Homelab

380 readers

9 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 1 year ago

MODERATORS

[email protected]

Am I crazy to move to pfSense from OPNsense? (alien.top)

submitted 1 year ago by [email protected] to c/[email protected]

45 comments fedilink hide all child comments

So I've been using OPNsense for a few years. I have an extensive config inclduing vlans, plugins, policies, suricata, VPN, routes, gateways, HAProxy, etc.

Over the past few months, I've noticed certain bugs, weirdness, and slowness within OPNsense. I recently watched Tom Lawrence's video on the licensing changes and he touched on the openssl vulnerability that OPNsense has yet to remediate.

The Plus license cost (per year) which entitles you to some limited support options is also appealing. Every time I get stuck figuring out something complex in OPNsense, I have to hope someone else has tried to do the same thing and posted about it so I can troubleshoot.

I also don't like having to constantly update. A more "stable"/enterprise focused cycle like pfSense has seems like my pace. It broke on me last year with one of the upgrades and I had to clean install.

Don't get me wrong, I love the UI (mostly), plugins, etc. in OPNsense, but these past few months have got me thinking.

I've also heard that people don't like Netgate as a company, so that could definitely factor into not switching.

What are everyone's thoughts?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago (1 children)

Yes. Most go from pfsense to opnsense, including myself.

No one is forcing you to install updates, just skip them if you think that's better for you, but many are security related.

[–] [email protected] 1 points 1 year ago

That sounds easy enough, but it creates a situation where I don't know what updates are important (security) and what updates are minor. So I have to read the release notes for each update and then decide if I need it to patch a security vulnerability.
Where with the other method, I know the update is likely critical.
For some those frequent updates are a +, for me it is not. So use what works best for you!

But right now I couldn't use opensense even if I wanted to, as it's FIPS non-compliant due to them still using the depreciated EOL OpenSSH 1.1.1, and no date set to move to v3