After over 10 years on pfSense, our consulting firm have transitioned to OPNsense. The drama throughout the years with pfSense and its owner is just too much. Thanks for the final nudge pfSense management. There are alternatives which they don't understand.
A series of OPNsense videos would be nice. On the Lawrence Systems forum, several people mentioned the lack of tutorials for OPNsense, so many of us would like to see them. (edit) I'm hedging bets with pfsense, going to set up an OPNsense system just so I'm prepared. Another video I'd like would be installation and configuration of e2guardian on OPNsense, it's not horrible on pfsense, but I've read there is no gui for the settings on OPNsense.
@@dabneyoffermein595 People keep telling me to calm down, pfsense CE will be fine... But I'm seeing that it no longer has feature parity, and I'm sure they are slowly working to remove the open code and replace it with closed code. People also keep telling me that OPN just isn't the same level, and part of that is they are not contributing as much code back to BSD so they are always behind, always waiting for a fix. All that said, I still haven't tested OPN yet, but it's on my (long) list of things to do. I did read about some of the sins of the past (pf), and see that same attitude in their recent news releases (go jump you freeloaders!), same thing that Redhat did and said about CentOS. I need to find time to learn OPN, really need to change my firewall at work this summer, big project considering e2guardian filters and Suricata tuning.
Would have been nice to have some more firewall rules through OPNSense. Grouping and blocking other networks from accessing the gateway. Great educational channel. 👌
Hi Cody. With Bell and other providers pushing internet packages north of 1Gbps, I'm curious what you think about (or if you've tried) one of the Protectli 2.5Gbps NIC models and pairing that with say, Bell's 1.5Gbps plan? It seems like overkill, but I suspect they're going to keep sunsetting slower plans and forcing people into these crazy fast packages. I would want to try and take advantage of that on the custom firewall as much as possible. Thanks for the video.
I got a mini pc with 4x intel i226 rj45 ports that is almost perfect for my use case, I had plans to add a mellanox cx3 sfp card on it so I can have 10GB throughput in the router but this wont be straightforward. My current setup is a UDM-Pro, USW-Aggregation and a USW-Pro-Poe 24 and they are connected through a dac cables. Is there a way I can use the udm pro for just cameras and network management, use the USW-Pro for intervlan routing and the minipc running opnsense as the router just for internet?
the reason for usw-pro being intervlan router is because of the throughput, I have a homelab network with 3 other minipcs for a proxmox cluster with 2.5G ports , a network for my storage that has a dac cable to the usw-aggregation and the main network where I have other 2 pcs over a 10gb link with fiber. also the cameras on its own network. Although 2.5GG throughput to the opnsense might be sufficient I will see bottlenecks when my pc on main network tries to write something in the nvme volumes of my storage so ideally the traffic would stay within USW-Pro and only go to the opnsense for internet. Is that possible?
I actually managed to get the mellanox cx3 sfp card working and using sata ssd as the opnsense disk. I will run some tests and will probably use it as intervlan router as well but I would love to get the intervlan routing on the switch if this is possible and keep using udm-pro to manage the usw-pro switch, all the flex switches and APs
Great video on how to setup OPNSense. But two things remain unclear to me: 1) Why? I assume there in an advantage to OPNSense over PFSense. What is it? 2) I see several people recommending Protectli hardware, and I see that it has better performance for the money. But isn't it a Chinese product? If so, isn't it risky to trust our whole security to hardware that could have been required to contain embedded spyware for the Chinese government?
Then you shouldn’t use any electronic devices/appliances. Most of the electronics whether it be the whole thing or parts of it is assembled or made in china.
Thanx for great video i tried to this before and everything fine except the dhcp not work on VLAN. i thought it was because the lagg. i used lagg before fo lan. i decide to do as you did in video. i delete the lagg and put the lan on igc1 then i try to make the vlan from igc1 everything as you do in video. the DHCP not work. i googled this problem before, someone said must change the setting on interfaces-settings-VLAN Hardware Filtering to default or disable. And Disable hardware checksum offload check this option but same. the DHCP doesnt work on vlan. maybe you got an ideahow to fix this problem. or can you share your interfaces settings
I've lost all respect for Netgate and had little to begin with, to not be overdramatically but they've been closed-source for a long time but still say they're open-source. I don't get why they would like to annihilate thousands of beta testers who have been active in their community for years.
Perfect timing of this video. I was searching for this exact process with all the changes from Negate licensing. It would be nice to see some typical services setup: installation process on bare metal, DHCP reservations, DDNS, UPS, config backups, software updates.
Lol i have 2 firewall boxes running opnsense and pfsense. I am trying to let them have the same functionality and i must say pfsense is the winner up to know. Basic functionality both score equally vlan lan etc etc. If you really want to make a difference then make a good video about adblocking, HAproxy and Acme licensing. That are the things that pfsense does better and there are more tutorials about that.
Thanks for the video. Maybe you could make a video on how to correctly configure the unifi dream machine with the Opnsense firewall. opnsense would be like an additional filter to the unifi dream machine. Opnsense firewall rules are also
This seems to meet my needs. I don't use a lot of advanced features. I just need the VLAN's and the Firewall Rules. No sense paying $399 when this seems to do the job just as well.
Should do 2 follow-up videos, one with some firewall stuff and routing features built into OPNsense, and a second follow-up video with ZenArmor plugin that turns this into a layer 7 gateway like Unifi gateways are.
I'm so happy I went with UDM Pro then SE after PFsense started having on CE version 2.5 on my custom hardware. Your channel made the transition from PFsense to UDM super easy, thank you.
I had a pfSense box for a while, an old i5 SFF PC, and decided pfSense was total overkill for me and so went to a UDM Pro which also allowed me to set up a camera system.
Hi. It's not better to connect AP directly into opnsense box in one dedicated port ? (I'm thinking that all wireless connected devices to not cross through a switch and after that to an uplink between sw and opnsense box (back and fw) - it's a useless traffic from my opinion)
no fee...both are free. boot env and AWS VPN config are really the only two major things you don't get in CE. most don't need/use any of the Plus features anyway, and are just being overly dramatic as usual any time netgate makes any changes.
