pfSense+ vs opnSense – Is it a competition?

I was recently caught out by the whole pfSense+ is going to be chargeable going forwards scandal that I’m sure many other pfSense users have been, I’ve kerbed my outrage, it’s not life ending, I moved from CE to Plus only a month before this happened and to be honest, apart from the inconvenience of reinstalling to move back – I can live with it howevere there is a similar alternative, a fork of the pfSense build. OPNsense.
Link to said announcement.

What a nightmare that’s been!!
I had it in my mind to swap the SSD my Dell R210 was running on anyway so whipped out the old Crucial and popped in a new one, installed OPN sense and that’s where the problems all started! Huge memory spikes (filling the 8GB hardware and 8GB swap), the firewall then proceeded to drop some services due to the memory being so high, CPU spiking to 60% plus randomly for periods. VLANs not working and I use a LAGG setup for my downlinks to LAN (I can so I do) also not coming up when needed meaning I had a situation where I managed to lock myself out due to the LAGG not coming up, a reset to factory and then start config again. Just a general nightmare.

Sat contemplating my poor life decisions, I remebered I swapped out the SSD in full, what had taken me the best part of 2 and a half hours, was reverted in a shutdown, SSD swap and power up (30 seconds max) to resume normality. Yes I have a CE reinstall to do and it does bug me I never get 1Gb any more only 850Mb (first world problem) but I am going to concentrate now on moving the interfaces to the built in ethernet and swap out the PCiE card for something 10Gb flavour.

I have read so much up on moving pf to opn and I was super excited to do so but pf for me is currently still where it’s at.

Binned UniFi!

More like sold them all but I’m no longer running the UAP-AC-Pro’s. As far as performance went, they worked fine, I had 3 in total, 1 in the loft space for the main house, 1 in the mancave and 1 out at the MIL’s who is on a UBNT wireless bridge for some free and easy coverage. I can’t really fault the UAP’s, the coverage was good and speeds were always plenty for what I needed.

Why Then?
I’ve fairly recently extended my house and needed to add another AP. For my work I use the very versatile Zyxel Nebula range and it just made sense to “hop” brand and move over. The Zyxel kit comapritively is slightly cheaper and I made the step over onto ax hardware being as I’ve gone Gig at home now as well.

Step in the Zyxel NWA50AX – The main reasons for using this AP are, primarily I work with this kit every day so why wouldn’t you? It’s WiFi6 capable so as devices are swapped out I can eek more performance out of the WiFi, they don’t require me to maintain a controller, Zyxel do all of this for you, the cost point on these is brilliant. I picked up 4 AP’s at a cost of £69 each and overall I have more coverage of the house and far better throughputs and finally the performance, my thorughput is noticabely higher now than it was running the old setup. This is likely in part due to now having 2 AP’s serviing the house rather than 1 but overall I’m very happy!

You can read a bit more about them here

Useful Shortcuts!

One of the only saving graces of Windows for me are the 2 following keyboard shortcuts. Both I use daily and quite heavily at that.

  1. Windows+Shift+S – Screenshot cutting tool that lets you select an area of your screen and copies it to your clipboard or you can click the pop out to mark it up.
  2. Ctrl+Shift+V – Paste without format, I do a lot of moving text about and this helps me no end. I thank the person who showed me this at least once a day.

pfSense – A move to an easier life?

Even up to having the FTTP installed I was a MikroTik router through and through kidn of guy however running my CHR in the way I did meant some trade offs were made and my day to day work life forking further away from Mikrotik based or even theorised usage meant that my mind went that way for my home network as well. I did the unthinkable.

I’ve repurposed my DellR210ii which has been rebuilt with a Xeon E3-1220 v2, 8GB of RAM and an SSD. I also added in some Noctua fans to keep the noise down below a whisper as the rebuild meant it won’t be working hard as the whole install is now “bare metal” rather than the complexitiy of being virtualised.

Has it made a huge difference to my life? No. I still have a working router/firewall however it is now a decent GUI rather than an app that had to be levered onto my laptop (I’m also now a Mac boi) and to be honest the OpenVPN implementation has been a breeze to get working as has all of the firewalling and NAt rules as well as pushing on with trying to squeeze more from the LAN itself (10Gb backbone and tolerance).

I’ve gone for pfSense+ as it’s my home firewall and I qualify as such for the + usage FOC (for now) and I’m pretty happy with it. Time will tell but currently I don’t see me folding back to ESXi with a CHR running on top.