About five years back, I started a thread on this question on the old forum which ended up being surprisingly active and long-running, with discussion frequently restarting after Netgate managed to once again shoot themselves in the foot. In the thought that it might still be helpful to folks here, I’m sharing the link here. Any further discussion can continue in this topic.
I’d been using a community plugin for Caddy as a reverse proxy rather than HAProxy. Even though that Caddy plugin didn’t really have a GUI for configuration (just a text box for you to enter a Caddyfile), I found it much easier to deal with than the HAProxy GUI.
@pmh had mentioned somewhere that OPNsense now has an “official” Caddy plugin, with GUI and everything. I’ve now installed that on my OPNsense system and it works nicely, with a much more straightforward GUI than was there for HAProxy.
6 Likes
…and not that anyone asked, but I just replaced my OPNsense box with an eBay special SuperMicro SYS-5018D-FN8T:
https://www.supermicro.com/en/products/system/1u/5018/sys-5018d-fn8t.cfm
Overkill? No, as my EE friend likes to say, it’s just the right amount of kill. Xeon-D CPU, 6x GbE ports, 2x 10 GbE SFP+ ports, and a PCIe riser card in case I lose my mind and decide I need 2.5 GbE or some such foolishness. Nice little fairly-shallow 1U chassis, and it’s surprisingly quiet given this. Came with 16 GB of RAM and an Intel 4510 SSD. And being an X10 board, it runs the “Redfish” IPMI, giving a HTML5 KVM.
5 Likes
Overkill is better than underkill. Personally I’ve been using pfsense for a long time. I’m happy with it, but if I ever switch, it will definitely be opnsense.
1 Like
That beastie likely consumes more power than my NAS motherboard! 
I find a MikroTik 4011 works well enough for the slow
Internet that Comcast provides in my neighborhood. They can make whatever claims they want re: internet speeds, the reality speaks for itself.
I imagine your firewall / VPN endpoint, stateful inspector, etc does a lot more than my little gateway though. Best of luck with it!!!
1 Like
Wait, you guys get a VPN endpoint?
1 Like
MikroTik does a beautiful job re: allowing DDNS wireguard, etc. VPNs that also allow BGP to announce routes and all that. It’s all built in so you don’t have to work around with kludgy approaches like edgerouter.
I’ve never used OPNSense, but based on the much beefier hardware expect that it’ll blow the RB4011 out of the water with one hand tied behind its back.
2 Likes
I haven’t put it on a meter, but the Xeon-D is supposed to be pretty energy-efficient. Of course, the 10G Ethernet will burn a few watts too…
Well, I do have it running an OpenVPN server for remote access into my LAN. But I have a static IP, which makes it easier.
2 Likes
I’m just happy my ISP’s router allows me to open ports. One day… One day…!
1 Like
Wire guard is very flexible re ports….
1 Like
Heh. My NAS is a XeonD 
Have been tempted by just such a box as a separate router instead of my current pfsense in a VM
1 Like
I have been running pfSense on a Supermicro X9-SCM-F with E3-1220v2 and an Intel X550-T2 for several years now and am very happy with it. After throwing out several consumer solutions because of connection issues i started with an Ubiquiti ERL2 which was a rather painful experience because of the poor GUI and my lack of CLI experience and then moved to Mikrotik which was great but didn’t support external access to Nextcloud the way i wanted so i tried pfSense with Letsencrypt certs and HAproxy and never looked back. I did experiment with OPNsense for a bit but i liked the GUI of pfSense better and also pfBlockerNG so i stuck with it. I have a 1000/50 connection and do not even reach 5% CPU utilization with the throttle full open.
1 Like
I just deployed one of these @ home. (See Signature for basic details)
https://www.amazon.com/dp/B0CGM3XX4N?ref=ppx_yo2ov_dt_b_product_details&th=1
Planning to look at the 1u version, and I’ll repurpose the current unit as a VM host of some sort
https://www.amazon.com/gp/product/B0CWPBMMJ6/ref=ewc_pr_img_5?smid=A14HQ326MGQ4AS&th=1
4 x 10G
5 x 2.5G
Best yet, only runs @ ~20 as I have configured
1 Like
To each his own, but I just don’t get this.
3 Likes
I have one of those boards, though I’m not using it for firewall duties - just a general lab thing for experiments I need. I like them, though they can be a bit expensive. The ones with the SAS controller populated occasionally pop up around here for about the same as the non-SAS version. Haven’t been able to justify one, of course, but I feel those would make an awesome server for large off-site backups.
Hey, there has to be a reason the reboot/poweroff options are still under diagnostics after years of most people complaining about it.
In fairness, OPNsense’s GUI could do a better job of handling the “Apply Changes” situation. We actually use it for work here, so it’s not that rare that we need to tweak some setting (new firewall rules, new VPN users, etc…)
2 Likes
How do you mean? That i prefer the GUI from pfSense over OPNsense? I guess since i have have been using pfSense for years, it kind of grew on me. I know the GUI inside out and it just works for me. Once set up properly and running, it’s not like you use it every day, right?
1 Like
And that’s fair, it’s just the the pfSense GUI is typically described with negative terms. It’s not “Windows 8.0 on desktop” levels of bad, but it is “Windows 7 on a tablet” levels of annoying.
5 Likes
…and not even near each other in that menu. Definite win for OPNsense there.
Yeah, it certainly isn’t perfect either. Both could likely benefit from an overhaul by a good UI designer.
I don’t think I’m wrong in saying that’s a minority view. But really, whatever works–and as you say, it’s not like you’re in the UI that often anyway.
2 Likes
I too prefer the pfSense UI over OPNsense
Hault and Reboot not being next to each other in the Diag menu is only due to it being sorted alphabetically.
If that is your barrier to entry they may want to look at a more Untangle type option with is more hand-holdy
I came from ipCOP and ufw, so maybe my expectations and what I’m willing to work with is different.
1 Like
That’s not the barrier, merely an easy thing to point to when stating that bizarre choices were made.
2 Likes