this post was submitted on 15 Nov 2023
2 points (75.0% liked)

Homelab

380 readers
9 users here now

Rules

founded 1 year ago
MODERATORS
 

So I've been using OPNsense for a few years. I have an extensive config inclduing vlans, plugins, policies, suricata, VPN, routes, gateways, HAProxy, etc.

Over the past few months, I've noticed certain bugs, weirdness, and slowness within OPNsense. I recently watched Tom Lawrence's video on the licensing changes and he touched on the openssl vulnerability that OPNsense has yet to remediate.

The Plus license cost (per year) which entitles you to some limited support options is also appealing. Every time I get stuck figuring out something complex in OPNsense, I have to hope someone else has tried to do the same thing and posted about it so I can troubleshoot.

I also don't like having to constantly update. A more "stable"/enterprise focused cycle like pfSense has seems like my pace. It broke on me last year with one of the upgrades and I had to clean install.

Don't get me wrong, I love the UI (mostly), plugins, etc. in OPNsense, but these past few months have got me thinking.

I've also heard that people don't like Netgate as a company, so that could definitely factor into not switching.

What are everyone's thoughts?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 year ago (5 children)

Your extensive config is probably your issue and not opnsense. You said you've been running it for a few years but seemingly 4 months ago, you couldn't figure out a basic rule to block internet for a single ip.

[–] [email protected] 1 points 1 year ago (2 children)

My config probably does factor into some of the issues. To be fair, I've never had to block Internet from a single device before, and the rule seemed backwards compared to my thought process.

If I remember correctly, I started using OPNsense in 2020. Since then, my lab and network has evolved tremendously.

[–] [email protected] 1 points 1 year ago

‘Sense’ uses interface to base their rules around. You could use the vlan interface or the wan interface for this.

[–] [email protected] 1 points 1 year ago (1 children)

Yes, that is how networking rules work.

Just an FYI, “your way of thinking” doesn’t apply to pretty much anything. Try learning how things actually work and not assume “your way” is the right way.

I can’t believe I have to explain that.

[–] [email protected] 1 points 1 year ago

Not sure why you're being rude for no reason - maybe you need a cup of coffee. I am learning how things work hence the incorrect thought process. Just because you think you know everything doesn't mean you have to put everyone else down for not.

FYI on Fortigates (that I am used to working with opposed to *Sense), there is an incoming (source) and outgoing (destination) interface for the rules, so that's where that thought process originated.

load more comments (2 replies)