liked the concept of Ipfire but at the same time felt it too simplified and with limitations. Openwrt looked good, but due to no normal install process, it made things complicated and I don't want that. Once they are both up, updates work well and they are kept up to date by the developers actively. Just either too complicated at install, or limited in design.

I hear you though and I am trying to do the same to a degree as far as I do not want to keep tinkering just to figure out an issue or realize limitations later and just want it all to work but also be secure at same time.

 

[Tech9]

Your Ryzens and Xeons guys do more electricity to heat conversion work than routing for a home network.

 

[Maverick009]

Your Ryzens and Xeons guys do more electricity to heat conversion work than routing for a home network.

Honestly not really as I paid attention when I began this route. I also initially started with an Intel Q6600 2.4Ghz quad core CPU. That was a hot CPU at 105W that constantly was over 70C degrees generating heat more than any of my other equipment and the room would also be quite warm. Once I switched to the Ryzen 1700 the heat generated dropped tremendously being a 65W Max CPU and averaging 39-43 degrees. I also gained from higher core count and SMT support, not to mention IPC and overall platform gains that really outweigh the cons. I also have a gaming server PBX powered server, so I can saturate parts of the network quickly and why the hardware makes sense. Electricity not seeing much change and actually should be less vs the old Intel Q6600.

 

[coxhaus]

The process is simple: you just install CE 2.6.0 and upgrade to plus from there. I did this already 3 times without any issue. The most recent one on a NUC with i5 and 16Gb in UEFI.

So, can you do this without any cost? I can do this now for free? I would be interested in running BSDv14 on my Dell.

 

[coxhaus]

Honestly not really as I paid attention when I began this route. I also initially started with an Intel Q6600 2.4Ghz quad core CPU. That was a hot CPU at 105W that constantly was over 70C degrees generating heat more than any of my other equipment and the room would also be quite warm. Once I switched to the Ryzen 1700 the heat generated dropped tremendously being a 65W Max CPU and averaging 39-43 degrees. I also gained from higher core count and SMT support, not to mention IPC and overall platform gains that really outweigh the cons. I also have a gaming server PBX powered server, so I can saturate parts of the network quickly and why the hardware makes sense. Electricity not seeing much change and actually should be less vs the old Intel Q6600.

I still have a couple of Intel Q6600 cpus. They were great in there day. Way to hot nowadays.

My old Xeons were low voltage 35 watt CPUs in my old turned off rack. They were out of blade servers that I bought off eBay.

 

[ddaenen1]

So, can you do this without any cost? I can do this now for free? I would be interested in running BSD14 on my Dell.

yes, it is free. Download and install pfSense CE 2.6.0, register for a free homelab version of Pfsense+ (here) and they will mail you a token that you enter in pfSense CE which alows upgrade to pfSense+ 23.01. The upgrade process is flawless.

 

[Maverick009]

I still have a couple of Intel Q6600 cpus. They were great in there day. Way to hot nowadays.

My old Xeons were low voltage 35 watt CPUs in my old turned off rack. They were out of blade servers that I bought off eBay.

Yeah for me the Q6600 was sitting around and great for the purpose of launching this project, but I found it inadequate to handle the full network needs plus the heat and power the chip ate up was not worth keeping in production. The replacement is a Ryzen 1700 8C/16T chip but more power efficient and I tuned it to operate at 45W or less under light load. My Gaming and NAS server has my old Ryzen 2700 in it, plus the platforms they are on are also more efficient than the old platforms partly thanks to today's CPUs integrated a lot of the chipset functionality into them as well.

 

[ddaenen1]

i think we have a winn

IF YOU WANT SOME OTHER ALTERNATIVE ROUTER FOR YOURSELF SO YOU HAVE TO SELECT THE WPS VERIZON ROUTER IT IS ALSO A GOOD ROUTER

i think we have a winner here...

 

[Maverick009]

IF YOU WANT SOME OTHER ALTERNATIVE ROUTER FOR YOURSELF SO YOU HAVE TO SELECT THE WPS VERIZON ROUTER IT IS ALSO A GOOD ROUTER

I am not looking for a router replacement, just software. However, since posting this, I went back to the drawing board and installed pfsense and stabilized my network again.

 

[ddaenen1]

I am not looking for a router replacement, just software. However, since posting this, I went back to the drawing board and installed pfsense and stabilized my network again.

And what are your insights and experience? I had an ASUS RT-AC88u which gave me the well known 4 port issue frequently so i switched over a seperate router and switch which brought me to Ubiquiti. I didn't know much back then and eventually abandoned it as i didn't think i was up to the task and quite complicated to configure so i got a Mikrotik RB3011 which was great up until the point that i wanted external https access to my Nextcloud server using my FQDN. After reading up a lot, i learned that it might be possible with pfSense using the ACME cert and HAproxy packages. It was a steep learning curve but is working great for a couple of years now. pfSense just makes sense, is quite easy to configure and so far has been able to take whatever i throw at it.

 

[Maverick009]

And what are your insights and experience? I had an ASUS RT-AC88u which gave me the well known 4 port issue frequently so i switched over a seperate router and switch which brought me to Ubiquiti. I didn't know much back then and eventually abandoned it as i didn't think i was up to the task and quite complicated to configure so i got a Mikrotik RB3011 which was great up until the point that i wanted external https access to my Nextcloud server using my FQDN. After reading up a lot, i learned that it might be possible with pfSense using the ACME cert and HAproxy packages. It was a steep learning curve but is working great for a couple of years now. pfSense just makes sense, is quite easy to configure and so far has been able to take whatever i throw at it.

A little rusty but still quite good at solving puzzles and making things work. Network is no different. Been playing with and experimenting since probably the very first DIY network kits launched at Best Buy and you had a network hub before switches became a thing in 99/2000 time frame lol.

For me, I still have home routers as I have the Asus GT-AX11000 and an RT-AC3100 that currently operate in AP mode with Aimesh. After experimenting with Pfsense and Opnsense, I decided to go all in and prefer them as for me they are simple enough at their basic settings, but can grow and allow further and explicit control of every part of the network. Now that I have everything stabilized I will be able to slowly tweak the network with rules and settings for performance and security. I am now beginning to look into a game/steam cache due to a few gaming systems.

 

[sfx2000]

Was not sure where to exactly post this but lately I have been thinking of an alternative firewall router like OS alternative to pfsense and Opnsense.

[OpenWrt Wiki] Welcome to the OpenWrt Project

openwrt.org

I'm a dev over there (low profile), but I've put pfSense in my rear view mirror after the whole wireguard turd fest and basically their whole team is like that...

Yes, they've done some cool stuff like funding ARM development over in BSDLand, which is a win, but the whole political mess that is pfSense is just too much too deal with...

pfsense 2.6 (CE) is pretty much a dead end, as Netgate has determined in the short term (as that is their only view) that TNSR is where the future is, unless it is for profit (buy netgate HW, and get pfSense Gold, or whatever it's called these days).

Heard interesting things about OpnSense, but at the same time, why should I bother there - different coolaid, same flavor...

Got better things to do with my limited turns around the sun these days...

 

[coxhaus]

[OpenWrt Wiki] Welcome to the OpenWrt Project

openwrt.org

I'm a dev over there (low profile), but I've put pfSense in my rear view mirror after the whole wireguard turd fest and basically their whole team is like that...

Yes, they've done some cool stuff like funding ARM development over in BSDLand, which is a win, but the whole political mess that is pfSense is just too much too deal with...

pfsense 2.6 (CE) is pretty much a dead end, as Netgate has determined in the short term (as that is their only view) that TNSR is where the future is, unless it is for profit (buy netgate HW, and get pfSense Gold, or whatever it's called these days).

Heard interesting things about OpnSense, but at the same time, why should I bother there - different coolaid, same flavor...

Got better things to do with my limited turns around the sun these days...

So how are you finding Openwrt? I bet it is fast on x86 hardware. I noticed they had a package AMD64-microcode? Do you need that to run 64 bit even with an Intel processor?

 

[sfx2000]

So how are you finding Openwrt? I bet it is fast on x86 hardware. I noticed they had a package AMD64-microcode? Do you need that to run 64 bit even with an Intel processor?

I've been focused on a couple of specific targets that are not x68/amd64 based... MIPS as a hobby target and ARMv8 for something more... as some might note in other posts - I'm pretty focused these days on ath9k/10k/11k/12k devices...

That being said - pretty much anything that can be done in pfSense has a way of being done in OpenWRT, and wireless support is obviously better.

Different methods to the same level of madness perhaps - but they're close to the tip on linux development, so onboarding new items is pretty straight forward, and driver support is much easier in Linux Land than it is over in the BSD Ghetto - just more development over there in the upstream space...

I know that there is working being done over for Intel/AMD based boards, but as mentioned, not my focus...

 

[Tech9]

pretty much anything that can be done in pfSense has a way of being done in OpenWRT

pfSense is business use oriented. It's popular and standard. What can be done in OpenWrt is not enough. I can play with the recently received GL.iNet gadget running OpenWrt at home, but I can't put a device like this in my server racks. I can't expect IT guys to provide support for non-standard devices.

 

[sfx2000]

pfSense is business use oriented. It's popular and standard.

no, it's not... Netgate would like you to believe it is...

 

[Tech9]

Yes it is around here. When you guys come up with something similar OpenWrt based let me know. I may have retired by then though.

 

[sfx2000]

Yes it is around here. When you guys come up with something similar OpenWrt based let me know. I may have retired by then though.

pfSense bundled with Netgate hardware could be considered small/medium class...

pfSense CE is hobby-grade with community support only... I would not run pfSense CE for business critical connectivity.

 

[sfx2000]

pfSense is business use oriented. It's popular and standard.

Just as a reminder - pfSense is a fork of m0n0wall - and when they announced end of support, they referred everyone over to OpnSense... because of politics and shady behavior by certain people on the pfSense team - just saying...

m0n0wall has served as the seed for several other well known open source projects, like pfSense, FreeNAS and AskoziaPBX. The newest offspring, OPNsense (https://opnsense.org), aims to continue the open source spirit of m0n0wall while updating the technology to be ready for the future. In my view, it is the perfect way to bring the m0n0wall idea into 2015, and I encourage all current m0n0wall users to check out OPNsense and contribute if they can.