OPNsense vs. pfSense Round 2: OpenVPN

Categories: OpenVPN, OPNsense, pfSense

We use OpenVPN extensively with RADIUS or LDAP authentication. tls-crypt is used in all cases. Because… reasons.

pfSense:

Has this feature exposed in the GUI and working fine for years.

OPNsense:

Has the feature not exposed in the GUI. But this is not necessarily a big deal because an admin can easily paste the relevant block into the ADVANCED CONFIGURATION field, right ?

Sort of:

It works right now. So no worries then. But there is this:

While I can see where they are coming from it is also rather alarming to see that text there. tls-crypt is essential. Hardly an edge-case. So if you do not expose it in the GUI and threaten to take away my options in the ADVANCED CONFIGURATION field we are going to have a problem.

I am root, after all.

Next issue OpenVPN features:

pfSense:

Has OpenVPN 2.5.1 which means you can use CHACHA20-POLY1305 which can deliver enhanced performance for IoT devices and mobile devices, VPS – anything that doesn’t have AES-NI style hardware acceleration.

OPNsense:

Despite having what seems like monthly firmware updates they are on 2.4.9.

Verdict:

Point goes to pfSense for OpenVPN. OPNsense are threatening to take this Apple approach of telling me what is best for me and locking me out of features and they are not on OpenVPN 2.5x yet.

«
»

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.