OPNsense vs. pfSense Round 7: Versatility and plugins
pfSense:
Curate their plugin repository very conservatively. The ethos is very much that “A Firewall should be a firewall and not moonlight as a Unifi controller or Plex Media Server”.
OPNsense:
Has many cool things in the official repo. Tayga, ZeroTier, Shadowsocks. TOR. Sensei. Prometheus and Munin exporters. And for the adventurous there is a community repo now with Caddy, Traeffik, AdGuard Home, Elasticsearch, Grafana, Speedtest, Unifi controller plugins etc.
It’s a tie because: At work I am a dinosaur and I think this sort of edge device should not be a swiss army knife of homelab goodness. The less attack vectors the better. At home on the other hand, the homelabber / self-hoster enthusiam is deeply embedded into my DNA. ZeroTier, Shadowsocks. TOR and a Unifi ccontroller on a Protectli FW6D running OPNsense? Sure, why not 🙂
pfSense would benefit from Tayga and I think it may be in the pipeline. Other than that I do value their convervatism. Let the router be a router and off-load the anxilliary stuff to another device behind that router.
Verdict:
SOHO and Home use: Point goes to OPNsense. Even with a bunch of plugins installed it’s likely going to be more secure than some Huawei or Zyxel consumer crap that your ISP gave you with hardcoded backdoor credentials and firmware from 2016.
Enterprise / ISP use: Point goes to pfSense
[…] Round 7 – Versatility and plugins. Tally: OPNsense 4 : pfSense 4. It’s a tie depending on use case. […]