Announcement

**Hibbelharry** · 25 January 2020, 08:35 AM

After some initial troubles with OPNsense I'm a happy user. We're using firewall/routing VMs spread acrosse some datacenters and offices. Our old setup couldn't do IPv6, and there was no perspective to see that changing, the old vendor just doesn't advance anymore. Port Forwarding across some bridged cross-site networks did make us some trouble at first, because OPNSense does not do Source NAT without further steps, and Source NAT setup really follows it's own logic in OPNsense. With that out of the way, OPNsense has been stable and manageable for us.

**q2dg** · 25 January 2020, 12:13 PM

Hello. Do you know any Linux distribution equivalent to OPNSense? I don't want to mess with BSDs... NethServer/Untangle/ClearOS are too broad-featured... VyOS is too much low-level... I don't find anything just similar. Thanks!

**Zyklon** · 25 January 2020, 01:01 PM

You don't have to mess with it, it works fine.

**rekrek** · 25 January 2020, 01:02 PM

q2dg I have not found something like it ! Wish the gui and config would be ported to linux ...

On an other note, I was waiting for a major upgrade to the kernel. But it won't come ? My network card driver needs to be patched for it to work at 2.5Gbs and later FreeBSD fixed that. Might have lots of work left to do to postpone the kernel upgrade. Also I installed a FreeBSD on ZFS then converted it to Opnsense. I hope they will soon provide ZFS installation.

"HardenedBSD 12.1 has been postponed to the next major release"

**stormcrow** · 25 January 2020, 01:20 PM

Originally posted by q2dg View Post

Hello. Do you know any Linux distribution equivalent to OPNSense? I don't want to mess with BSDs... NethServer/Untangle/ClearOS are too broad-featured... VyOS is too much low-level... I don't find anything just similar. Thanks!

Smoothwall Express, OpenWRT, DD-WRT

In any case be sure to read the docs on setup and security. They are NOT optional.

Outside of DD-WRT or OpenWRT I use to replace router firmware with, I still use PFSense on PCs when the occasion presents itself. I haven't messed with Smoothwall since the 2000s.

Yes I "still" use PFSense. I'm uninterested in the politics between PF and OPN.

**pollux_9t** · 26 January 2020, 08:53 AM

Originally posted by q2dg View Post

Hello. Do you know any Linux distribution equivalent to OPNSense? I don't want to mess with BSDs... NethServer/Untangle/ClearOS are too broad-featured... VyOS is too much low-level... I don't find anything just similar. Thanks!

You should also have a look at ipfire. It started as a fork of IPCop and has since been rebuilt from the ground up using LFS. https://www.ipfire.org/
Tasks like VPN setup, IPS (surricata) are dead simple.
Especially on low power hardware Linux may perform better than the BSD based firewalls.

APU2C0 IPFire throughput test - much faster than pfSense

https://teklager.se/en/knowledge-base/apu2c0-ipfire-throughput-test-much-faster-pfsense/

Hope this helps. Cheers!

**aht0** · 26 January 2020, 10:40 AM

Originally posted by q2dg View Post

Hello. Do you know any Linux distribution equivalent to OPNSense? I don't want to mess with BSDs... NethServer/Untangle/ClearOS are too broad-featured... VyOS is too much low-level... I don't find anything just similar. Thanks!

No precise equivalent, actual firewall working behind GUI has been ported only across BSD's (and Oracle's Solaris recently).
Bunch of functionalities are so pf-specific that Linux firewalls lack analogues or it'd be bitch to implement.
You probably don't need most of it offers, use closest Linux firewall distro filling your needs.

**q2dg** · 26 January 2020, 10:57 AM

Originally posted by pollux_9t View Post

You should also have a look at ipfire. It started as a fork of IPCop and has since been rebuilt from the ground up using LFS. https://www.ipfire.org/
Tasks like VPN setup, IPS (surricata) are dead simple.
Especially on low power hardware Linux may perform better than the BSD based firewalls.

APU2C0 IPFire throughput test - much faster than pfSense

https://teklager.se/en/knowledge-base/apu2c0-ipfire-throughput-test-much-faster-pfsense/

Hope this helps. Cheers!

Oh, yeah! It was just what I was looking for! Thanks! (and thanks to all who has answered so kindly my question, cheers!)

**aht0** · 26 January 2020, 05:33 PM

Originally posted by q2dg View Post

Oh, yeah! It was just what I was looking for! Thanks! (and thanks to all who has answered so kindly my question, cheers!)

Ipfire is good when your requirements fit within it's limits. Having used Ipfire myself in the past:

Very limited amount of configurable interfaces.
You have to be okay blocking hosts manually, adding entries one by one. Adding few hundred entries is bunch of work (home users may want to block win telemetry for example)
Snort (or was it Suricata) configuration wasn't as easy. Not that opnSense/pfSense way is easiest either.
Had to go around GUI when I had to configure VLANs. Having dual-WAN with distinctly different routings was stone bitch to set up on IpFire. That's sadly a "must have" for folks with ISP-provided TV (IPTV).

Eventually mess around VLANs, having more than 4 interfaces and want of auto-updating large ip-blocklists made me ditch it.
Power-wise there's really no diff (on Haswell rig at least), once you bother to make some selections under "Advanced Settings" (PowerD checkbox + power profile selection from drop-down menu). I have wattmeter.

As wifi AP, IpFire worked much better tho. Ended up bridging Asus router in pure AP mode to pfSense box, FreeBSD wifi support is just less.

Announcement

OPNsense 20.1-RC1 Released For Popular BSD-Based Firewall / Routing OS

OPNsense 20.1-RC1 Released For Popular BSD-Based Firewall / Routing OS

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment