Round 1 – WireGuard. Tally: OPNsense 1 : pfSense 0 Round 2 – OpenVPN. Tally: OPNsense 1 : pfSense 1 Round 3 – Backups. Tally: OPNsense 2 : pfSense 1 Round 4 – GUI. Tally: OPNsense 3 : pfSense 1 Round 5 – BGP Routing. Tally: OPNsense 3 : pfSense 2 Round 6 – Notifications. … Read More
I was excited last year when Azure made IPv6 GA but was taken aback when I saw they only issue single /128 and charge the same as IPv4. A year on nothing has changed. I would say this is only half-implemented. Sad to see:
Owners of the relatively new FW6D and FW6E waiting for Coreboot rejoice: FW6D fw6d_DF_1.0.6.rom Initial Release 5/4/2021 FW6E fw6e_DF_1.0.7.rom Initial Release 5/17/2021 These were just released along with a shiny new flashing tool that should make things easier for people and mitigate the risk of bricked devices due to user error. Flash can be done … Read More
Protectli just released this new integrated firmware flashing tool for their devices. It is python3 script, using the usual flashfrom binary. Preferably (as this is what they test on) Ubuntu 20.04. It is working fine off of a live cd ISO boot. Apparently one should boot legacy, NOT UEFI as there are thought to be … Read More
pfSense: Installer handles root on ZFS and GELI encryption options. The latter is of limited use in a firewall appliance but ZFS has its merits when you deploy devices at sites with flaky power or that are designed to be used in the field by road warriors who are unlikely to shut down before pulling … Read More
pfSense: Curate their plugin repository very conservatively. The ethos is very much that “A Firewall should be a firewall and not moonlight as a Unifi controller or Plex Media Server”. OPNsense: Has many cool things in the official repo. Tayga, ZeroTier, Shadowsocks. TOR. Sensei. Prometheus and Munin exporters. And for the adventurous there is … Read More
This is an easy one. pfSense: Since 2.5.x has Telegram bot and Pushover API capbilities along with the trusty old SMTP. They work reliably for us in all cases. And for low volume both are free to use. Albeit pushover will charge a nominal fee for their mobile apps but it is basically free. … Read More
Both OPNsense and pfSense offer FRR. FRR is very versatile. It offers OSPF, BGP etc. At work we use BGP to route some IPv4 and IPv6 prefixes. I wanted to test both but can only use pfSense. More on that below: pfSense: Offers FRR version 7.5.1. Latest version. Jim Pingle (who is a Saint, btw) … Read More
This is a short one because both OPNsense and pfSense offer themes. Both have some dark mode options and the rest of the topic is too subjective to be worthy a long debate. Beauty is in the eye of the beholder. pfSense: You can choose between light and dark themes and a bunch of accent … Read More
Restoration from backups works well for both OPNsense and pfSense but the way backups are created is very different. pfSense: Has the now free of charge ACB (auto configuration backup) module. This used to be a sweetener for people who paid for pfSense Gold, which was a nice way home users or small biz users … Read More
We use OpenVPN extensively with RADIUS or LDAP authentication. tls-crypt is used in all cases. Because… reasons. pfSense: Has this feature exposed in the GUI and working fine for years. OPNsense: Has the feature not exposed in the GUI. But this is not necessarily a big deal because an admin can easily paste the relevant … Read More