Why I am Not Using OPNSense

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

it is June of 2024 and the video title is why I'm not using open sense the video title is not titled why you shouldn't use open sense that's not what this is about I don't tell people what to do I generally make a lot of tutorials or Give opinions on software and I always have lots of links over in my Forum where all the details of why I use pfSense over open sense are going to be listed and I'll be going over them they're linked down below the reason I even bother creating a video titled this is to just reply to the number of people that kind of are Evangel izing open sense and this is a problem I see throughout the tech industry that is a little weird to me the Linux Sy shows are an easy example of this where people have lots of back and forth they go and opinions of who should run what software and like making sure that you are absolutely aware of what software they're running and why you're bad for not running it and this back and forth continues on even to which editors people use which creates its own level of debate and if you use an editor that another person doesn't apparently they have to comment on everywhere that you've posted that you should be using the one that they like the best and frequently these posts are lacking in any depth other than you should use what I use and I'm going to back all these claims up of why I use pfSense over open sense and I'll have all the links of course so you can look through those and make your own decision you can look at those links and read them differently than me and have a different opinion and I'm fine with that I don't dislike anyone who uses open sense if you want to use it in your lab awesome go ahead you want to use it at home you want to use it for your business knock yourself out I'm not here to tell you you're bad I certainly don't go around commenting on anyone who says well I use open sense and tell them they shouldn't I just tell people I use pfSense and here's why and you can make decisions for yourself so let's get started and dive into this forum [Music] post now in case anyone's new to the channel or don't know what I do YouTube is a outlet for all the different projects I work on not just in my lab or Studio but also Outlet for projects that we actually do professionally at cnwr cnwr is where we do manage service provider support so we support many small businesses many of those small businesses have pfSense firewalls we also do a lot of IT consulting so my perspectives come from Real World use case of pfSense which we've been using for a number of years and that technical expertise is then offered up on YouTube so it's a lot more than just basic testing this is a lot of Enterprise level deployments we've done a lot of Consulting when I say we I don't just mean me we have an entire team of employees and many of them are trained as Network engineers and pfSense is among the things they know it's not exclusively the firewall we use but is certainly a popular one amongst that list now because we have these deployed clients keeping firewalls patched is part of the patching overall that we have to maintain at clients for security and despite open sense having a more frequent update cycle they are slower to get out security fixes this is where there's always some confusion where hey isn't there a lot of package updates for open sense more so than pfSense yes aren't they on any more fre frequent update cycle yes but it's what they update that really matters I got a few examples from 2023 that led into 2024 they're all linked here if you want to look at see the dwell time for getting some of these done now one of the things that I want to talk about too and that's me saying that open sense relies on netgate for features and fixes and yes that is something that apparently causes a lot of confusion to people now while I recognize from an interface standpoint their codebase has drifted apart since the fork for clarification when I say that it's because negate contributes lot back to Upstream BSD neate is funded by selling Hardware that comes with pfSense Plus or selling licenses for pfSense plus this is similar to open sense that sells hardware and business license so they actually both have a very similar business model but where the difference is from that income negate staff's numerous developers whose job at neate is to contribute code to free BSD and continue creating builds of pfSense c as free and more important than just the percentage of the code that is committed is what code they commit which of course is lots of enhancements that benefit firewall related features and performance this is really important because netgate is one of the top contributors to the FreeBSD Foundation sponsored commits I don't want to sound like they're just sponsoring and throwing money at BSD let's get a little more specific here putting developers on the staff that are paid to contribute code to free BSD they don't have to do that they care about open source so they do that by contributing to FreeBSD they can then build things Downstream such as pfSense and by the fact that it's in FreeBSD means open sense benefits from it as well the extra features that we get so these are the sponsored commits from the FreeBSD Foundation I've got the sources listed here so you can read through them yourself and uh dive into it this is actually a whole long video from the recent uh developer Summit so if you want to dive deep into FreeBSD and Ne being part of that go ahead feel free to watch that video uh the source of this one's at the hour 13 Mark it's a pretty long video now to get to a little bit more detailed for those of you that go where's this proof Tom can you show me that and that's actually pretty easy we're just going to use a GitHub search over here and look at the code base that builds open sense and you can see all the Rubicon Communications LLC negate sponsored commits for the code that they pull in this is all kinds of stuff like the cryptodev code here the AES etc etc these are all the upstreamed into BSD that get pulled back down when I say that they rely on them they rely on netgate being a big contributor to firewall related features and of course open sense being a firewall they rely on these features and the functions that come down that are contributed to BSD and of course this is what leads to the better performance you get out of War guard and this is not a cherry-picked post over in the negate forums this is a discussion over in the open sense forums about the firewall specifically wire guard code being so much faster on the pfSense version versus the version that you find in open sense and they're pulling from the same code yes the code that netgate wrote to bring wire guard to BSD is the same code they're using it's just not implemented in the same efficient manner and there's a lot of little Nuance in there that matters quite a bit because well if you didn't write the code even though it's available to you how you integrated to your product will make a pretty big difference in there and that goes true as the FreeBSD Foundation celebrated the fact that Kristoff Provost I hope I got his name proper here uh wrote this code that is the openvpn dco that's awesome Chris provos works for negate and wrote this code and put it in BSD they didn't just write the code and stick in pfSense they put it in BSD so everyone can benefit from it which also 2 years later open sense is now going to be benefit at putting it in a new release they have coming up they're going to integrate the openvpn dco now there's a lot of little nuance and I grabbed one example here of like the IP tunnel with dual W failover once again this is a feature that's in pf sense that isn't in open sense and it's not something home users would probably ever run into but it matters if you have dual ws and you have an IP SE tunnel you need failover setup uh this is not a feature available that's why this forum post appears to be completely unanswered inside the open sense forums because it's just not something that is supported currently in open sense but you can do this in pf sense now the last couple notes I have here are about PF sense moving to FreeBSD main now they did this they have a whole blog post on it and essentially they're skipping right to FreeBSD main because this creates less technical debt when they're doing the commits they don't have to backport them to previous versions of course this means for open sense if they're on the previous version they have to wait for backports to be implemented to get those latest features so it's worth noting that there's some developmental differences here from the base of BSD that they're pulling from now those are my reasons for not using open sense but they don't have to be yours this video is titled why I'm not using it not why you shouldn't use it but go ahead and breath through those links make your own decisions for yourself matter of fact while you're there join my forums forums. laen systems.com to have a more in-depth discussion about this and other topics like And subscribe to see more content from the channel head over to lawren systems.com to connect with me on whatever socials I'm available on there all right and thanks [Music]

Info

Channel: Lawrence Systems

Views: 72,559

Rating: undefined out of 5

Keywords: LawrenceSystems, pfsense, opnsense vs pfsense, opnsense, open source, firewall, open source firewalls

Id: oqxCEuj7wcw

Channel Id: undefined

Length: 8min 26sec (506 seconds)

Published: Sun Jun 02 2024