Why use pfsense?
In light of u/teskilatimahsusa87 's recent post I just realised i know people have pcie NICs to act as the switch or to connect more switches to but for wireless i realised since it's not viable to like just get antennas that would be as powerful to provide a house with adequate wireless waves (atleast I don't think so? Please correct me if I'm wrong I'm here to be equcated anyways) so why bother using a router for justs the antennas, why not just but a good router and load up openwrt for the flexibility it just seems not so smart to spend on a mini pc or the hassle of setting up an old pc instead of using ... Openwrt
Sort by:
Best
Open comment sort options
Best
Top
New
Controversial
Old
Q&A
Yours are legit and interesting thoughts.
In my opinion, it all boils down to the requirements of your specific application.
Yes PfSense (as well as OPNsense) are more Enterprise oriented (as someone else commented elsewhere) but let's not forget that, at the end of the day, they are just OS (FreeBSD) with some tuning and a nice Web Interface; OpenWRT (as well as any other Linux OS that is tuned and configured properly) can offer the same capabilities (if you are willing to spend time to configure it by yourself and rely on the community in case of issues).
OpenWRT is designed to run on low end hardware and it does that very, very well. Some of the capabilities offered are well beyond the 'HomeLab' of 'Home User' use case; the main difference when it comes to use any of these 'adapted' OS for Enterprise use is really who's behind and what kind of support they can offer; I doubt that a Fortune 500 company will use OpenWRT as perimeter router relying only on the support from the community; you must have contracts and SLA in place for your stakeholders to smile.
I've personally used all of them (wearing my hat of 'Home User'); while OPNsense (for me) does offer the best graphical UI of all (in terms of capabilities, they are pretty much the same), I found both PfSense and OPNsense too 'heavy' for my hardware (APU2 and APU4 as perimeter router) and so incapable to scale to 1 GBit/s.
OpenWRT instead, manage that with ease: I have 14 VLANs and I can route between them (with circa 12 firewall rules x VLAN) with nearly 0.30 Load Average (totally impossible with OPNsense and PfSense).
I ended up migrating my infrastructure to OpenWRT; I currently have my perimeter router and 8 APs all with OpenWRT and I'm living happy days; but again, that's my use case and the requirement for my specific application.
I will add that OpenWrt is Linux while *sense is FreeBsd. With Linux you get the latest and greatest packages, security...etc BSD has slow development environment comparing to Linux.
There are fundamental differences in the network stack between BSD and Linux. BSD is always going to be more secure (and faster) while Linux will always have better hardware support. For a SOHO environment not being able to run *Sense on ARM hardware and/or get WiFi working potentially outweighs the benefits of BSD. At the enterprise level, the benefits of BSD may win out.
Thanks for a well thought out response. I went from openwrt (wrt1900ac) to an atom powered pfsense primarily because I could and always wanted to try pfsense and the 21.x update needed to relearn how to apply vlan so figured if im going to redo it, why not try something else. But I'd be lying if I said I've noticed any difference at all. I'll even change back if my pfsense box dies. Incidentally, what aps are you using with oprnwrt on them? Cheers
Because each product has its uses.
OpenWrt is great for resource-constrained devices, especially those with integrated wireless. Its roots are far outside of the
x86ecosystem, and it shows in how it is installed and upgraded. Occasionally, the developers rework some aspect of the OS that renders its configuration incompatible with that of a prior major version. Two examples from recent years are transition fromiptablestonftablesand changes in the implementation of internal switches.pfSense/OPNsense would be more at home on a rack-mounted device or a functional equivalent. "The senses" update like a garden-variety Unix-like OS; no reflashing from scratch required. The ability of the current version to import configuration created on the previous version is considered important and in recent years has been absolute.
At the same time, "the senses" are based on FreeBSD, rather than Linux, and that puts them behind in the wireless department. As of this writing, there is no production-ready support for AC and AX.
All in all, OpenWrt seems to be geared primarily to the needs of the enthusiast; "the senses", while also widely used in the enthusiast circles, have gained some acceptance in the business setting as well.
Comment deleted by user
That is not true. they use same package which is FRR routing. It depend on the hardware x86-64 on OpenWRT will probably handle it better than *sense.
OpenWRT can run on server hardware, WTF are you talking about?
Also, no one said anything about USB Wi-Fi dongles, OpenWRT has better hardware support because it is based on Linux, which has far better driver support than FreeBSD.
I think one of the reasons for PF popularity as a packet filter is the simplicity and expressiveness of the rule filter language.
Plus, pfSense is designed for normal systems with 1GB+ of memory and 8GB+ of storage, so you get all the standard tools and packages, and not the stripped-down versions designed to fit into 8MB ROM and 64MB RAM without any swap like with OpenWrt.
I imagine some people may also want to use ZFS for storage, to combine the firewall and NAS into one. This is way easier to do with a PC with a full kernel than with an embedded distro like OpenWrt.