pfsense OR OPNsense? YOU DECIDE!

Nice comparison. I do prefer the pfsense UI. The graphs particularly look better. OPNsense also took ages to install on my VM compared to pfsense, followed by headaches at the configuration stage when my add button disappeared at the Interface assignment stage. Just went back to pfsense, no regrets

i love opnsense. steady updates, great UI and great overall user experience.
BUT that being said... maybe you know the answer to a question that has been bugging me in my setup...
i want 2 devices (on different vlans) to be able to talk to each other over the (edge)switch without allowing any other devices to bypass my opnsense, and i have no clue how to go about it.

How's the process of setting up Tunnel VPN on OPNsense compare to pfSense? Is it as easy as Untangle?

I'm up in the air on which to use, I like the fact opnsense has anti-virus without needing a proxy, I like the fact pfsense has ability to email on service failure and autorestarting services and the fact pfsense has pfblocker, but opensense also supports adblocking via opendns and I also like the menu placement in opnsense, i think if opnsense had a few more pfsense features they'd win me over, but right now I think it'll be pfsense unless these features are added, it'd also be nice if can block ips/domains from the log files page

I wonder if Opensense is suitable for home users.
I have 5 users each user have mobile phone and a PC
We have a monthly internet subscription with monthly quota of 250 GB

Can I use opensense to give each user 50 GB monthly that can be used on multiple devices?

Can each user control his daily usage by setting a daily limit?

Can each user monitor his own usage and the remaining quota ?
Can each user manage his own profile and change his password?

Can I monitor the browsing history of my children and configure browsing filters?

Awesome man have been playing with pfsense I since 2.1 and now have the same feeling with the GUI really like the opnsense view it's really easy to follow and to understand were as pfsense took me a while to understand...but still have issue with PPP connection on both...

I am an original PFsense user because it was forked from m0n0wall, my preferred FW platform, and I learned the PFsense interface first. WRT m0n0wall, I was sad to see it go as PFsense would NOT run on my very, very old Soekris box. I'm actually at a cross-roads with this and I am considering switching to OPNsense from PFsense. The real problem is they are both "heavy" compared to the old m0n0wall distros, and before anyone comments, I know that is to be expected. I am a home user and run on old commodity hardware and PFsense has worked well for me so far (without any additional packages, my hardware won't support anything more). I'm looking at OPNsense as I am considering a move to some slightly more modern hardware that may allow me to do more with my FW. Since I am going to be building from scratch, I am planning to try OPNsense first and see how I feel about it.

One think you missed is.
Hardware requirements.
Also if possible.. Plz make a video on their performance when running on minimum required hardware and share their performance.
Never seen that video before.
Thanks in advance.

(2) Things about OPNsense - (1) it has ET Telemtry which is ETpro for free in return for data collection and (2) it has sensei which IMO is much cleaner to use than pfBlocker

i can only agree with the people here regarding the lackluster of opnsense.
UI is fine to a certain extend, but oo large and too many animations (thanks to bootstrap UI framework).
Firewall rules do not work correctly. nmap shows "filtered"
freeradius does not work properly, not all settings are reachable within the UI.
3 DNS servers available, but all are unable to add SRV records from the UI.
"ipfw list" from console does not work ("Protocol unavailable" Error message for just listing the rules)
i am annoyed with this shit i will try again maybe in 5 years if the project is still alive. (i hope it will die)

I personally think that the OPNSense interface is a little bit more cluttered than the PfSense interface. I personally like recommending people use PfSense more because of the fact that there is more community support. Also I do see PfSense as more likely to be used in some enterprise environments. I like the I am more comfortable in the PfSense interface just due to the larger number of hours I have in it. But my opinion is that the 2 are basically equal. I have no problem with either of them.

PFsense attempting to force everybody onto closed source crypto AES-NI for VPN screams of some sort of backdoor or NSA compromise. I'll never run it on my networks ever again.

No wording on routing protocols....?

I used pfsense for 2 years but switched to opnsense when I replaced my fw hardware due to the whole aes ni requirement that was mentioned at the time by pfsense team. My cpu doesnt support that so I didn't want to run a fw distro that will stop supporting my cpu at some point in the future. And I do use openvpn module. Yes things changed after that but I already had opnsense running. The other thing I noticed was geo blocking rules and how that is done in opnsense is so much easier to setup and is way less flaky than in pfsense. I had no end of issues in pfsense with geo blocking which would often break after a patch or simply after updating its IP lists. I increased the database tables sizes like they suggested at the time but issues continued. I don't use pppoe so for me opnsense has been perfect. I must say that suricata in opnsense is not without issues, but I haven't tried that capability in pfsense so can't comment.

Great Job, I'm glad I came across this video. I used pfsense at home years back, and one of the issues I had was trying to learn and remember where the darn settings for whatever were. I just picked up an Atomic Pi and was looking to install pfsense on it. But, it looks like OPNsense will be going on it instead. Thanks! Lookiung forward to your new Vid's on OPNsense.

I'm use to with fortigate interface, what is more easy for me to configure between them ?

Nice comparison, exactly what i wanted to hear :D

New to Open Source Firewalls. Have worked with Fortigate, Sonicwall, Cisco Meraki. I believe from what I read. OPNsense is a fork from PF sense. Curious about that.

I just came across this video. Finally a side by side comparison. Thank you. I been using Opnsense myself now for a few months. I trying it on a PC engines board and now using a protectli 4 port box. I not had my hands on pfsense and when saw how Opnsense interface looked initially for the first time I just went with Opnsense and never looked back. That interface it like the tomato firmware which I been used to so it felt like home. I look forward to finding Opnsense video where you have like protection 4 port box and you have say vpn provider 1 on lan 1 and vpn provider 2 on lan 2 and lan 3 is direct to wan. Having a look of how you set those rules what it would look like. Appreciate that and all that you do here.

Been using OPNsense myself for about 8 mounts now. Looking forward to more pfsense vs OPNsense content.

OPNsense looks intriguing, I am sure you can apply the same techniques that pfSense uses, you just have to learn where to do them at. Nice video Willie good job.

I had or have issues with PFsense, on install its locked me out, so not a good start. having touched it previously it was a nightmare on how the menus or config works within the Webui. this seems to have the important bits set out where you would expect. I found myself hunting for what I wanted within PFsense. it wasnt easy to follow as some items were located in different areas. it require more thought and is a failure IMPO.

You are correct in that the UI is the main and client facing "customer focus" of the product, and therefore it is the MAIN consideration to both pro and non pro users. Im old school in how things worked and translate to modern software. however this is like text talk as a lay out which doesn't converge well.
On top of this there seems to be a number of issues on install where there shouldn't be. Ill be trying OPNS see how this goes, as I have spent a day trying to fix the out of the box PFsense problems.
FYI the firewall is blocking all access, done all the usual work arounds and still not working. - Acc GUI from Lan, in op. DHCP was working external pings working. functional as a router, Nope!
Oddly enough in the lab it worked okay, I had a play with basic settings and was going to take the curve and went to a "production" installation, where it totally let me down.. Four reinstalls. manual and auto, resets, on lan on wan and via VM console.
As a IT pro, the cost is rediculas in wasted time and there was no online answers

Do any of the backup configs work on opnsense?

Kickass video, man. Thanks

Can I take a configuration backup from pfsense and restore to opnsense? Perhaps editing the interface names is needed?

Most firewalls are deployed and then forgotten about. Except for updates there is not much point in logging in again and again. You can do everything else on the core switch. I used pfsense and had some stability issues. Deployed a Cisco ASA and I just works. Granted there is a massive learning curve.

Opnsense really hated my new amd epyc 3001. PFsense just worked. Also recognized my mellanox 3x 10g card out of the box. I really did use opensens for nearly 7 years. Alas I got tired of things breaking, and random clock problems. It really did hate my epyc. Opnsense just randomly broke itself. Oh well.

If OPNsense's GUI is so intuitive, why did they feel the need to add a search feature? To each his own. I'll stick with pfSense until something better comes along.

Which one seem to work better with VMware NSX?

OPNsense's interface looks almost exactly the same as Sonicwall

Question coming from unifi dream machine can not get my full gigabit speed with threat management. I would like a basic setup with threat management installed wireless point and do this by spending the least amount of money as possible. Can either of these use a usb 3.0 Ethernet as the second lan? It detects the usb Ethernet in Linux Mint. I also would like to use wireguard and would like to keep the speed lost to a minimum. I saw a spreadsheet that showed that a Celeron processor quad core was able to maintain 900 plus up and down. How much is the least expensive system that can handle my needs?

pfsense roadmap looks impressive but considering their integrity - pass. The future looks far brighter with opnsense.

Update: just performed Opnsense install on a refurbbed HP ProDesk SFF i5 - 4570 w/8GB RAM, added i340-t4 & a SSD all for $220 [everything hums @ 23 watts] - install went flawless on 1st attempt. The future looks good; I save money, can actually add to and build opnsense without impossible opensource hurdles presented by pf. The good guys win. Bonus is I've got a Win10 Pro license that came with ProDesk in the bank for later.

where I work we mainly deploy Palo Alto and meraki's but im debating what to use for home

Hi,
One point should be noted that pfsense doesn't support inline IPS

pfSense is cool, OPNsense is shut.

Do you know where are the "more OPNsense contents coming" announced at the end of this video ? thks

Is there any notable performance difference between the two? I been using PFsense for a few years now but I'm always open to alternatives, especially if there is a performance improvement!

Very helpful comparison. Not intimidated by either program, and have used pfsense in house ever since giving up Shorewall on an old Linux box. My customers are looking for DNS filtering, so I'll give Opnsense a try.

Hi there, does opnsense support Gateway AV or Advanced Threat Management? I know it has IPS/IDS and WebFilter

Opnsense still doesn't have a working integration with open-vm-tools. Comparing cluster, pfSense wan VIP does work, OpnSense doesn't.

pfsense running on my network about 10 years now, decide try something new. OPNsense do have some good features such as much more easier TFA etc, I can do the same on pfsense using a Radius, but OPNsense easier. My network have two WAN and three LAN running on different VLAN, have OpenVPN and HAproxy running. I got about 90% running on the new environment, however, about two weeks, I noticed OPNsense having performance issue, my network lost packages for unknown reasons. I switched back to Pfsense. OPNsense definitely an alternative but it may need more testing for the production environment.

Unless I missed something, this boiled down to OPNsense has a better UI.

One pitfall for both systems, which we experience a lot in Europe on certain ISP services is PPPoE performance. At the moment irrespective of pfsense or opnsense, FreeBSD does not multi-thread PPPoE, which is single threaded. This can cause performance issues as ISP speeds start to hit 1 Gbps and Above. As the processing of PPPoE is processed by a single threaded CPU, depending on the CPU Speed, performance may never hit 1Gbps.

Great overview as always Willie, thanks.

I swear, pfSense breaks EVERY DAMN TIME I update it!! :(

Thanks, this is what I was searching for. Showing the UI made pretty clear your point, OPNsense is way beautiful.

opnsense has wireguard and pfsense doesn't, is that true?

What are you using for hardware that you deploy for OPNsense? As a MSP I need reliable and powerful and maybe next business day

great stuff, inherited pfSense box and I love it but I'm more of Open Source guy, really want to try OPNsense. Thanks again.

pfsense still not support vxlan