Maverick009
Senior Member
It has been awhile since I have discussed my network or tribulations with using Opnsense over Pfsense. Fast forward almost 2yrs since I switched to Opnsense, and I am now back on Pfsense for the first time since using Opnsense as my main backbone to my network. I want to start by saying this move was not due to any security issues, and for the most part not completely due to stability issues. It all came down to some network incompatibilities, removed, or partially updated add-ons. Let me just add that Opnsense is not bad, but as I mentioned in my previous post, I thought it would be better for the long run due to the updates, and part of why I picked them, as security was a non-issue for either platform. However rapid updates, is not always a good option. In fact Opnsense is in a flux right now, as changes are being made to prepare it to go to FreeBSD 13 moving away from HardenBSD. That puts the core OS features on the same level, as Pfsense is already using FreeBSD 12 as of this writing. The updates including the minor updates in between OpnSense 20.7, to 21.7 have had too many reworkings and slight changes preparing them to jump to FreeBSD 13 with the 22.1 Update coming in January. Even the security update minor updates were making some changes in preparation. The problem with that in a production run, is it can cause havoc with certain features/settings that I already had set. I also noticed the drivers for the network interface I had with Realtek chipset for my dual 2.5G NIC were a little problematic. Last but not lease, was the LAGG features in Opnsense seemed broke (This was also an issue in PfSense before release 2.5). Last but not least, is Opnsense seemed to have a harder learning curve for similar setup such as the Traffic Shaper, and documentation was not great. This all added to my frustrations and if the network should go down, it was a pain to sometimes trouble shoot.
Now I do use this network in my home, so it is not powering a business or anything that critical, but it is still the backbone for my network, and now even more so than it was when I first deployed it. I have since added some smart home features, such as smart light bulbs, Google Assistant and NEST Assistant and went more into a cable cutting experience, with internet only through Comcast, and Hulu no adds Live TV/Disney+/ESPN+ bundle (A few channels like Fox offer no streaming app options only, and could not make the kids fully suffer), HBO Max (free with my AT&T wireless plan), Paramount+, Funimation Now, Crunchyroll, and Netflix. That also saves me about $40-60 over just a Comcast Triple play plus all the streaming services and TV through Hulu. I also have 3 managed subnets now.
Here is my findings. Installed and using Pfsense 2.5.2 (still powered by an Intel Q6600 2.4Ghz Quad-Core CPU with 4GB DDR3 Memory, Quad 1Gb Intel I350-T4 Ethernet card, Dual Realtek 2.5Gb NIC, and onboard Realtek 1Gb port at the moment), and I have my Netgear CM1200 cable modem connected to the Pfsense router with a LAGG connection using 2 1Gb ports on the Intel I350-T4 card. I currently using a 1Gb port from the same I350 card to power subnet 1 and plugged into a 24 port TP-Link Smart Managed switch, handling all the current wired devices plugged in. I have not currently turned on LAGG to feed the last empty port on the I350 card to the switch to give 2Gb of total bandwidth. If I need it, I may do that in the future. A few of wired devices on that subnet include an HP Envy AIO printer, my Ubuntu Laptop Server, and NAS/Gaming Windows 2019 Server. I also have an Asus RT-3100 Router plugged wired into one of the ports on the switch with 100ft Cat7 cable, as I am using it to serve up my Living room entertainment center devices by a wired connection and the ASUS Router, currently acts as a switch. I have subnet 2 going from 1 port on my 2.5G Realtek card to the 2.5G port on my Asus GT-AX11000 wireless router, which is running in Access Point Mode, but now getting a full 2.5G up and down from one port vs. previously having 2 1G ports used in bonding. Simplified connection and more bandwidth at the same time. All wireless devices also are separated on a different subnet as well, making a better case for security. I further have mainly all IOT devices using the 2.4Ghz Band, while media based devices use 5Ghz Band 1, and all laptops and other performance devices, use 5Ghz Band2. Last but not least, subnet 3 currently goes from the other 2.5G port on the Realtek card and directly plugs into my 10G port on my main custom multimedia and gaming PC. Everything is setup the way I want and with the network on 3 different subnets, it can make upgrades, and servicing a little easier too, on top of the security improvements of segregating the network.
My biggest goal after re-evaluating everything, was to have stability, and spend less time fixing network errors or degradation due to LAGG errors. With Pfsense 2.5.2, I can say that with LAGG enabled for the cable modem, I am able to enjoy the full 1200Mbps (1.2Gb) speed my internet plan gives me at the level I am paying for. Best of all, there has been 0 errors. I repeat 0 errors (There was 5 during my turning on the feature but that was expected. Zero errors since completing the setup). Before, in LAGG, I was getting errors, and if I saturated the network, the errors would increase. Seems like Pfsense fixed the broken LAGG issues and adds a plus as that was a feature I was heavily interested in for several reasons, with one being my current cable modem did not have a single 2.5G port and needed LAGG, to get the full bandwidth from it. The firewall rules are much similar to setup and with Pfsense, you can find well documented help, and feature explanations. You also have wizards for some features like the Traffic Shaper (QOS), making the approach and usage easy even for a novice, but also can help even well experienced veterans. I do not plan on going back to Opnsense as a full router system at any point, unless there is something compelling me enough to make the leap, or Pfsense makes a drastic change. This did turn out to be a long usage case scenario with Opnsense, and all sounds good in the short term, but long term, plus the issues with updates and features rapidly being deprecated or changed enough, was causing havoc. Now that I have had enough time, I can say I tried, but ended up having to go back to Pfsense. I do not want this to feel negative, but for some it will feel that way, but for others I hope it is a teaching instrament for educating about issues you can face with more saphisticated networks, but also shed light on the 2 similar but varying firewall router software packages. If you never used either, than it may be an easier jump, but if you are also looking for ease of managing and setup, Pfsense will be the better option. If you used Opnsense and have managed it well, than that is good as well. For me I could figure out most of the features I wanted to use, but the speed of updates and changes, to switch the core OS platform, was too much for me, plus the fact of small quirks such as LAGG not always working correctly. One last thing to note which can be minor/major is I also saw Pfsense 2.5.2 may be slightly more optimized as the CPU is running cooler, and I am actually even running more tasks on Pfsense than I was with Opnsense, including 3 subnets, plus the Cable modem in LAGG, just to name a few. It is about a 5-9 degrees cooler.
I may try and give a end of year/beginning of the New Year update, but this time, it seems like everything so far is working perfect (9 Days up so far).
Now I do use this network in my home, so it is not powering a business or anything that critical, but it is still the backbone for my network, and now even more so than it was when I first deployed it. I have since added some smart home features, such as smart light bulbs, Google Assistant and NEST Assistant and went more into a cable cutting experience, with internet only through Comcast, and Hulu no adds Live TV/Disney+/ESPN+ bundle (A few channels like Fox offer no streaming app options only, and could not make the kids fully suffer), HBO Max (free with my AT&T wireless plan), Paramount+, Funimation Now, Crunchyroll, and Netflix. That also saves me about $40-60 over just a Comcast Triple play plus all the streaming services and TV through Hulu. I also have 3 managed subnets now.
Here is my findings. Installed and using Pfsense 2.5.2 (still powered by an Intel Q6600 2.4Ghz Quad-Core CPU with 4GB DDR3 Memory, Quad 1Gb Intel I350-T4 Ethernet card, Dual Realtek 2.5Gb NIC, and onboard Realtek 1Gb port at the moment), and I have my Netgear CM1200 cable modem connected to the Pfsense router with a LAGG connection using 2 1Gb ports on the Intel I350-T4 card. I currently using a 1Gb port from the same I350 card to power subnet 1 and plugged into a 24 port TP-Link Smart Managed switch, handling all the current wired devices plugged in. I have not currently turned on LAGG to feed the last empty port on the I350 card to the switch to give 2Gb of total bandwidth. If I need it, I may do that in the future. A few of wired devices on that subnet include an HP Envy AIO printer, my Ubuntu Laptop Server, and NAS/Gaming Windows 2019 Server. I also have an Asus RT-3100 Router plugged wired into one of the ports on the switch with 100ft Cat7 cable, as I am using it to serve up my Living room entertainment center devices by a wired connection and the ASUS Router, currently acts as a switch. I have subnet 2 going from 1 port on my 2.5G Realtek card to the 2.5G port on my Asus GT-AX11000 wireless router, which is running in Access Point Mode, but now getting a full 2.5G up and down from one port vs. previously having 2 1G ports used in bonding. Simplified connection and more bandwidth at the same time. All wireless devices also are separated on a different subnet as well, making a better case for security. I further have mainly all IOT devices using the 2.4Ghz Band, while media based devices use 5Ghz Band 1, and all laptops and other performance devices, use 5Ghz Band2. Last but not least, subnet 3 currently goes from the other 2.5G port on the Realtek card and directly plugs into my 10G port on my main custom multimedia and gaming PC. Everything is setup the way I want and with the network on 3 different subnets, it can make upgrades, and servicing a little easier too, on top of the security improvements of segregating the network.
My biggest goal after re-evaluating everything, was to have stability, and spend less time fixing network errors or degradation due to LAGG errors. With Pfsense 2.5.2, I can say that with LAGG enabled for the cable modem, I am able to enjoy the full 1200Mbps (1.2Gb) speed my internet plan gives me at the level I am paying for. Best of all, there has been 0 errors. I repeat 0 errors (There was 5 during my turning on the feature but that was expected. Zero errors since completing the setup). Before, in LAGG, I was getting errors, and if I saturated the network, the errors would increase. Seems like Pfsense fixed the broken LAGG issues and adds a plus as that was a feature I was heavily interested in for several reasons, with one being my current cable modem did not have a single 2.5G port and needed LAGG, to get the full bandwidth from it. The firewall rules are much similar to setup and with Pfsense, you can find well documented help, and feature explanations. You also have wizards for some features like the Traffic Shaper (QOS), making the approach and usage easy even for a novice, but also can help even well experienced veterans. I do not plan on going back to Opnsense as a full router system at any point, unless there is something compelling me enough to make the leap, or Pfsense makes a drastic change. This did turn out to be a long usage case scenario with Opnsense, and all sounds good in the short term, but long term, plus the issues with updates and features rapidly being deprecated or changed enough, was causing havoc. Now that I have had enough time, I can say I tried, but ended up having to go back to Pfsense. I do not want this to feel negative, but for some it will feel that way, but for others I hope it is a teaching instrament for educating about issues you can face with more saphisticated networks, but also shed light on the 2 similar but varying firewall router software packages. If you never used either, than it may be an easier jump, but if you are also looking for ease of managing and setup, Pfsense will be the better option. If you used Opnsense and have managed it well, than that is good as well. For me I could figure out most of the features I wanted to use, but the speed of updates and changes, to switch the core OS platform, was too much for me, plus the fact of small quirks such as LAGG not always working correctly. One last thing to note which can be minor/major is I also saw Pfsense 2.5.2 may be slightly more optimized as the CPU is running cooler, and I am actually even running more tasks on Pfsense than I was with Opnsense, including 3 subnets, plus the Cable modem in LAGG, just to name a few. It is about a 5-9 degrees cooler.
I may try and give a end of year/beginning of the New Year update, but this time, it seems like everything so far is working perfect (9 Days up so far).
