Why I am Not Using OPNSense

30 thoughts on “Why I am Not Using OPNSense”

• I knew pfSense was universally the better option! OPNSense users are FOOLS!!!
  (just kidding!)

• Running MacOS as daily driver I laugh when people argue about distros. 🤣

• I use pfsense too on a couple of VMs, one with Ipsec VPN. There was a learning curve to optimise things (especially TCP fragmentation and offloading), but once that's done, it's working like a charm. Actually, I forgot it's there and this video's reminded me.

• Could you do a similar video on why you prefer XCP-NG over Proxmox?

• I just saved 8 minutes of my life by ending a video about why you are not using opnsense after
  1 minute.

• I LOVE how much actual data and info are in each of fairly short videos – no annoying pointless filler. Networking in general has always been a big weakness of mine, even though I've been building and tinkering with computers for almost 50 years. I've learned a LOT going through your videos.

• gummies

• Free vs OpenBSD.
  BSD vs Linux.
  Mac vs Windows.
  Android vs iOS.
  iptables vs netfilter
  Cisco vs Juniper
  Cisco vs PaloAlto
  AMD vs Intel
  AMD vs NVidia
  Democrats vs Republicans
  Azure vs AWS
  Blondes vs Brunettes
  Ferrari vs McLaren
  Ford vs Chevrolet
  Dogs vs Cats

  And the list goes on and on and on. Glad we are living in a free society where people can make their own choices. Yet I remember our long gone past when people respected others opinion.

• Lawrence I just have to say I appreciate you take the time to create and upload these videos. Even myself as an MSP Network/Systems Engineer (I mostly do commercial hardware like Watchguards, Ciscos etc…) it is very nice to have a reliable unbiased knowledgeable person such as yourself on the OpenSource community. I learned a lot about OpenSource from you and even implemented some at my own home to continue my education on the platforms. Thank you and keep up the good work!

• There's nothing pfsense could do at this point to make me want to use it. Why don't you report on their behavior, or list both sides of the isle? This video wouldn't be necessary if there weren't issues, but here we are. Even if opnsense went away I would find something else besides pfsnese. Already burned that bridge.,

• I haven't updated my ClarkOS from 2008, is that bad?

• Sadly there was a dns bug that hasn't been fixed in years and i had to rebuild pfsense every 6-ish months. I kinda gave up on pfsense as much as i like parts of it over opnsense.

• I bet it is tough dealing with the trolls and believers. Thank you! Stay resilient and keep the good stuff coming!

  I use OPNsense. I was just learning and used PFsense and having issues (ignorance issues) and Tried OPNsense and I have far too many settings to try and move over now! I'm too far down the rabbit hole! But thank you

• When I wanted to start using pfsense, the realtek chip of my nic was quite new and a FreeBSD driver was available. However, it was not integrated into pfsense. Op sense on the other hand did already support it. I was and still am very grateful for that

• As bad as that Netgate situation was, I will say TAC is great and their enterprise support is very good.

  Both are good and to be honest I hope both do very well so people have options. Including myself

• I just want to tell you many thanks for your tutorials ..I learn a lot from your pfsense tutorials. I managed to have a better job like firewall admin and was easy to understand after that also the Sophos firewall. Thank God for people like you exist and know how to explain this. Greetings from Germany

• I still use pfsense. I have a complex setup and it works fine for me. If it ain't broke don't fix it is my philosophy here. I don't really mind signing up to download the iso. I have to do this in my professional career everywhere already, I don't care about one more sign in. I don't see netgate wanting to make money as a bad thing either as long as they are supporting BSD and the pfsense code. Opnsense is fine if thats how you want to go, I'm just happy with pfsense and have zero reason to switch.

• for me it's the interface. I've tried it a couple times and it's simply not as good as pfsense is.

• I mostly use opnsense because at the time i was evaluating firewalls, it appeared that the pfsense "community" edition had been abandoned, with no updates in, apparently, years. I was almost definitely misinterpreting what was happening with pfsense at the time, but opnsense was clearly very regularly updated, with a clearly signposted model for obtaining a contemporary "community" edition.

• Another significant advantage OPNsense has, compared to other NIPS open source projects, is that it only blocks the traffic that matches the NIPS signature. Some solutions block the source/destination IP for a while, which can cause a lot of issues in a false positive case.

• You look like you're homeless. what happened to you man?

• I live physically very close to the company behind OPNSense. And i know they are very small, and simply do not have the resources by far that Netgate has. They are in a very small commercial building now but until not to long ago this was a "kitchen table company" meaning someone runs a company from his home. This does not mean that OPNSense is bad, but due to their size they are just limited in what they can do. So seeing this what Tom Lawrence brings up here is not new to me at all, and everything he said is true. But remember he did this not to flame OPNSense which in itself is also a good product. I think that tinkerer home users would like OPNSense more then pfSense, but for business use i would vote for pfSense. One thing that Tom Lawrence did not explain in this video and many people still do not know. Is how pfSense implements the most important fixes when they do not build new versions that often. Well there is a package called System_patches. This add's a menu item where there is a list of patches, with description and you can apply and roll back each fix separate. This in my humble opinion is very important because when a security fix breaks your configuration and your business goes down that can cost money. So it is convenient that you can rollback a specific patch and have all other patches even later ones applied to be as safe as possible. And it give you time to prepare and change your configuration so you can apply that single patch later. With just new builds that contain a number of fixes in a single build, you are stuck when something breaks your configuration. Meaning you need to downgrade first to get things running again. And all the time you spend on fixing the issue in configuration you cannot update to any newer version meaning you miss multiple security fixes for that time.

• Well I use openWRT so you must use it too. 😂

• I 100% agree with your opening statement. I see it a lot with other things as well, Intel and AMD is a good example.

• I have 20+ years in IT and Server Admin, I've tested and used most commercial and open source networking OS and equipment. In my opinion ever since Netgate bought pfsense, their quality and stability went in the trash. Closing off the source code while basing it on open source code that cannot be closed off is borderline illegal in the US.

• Meanwhile, I run my firewalls using… just FreeBSD 😀

• I figure i should say something here.

  Lawrence video is 100% accurate on the facts but much less so on the assumptions.

  Pfsense and Opsense are open source firewall solutions.
  But though they do many of the same things they are not the same

  Opnsense: Has a more intuitive user interface and is more about security/cutting edge hardware.
  Pfsense : Less intuitive user interface but more focused on stability and flexibility

  Updates: opnsense gets regular updates for security and hardware and two major updates per year.
  Pfsense updates less frequently and there no real time for those updates given.

  Access to freebsd updates: For the most part this is irrelevant because of their different priorities.
  Though pfsense has routinely had access to both security and hardware updates it ends up behind opnsense in both in terms of implementation. The same can be said for features except this time pfsense routinely implementations them sooner with wiregraud being a perfect example. This is the different priorities in action making who has access first kind of pointless.

  So well they may leap frog each other at times things quickly go back to the way it was because of those different priorities.

  Better hardware support: opensense
  Better security: opensense
  Better flexibility: pfsense
  Advanced feature being more customizable: pfsense
  More intuitive: opnsense
  Better documentation: pfsense
  Better community: This one subjective as pfsense is larger but it can be more toxic and the smaller opnsense one can make it harder to find a answer to a question.

  Which is best: It comes down to needs and what your focus is on.

  Well things change..It's possible but seems unlikely anytime soon due to their different philopshies and being on opposite sides of the planet.

  Final note.
  Pfsense being a big contributor to freebsd is great
  But they pulled some very slimly stunts in the past regarding opnsense fake domain, Nazi images, extra and a a lost court battle.
  Opnsense for its part started doing some juvenile stuff in response although not quite as bad.

  In the last 10 years though its been basically quiet with adults on both sides seemly now in control.

• I too, don’t use OPNSense.
  And never will.

• you gave some good reasons for using pfSense, no question, but to me this video is a little disingenuous when it doesn't address the topic several commenters below noted — specifically, NetGate having proven itself to be an incredibly toxic company with behavior bordering on unprofessional in many, many cases that have been documented repeatedly over the years.

• Loving my virtualized OPNsense in Proxmox. Think I bloated it too much with Zenarmor and plugins. Computer runs a lot hotter and fan spins up a lot more than normal (after installing Zenarmor). Learning a lot from it though, breaking things and then fixing them. Great start to a sweet homelab setup. Getting more serious and involved in networking.

Comments are closed.