Products > Networking & Wireless
I say goodbye to pfSense, welcome opnSense
PlainName:
--- Quote from: Zucca on September 09, 2024, 02:57:22 pm ---https://www.zenarmor.com/docs/network-security-tutorials/why-migrate-from-pfsense-to-opnsense
--- End quote ---
Have to say I am not impressed with that site. As a typical example of the issue, consider the steps to move from pfSense to OPNsense:
--- Quote ---Remove pfSense from your hardware, install OPNsense and migrate your settings across.
--- End quote ---
Cool, there is a link to migrating your settings, and that plus the offhand way they tell it suggests there might be a util to do the conversion, if not a trick or hack to just import a pfSense config. And, indeed following the link produces:
--- Quote ---The following steps provide a comprehensive guide for transitioning from pfSense software to OPNsense and configuring various network features and services on OPNsense.
--- End quote ---
It's bollocks. They take a full page to walk you through firing up the web configurator and then manually entering whatever rules you might have set.
Next, they go on about how Zenarmor NGFW is a great replacement for pfBlockerNG. So far as I can tell, NGFWjust uses DNS to prevent outbout connections, whereas pfBlockerNG works on incoming IP addresses to actually block undesired stuff. I am sure I must have missed something because they don't seem at all equivalent to me, so maybe someone who knows could point it out.
I've thought about migrating several times, but this kind of thing seems to be par for the OPNsense community - noting how much better it is by glossing over details - and each time I've stuck with pfSense. Hey, I loath Microsoft but still run Windows because it's the better thing for what I do. Netgate may be shits, but I'm not their friend and judge the product on what it does.
Zucca:
Just to inform that I decided to stay on pfSense.
Once pfSense becomes a $$ subscription I will jump off the boat.
PlainName:
8)
Why upgrade to that version? Unless there are security cockups (and it seems to be pretty robust in that regard) all you get are new toys you managed to do without so far.
David Hess:
I have been using OPNSense since about 2020 when I purchased a PC Engines apu4d4. Before that I used PFSense on Pentium II desktop hardware for 10+ years, and before that m0n0wall for 10+ years.
I only changed hardware because PFSense dropped support for 32-bit hardware, and since I had to reinstall, I figured I might as well make the change to OPNSense which has better VPN support anyway.
PlainName:
I decided not to do VPN on the firewall and simply pipe the ports through to SoftEther running in a VM. Similarly stuff like DNS and DHCP are offloaded to one-function apps that do the job well. But I realise that if you don't want to go that route then having it all work nicely in a single box is cool.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version