pfSense vs OPNSense - Fanboy fued or real differences?
-
@scottalanmiller I'm planning to retire an old spinning drive. That's all
-
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@black3dynamite said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Emad-R said in pfSense vs OPNSense - Fanboy fued or real differences?:
They are both great, but when you want to scale you want them on hardware and not VM that will handicap your hypervisor.
When you think about hardware and low power, there are alot of alterantives better than those 2 and cheaper, netgate provides PFsense but for 200$ ad the idea of desktop machine acting as router and using alot of power does not make sense to me.
However pi3 or better makes perfect sense, but guess what neither PFsense or OPN runs on ARM
After my lab, I'm planning to load it up on an HP Elite 8300 SFF i5 quad core with 8 GB RAM and an addin dual Intel NIC. It's what I'm running Sophos on now. I don't experience any issues with this setup.
I picked it up for $100 during a desktop refresh.
EDIT: I'm also planning retire my spinning drive.For home use - a desktop class machine is totally fine.
Not sure an SSD will make any difference in the performance of the firewall though.SSD will help squid proxy cache.
how useful is that in a home network?
I'm hoping that it'll impede momma and kid from being blatantly foolish in their cruising activities.
<<yes, I have attempted to share information about foolish behavior on the internet>>
I'm lost - what does a squid proxy have to do with keeping the kids off the internet - other than possibly it's a webfilter as well as a caching proxy - my original question was about the benefit of SSD - to which the reply was squid proxy cache.. ok that make sense, but how is a proxy cache helpful for most home users - is there really a lot of overlap in a home to make this worth while?
-
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scottalanmiller I'm planning to retire an old spinning drive. That's all
But if it means spending money - that money could possibly be used better somewhere else. That's basically what I was getting at.
-
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@black3dynamite said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Emad-R said in pfSense vs OPNSense - Fanboy fued or real differences?:
They are both great, but when you want to scale you want them on hardware and not VM that will handicap your hypervisor.
When you think about hardware and low power, there are alot of alterantives better than those 2 and cheaper, netgate provides PFsense but for 200$ ad the idea of desktop machine acting as router and using alot of power does not make sense to me.
However pi3 or better makes perfect sense, but guess what neither PFsense or OPN runs on ARM
After my lab, I'm planning to load it up on an HP Elite 8300 SFF i5 quad core with 8 GB RAM and an addin dual Intel NIC. It's what I'm running Sophos on now. I don't experience any issues with this setup.
I picked it up for $100 during a desktop refresh.
EDIT: I'm also planning retire my spinning drive.For home use - a desktop class machine is totally fine.
Not sure an SSD will make any difference in the performance of the firewall though.SSD will help squid proxy cache.
how useful is that in a home network?
I'm hoping that it'll impede momma and kid from being blatantly foolish in their cruising activities.
<<yes, I have attempted to share information about foolish behavior on the internet>>
I'm lost - what does a squid proxy have to do with keeping the kids off the internet - other than possibly it's a webfilter as well as a caching proxy - my original question was about the benefit of SSD - to which the reply was squid proxy cache.. ok that make sense, but how is a proxy cache helpful for most home users - is there really a lot of overlap in a home to make this worth while?
Squid's two main functions are a proxy to filter, or a cache. Since he is not using the cache, we assume it is for the filter.
-
OPNSense user here. Its just more friendly. Tried Sophos XG and it killed my WAN speed even with most things disabled. I have used Sophos UTM in production for many year previously.
I have a very old EdgeRouter sittign around. Wondering if I'll run the latest firmware. I didn't like it much back then so its been clotting dust.
-
@360col said in pfSense vs OPNSense - Fanboy fued or real differences?:
OPNSense user here. Its just more friendly. Tried Sophos XG and it killed my WAN speed even with most things disabled. I have used Sophos UTM in production for many year previously.
I have a very old EdgeRouter sittign around. Wondering if I'll run the latest firmware. I didn't like it much back then so its been clotting dust.
What didn't you like about it? FYI - it's not a UTM, so you can't look at it from that POV.
As far as I know, all ER are still supported. -
pfSense can be turned into a full UTM. Don't know about OPNSense.
-
Pfsense have been around much longer and very likely have a significantly larger user base. So assuming there are no other differences that would be a big plus for pfsense, unless you want to be a beta tester or just play around.
It's also easier to find guides and info on setup as well for pfsense. Pfsense also has packages (OPNsense don't) so you can add more functionality like squid, haproxy etc.
I don't think there is much difference behind the scenes though when it comes to standard functions as both are running freebsd and using the PF packet filtering system from the openbsd project.
We just use pfsense and call it a day. Don't have time to try every possible permutation of a firewall
-
Sorry. Was at a site meeting a vendor for an installation. I'm catching up.
-
pfSense's maturity and market presence definitely make a big difference. And they have that add-on UTM deal.
-
@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:
pfSense's maturity and market presence definitely make a big difference. And they have that add-on UTM deal.
I have both running in VMs and am exploring.
-
Squid is already part of OPNsense. Here a full list of plugins available.
Dynamic DNS Support Let's Encrypt client Get all peers connected to a local network BIND domain name service Apply a persistent 10 second boot delay c-icap connects the web proxy with a virus scanner Webserver cache Antivirus engine for detecting malicious threats Collect system and application performance metrics periodically Debugging Tools Flexible DNS proxy supportung DNSCrypt and DoH RADIUS Authentication, Authorization and Accounting Server The FRRouting Protocol Suite Control ftp-proxy processes Reliable, high performance TCP/HTTP load balancer A sample framework application IGMP-Proxy Service IDS Proofpoint ET Pro ruleset (needs a valid subscription) IDS PT Research ruleset (only for non-commercial use) IDS Snort VRT ruleset (needs registration or subscription) Connection speed tester L2TP server based on MPD5 LCDProc for SDEC LCD devices LLDP allows you to know exactly on which port is a server Proxy multicast DNS between networks Net-SNMP is a daemon for the SNMP protocol Nginx HTTP server and reverse proxy Prometheus exporter for machine metrics Traffic Analysis and Flow Collection Network UPS Tools OpenConnect Client SMTP mail relay PPPoE server based on MPD5 PPTP server based on MPD5 End of life, superseded by FRR plugin Redis DB Relayd Load Balancer RFC-2136 Support Protect your network from spam Secure socks5 proxy Siproxd is a proxy daemon for the SIP protocol SMART tools End of life, superseded by Net-SNMP plugin Agent for collecting metrics and data The cicada theme - grey/orange A suitably dark theme The tukan theme - blue/white Tinc VPN The Onion Router Universal Plug and Play Service VMware tools vnStat is a console-based network traffic monitor Kerberos authentication module Group and user ACL for the web proxy Wake on LAN Service Xen guest utilities Enterprise-class open source distributed monitoring agent Zabbix Proxy enables decentralized monitoring Virtual Networks That Just Work -
FFS, so much stupid going all left, right, and center..
- What are the WAN speeds involved.
- Ubiquiti sells nice gear, but there are potential speed limits depending on router configuration.
- UTM at home? WTF is the point of such a complicated setup.
- There is no good free UTM anyway.
- WTF are you doing for backups that is not already encrypted before going over the wire? You don't need a VPN for back ups.
- You have an old Ubiquiti router but didn't say shit about the model. As mentioned it is a ROUTER, if you hated it because it didn't massage your dick, then that is your fault for not knowing WTF you bought.
- There is not a single model of Ubiquiti router that cannot be upgraded to the current firmware.
- Software routers are silly things that burn power and time.
So what should you do?
Depending on your WAN speed needs, buy a Ubiquiti or Mikrotik router that will handle the needed speeds. I personally recommend the Ubiquiti ER-X for "technical" home use first, then the Ubiquiti ER-4 if you need more speed with the QoS enabled.
For normal home use, I recommend the Ubiquiti Amplifi Instant Mesh System for $179.
Buy a RaspberryPi 3 kit with case and card for $50 someplace and install Pi-Hole. Setup your Router to send all DNS to the Pi-Hole.
Setup MeshCentral for remote support
Setup ZeroTier for any point to point "vpn style" needs you may have.
- What are the WAN speeds involved.
