Alternative to pfsense/Opnsense

[Tech9]

I would not run pfSense CE for business critical connectivity.

Agree. I would not use DIY either for support and compatibility/upgrade related issues. The reasons I use Netgate hardware.

because of politics and shady behavior

This is true and I know the story. Nevertheless pfSense is more popular and with better support. The final product is what I'm interested in.

 

[ddaenen1]

This is true and I know the story. Nevertheless pfSense is more popular and with better support. The final product is what I'm interested in.

I don't care too much about the story either. This is something for people that don't have anything better to do. I have tried both and as long as i can rely on pfSense, i will do so and indeed the truth is, there is so much good information and tutorials on pfSense out there that you will always be able to find a suitable solution.

 

[coxhaus]

Honestly not really as I paid attention when I began this route. I also initially started with an Intel Q6600 2.4Ghz quad core CPU. That was a hot CPU at 105W that constantly was over 70C degrees generating heat more than any of my other equipment and the room would also be quite warm. Once I switched to the Ryzen 1700 the heat generated dropped tremendously being a 65W Max CPU and averaging 39-43 degrees. I also gained from higher core count and SMT support, not to mention IPC and overall platform gains that really outweigh the cons. I also have a gaming server PBX powered server, so I can saturate parts of the network quickly and why the hardware makes sense. Electricity not seeing much change and actually should be less vs the old Intel Q6600.

I am running pfsense on an old Dell I bought for $75 used with an Intel i3 CPU with 2 real cores at 3.4 Ghz and 4 gig ram. The temperature runs 27.9 so there is very little heat and no noise. You cannot hear the fans.

 

[Maverick009]

I am running pfsense on an old Dell I bought for $75 used with an Intel i3 CPU with 2 real cores at 3.4 Ghz and 4 gig ram. The temperature runs 27.9 so there is very little heat and no noise. You cannot hear the fans.

I hear no noise from my upgraded Pfsense server but being in a Network rack cabinet, I will hear the 2 exhaust fans in the cabinet if I was close and also have the closet doors open to where the cabinet is. Temps have been great for this 8C/16T CPU given ambient Temps plus being on 3rd floor lol. Overall quiet and heat is significantly dropped vs the Intel Q6600, while performance has hugely increased with room to spare rightfully so. Can't complain.

 

[Maverick009]

Just as a reminder - pfSense is a fork of m0n0wall - and when they announced end of support, they referred everyone over to OpnSense... because of politics and shady behavior by certain people on the pfSense team - just saying...

m0n0wall has served as the seed for several other well known open source projects, like pfSense, FreeNAS and AskoziaPBX. The newest offspring, OPNsense (https://opnsense.org), aims to continue the open source spirit of m0n0wall while updating the technology to be ready for the future. In my view, it is the perfect way to bring the m0n0wall idea into 2015, and I encourage all current m0n0wall users to check out OPNsense and contribute if they can.

I tried Opnsense and actually prefer it Overall, but I am currently back in Pfsense due to more stable drivers in Pfsense 2.6. The latest 2 releases of Opnsense seemed to introduce buggy NIC drivers. I may check them out again at a later point.

 

[coxhaus]

I tried Opnsense and actually prefer it Overall, but I am currently back in Pfsense due to more stable drivers in Pfsense 2.6. The latest 2 releases of Opnsense seemed to introduce buggy NIC drivers. I may check them out again at a later point.

Pfsense 2.6 is really old using FreeBSD 12.x. The latest drivers are now in pfsense 23.01 which is using FreeBSD 14. I would not want to run 2.6. Opensense has newer drivers as it is using FreeBSD 13 but older than 23.01.

I think pfsense 2.7 should be out soon which would be a much better choice. First, we will see 23.05 and then 2.7 sounds like within weeks reading on their forums.

 

[RacerX330]

didn't read the whole thread, but pfsense has documented issues with realtek chips, the alternate driver worked just fine for my setup, not sure about opnsense
let me see if i can dig up the links

 

[sfx2000]

I think pfsense 2.7 should be out soon which would be a much better choice. First, we will see 23.05 and then 2.7 sounds like within weeks reading on their forums.

Keep thinking that...

With Netgate - TNSR is the future, not pfSense - pfSense 2.6 CE is close to abandonware...

 

[ddaenen1]

Keep thinking that...

With Netgate - TNSR is the future, not pfSense - pfSense 2.6 CE is close to abandonware...

I do agree that in the long run, CE will die a slow death. I also believe that there is a future for pfSense+. From what i understand, the application field for pfSense+ and TNSR are completely different so they can coincide.

 

[Christos]

Keep thinking that...

With Netgate - TNSR is the future, not pfSense - pfSense 2.6 CE is close to abandonware...

A TNSR gateway is a specialised device that does one thing: extremely fast routing and it does it well.
If negate starts adding firewall features to TNSR in order to replace pfsense, then TNSR will be slower and loose its advantage.

For the second part "pfsense CE is close to abandonware", I agree because I don't see any reason for someone to use it since pfsense+ is free for home/lab. These two products are similar to CentOS and RHEL, with CentOS dead today.

 

[avtella]

In regards to Community Edition I’ve heard the it’s dead or abandoned commentary from people since like 2.4…and 2.5 and 2.6 released…. I’m certain 2.7 will release, big changes so more time. Yeah I’m sure eventually pFsense Plus will completely replace CE. As others have said TNSR is no way a replacement, at least not in the next 5 years, as it’s purpose is different so I doubt pfsense will die off anytime soon.


As for the controversy between Opn & Pf I think Lawrence from the video below I think had a pretty decent take, of course caveat being he may be a bit favoring one due to experience.

 

[coxhaus]

didn't read the whole thread, but pfsense has documented issues with realtek chips, the alternate driver worked just fine for my setup, not sure about opnsense
let me see if i can dig up the links

Nobody uses realtek chips for anything serious. You won't find them in serious servers or networking equipment. Use something else.

 

[coxhaus]

In regards to Community Edition I’ve heard the it’s dead or abandoned commentary from people since like 2.4…and 2.5 and 2.6 released…. I’m certain 2.7 will release, big changes so more time. Yeah I’m sure eventually pFsense Plus will completely replace CE. As others have said TNSR is no way a replacement, at least not in the next 5 years, as it’s purpose is different so I doubt pfsense will die off anytime soon.


As for the controversy between Opn & Pf I think Lawrence from the video below I think had a pretty decent take, of course caveat being he may be a bit favoring one due to experience.

I think the way it stacks up now is Opensense is better choice than pfsense 2.6 and pfsense 23.01 is a better choice than Opensense right now.

 

[sfx2000]

I think the way it stacks up now is Opensense is better choice than pfsense 2.6 and pfsense 23.01 is a better choice than Opensense right now.

Or nonSense until things sort out in that space...

(sorry, couldn't help it, you set up that ball to swing at...)

It does beg however - either OpenWRT puts on their big-boy pants, or someone needs to step up.

The BSD based distros (pfSense/opnSense) basically have a soups/nuts solution...

Linux has a lot of Application level solutions, but nothing like what pfSense and the forks offer - and there, I think there is an opportunity for the community to step in and do something better...

Just saying... the BSD underwear has a lot of brown spots due to pfSense/Netgate, mostly due to a couple of specific people over on the Netgate side of the house....

 

[coxhaus]

Or nonSense until things sort out in that space...

(sorry, couldn't help it, you set up that ball to swing at...)

It does beg however - either OpenWRT puts on their big-boy pants, or someone needs to step up.

The BSD based distros (pfSense/opnSense) basically have a soups/nuts solution...

Linux has a lot of Application level solutions, but nothing like what pfSense and the forks offer - and there, I think there is an opportunity for the community to step in and do something better...

Just saying... the BSD underwear has a lot of brown spots due to pfSense/Netgate, mostly due to a couple of specific people over on the Netgate side of the house....

I agree, just waiting for the next player. OpenWRT looked good when I read about it, but you are kind of on your own trying to pull it together.

 

[coxhaus]

I upgraded pfsense to 23.05 and I had an issue. I thought it was pfsense because I lost access from my workstation but it turns out I think it was Windows 11. I immediately pinged from pfsense to the internet and to my L3 switch and it all worked but my workstation would not. For some reason I had to reboot my Windows 11 PC and everything worked as normal. I thought it was a routing error. It must be some security feature in Windows 11. My DHCP comes from my layer 3 switch not pfsense.

Now that 23.05 is out I assume 2.7 will be out in a few weeks.

 

[ddaenen1]

I upgraded pfsense to 23.05 and I had an issue. I thought it was pfsense because I lost access from my workstation but it turns out I think it was Windows 11. I immediately pinged from pfsense to the internet and to my L3 switch and it all worked but my workstation would not. For some reason I had to reboot my Windows 11 PC and everything worked as normal. I thought it was a routing error. It must be some security feature in Windows 11. My DHCP comes from my layer 3 switch not pfsense.

Now that 23.05 is out I assume 2.7 will be out in a few weeks.

I am typically not so fast with upgrading. I first scan the forums to see if there were any significant issues with upgrading. I can't afford a disconnect for a long period as i work from home office a significant amount of time in a week. I wait for a moment that i also have the opportunity to troubleshoot in case needed.

 

[Christos]

Yes 23.05 Stable is just released.
I'll wait for a couple of weeks before upgrading, even though with boot environments I can roll back to previous state in a matter of seconds.

 

[coxhaus]

If they put it out there as stable then it should work. I am not going to run beta or RC code as I don't want to trouble shoot non-stabilized issues.

It seems to be running fine.

Plus, it was the wee hours which is the only real time i have to work on the network when everybody is sleeping. I could not sleep so I was up. I figured I could have it working by the time everybody got up.

 

[avtella]

I upgraded pfsense to 23.05 and I had an issue. I thought it was pfsense because I lost access from my workstation but it turns out I think it was Windows 11. I immediately pinged from pfsense to the internet and to my L3 switch and it all worked but my workstation would not. For some reason I had to reboot my Windows 11 PC and everything worked as normal. I thought it was a routing error. It must be some security feature in Windows 11. My DHCP comes from my layer 3 switch not pfsense.

Now that 23.05 is out I assume 2.7 will be out in a few weeks.

I could be wrong but I think 2.7 likely would release with 23.09.

Here’s the tracker for CE/Plus

Issues - pfSense - pfSense bugtracker

Redmine

redmine.pfsense.org