OPNSense or BE88u?

[weaverinva]

Hello all. Such great minds and hearts here.

I am a very technical sales engineer and administer dozens of cloud environments and perform moderate sql, batch and powershell scripting. However, I am a newbie to linux. I have loaded into a VM a time or two. I am not afraid of anything though time is a factor.

My ISP provides 1.4Gbps down and my network is only 1Gbps. I could also use a faster network by upgrading my switch. I have an older AX86u which works fine but only has a single >1Gbps port. I want to consider upgrading my network for better transfer rates. My house is wired cat 5 (quality) and likely can get 2.5Gbps or 5Gbps from that wiring.

I am considering upgrading to a be88u because it has two 10Gbps ports and 4 2.5 ports. I could get some of that by using vlan tags and a proxmox hosted opnsense. Though I wonder if that is a good idea. I see many people getting dedicated 2 port hardware or using an old pc with a good intel nic. I would still need a reasonably priced 8-16 port managed hub with vlan tags possibly. I only really need one vlan for our downstairs apartment quarters.

What wisdom do you all have?

Are those of you who have moved toward the opnsense path happy? I suppose that if I went on that path, I could just get a ubiquiti or other access point.

Merlin has just worked so well ax86u > ac86u > n66u. Solid and reliable and using many functions and openvpn easily. 2000 sq ft house on main floor. Full finished basement of same sq footage. Large rear deck. Most all is covered by the ax86u. During the summer I activate an older router as an access point for the back yard.

I need to read a few more of the older threads on this topics.

Also any inexpensive purchase recommendations on hardware...

Thank you for any commentary in advance.

Mike
Shenandoah Valley, VA
ax86u, Ryzen 9950x proxmox (building my VMs/containers), around 15-20 computing network devices (pcs, phones, laptops)

 

[dave14305]

I’m working my way through this guide as an alternative. Feels very simple and straightforward for my needs.

OpenBSD Router Guide

openbsdrouterguide.net

 

[Some1]

@weaverinva

Don’t be intimidated by OPNsense. It's much easier than it might seem at first. The web interface is clean, well organized, and honestly no harder to learn than the GUI on most consumer grade routers like Asus, Netgear, or TP-Link. Even if you’ve never worked with FreeBSD or advanced routing before, the interface makes most tasks very accessible.

I actually own the Asus BE-88U myself, and while the hardware specs are impressive on paper (dual 10Gbps ports, multiple 2.5Gbps ports), I have to say I’m not impressed in practice. The VLAN implementation is buggy, unintuitive, and in my experience, simply doesn’t work reliably, even after multiple official firmware updates. If you're considering it just for VLAN support or advanced routing, you’ll likely end up frustrated.

By contrast, OPNsense has been a game changer for me. I was a total beginner when I first installed it, but within a few days I had learned the basics and started building out features I never thought I'd use, proper VLANs, firewall rules, DNS blocking, and more. The documentation and community are excellent, and the flexibility it offers is far beyond what any consumer router firmware can deliver.

If you're already comfortable with virtual environments like Proxmox and don’t mind spending a bit of time upfront, I strongly recommend giving OPNsense a try, even just in a test VM or on a small dedicated box. You might be surprised how quickly you become comfortable with it, and how much more power and stability you can get compared to trying to push consumer gear past its limits.
My Asus router has been in AP mode only ever since.

 

[Justinh]

@Some1 thanks for the input. What I don't get about the OPNsense hardware requirements is no mention of network ports. Don't you have to have a minimum of 2 ports (WAN and LAN)? It has to sit between the modem/gateway and the LAN, right? What device do you run it on?

 

[Tech9]

What wisdom do you all have?

You don't need a AIO router for faster LAN. What you need is a fast switch. Gateway to WAN with Gigabit or 2.5GbE ports is enough. OPNsense on bare metal mini PC (don't VM your gateway), a switch and few APs all with native VLAN support and you're good to go. In my opinion much better option than any consumer AIO router.

 

[weaverinva]

I’m working my way through this guide as an alternative. Feels very simple and straightforward for my needs.

OpenBSD Router Guide

openbsdrouterguide.net

Thank you for the guide Dave!

 

[weaverinva]

@weaverinva

Don’t be intimidated by OPNsense. It's much easier than it might seem at first. The web interface is clean, well organized, and honestly no harder to learn than the GUI on most consumer grade routers like Asus, Netgear, or TP-Link. Even if you’ve never worked with FreeBSD or advanced routing before, the interface makes most tasks very accessible.

I actually own the Asus BE-88U myself, and while the hardware specs are impressive on paper (dual 10Gbps ports, multiple 2.5Gbps ports), I have to say I’m not impressed in practice. The VLAN implementation is buggy, unintuitive, and in my experience, simply doesn’t work reliably, even after multiple official firmware updates. If you're considering it just for VLAN support or advanced routing, you’ll likely end up frustrated.

By contrast, OPNsense has been a game changer for me. I was a total beginner when I first installed it, but within a few days I had learned the basics and started building out features I never thought I'd use, proper VLANs, firewall rules, DNS blocking, and more. The documentation and community are excellent, and the flexibility it offers is far beyond what any consumer router firmware can deliver.

If you're already comfortable with virtual environments like Proxmox and don’t mind spending a bit of time upfront, I strongly recommend giving OPNsense a try, even just in a test VM or on a small dedicated box. You might be surprised how quickly you become comfortable with it, and how much more power and stability you can get compared to trying to push consumer gear past its limits.
My Asus router has been in AP mode only ever since.

@Some1 thank you for the detailed reply. Sounds like that is the direction I will go. I have yet to fully setup proxmox but I will be there in the next month. I have an older think Centre pc that will take a dual nic Intel card. Then do I run any additional containers on that proxmox? Sounds like dedicated hardware is a good idea though. Any recommendations for the actual dedicated hardware, AP hardware, and smart switch with vlan tags?

I will start doing some research. Thank you for your testimony about the be88u. I may send my unopened back for now and use my ax86u until I get my feet under me on opnsense.

 

[weaverinva]

You don't need a AIO router for faster LAN. What you need is a fast switch. Gateway to WAN with Gigabit or 2.5GbE ports is enough. OPNsense on bare metal mini PC (don't VM your gateway), a switch and few APs all with native VLAN support and you're good to go. In my opinion much better option than any consumer AIO router.

@Tech9 Thank you for your ongoing excellent support and encouragement in this community. I have appreciated many of your posts!

What does 'all with native vlan support mean'?

Do you have any recommendation for cost effective yet robust, reliable hardware components?

Thank you in advance for your kindness.

 

[Some1]

I recommend a dedicated machine for OPNsense.

My own setup runs on an older Intel i3 8th gen CPU with 8GB RAM, two 120GB SSDs in RAID 1, and dual Intel NICs. My entire WAN is behind a VPN and the machine pushes full gigabit speeds without any issues, even under full load, it only reaches around 54% CPU usage and 12% RAM, with disk usage at just 1%. Very efficient and stable.

I’ve configured three VLANs: Kids, Guests, and IoT. For DNS, I use Unbound with a range of blocklists and DNS over TLS. I also run WireGuard for remote access to my home LAN while on the go.

One thing I don’t recommend is using ASUS routers as access points with OPNsense. VLAN setup can be quite messy and limited. Instead, I suggest looking into APs that have better VLAN support out of the box, such as Ubiquiti UniFi, TP-Link Omada, or even some MikroTik models depending on your comfort level.

For switching, I’m using a TP-Link 16-port smart switch that supports VLANs. It's been very easy to set up and plays nicely with OPNsense and my VLANs.

Edit:
Look up "homenetworkguy" on youtube or his website. His guides helped me tons when i started to look into this.

 

[Some1]

@Some1 thanks for the input. What I don't get about the OPNsense hardware requirements is no mention of network ports. Don't you have to have a minimum of 2 ports (WAN and LAN)? It has to sit between the modem/gateway and the LAN, right? What device do you run it on?

Yes, OPNsense needs at least two NICs (ports), one for WAN, one for LAN since it sits between your modem (or fiber converter) and your network.

My setup is listed in previous post.

 

[Tech9]

Do you have any recommendation for cost effective yet robust, reliable hardware components?

With your requirements to an OPNsense 2.5GbE capable appliance I would perhaps add SG2210XMP-M2 switch, a few EAP772 access points and perhaps OC200 network controller. OPNsense gateway, Omada switching and wireless. This system including x86 hardware may cost more than alternative USG-Fiber, USW-Flex-2.5G-8-PoE and a few U7-Pro from Ubiquiti. The ARM CPU gateway may have less processing power than x86 CPU appliance, but comes with network controller and switch. The additional PoE switch gives you more LAN ports and powers the access points. The other advantage is single plane of glass* - firewall, switching and wireless controlled from a single panel. I like OPNsense option as well, I was running similar pfSense system for years with Netgear switching and Ruckus wireless.

* - the main reason I use Ubiquiti now, otherwise it's kind of downgrade compared to my previous system. I don't plan Wi-Fi 7 upgrade though and my Gigabit components are cheap. Yours will be more expensive. Make sure you have adequate return of investment.

 

[weaverinva]

With your requirements to an OPNsense 2.5GbE capable appliance I would perhaps add SG2210XMP-M2 switch, a few EAP772 access points and perhaps OC200 network controller. OPNsense gateway, Omada switching and wireless. This system including x86 hardware may cost more than alternative USG-Fiber, USW-Flex-2.5G-8-PoE and a few U7-Pro from Ubiquiti. The ARM CPU gateway may have less processing power than x86 CPU appliance, but comes with network controller and switch. The additional PoE switch gives you more LAN ports and powers the access points. The other advantage is single plane of glass* - firewall, switching and wireless controlled from a single panel. I like OPNsense option as well, I was running similar pfSense system for years with Netgear switching and Ruckus wireless.

* - the main reason I use Ubiquiti now, otherwise it's kind of downgrade compared to my previous system. I don't plan Wi-Fi 7 upgrade though and my Gigabit components are cheap. Yours will be more expensive. Make sure you have adequate return of investment.

Thank you @Tech9
Good comment on roi related to purchases.
I suppose that gigabit components are cheap but I think why not enjoy the bandwidth being paid for.... Though if ping speed is 13-16 ms and I am getting 960Mbps on wired..... Do I really need 2.5 gbps? Need/want. I will look around and see if I can at least do 2.5 for reasonable.

Mini forums has some reasonable small units but some only have one nic and I don't want to run the second nic from usb 4. Will continue search on the firewall/router unit.

 

[Tech9]

I think why not enjoy the bandwidth being paid for...

You can enjoy speed test numbers and faster downloads only. For everything else the user experience will remain exactly the same. The reason I don't pay for >Gigabit ISP plans and don't chase ISP speed. More of my reasons here. Even if the ISP upgrades the plan to for free - I'm not changing my equipment.

 

[weaverinva]

With your requirements to an OPNsense 2.5GbE capable appliance I would perhaps add SG2210XMP-M2 switch, a few EAP772 access points and perhaps OC200 network controller. OPNsense gateway, Omada switching and wireless. This system including x86 hardware may cost more than alternative USG-Fiber, USW-Flex-2.5G-8-PoE and a few U7-Pro from Ubiquiti. The ARM CPU gateway may have less processing power than x86 CPU appliance, but comes with network controller and switch. The additional PoE switch gives you more LAN ports and powers the access points. The other advantage is single plane of glass* - firewall, switching and wireless controlled from a single panel. I like OPNsense option as well, I was running similar pfSense system for years with Netgear switching and Ruckus wireless.

* - the main reason I use Ubiquiti now, otherwise it's kind of downgrade compared to my previous system. I don't plan Wi-Fi 7 upgrade though and my Gigabit components are cheap. Yours will be more expensive. Make sure you have adequate return of investment.

@Tech9 I notice in your signature that you are running Unifi OS for your router. Are you happier with that? I would have thought that you would be using OPNSense as your router firewall with its flexibility.

 

[Tech9]

I was never too interested in OPNsense, as mentioned above was running pfSense at home for years, but now converting everything residential to Ubiquiti UniFi. It does exactly the same thing, devices are small size, power efficient and good looking. Hardware and software quality is excellent. I have residential properties in different countries and UniFi allows easy visibility and control of all my networks from a single control panel. They are all connected and de facto one network in different locations. Reliability so far is 100%, but I don't push for latest and greatest. Unifi OS runs on Ubiquiti gateways.

 

[sfx2000]

One thing about OpnSense (and pfSense, even) is that one can throw a hella resources at the problem...

1-litre class mini-pc's are cheap, and most of them have Intel Core-i3/i5's and a decent amount of storage...

Comparing AsusWRT to OpnSense is kind of matching a Ferrari to a Yugo in capability on Routing...

 

[weaverinva]

I was never too interested in OPNsense, as mentioned above was running pfSense at home for years, but now converting everything residential to Ubiquiti UniFi. It does exactly the same thing, devices are small size, power efficient and good looking. Hardware and software quality is excellent. I have residential properties in different countries and UniFi allows easy visibility and control of all my networks from a single control panel. They are all connected and de facto one network in different locations. Reliability so far is 100%, but I don't push for latest and greatest. Unifi OS runs on Ubiquiti gateways.

Thank you so much for these comments.

 

[weaverinva]

One thing about OpnSense (and pfSense, even) is that one can throw a hella resources at the problem...

1-litre class mini-pc's are cheap, and most of them have Intel Core-i3/i5's and a decent amount of storage...

Comparing AsusWRT to OpnSense is kind of matching a Ferrari to a Yugo in capability on Routing...

I assume you mean that opnsense or pfsense is the Ferrari?

 

[sfx2000]

I assume you mean that opnsense or pfsense is the Ferrari?

yes - AsusWRT gets to a point, and once there...