2 Likes
Hey, I have to share some of the blame, I had some notice of the go-public date and it didnāt click with me until after I opened the announcement thread.
Whatever the correct meme template is for that set of circumstances, please post it to the memes thread so we can discuss the merits of pfSense and OPNsense.
3 Likes
Regarding the April Fools joke from Netgate:
Iām genuinely confused by the current status of pfSense (and OPNSense for that matter). As much as we all have grown to love it, *BSD is dying in favor of Linux.
When TNSR came out, I (and Iām sure others) assumed that they would eventually use the TNSR backend and build a firewall on top. TNSR is really cool, and the CLI syntax is so Cisco-esque itās easy for most networking folk to pick up.
I still think thatās true, and I canāt wait for that shoe to fall. Except, Iām not even sure there would be a ācommunityā version of that software, at least not the Stallman-esque āfreeā version we should have. Then theyāll probably just have to allow pfSense to die a slow death of attrition, at least as long as they have enterprise customers to support.
Iām sure weāll revisit this again next year, and the year after. Maybe one day Iāll be able to link them this post āSEEN IT HERE FIRST FOLKSā 
Regarding Options in General:
I used to really like Untangle and Sophos. But those waters have somewhat turned away from the home users and open source users. Arista owns Untangle, and Sophosās deal aint the same any more, you donāt get all of the features like you once did before āXGā or whatever.
ā¦Then I just looked back to see whatever happened to IPFire. It works fine and mostly always has, but itās unremarkableā¦it still exists I guess. Rock on with that UI 
2 Likes
Linux being perceived as competitive with FreeBSD in terms of networking is a relatively recent thing. So that leaves inertia (and I use that word without criticism) keeping things as they are.
Moving from FreeBSD to Linux only makes sense if things are better in peopleās perception (which is naturally heavily influenced by reality). For a firewall, this can mean a few things:
- Better performance (this one is tricky because itāll easily lose out to other priorities)
- Better tooling (e.g. in-kernel Wireguard, before FreeBSD got it)
- Support for disruptive hardware (e.g. āsmartā NICs, 400 GbE, that sort of thing)
- etc.
2 Likes
This is really the key in that market I think, with Mellanox/Nvidia, AMD/Pansando announcing to the world that DPUs matter with those huge corporate purchases.
That market is just Linux.
3 Likes
Thing is, that market is all custom anyway. Iāve yet to see any credible proposal on how Joe Average Engineer is supposed to take advantage of those things without a 10-person dev team and the scale to pay for all that. Internally, they all run Linux, so there are some benefits to the upstream from efforts optimizing stuff, but it does not translate at all into major features that can be used by someone with a Linux kernel, a CPU and literally any other NIC and network.
Hell, Intel has some slides about loading firmware modules onto their 10 GbE NICs to accelerate specific things, which is the closest Iāve seen any of these things get to a point where non-hyperscale adoption would be viableā¦ but the modules and anything around them seem to be complete vaporware.
3 Likes
You are 100% correct.
The thing is these fine fancy folks running these companies know that just as much as you and I. They used these first few generations of products and had the media hype them up BECAUSE they know thereās market to be hadā¦they just hadnāt figured out where yet.
The āCloudā made it easy for them to make alot of money fast to feed the R&D beast. I think weāll see some pretty interesting uses sooner than later, it behooves them to get the mind share and developers on board. Thatās NVIDIAās whole game. AMD at least contributes alot back.
Related older news:
I always really liked Cisco VICs. They literally built out all of the tools for full stack Nexus in hardware, but virtualized in VMWare. UCSM, FIs, Nexusā¦my old datacenter was a dream 
VICs even without UCSM were useful, you had the ability to make basic āvirtual switchesā in hardware.
Cisco UCS Virtual Interface Card 1400/14000 Series Data Sheet - Cisco
2 Likes
I prefer the solid well test updates out of pfSense. I canāt think of once in 15 years where a pfSense update caused an issue. It may have happened, but not that I recall.
Even if they were faster rollouts, Iād still be slow walking them myself by running on my equipment, then deploying to friend sites, then to actual paying customers.
Iām not sure the update schedule of OPNsense, but Iād hate to be testing and then have a new release. I tend to test a week or two at home before rolling as I generally have more going on here, and utilize more features of pfSense so I have the greatest risk of raising a problem.
AutoMagic updates for a firewall scare the daylights out of me. Maybe for Jonny Homeowner for their Linksys that never gets updated, or if there is a check that if no one has logged in in 6 - 12 months then switch to autoupdates for neglected hardware.
Even soā¦
2 Likes
ZenArmor looks a lot like ntop-ng
1 Like
ā¦but then, you werenāt aware of the WIreguard situation, soā¦
4 Likes
I second that. Never had a glitch with pfSense updates nor with the packages.
1 Like
Like people, you can get the jerk thatās serious about his work but wouldnāt spend a minute with if it were not for your professional relationship, and then the friendly dude thatās totally unreliable; generally, I prefer the former.
2 Likes
The Wireguard fiasco suggests that Netgate is the worst of both worlds: The totally unreliable jerk.
5 Likes
Not that Iād give them a pass for that, per se, but itās not one incident, itās the string of incidents that bugs me.
5 Likes
Literally the next sentence states that there very well could have been an issue Iām unaware of.
And I was referring to an issue for me. I canāt account for anyone/everyone else, someone may have a goofy config that is out of the norm that causes an issue. I recall a few updates fairly back to back, presumably that was address an issue, either of their doing or to address a fundamental components security that was discovered and/or patched around the time of release.
1 Like
i use pfsense because itās stable and free. it also supports pfblocker as a package.
opnsense is nice but missing pfblocker. There are ways to achieve a similar setting. how effective it is by comparison? no idea
https://www.routerperformance.net/opnsense/using-pfblocker-features-in-opnsense/
People accused opnsense of being not as stable due to frequency of updates. Butā¦ canāt people simply defer upgrading firmware until the new one has been vouched by others as being stable? you are not forced to update.
So having an update is better than no update.
Pfsense on the other hand does long stretches without an update unless itās something critical. But that doesnāt mean you canāt get security fixes asap. There is a package for security patches you can apply in the meantime while waiting for the official pfsense version to come along. So there is no issue with that for pfsense.
free pfsense doesnāt have the boot environment feature which is useful for rollbacks. Iām not sure if opnsense has that, but it would definitely incentivise people to switch over iām sure since pfsense is starting to hold back some features from the community edition (the question is by how much to the point you may be wanting to jump to greener pastures?)
1 Like
Noāit has the old-style slot A/slot B. So you can revert to the previous version, but not before that.
2 Likes
Not that I donāt like OPNSense, but generally, the grass is not always greener on the other side. Iām sure there are plenty of āgotchasā along the way.
4 Likes
Define free.
1 Like
True. I donāt see myself ever moving back to pfSense from OPNsense, but the move to OPNsense wasnāt a particularly smooth oneāsome discussion of the issues I had is in the original thread.
2 Likes