this post was submitted on 18 Nov 2024
260 points (98.1% liked)

Selfhosted

40670 readers
388 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] CarbonatedPastaSauce 77 points 1 month ago (6 children)

The only one I haven't seen mentioned here that is a requirement for me is OPNsense. I've been using it for a couple years, and pfSense before that for a very long time. Never going back to commercial routers and their shitty / buggy / backdoored software. I highly recommend OPNsense over pfSense for the UI improvements alone, but there are other reasons to use/support OPNsense over pfSense.

On my network it handles internet firewall, internal firewall, and all routing across 5 VLANs and between two internet gateways. It does 1-1 NAT for my public IPs, inbound VPN, outbound VPN for my *arr stack, and RDNS blocklists with the data source being a script I wrote that merges from several sources and deduplicates the list. It is my internal certificate authority (I don't miss you at all, Windows CA), DHCP for the guest wifi, and does pihole-like ad blocking via DNS for my entire network. And it does all that running in a VM with 2GB of RAM, of which it only uses about 60% on my install.

It is an incredibly powerful tool, not terribly difficult to learn, has a pretty damn good UI for FOSS, and in my opinion is a fantastic foundation for a complex home network / homelab. Unlike pfSense, which corrupted itself twice over the years I ran it, it has never let me down. And every update has been painless over the years.

[–] militaryintelligence 31 points 1 month ago (1 children)

I understood some of those words. It make network go?

[–] CarbonatedPastaSauce 29 points 1 month ago

It make network go very good.

[–] [email protected] 9 points 1 month ago (2 children)

Second OPNsense. pfSense also is maintained by some pretty shitty individuals.

[–] CarbonatedPastaSauce 6 points 1 month ago

Yeah I hinted at it but didn’t feel like going into it. It’s why I switched though, and happily I found OPNsense to just be better anyway.

[–] peregus 1 points 1 month ago (1 children)
[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (1 children)

https://web.archive.org/web/20160314132836/http://www.opnsense.com/

This was the website that pfsense maintainers made as soon as OPNsense was announced. They sniped the name, derided the project and only ended up handing over the domain after they were legally compelled to.

One person affiliated with Netgate in particular can be seen around forums and social media and has serious axes to grind. He's.... not pleasant.

Add to that Netgate's practices (IIRC secret proprietary blob required to build pfsense, double-check that fact / unremovable installation tracking) and the picture painted is one of petulance and anger.

[edit] oh yeah, and this gem! https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

[–] peregus 2 points 2 weeks ago

Damn, now I get where is your "shitty individuals" coming from. Thanks for the info.

[–] [email protected] 5 points 1 month ago (2 children)

I highly recommend OPNsense over pfSense for the UI improvements alone, but there are other reasons to use/support OPNsense over pfSense.

Can you list or summarize some of the other reasons?

[–] CarbonatedPastaSauce 4 points 1 month ago

Eh, I've forgotten a lot of the details and it's drama that I don't care to relearn about. Easy to find online with some basic searching if you want to read about it.

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago) (1 children)

How many NICs do you have on your opnsense machine?

[–] CarbonatedPastaSauce 8 points 1 month ago

It’s a VM so technically none I guess, but my hypervisor hosts have a 4 port gigabit card and a 10 gig fiber card, plus another gigabit port on the motherboard.

OPNsense is using 6 interfaces, 2 WAN and 4 LAN, but it’s all virtualized.

[–] [email protected] 3 points 1 month ago (1 children)

Went to try pfSense. Need to register to their shop to buy a free download link.

Then during installation it won't install unless it can phone home and report.

OpnSense all the way.

[–] CarbonatedPastaSauce 2 points 1 month ago

That's new, it didn't used to do that back in the days when I used it but that was a couple years ago. Sounds like it's just getting worse.

[–] [email protected] 1 points 1 month ago

I'm still using pfsense and considered switching over to opnsense but I found out it doesn't have something similar to pfblocker.