I love how you tell why you do or don't do things and not try to force your opinions upon others! Keep up the great work.
@LAWRENCESYSTEMS5 ай бұрын
Thanks
@ShaferHart4 ай бұрын
it's the kind of clarification that's only needed in the age of snowflakeism where everyone seems to live with their "heart" on their sleeve ready to get offended over meaningless stuff.
@Shocker993 ай бұрын
It's the same difference, just phrased differently. Both phrasings tells the viewer the KZbinr's opinion on x and why they should think about using/not using it.
@apalrdsadventures5 ай бұрын
I'm sure the most recent comments at you are a direct result of Netgate dropping CE downloads from the website, which probably would have gone over fairly well if they didn't double down posting 'CE users are not customers' on Reddit.
@shephusted27145 ай бұрын
they pull crap like that all the fscking time - horrible
@bertblankenstein37385 ай бұрын
It is this sort of stuff where I feel pfSense will eventually not have a CE (free) edition. It has been moving towards that direction for some time., which is a real shame. This turns me off pfSense since they may just pull the rug out from CE. Currently quite happy with the product, less excited about the company.
@jimthompson9715 ай бұрын
@@bertblankenstein3738I’ve consistently said that we’re not taking CE away and we’re keeping it free. We still work on it. The ISOs can still be downloaded without registering. This is widely known.
@mitchellmnr5 ай бұрын
@@bertblankenstein3738 You can just build from source can't you?
@apalrdsadventures5 ай бұрын
@@mitchellmnr The downloads currently point to the Netgate Installer, which requires you to setup a WAN connection so it can download the correct version (CE/Plus). The 'old' install images are still on the server, and their links have been shared around the internet, but there are not plans to continue building those in the future. Apparently 'customers' can create a support ticket to request an offline Plus installer, but CE users aren't customers so they can't.
@gregf30215 ай бұрын
Everyone is free to make their own decision. For me the stuff pfsense did at the start to try to interfere with opnsense left a very sour taste in my mouth. I can't support them again.
@rayr865 ай бұрын
I appreciate you making this video Tom. I’ve watched your other videos with the detailed comparisons, heard about the “controversy” between PFSense and OPNSense and had decided to stick with OPNSense on that alone. But your argument to support the product that benefits the community more is enough reason for me to consider trying PFSense and see where I land after giving them both a fair shot. Thanks again and may I also say, I love your content!
@BillLambert5 ай бұрын
I switched from PF to OPN a few months back, mostly on a whim because my homelab FW got corrupted somehow and needed to be rebuilt, so I gave OPN a shot. To me it feels like mostly the same functionality behind a slightly redesigned UI. I like the fact that it has a REST API for common stuff, which I use for monitoring DHCP leases and a few other simple things. In PFsense I had to build my own API backend in order to get data in and out, whereas in OPNsense I just wrote a trivial script to consume the API and feed into my dashboard. People have been asking for REST functionality in PFsense for many, many years, and Netgate's answer was always "soon", but then TNSR happened and any hope of a PFsense API completely evaporated.
@vogtm5 ай бұрын
Fair point!
@whatareyousaying3395 ай бұрын
If that corruption happens again just run fsck. One of my installations a few days ago got corrupted when simulating a power fault. Fsck fixed it right up. Was able to boot again!
@MelroyvandenBerg4 ай бұрын
OPNsense is just better.
@viktornagy974Ай бұрын
I had the same story with VXLAN feature. There was hope to have it in PF, then TNSR happened and the hope gone... Now giving a chance to OPN.
@ziggo05 ай бұрын
Used pfSense for at least 10 years. Wanted to give OPNSense a go. Still running it 2 years later. For my use case at home...the router OS doesn't matter as long as it's at least pf/OPN based.
@jamesegg90055 ай бұрын
I think there's real demand for high quality OPNSense videos on KZbin, and when people like the videos you make, they want to see you make high quality videos about the topics they want. I think the issue is that they don't notice that this channel is mostly in depth videos about the software Tom uses professionally, and occasionally a video about comparable products, but nothing in depth. One of the best things about VMWare imploding was the influx of videos doing a survey of lots of different solutions. As varied, interesting, and niche IT solutions can be, this is not the channel for lots of videos about lots of different software.
@enonu5 ай бұрын
In particular, I'd like an OPNSense version of the buffer bloat video.
@ti4go5 ай бұрын
pfSense requiring signup to download the ISO just made me switch to OPNSense... this is just a dumb move...
@davidg58985 ай бұрын
Same. I actually preferred pfSense. Oh, well. At least it's an easy transition to OPNsense.
5 ай бұрын
I have official hardware and pfSense plus, but tried to download the CE version to use in a virtual environment. It was not easy, tried to sign up, but I got the non-ce version. However the sha256 hash for the iso.gz is in the official documentation, so it's easy enough to find mirrors and verify. This is a lot harder than it should be though.
@Darkk69695 ай бұрын
The old school download links still work from Netgate.
@-tineidae5 ай бұрын
Netgate is a bit to shady for me, the long release cycles for community does not look like they care much for that edition. Past few month is almost looked like they stop developing community and want to push everyone to Plus. With all the US shitshow with Cisco and Juniper placing backdoors in their product does not really speak for US Security Products :(
@slipknottin5 ай бұрын
Man when the hell did they add that stupidness
@mikeandersen85355 ай бұрын
When I was deciding between opnsense and pfsense, I ended up choosing opnsense because of what I had read about really bad behaviour from the people behind pfsense. So no technical reason, just that I would not support such behaviour. Pure and simple.
@EmongTimothy4 ай бұрын
would be nice to have some reasons listed my good sir.
@mikeandersen85354 ай бұрын
@@EmongTimothy It is easy to find, if you are interested in searching yourself. But the domain dispute (WIPO Case No. D2017-1828) is a good start, especially the story on how Netgate used the domain (OPNsense also has a page about it). That one alone was enough for me to not consider Netgate. But there are other stories worth checking out too, if you are interested to do some work searching and evaluate the sources, "my good sir".
@romangeneral233 ай бұрын
@@EmongTimothy How bout them putting the CE download behind a sign up and billing information. Is that a good enough reason for you ?
@Shocker993 ай бұрын
CE = community edition, for anyone wondering. I believe they combined the installer of the community edition and the paid option.
@espressomatic3 ай бұрын
I did the opposite. Ignored remarks from pundits on both sides and actually installed and used both systems. With a deep look into both in real use as "daily-drivers" on my network, it didn't take long to decide which one was for me. I chose what I believed to be the far better engineered effort, pfSense. I can see why OPNsense was created, but it's frankly a mess and I can't abide any of their UI decisions. Sure pfSense has issues too, but it's a far cry from the OPN mess.
@talbech5 ай бұрын
Been on OPN for years since retirering the last Soekris box running PF years ago. OPN never let me down and I'm pretty sure PF wouldn't have either. Just recently replaced a Juniper SRX as our data center edge router with an OPN and it has been performing great.
@kingwing59635 ай бұрын
PF has let me down repeatedly. TNSR isnt bad tho.
@zwabTheRealOne16 күн бұрын
Have you ever needed to enable UPNP for game consoles on a home network? I know it was broken for a long time in the upstream BSD version of miniupnpd. There was then news of a fix, I installed a patched version which seemed to work, but since then I've upgraded my opnsense version multiple times and at some point its broken along the way.
@talbech16 күн бұрын
@@zwabTheRealOne i never used it. Depending on the network you are connecting to, I usually usually manually configured the respective ports. UPNP is not recommended.
@zwabTheRealOne16 күн бұрын
@@talbech Aye I know its not recommended, video game devs care not about network security sadly.
@zwabTheRealOne16 күн бұрын
@@talbech Update: I updated my firewall again today since I was about 6-8 weeks out of date and UPNP has sprung to life again
@SpeZi-tr6gr5 ай бұрын
Thanks, Tom! Especially as an OPNsense user, that's exactly what interests me. It's not a religion, it's just facts and here are some facts I didn't know and I'm grateful for that.
@demanuDJ5 ай бұрын
That is fair video, I'm an OPNsense user, but reasons why you're using pfSense are reasonable
@icaroslbc5 ай бұрын
Used pfSense for 10 years, but recently switched to OPNsense. The main impulses were packages (Xen guest tools, Zerotier) and many automation features (like in Wireguard - when you define allowed networks, it automatically creates the routes unlike in pfSense; or HAProxy integration and config). So overall it is the automation and packages that make the difference for me.
@espressomatic3 ай бұрын
OPN is pretty much a skin with a few user scripts. If they hadn't completely shit the bed on the UI/UX, it might be worth running for the scripts. By supporting OPNsense, people are helping to destroy the base project. And if pfSense CE goes away, do you think anyone at OPNsense can actually maintain, let alone develop a firewall/router?
@androbourne5 ай бұрын
Lawrence I just have to say I appreciate you take the time to create and upload these videos. Even myself as an MSP Network/Systems Engineer (I mostly do commercial hardware like Watchguards, Ciscos etc...) it is very nice to have a reliable unbiased knowledgeable person such as yourself on the OpenSource community. I learned a lot about OpenSource from you and even implemented some at my own home to continue my education on the platforms. Thank you and keep up the good work!
@EsotericArctosАй бұрын
This is a good break down. Too many people just push the thing they like and won't listen to others and disrespect the fact we have choices in what we can use. The great thing about opensource is that we have choice and it is always good to have the correct information to make an informed decision.
@GSCNSFC5 ай бұрын
I picked OPNsense because it has better driver support for all my devices.
@andreas79445 ай бұрын
This was due to the newer BSD base version used by OpnSense compared to PfSense. PfSense changed that a while ago, and therefore it is no longer a problem. But there is hardware I would avoid with both :D
@Darkk69695 ай бұрын
Latest Pfsense+ now uses FreeBSD 15.0 which is a few versions ahead of Opnsense so it's not an issue anymore in terms of providing hardware support.
@Joshko82Ай бұрын
Thank you Tom for this detailed information. I really appreciate the calm approach of describing why you pick one and not the other. Also thanks for really showing some BTS and describing how and who commits code and why this matters. One of the reasons why I really like your videos is that you are just showing your oppinion and not making these "i switched from X to Y and why you SHOULD too" videos.
@acadiaCyberSec98655 ай бұрын
Another significant advantage OPNsense has, compared to other NIPS open source projects, is that it only blocks the traffic that matches the NIPS signature. Some solutions block the source/destination IP for a while, which can cause a lot of issues in a false positive case.
@christophrechtlehner5 ай бұрын
When I wanted to start using pfsense, the realtek chip of my nic was quite new and a FreeBSD driver was available. However, it was not integrated into pfsense. Op sense on the other hand did already support it. I was and still am very grateful for that
@glynnetolar44235 ай бұрын
The reason I don't use pfSense is because the pfSense team appears to behave like children. Look at the way they initially treated OpnSense. And then the way they handled the licensing recently seems to back that up. Maybe we need a third option, I don't know. I also don't like the pfSense interface. I'd feel a lot better if all the children on pfSense left. Just my $0.02.
@Akimbo7115 ай бұрын
Don't forget the drama when Netgate tried to ram in a botched and vulnerable WireGuard implementation into BSD Jason Donenfeld was absolutely appalled
@OT-tn7ci5 ай бұрын
Same, they are pretty much the same, if you are the sort of customer that needs dual WAN, you are better of with a pain firewall honestly.. I don't see a customer segment for pfsense, I even tested the wireguard throughput heavily on my 2G WAN with a single client, I didn't see any difference between opnsense and pfsense but my hardware is old.
@espressomatic3 ай бұрын
@@OT-tn7ci Why would there be a difference? OPN is a skin on top of pf. If pf goes away, there is no OPN. It's that simple.
@Secretly-Based5 ай бұрын
I feel that Netgate has an adversarial view of their own users, and it will be their downfall. Just look at VMware....
@parzivalvolarus9281Ай бұрын
Only of their CE users. They don’t feel that FOSS users are really users. They only like supporting their paid and closed source customers.
@punchtool292016 күн бұрын
The F in FOSS means to liberate you from the oppression of all these closed source systems. It doesn’t mean free of cost. We need to support maintainers of BSD as there are very few left.
@parzivalvolarus928116 күн бұрын
@ PfSense for BSD into some hot water recently. PfSense started off great. The current owners and senior leaders are just awful people. PfSense is closed source in every sense of the term. The community edition is continually getting pushed into a corner. The owners would love to get rid of it altogether.
@DigitalMirrorComputing5 ай бұрын
It's because of videos like this, that this channel is one of my favourites on KZbin and it has also inspired me to start my own KZbin channel this year! I love how Tom always rises above mediocrity without ever sounding obnoxious and always provides compelling (dare I say scientific at times) data for his choices. Everyone is free to have their choices, but it's also ok to have an opinion and without being afraid to share it! Thank you for inspiring us mate and never stop doing what do!
@outboundrules5 ай бұрын
I just want to tell you many thanks for your tutorials ..I learn a lot from your pfsense tutorials. I managed to have a better job like firewall admin and was easy to understand after that also the Sophos firewall. Thank God for people like you exist and know how to explain this. Greetings from Germany
@walter_lesaulnier5 ай бұрын
I LOVE how much actual data and info are in each of fairly short videos - no annoying pointless filler. Networking in general has always been a big weakness of mine, even though I've been building and tinkering with computers for almost 50 years. I've learned a LOT going through your videos.
@TeslaMaxwell5 ай бұрын
been using pfsense 2 years now as both edge fw and another internal fw for my homelab... its been great so far. had to chance to help a friend of mine spinning up their opn instance and had no issues with it, felt pretty similar to pfsense.. personally i think both are great and solid, ill stick with pfsense for the time being for one of the reasons mentioned in your video! thx for sharing your experience!
@peetersbjorn5 ай бұрын
yes, netgate has stuff in the *bsd code. yes, opnsense pulls some of it... but from what i can tell, most of it: - was not created by netgate (but now maintained) - is no longer maintained by netgate - was created by someone else and they just assigned a portion of netgates money(?) in the credit - or has not been changed in over 3 years so saying opnsense relies on pfsense is a bit... oversimplified ? on top of that, it's code inside of *bsd, meaning it's not really "opnsense uses netgate code" but "opnsense has a *bsd base", so you could say both netgate & opnsense "depend on every single contributor to *bsd" that being said, my main reason for using opnsense are mostly because i like the interface much more and second because of how netgate "bullied" opnsense like a toddler when they forked.
@OT-tn7ci5 ай бұрын
Exactly and a comparison of companies paying developers for OSS is stupid imo cuz there will always be someone else to do it if you don't
@jhboricua5 ай бұрын
Not to mention opnsense devs also contribute code to bsd and in some instances have fixed bugs in netgate's contributions. It's a silly argument by Tom.
@OT-tn7ci5 ай бұрын
@@jhboricua agreed. Plus, from what I see, negate seems to do it only to get patches in sometimes, and if negate didn't exist, another company would do it. It's not really an argument.
@BackwoodsTinkerer4 ай бұрын
Considering his company and the services he provides "relies" on PFSense I'm sure theres quite a bit of bias behind his opinions. But like you pointed out, he's over simplified the explanation but also purposely left out a LOT of facts, and it makes me wonder WHY he chose this route. After coming across his videos last year when starting to build my own router/firewall his anti-OPNsense videos were actually the reason WHY i went with OPNsense because his reason didnt seem genuine, and indipendant research found his opinions against OPN had no factual backing. I'm glad I chose what I did because shortly after the PF crap went down with subs and CE and all that nonsense. I honestly do not trust anyone who backs corporate greed like Netgates.
@theatlastech87925 ай бұрын
Tech can be worse than religion at times.
@Jamesaepp5 ай бұрын
Come to the church of emacs to avoid the cultists of vi. /s
@LAWRENCESYSTEMS5 ай бұрын
:q!
@EmperorTerran5 ай бұрын
well considering Tom is deleting comments that link to articles what pfsense did and point out some issues in his presentation.. yeah..
@Jamesaepp5 ай бұрын
@@EmperorTerran I doubt that's tom. KZbin never lets through any of my comments when I include links. I think it is an (overly aggressive) anti spam measure.
@girogiacomo5 ай бұрын
@@EmperorTerran Do you even know how youtube's spam filter works? Links ar nuked everywhere for no reason.... EDIT: And not only links
@julian.morgan5 ай бұрын
For me it's really simple I use pfsense because there are plentiful video based beginner level tutorials - there are some for OPNsense, but nothing like the same breadth and depth. Bottom line is that whether you're a home user like me or a professional network engineer my guess is that you want to spend as little time as possible fixing broken stuff, which means setting things up correctly in the first place. In my case I want to spend as little time as possible thinking about pfsense altogether!
@slipknottin5 ай бұрын
I chose pfsense for the same reason. Tried OPNsense a few months ago when the pc I was using for pfsense broke, but I’m not in IT, I can follow tutorials online but mostly I don’t know what I’m doing. Pfsense has far better online guides.
@nick-dogg5 ай бұрын
Just use what you like, the internet seems hell bent to get you to stay away from products they don’t like.
@Jpeg65 ай бұрын
Well you got my head all in a pretzel now Tom. I used pfsense for several years, then eventually switched to opnsense recently. Those are some compelling arguments to go back to pfsense. There are certainly things I like about both pieces of software, but I also have some major issues with both as well. I think the one thing I can say for certain is there isn't a wrong choice, and its better than most home users firewalls that never get updates.
@djmcwill10103 ай бұрын
Happy OPNsense user here (former pfSense user), but I do appreciate you sharing this well-considered perspective. Thanks.
@randykitchleburger278013 күн бұрын
Thanks for everything you have ever helped with man. You are the best!
@MrBobbybrady2 ай бұрын
Just tossing my two cents in for the algorithm. It was here on your channel where I learned about and got started with PFSense. I have since switched to OPNSense and prefer the interface. I'm glad we have choices and appreciate the work Netgate has put into the project and the work they have contributed to FreeBSD. I believe what soured me on PFsense was the corporate culture in their direction and the lackluster performance of their hardware. Literally, the only major issue I have ever had was from their hardware. I will say in their defense, their support was probably some of the best I have ever seen. So Let's all just be thankful for these two projects for their hard work and the great firewall software they provide. à chacun le sien
@linuxpirate5 ай бұрын
Just migrated my home network off of a Firewalla box to my DIY router VM. PFsense was never considered and I’m very happy with OPNsense thus far.
@Joel-xf9tl5 ай бұрын
I considered going to Firewalla from Opnsense. You don’t recommend?
@_sneer_2 ай бұрын
I went with Open on my router, but OpenBSD and never looked back. I would never use an OS that depends so much on corporate greed like pfsense. Tried pfsense, opnsense, Linux and OpenBSD. OpenBSD had everything I needed in the default installation, is the most secure of those by default, with the smallest attack surface and most independent, with very easy updates. I almost forgot how to use OpenBSD since installation, as it is maintenance free for me. I log in once in a while to check the logs and system parameters just in case, but that’s it. Documentation is quite good, online guides are excellent and tools available in the default installation are the ones that make the most sense to me.
@Pewpew77885 ай бұрын
Opnsense has a freaking API. Just that was enough for me. Sure it might not be super extensive but it's better than a wannabe API that pfsense has
@UltralifeTech5 ай бұрын
What are some good apps that use the API?
@RbNetEngr5 ай бұрын
How do you use the API?
@MNaka-uf9yz5 ай бұрын
@@UltralifeTech Home Assistant for instance, to monitor your hardware or fw rules...
@Pewpew77885 ай бұрын
@@UltralifeTech I use curl to modify some policy based routing rules. I have a button on home assistant that when pressed will route the traffic of the chromecast through a specific country. I also use the API to perform queries to search for the IPs of different mac addresses in my network. Another one that is really useful is a script that modifies an alias to add another host. That alias is used for very specific accesses in my network. Possibilities are endless.
@timothygibney1595 ай бұрын
@@UltralifeTechThe issue is the build set for pfsense build process is proprietary and not updated frequently. The API means its build able
@scottylans5 ай бұрын
Pfsense has demonstrated horrific behaviour in regards to opnsense, spreading misinformation, hijacking domains and subreddits etc. There was a big controversy with the wire guard code too. That being said, your reasons seem sound, so if you're comfortable with them. Fair
@espressomatic3 ай бұрын
Former president of the US is a rapist and convicted felon. Half the US wants to see him back in office. Go figure. At least that stuff is true. The pf stuff not so much.
@AnFr335 ай бұрын
I like interface of OpnSense, but i like PfSense too
@mihaibob79025 ай бұрын
Ok.. it is a bit cherry picked. The 100% more speed of wireguard in pfsense is because of BSD kernel. The same speed will be available in openSense when they go with kernel 14.x. And there are some specific improvements for pfSense Plus only, aka that is closed source, so after both are on kernel 14, if you have the pfSense plus you will have some extra speed because of the closed source code. Not defending anyone I used only pfSense but let's not sweeten the deal to much...
@crankbrochad715 ай бұрын
It's definitely cherry picked, with a good dose of lying. Tom states that the wireguard speed difference is due to poor implementation. Any integrity he had left is now gone.
@jhboricua5 ай бұрын
@@crankbrochad71 Indeed that was a dumb thing to say.
@comp20B5 ай бұрын
Appreciate the opinion. But I love OPNSense.
@leesouthworth3 ай бұрын
I like this analysis and my take away is the need to reevaluate FOSS from time to time, which often gets mist because, you know, FOSS.
@pest864 ай бұрын
They push to bsd not because they care of opensource. All their actions starting from pf/opn split and continue up until now (with recent home licence and CE scandal) show they do not csre about open source community. The only reason to push this code is that they can use it better then anyone else
@_clownworld3 ай бұрын
He’s paid to have bias. Love Lawrence and his channel but this is the reality of the world.
@39zack2 ай бұрын
@@_clownworldno he is not 😂
@anthonyyu27225 ай бұрын
Loving my virtualized OPNsense in Proxmox. Think I bloated it too much with Zenarmor and plugins. Computer runs a lot hotter and fan spins up a lot more than normal (after installing Zenarmor). Learning a lot from it though, breaking things and then fixing them. Great start to a sweet homelab setup. Getting more serious and involved in networking.
@nick-dogg5 ай бұрын
I 100% agree with your opening statement. I see it a lot with other things as well, Intel and AMD is a good example.
@ddorbuck5 ай бұрын
Thanks Tom. Appreciate your comments
@float_sam5 ай бұрын
As a home user.. OPNsense is goat
@starfoxBR775 ай бұрын
I second you. And I'm particularly happy with Zenarmor on it as well.
@TheLuxeon_5 ай бұрын
@@starfoxBR77 Same!
@fwiler5 ай бұрын
There's nothing pfsense could do at this point to make me want to use it. Why don't you report on their behavior, or list both sides of the isle? This video wouldn't be necessary if there weren't issues, but here we are. Even if opnsense went away I would find something else besides pfsnese. Already burned that bridge.,
@jaffarbh5 ай бұрын
I use pfsense too on a couple of VMs, one with Ipsec VPN. There was a learning curve to optimise things (especially TCP fragmentation and offloading), but once that's done, it's working like a charm. Actually, I forgot it's there and this video's reminded me.
@mkhanapathan5 ай бұрын
It's good to see reasoned arguments and also agreeing to disagree as it should be.
@atomycal5 ай бұрын
Still undecided between pfSense CE and OPNsense for home use (home lab). Probably going to go with OPNsense due to the update frequency. Netgate forgot about pf CE, they're all about that flashy bling-bling now :(
@TheBaldOne5 ай бұрын
I'm in the same boat with a slight difference, I'm already using CE. It's been ages since the last update (I think it was last year), I'm pretty sure I'm falling behind. Every now and again I think about getting an appliance from them, but within my budget there's nothing rack mounted (obviously), and then I look at my current router and think what would I do with it.... I'll stick around with ce until the end of the year, if 2.8 isn't released by then, I'll change to opnsense.
@LAWRENCESYSTEMS5 ай бұрын
The last pfsense CE 2.7 update was released Dec of 2023 and 2.8.0 will be out soon.
@atomycal5 ай бұрын
@@TheBaldOne I feel your pain. To me it seems like Netgate is pulling a "vmWare", they'll probably end up killing pfSense CE to "streamline and simplify their portfolio". This blinded haste for cash disgusts me to the core. Won't touch vmWare, and at this rate won't touch Netgate either. - which is funny because it might seem unimportant due to me using it "just at home", but the sentiment will carry on in my professional career.
@jimthompson9715 ай бұрын
@@LAWRENCESYSTEMS Tom, if you tell them this then it makes their claim of “no updates” seem like a deliberate lie. That might make them angry. 😂
@atomycal5 ай бұрын
@@jimthompson971 the only problem with your statement is that I'd gladly use pfsense, if the updates would be say once per quarter. pfsense CE seems closer to a bottom priority for Netgate, than a top one. I've been around long enough to see this shift in a company's attitude towards open source, for me to embark on a journey with a platform that *may* be soon dying. (not saying it *is* dying, but the track record doesn't show me much hope)
@Prophes0r5 ай бұрын
EDIT: Tom has good reasons but doesn't acknowledge opposing ones. :EDIT Okay...but that completely ignores the 'problem'. And ignoring it is de facto support. It doesn't really matter if Joe's Used Car Lot has the highest quality cars at the lowest price. They engage in slimy business practices that are not only bad for everyone involved, they are also bad for completely uninvolved people because the practice becomes normalized. I enjoy Chick-fil-a food, and unlike almost every other fast food chain I can even eat almost everything on their menu, but their company loudly and proudly supports some VERY bad/abusive stuff. So I don't give them my money. I don't use OPNSense because it's BETTER than PfSense. I use it because PfSense isn't a valid option for me, because they keep doing things that I refuse to support. Is it more work to do things like this? Yeah OF COURSE it is! That's why these companies/organizations are able to get away with doing bad shit. People will excuse them because they provide convenience. If you know someone is doing something shady, you are no longer a neutral party. Period. Continuing the status quo IS participation. It IS contributing to the problem.
@TheBaldOne5 ай бұрын
I 100% agree with you. I've been running pfsense for 5/6 years now at my home and I'm this close of shutting it all down and move to opnsense. I still have a bad taste in my mouth regarding the licensing issues, I can't really pay 140 dollars A YEAR to get the plus license. I do not need the support, I just want the updates. Heck, this is coming from a guy that bought the Lifetime plex license. I even considered buying a router from them, but not only all my hardware is rack mounted and they don't really sell a rack mounted prosumer appliance, but also for the money they're asking I can build something much more powerful.. I'll stick around until the end of the year IF a new update to the free version comes around, but probably I'm going to switch over sooner rather than later.
@justinooms64195 ай бұрын
@@TheBaldOne Really? $140/yr is nothing... My biggest issue is speed via PFsense and routing using an L3 switch. IE can't do DHCP on another subnet. IE I want my internal stuff to be on my L3 switch, but it doesn't do authoritative DHCP, so some devices will not connect, and again PFSense cant do DHCP for a network it isnt managing. Odd. This has been brought to PFsenses attention over a decade ago, and they still have not implemented standard features for DHCP. At home I have 100Gbps backbone and I want to utilize that. So off to TNSR or VyOS it is and both are much more expensive.
@rickevans79415 ай бұрын
Engaging with a bad actor is tacit approval of their bad acting, agreed. Have to make a principled stand but I give Tom a break here because it's not that serious and he's got a duty to his clients.
@TheBaldOne5 ай бұрын
@@justinooms6419for me it is, it's not just 140 a year, it's 140 EVERY year, it's too much. I really want to support but I can't afford that every year. Slash that to 50% off or more and I'll consider paying for it just for the updates. I'm not making money with pfsense, I'm using it as my normal home router for stuff like split tunneling and firewall. I get that if I was making money creating my own appliances and slapping pfsense onto them, 140 dollars is an adequate price to pay.
@daelra5 ай бұрын
@@justinooms6419 $140 is nothing for a business. It can be a lot for a home user that just needs something better than the crappy router their ISP gives them.
@x42424wАй бұрын
This is pragmatic and wise approach
@KieronConnolly5 ай бұрын
Great video Tom, thanks
@idcrafter-cgiАй бұрын
i am using IpFire due to it's better driver support because of using Linux but i do not force that choice on other and i like that you also do not force your choice on others.
@maxdiamond555 ай бұрын
great video Tom very informative. thanks
@PedroMorenoBOS5 ай бұрын
Excelente Tom, yes I like both, if you manage pfsense you manage opnsene. I love the GUI of OpnSense, but if someone let me chose, i go with pfsense, why? I have more experience with, simple. But if some request opnsense no problem, lets doit. At the end, the customer has the Last decisión.
@XSpImmaLion5 ай бұрын
Yep, different situations, different requirements, and different pros and cons. I got a tiny router/PC type thing and put OPNsense in it just to experiment a bit, I have nowhere near the requirements (or knowledge) most people here have, so much so that I'm now just considering a regular Wi-fi router running a custom version of OpenWRT to do the same job. Probably in a way that I'll just understand what is happening better. It's like, right after I got this whole project going, I got myself a portable access point, started using it, and realized how much you can already do with OpenWRT alone. So I'm kinda scaling back, and then I'll use the tiny PC for something else. Different needs.
@mcury855 ай бұрын
Almost forgot.. I use arch btw
@derekp66363 ай бұрын
I'm still running pfsense in the lab but a tad concerned with the future of the CE availability. I was able to get the iso without the netgate installer but not really pleased with that moving forward. I'd considered giving opnsense a shot since my needs are not very complex.
@jainayrogeorge29245 ай бұрын
Great video Tom
@fresh-thyme4 ай бұрын
I used pfsense for sometime in my home network and I generally liked it. Its great basic firewall out of the box. However when getting into traffic inspection, IPS/IDS, etc, its not a good experience. Its UTM functions are lacking and requires 3rd party packages. For home its great but I would never recommend it in an enterprise environment.
@stephenxs83545 ай бұрын
Love this. I have wondered this for a long time. Contributing development of FreeBSD is a great reason to support the paid version. Only thing missing is a centrally managed point...maybe host your own relay server option one day.
@-Good4Y0u5 ай бұрын
As bad as that Netgate situation was, I will say TAC is great and their enterprise support is very good. Both are good and to be honest I hope both do very well so people have options. Including myself
@nauyv5 ай бұрын
I’m still a little oblivious to some of the “political behind the controversies on both products, but did something happen with pfsense as far as why this video is being made? I didn’t think to look into OPNSense, but I saw there was so many pfsense videos and I set up a better router for the network I’m wanting to grow in my house and so far, it’s been a learning curve, but I got it down for the most part.
@soldierofrome53745 ай бұрын
Netgate the developer of pfSense very recently but the ISO download of the free Community Edition behind an online store front that you have to sign into in order to get the download now. Not sure if that’s part of the reason for this video.
@TantissTheEmperor5 ай бұрын
Since you first pointed out the security fixes I went from OPNSense to PFSense. And I’m content with it.
@veritas7010Ай бұрын
As soon as you install, pfsense pings central services for a subscription - are you serious?
@glynnetolar44235 ай бұрын
I learned something valuable about 20 years ago with my experiences on a local blog I frequented.. It's not about facts or well reasoned opinions. It's all about how much crap you can stir up (they call it engagement). This means more ad revenue. Yeah, pretty much made me cynicle. I think the Internet pretty much killed reasoned thought. But then again, i could be wrong. Look where I'm posting this. Another possible form of click bait. But i admit it is hard to tell.
@Flakester3 күн бұрын
Enjoy your PFSense - A happy OPNSense user.
@hquest5 ай бұрын
Free vs OpenBSD. BSD vs Linux. Mac vs Windows. Android vs iOS. iptables vs netfilter Cisco vs Juniper Cisco vs PaloAlto AMD vs Intel AMD vs NVidia Democrats vs Republicans Azure vs AWS Blondes vs Brunettes Ferrari vs McLaren Ford vs Chevrolet Dogs vs Cats And the list goes on and on and on. Glad we are living in a free society where people can make their own choices. Yet I remember our long gone past when people respected others opinion.
@frigidsoul695 ай бұрын
Thanks for taking the time to make this video Tom
@prashanthb65214 ай бұрын
I am a bit technically challenged w.r.t routers and networking so I cant comment on which is better. I had Pfsense earlier implemented by another person, after they left I could not make sense of it and tried OPNSense. After some circus I got it working fine. I am staying with it since it feels simple.
@richj9465 ай бұрын
Thank you for the video!
@rickreedАй бұрын
Backing up a decision with objective data. Well done, and thanks for the education.
@EricavanHellsing2 ай бұрын
Does it really matter for a home user with very basic network, MoDem. FW box, Router, switches, NAS, a few laptops and a couple WiFi devices ?
@cureheal5 ай бұрын
Very valid points for enterprise environements. Appreciate your insights.
@alzarpomario8893 ай бұрын
OPNsense user at home and at work, never let me down, we even converted old checkpoint FWs to OPNsense and they never failed an update or suffered slowdowns. But I sometimes ask myself if BSD is really so much better for a FW OS...I would really love to see a pf/opnsense like FW OS based on linux. It would become the final boss, with easy virtualization through containers tha could offer features like FortiOS vdoms.
@dancalmusic5 ай бұрын
In recent months I have evaluated the transition from pfSense to OpnSense and I have been able to observe how Netgate is more punctual and precise in its documentation. The hardware part is also better documented (the CPUs are indicated, for example, while OpnSense does not say which CPUs it installs on its devices). Furthermore, pfSense is more explicit in indicating whether certain functions are or are not supported: for example Intel QAT Crypto. I also found that OpnSense is slower in implementing features than pfSense (for example in QAT support). For this reason I calmly decided to stay with pfSense, even if I had to agree to pay for the pfSense+ version. It's not a great price to have maximum speeds with QAT and IPSec and to have better and more reassuring management of ZFS boot.
@magnus33john5 ай бұрын
Both have advantages and disadvantages so it's use what works best for you. Opnsense tends to have better driver support for new hardware and pfsense has better code support. I think what hurts pfesense more then anything else is some of their behavior and the forums where it can turn sour quickly with ego's running the show at times. In many ways pfsense is its own worst enemy not opnsense and its own actions have hurt them more then anything else.
@LAWRENCESYSTEMS5 ай бұрын
Since pfsense has moved to FreeBSD Main they are ahead of OPNSense and now have the better driver support.
@droknron5 ай бұрын
@@LAWRENCESYSTEMS They were behind for two years, which caused many people (like LTT on KZbin) to switch to OPNsense to gain access to 25Gb network drivers (as an example). Whether Netgate maintains using the latest FreeBSD releases needs time, trust is earned and they've lost a lot of it over the years with their various shenanigans.
@Szydelski5 ай бұрын
@@LAWRENCESYSTEMSWhat does „main“ in this context means? Is it rolling release, which matures into number releases, e.g. 13.2, 14.1 etc., like Sid in the Debian?
@magnus33john5 ай бұрын
@@LAWRENCESYSTEMS On the surface that would seem so since its on the newer codebase. In truth its not quite that simple since pfsense updates far slower meaning things added to the codebase can take a long time to get added pfsense. This still gives opnsense an edge when it comes to drivers for new hardware. It's unlikely pfsense is going to change its update cycle. There also the fact that opnsense shall be on 14.1 next month which well put pfsense slower in the driver area again. In the end its pick what works both are good.
@LAWRENCESYSTEMS5 ай бұрын
@@magnus33john That is not true either as OPNSense is not adding new drivers with their updates and since pfsense is based on FreeBSD and are the one writing the drivers they will have them first and OPNSense has to wait on back porting of features and drives. See the last two links in my forum post for more details.
@Amator_Phasma5 ай бұрын
I use both :>
@koijoijoe5 ай бұрын
Tom, the intro confuses me. Are you saying I do NOT have to use Arch Linux? One thing I was wondering being new and not getting started with any of these firewalls yet, I saw you guys were talking about pfsense having third party plug-ins for some things, one of them being automatic updates, is that something you trust installing and using for your clients as a professional in the space?
@timothygibney1595 ай бұрын
Pfsense and opnsense run on FreeBSD Unix. They are whole images. I use them for virtual routers and switches on hyper-v and kvm with libvirt to set up labs to mimick work stuff or exams. You can use both on old pcs for home routers or buy a pfsense gateway or router with it running natively as well
@shanent57935 ай бұрын
Are the enchantments effective? Do they work better than runes, crystals, or blood sacrifice?
@charlesholliday91125 ай бұрын
I started immediately looking for this comment specifically. Thank you.
@BertramJoseph5 ай бұрын
@@charlesholliday9112 me too! haha
@ranakanth5 ай бұрын
Thanks for providing a grounded perspective on the topic!
@adancalderon89155 ай бұрын
Thanks for the video
@pvalpha5 ай бұрын
I'm fortunate that in my home lab I have enough resources to play with both opnsense and pfsense ce in my environment. I use pfsense as my primary firewall router though because there are a number of features that work better than what opnsense offers at this time. While I do like the opnsense UI and interface systems better, PFSense has been a workhorse and keeps on doing things *better* for my use case. That can change if the features come over - which is why I keep an eye on opnsense. I've got no desire to stick with something just *because*. But I do have to see that I'm getting more with one than the other and all my decisions are based around that.
@wojtek-335 ай бұрын
The GUI is what does it for me. I have tried, but that pfsense interface just doesn't work for me at all.
@mjmeans79835 ай бұрын
Zero Trust Networking. Let's assume I took the time to create a 99.99% zero trust custom compile of FreeBSD by doing an offline compile of that distro entirely from source code (no pre-compiled binaries), then compiled a compiler and libraries (also from source code only), then recompiled the distro using that compiler in order to verify that every element of the original distro was 'clean' and traceable to only source code without any precompiled binaries. In that zero trust environment, can either OPNSense or pfSense CE be compiled entirely offline and only from source code without any pre-compiled binaries?
@SveinWisnaes5 ай бұрын
Just one question: What version of each are you comparing? You do not say if you compare the free version of both or a different combination. It would not be fair to compare the free version of OpenSense with the paid version of pfSense. The experience so far is that pfSense CE is VERY slow with updates. How does this compare to the free version of OpenSense? I am currently using pfSense, but looking hard at OpenSense. I do respect your recommendations a lot, but I just want to make sure I know what you are comparing.
@LAWRENCESYSTEMS5 ай бұрын
pFsense CE has faster security updates as I noted in the video. OPNSene does have more updates....
@SveinWisnaes5 ай бұрын
@@LAWRENCESYSTEMS Sorry to bother you again about this. But there is something I do not understand. Commits in Github does not mean much unless it results in a new version being pushed out. It looks to me that as of today, the latest version of pfSense CE is dated Dec 7, 2023. And the latest OpenSense version is dated May 29, 2024. To me, this looks like OpenSense can be a few months slower to commit than pfSense and still be faster as the releases are more frequent. Is my logic sound? Unless you compile pfSense yourself 🙂But I guess the majority just click update in the web interface when something new is available.
@LAWRENCESYSTEMS5 ай бұрын
Updates for the sake of updates doesn't make much sense to me
@SveinWisnaes5 ай бұрын
@@LAWRENCESYSTEMS Agreed. So you say that what is in the changelog of OpenSense is just for show and not real?
@NickyNiclas5 ай бұрын
Hypothetically, as a thought experiment, if pfSense ceased to exist, would you then choose OPNSense or something else?
@LAWRENCESYSTEMS5 ай бұрын
Hmm... hard to say.
@jaypines5 ай бұрын
it would be something else because then the fork would not have happened.
@NickyNiclas5 ай бұрын
@@jaypines let's say Netgate went bankrupt and shut down, would the community keep developing it as another fork or would contributors move on to OPNSense? I've personally used openWRT, tomato, edgeOS and unifi, I still haven't learned pfSense and OPNSense but I am curious what the future will bring, since the future of FreeBSD is uncertain.
@fedefede8435 ай бұрын
Saying 'hard to say' lead me to think there is more to the history on opnsense that is not addressed in this video?
@NickyNiclas5 ай бұрын
@@fedefede843 I feel it too, which is one of the reasons I was probing (other than being genuinely curious about alternatives). But one thing I think we can all agree on is that OPNsense exists for a good reason.
@dyeffsondorsaint61495 ай бұрын
the reason pfsense wiregaurd is faster was it was on freebsd 14 opnsense just moved to freebsd 14 we need to rerun the benchmarks
@Darkk69695 ай бұрын
Ahem... pfsense is now on FreeBSD 15.
@shanent57935 ай бұрын
@@Darkk6969There is no FreeBSD 15. The latest release is 14.1
@jhboricua5 ай бұрын
@@Darkk6969 Which has not been released yet. Which begs the question why Netgate is using a bleeding edge codebase that is in constant development on a firewall device.
@antaishizuku5 ай бұрын
Sadly there was a dns bug that hasn't been fixed in years and i had to rebuild pfsense every 6-ish months. I kinda gave up on pfsense as much as i like parts of it over opnsense.
@LAWRENCESYSTEMS5 ай бұрын
We maintain many instances I have no idea what bug you're talking about
@antaishizuku5 ай бұрын
@LAWRENCESYSTEMS with pfblocker there is a weird bug that causes dns to drop. The dev of pfblocker talked about it years ago and how its an issue in pfsense itself or something. You cant use service watchdog because pfblocker has a special script to handle dns reloads. If service watchdog tried to start dns in the middle of a update it would be bad but apparently pfblocker has internal handling so i traced the code and pulled the function that should be safe. It worked for years pretty well as a small custom script addon with cron.
@RogueRonin25013 ай бұрын
Pfsense CE is way worse than OPNSense. For me as a user of overlay networking via Zerotier, opnsense is more preferable because pf capability of using Zerotier Router topology. Also PFSense has some issues with unbound fixed in OPNsense.
@Srixun5 ай бұрын
The reason I left PFSense for OPNSense was uniquely because of how PFSense treats people. You'd ask a question and get shut down hard, I even tried to get them a contract at my job which is a very large organization, and PFsense shot themselves in the foot just by being arrogant assholes. OPNSense community is much more welcoming, encouraging, and supporting. and after you dig into the software I felt it fit what I needed for my network, more than PFsense. Im no zealot for OPNSense, but I do hate Unifi and people claiming Unifi has anything even close to resembling a firewall is the biggest joke of the internet. :P
@dsptchr5 ай бұрын
Why is it not possible to define static leases WITHIN a DHCP range in OPNsense? Like, I don't understand, even the Windows DHCP Server does this and so do literally ALL other dhcpservices I know of.
@oleksandrlytvyn5325 ай бұрын
I believe there will still be plenty of people in the coming years who will "bash" other peoples over different text editors, pfsense/opensense, Linux distribution etc etc etc. For some reason some people think that if they use software X and other people use software Y - users of software X feel somewhat the need to go and to leave comments in other peoples videos or posts. Not sure why this is happening but it is a different topic
@Thiccolo5 ай бұрын
I am totally new to all of this, I was trying to setup a HomeLab on Hyper-V and could not get the ISO installer to work, all of the guides I see online dont go over this new ISO installer.
@avoavoavo5 ай бұрын
Thank you
@appk58842 ай бұрын
I use OPN for their fair, short licensing terms and simple UI
@seansingh44215 ай бұрын
Duuuude that’s an awesome shirt. Where’d you get it ?
@LAWRENCESYSTEMS5 ай бұрын
Lawrence.Video/swag
@josephp15924 ай бұрын
Same, still running pf. Was never a fan of the OPNsense UI either
@JasonsLabVideos5 ай бұрын
Use what you like! Thats what i say !
@Calvin420GetRektM85 ай бұрын
I personally use OpenWRT because its so light. Yes is has its downsides, but it runs very well, and has no performance problems on mainstream hardware, cause plain old Linux kernel.