On 2023-09-07 12:21, James Knott via talk wrote:
On 2023-09-07 11:33, Val Kulkov via talk wrote:
On Thu, 7 Sept 2023 at 11:06, James Knott via talk <talk@gtalug.org> wrote:
A friend of mine is moving to pfSense or OPNsense, from OpenWRT.
I am curious what OpenWRT didn't provide that pfSense or OPNsense do provide.
Quite a lot. pfSense (OPNsense is a fork of pfSense) is closer to the "real" routers from companies like Cisco. For example, it supports routing protocols such as OSPF & BGP, which you are not likely to find in consumer grade routers. On my own network, I have 4 Ethernet ports on my router, with one connected to my WAN. One is my main LAN, which also has a VLAN for my guest WiFi. I also have a test LAN and another connected to my Cisco router. I run IPv4 & IPv6 and can also use OpenVPN for remote access. I have a DNS resolver, which goes directly to the root DNS servers, an NTP server, connected to 3 stratum 1 servers and 3 stratum 2 servers. It provides stratum 2 to my LAN. It can do a lot of other things that I haven't even bothered with. I have a separate access point for WiFi.
There's really no comparison. Being closer to Cisco is not an advantage in my books.
OpenWRT is a Debian based distribution that has been tuned to run in a small footprint that usually comes with consumer appliances but it is by no means limited to just that form factor. Out of the box OpenWRT is quite basic but there are something like 9000 software packages available to be installed. These include things like Quagga(BGP/OSPF et al), Openvpn, Wireguard, IPSEC, Vlans and oddre things like VOIP packages and docker. In general if you can find it in a mainstream linux distro you will find it in OpenWRT. The GUI is ok but I have not seen many firewalls with good UI's As pointed out the minimum server size has grown over the years and the latest versions will not run on my 10 year old d-link vpn firewall appliance but I doubt that OPNsense would either. There are lots of reasons to not like OpenWRT, as is true of just about any router OS, but lack of core functionality is not really one of them. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||