pfSense - HP T620+ vs Dell Wyse 5070

zer0sum

Well-Known Member
Mar 8, 2013
714
373
63
The decision is yours of course!!

While you’re checking out Opnsense, make sure you explore the dnscrypt and Adguard home plugins. They’re similar or better than pfblockerng depending on what you want to do.

Look at sensei as well if you want more advanced features and are willing to pay.

Running a ha pair of pihole systems is another awesome setup as well
 

e97

Active Member
Jun 3, 2015
274
135
43

stuartbh

New Member
Jan 3, 2022
5
0
1
All,

some history first...

I have been using Gargoyle as my router firmware for several years now until I wanted to use 802.11r/v/w/k and it does not really support that yet. So, I decided to move to OpenWRT (which I did) and was happy with the move except that I also decided to move most of my non WiFi network services onto a separate router (PXE booting, DHCP, DDNS, DNS, etc...), pfSense was the software I picked for that and I got an HP T620 to use as my platform for the pfSense install. So far, all is good.

The more I have read the more I feel a bit put off by Netgate and their attitude towards open source and their community edition users as well independent consultants that support deployment of pfSense. Indeed, I do think the OPNsense community is far more oriented towards the goals of an open source project than pfSense is.

So here is where I stand. For the moment I have almost 90% completed the standing up of my pfSense box on my refurbished HP T620 thin client. I need to do a few more things to it, then I can turn off all the services I use on OpenWRT and leave my APs to be just APs and leave network services (and routing) to be handled by pfSense . I want my APs to be just commodity hardware I can replace with little configuration or disruption to my network should I choose to do so in the future (granted, I'll select future routers that are just as easily able to run OpenWRT as my current Linksys routers, maybe even again Linksys routers too). At some point my N and AC routers will get upgraded to AX routers.

Once my pfSense box is fully stable I will download the latest OPNsense and install it into a VM on my ProxMox server and take a closer look at its capabilities. I do like the idea of more frequent updates and I need to see if it can provide me with the same basic functions I am now using within pfSense. I am open minded about OPNsense and if it can be a good choice for me, I will use it. One question that I am curious about is, how difficult is it to perform a transfer of configuration parameters from pfSense to OPNsense?

Thanks in advance.

Stuart
 

Vesalius

Active Member
Nov 25, 2019
215
155
43
All,

some history first...

I have been using Gargoyle as my router firmware for several years now until I wanted to use 802.11r/v/w/k and it does not really support that yet. So, I decided to move to OpenWRT (which I did) and was happy with the move except that I also decided to move most of my non WiFi network services onto a separate router (PXE booting, DHCP, DDNS, DNS, etc...), pfSense was the software I picked for that and I got an HP T620 to use as my platform for the pfSense install. So far, all is good.

The more I have read the more I feel a bit put off by Netgate and their attitude towards open source and their community edition users as well independent consultants that support deployment of pfSense. Indeed, I do think the OPNsense community is far more oriented towards the goals of an open source project than pfSense is.

So here is where I stand. For the moment I have almost 90% completed the standing up of my pfSense box on my refurbished HP T620 thin client. I need to do a few more things to it, then I can turn off all the services I use on OpenWRT and leave my APs to be just APs and leave network services (and routing) to be handled by pfSense . I want my APs to be just commodity hardware I can replace with little configuration or disruption to my network should I choose to do so in the future (granted, I'll select future routers that are just as easily able to run OpenWRT as my current Linksys routers, maybe even again Linksys routers too). At some point my N and AC routers will get upgraded to AX routers.

Once my pfSense box is fully stable I will download the latest OPNsense and install it into a VM on my ProxMox server and take a closer look at its capabilities. I do like the idea of more frequent updates and I need to see if it can provide me with the same basic functions I am now using within pfSense. I am open minded about OPNsense and if it can be a good choice for me, I will use it. One question that I am curious about is, how difficult is it to perform a transfer of configuration parameters from pfSense to OPNsense?

Thanks in advance.

Stuart
I don't think there is an automated way to do it. After the typical initial phase of figuring out the differences in the webgui, basic functionality was really easy for me to transition over to OPNsense and I was fully convinced and switched in a day or so of using it in a VM as you plan to do. functionally there are near equivalent for my use. Although I find I like adguard home more than pfblocker now that I am comfortable with it.

OPNsense is currently in the release candidate phase of 22.1 which will transition to FreeBSD 13.
 

stuartbh

New Member
Jan 3, 2022
5
0
1
Vesalius, et alia:

I do try to be an open minded person with respect to such matters and will surely take some time to look at what OPNsense can offer me. If the backup/restore capability of OPNsense is more or less the same as pfSense (with the ability to backup in unencrypted xml configuration by section), then I expect that importing my static DHCP leases and DDNS configuration will be a trivial matter.

I have heard that the menu system for OPNsense is much different, I do hope that OPNsense has retained a way to view the menu in the "pfSense look", so someone could transition over more easily. At any rate on Sunday I will try to install it into a VM so I can begin to evaluate it and see how it differs functionally. Again, I am already encouraged by the greater open source attitude of its progenitors for sure.

The odd thing is that the T620 I bare metal installed pfSense onto might easily be able to have ProxMox installed on it as it hardly uses any resources for pfSense and ProxMox needs little RAM (granted, adding 4GB or 8GB it is not very expensive or difficult). I could then run pfSense and OPNsense on it simultaneously whilst I migrated (if I choose to do that). It might also be handy for when I need to do OPNsense upgrades too.

Thanks for your thoughts too.

Stuart
 

Vesalius

Active Member
Nov 25, 2019
215
155
43
@stuartbh that is pretty much exactly what I did. It is really nice to always have a working backup of your firewall that can instantly be restored and working again. Or just to test other firewalls as you are now. I am about to setup a 22.1rc and make sure it works as anticipated with my setup as well as offer any feedback I can to the devs, while still running 21.7.7. I left my pfsense dormant on proxmox for most of a year after switching, just in case.