OPNsense vs. pfSense in 2021 – Index

Categories: OPNsense, pfSense

Round 1 – WireGuard. Tally: OPNsense 1 : pfSense 0 Round 2 – OpenVPN. Tally: OPNsense 1 : pfSense 1 Round 3 – Backups. Tally: OPNsense 2 : pfSense 1 Round 4 – GUI. Tally: OPNsense 3 : pfSense 1 Round 5 – BGP Routing. Tally: OPNsense 3 : pfSense 2 Round 6 – Notifications. … Read More

Azure and IPv6 – a year on

Categories: Azure

I was excited last year when Azure made IPv6 GA but was taken aback when I saw they only issue single /128 and charge the same as IPv4. A year on nothing has changed. I would say this is only half-implemented. Sad to see:

Coreboot coming to Protectli FW6D and FW6E

Categories: Firewall

Owners of the relatively new FW6D and FW6E waiting for Coreboot rejoice: FW6D fw6d_DF_1.0.6.rom Initial Release 5/4/2021 FW6E fw6e_DF_1.0.7.rom Initial Release 5/17/2021 These were just released along with a shiny new flashing tool that should make things easier for people and mitigate the risk of bricked devices due to user error. Flash can be done … Read More

Protectli release new firmware update tool

Categories: Firewall

Protectli just released this new integrated firmware flashing tool for their devices. It is python3 script, using the usual flashfrom binary. Preferably (as this is what they test on) Ubuntu 20.04. It is working fine off of a live cd ISO boot. Apparently one should boot legacy, NOT UEFI as there are thought to be … Read More

OPNsense vs. pfSense Round 8: Installation

Categories: OPNsense, pfSense

pfSense: Installer handles root on ZFS and GELI encryption options. The latter is of limited use in a firewall appliance but ZFS has its merits when you deploy devices at sites with flaky power or that are designed to be used in the field by road warriors who are unlikely to shut down before pulling … Read More

OPNsense vs. pfSense Round 7: Versatility and plugins

Categories: OPNsense, pfSense

pfSense: Curate their plugin repository very conservatively. The ethos is very much that¬† “A Firewall should be a firewall and not moonlight as a Unifi controller or Plex Media Server”.   OPNsense: Has many cool things in the official repo. Tayga, ZeroTier, Shadowsocks. TOR. Sensei. Prometheus and Munin exporters.¬† And for the adventurous there is … Read More

OPNsense vs. pfSense Round 6: Notifications

Categories: OPNsense, pfSense

This is an easy one.   pfSense: Since 2.5.x has Telegram bot and Pushover API capbilities along with the trusty old SMTP. They work reliably for us in all cases. And for low volume both are free to use. Albeit pushover will charge a nominal fee for their mobile apps but it is basically free. … Read More

OPNsense vs. pfSense Round 5: BGP routing with FRR

Categories: OPNsense, pfSense

Both OPNsense and pfSense offer FRR. FRR is very versatile. It offers OSPF, BGP etc. At work we use BGP to route some IPv4 and IPv6 prefixes. I wanted to test both but can only use pfSense. More on that below: pfSense: Offers FRR version 7.5.1. Latest version. Jim Pingle (who is a Saint, btw) … Read More

OPNsense vs. pfSense Round 4: GUI

Categories: OPNsense, pfSense

This is a short one because both OPNsense and pfSense offer themes. Both have some dark mode options and the rest of the topic is too subjective to be worthy a long debate. Beauty is in the eye of the beholder. pfSense: You can choose between light and dark themes and a bunch of accent … Read More

OPNsense vs. pfSense Round 3: Backups

Categories: OPNsense, pfSense

Restoration from backups works well for both OPNsense and pfSense but the way backups are created is very different. pfSense: Has the now free of charge ACB (auto configuration backup) module. This used to be a sweetener for people who paid for pfSense Gold, which was a nice way home users or small biz users … Read More

OPNsense vs. pfSense Round 2: OpenVPN

Categories: OpenVPN, OPNsense, pfSense

We use OpenVPN extensively with RADIUS or LDAP authentication. tls-crypt is used in all cases. Because… reasons. pfSense: Has this feature exposed in the GUI and working fine for years. OPNsense: Has the feature not exposed in the GUI. But this is not necessarily a big deal because an admin can easily paste the relevant … Read More