

OPNsense - Open source FreeBSD based firewall and routing platform - fcambus
http://opnsense.org

======
marios
Most of the features described come from the fact that FreeBSD ships with
OpenBSD's PF (among others). Why would you build it pick FreeBSD considering
their PF version is _very_ outdated ?

I think going with an OpenBSD base would make more sense for a 'routing
platform' as OpenBSD ships with various routing daemons and other network
daemons that fit the description better (isakmpd/iked for IPsec with
IKE/IKEv2, npppd for L2TP based tunnels ...). Obviously, you can install and
use OpenVPN, pretty much any DNS implementation of your choosing to provide
additional features. You also get a bunch of security features to mitigate
attacks.[1] Most of them are enabled by default too, contrary to FreeBSD
[2](though I have not checked if OPNsense enables them -- it makes sense to
enable them, even more so on the network gateway)

AFAIK, FreeBSD has better MP support than OpenBSD (though that is a work in
progress), and more actively developed wireless stack. Are there any other
motivations for using FreeBSD ?

[1]
[http://www.openbsd.org/papers/ru13-deraadt/](http://www.openbsd.org/papers/ru13-deraadt/)

[2] [http://networkfilter.blogspot.fr/2014/12/security-openbsd-
vs...](http://networkfilter.blogspot.fr/2014/12/security-openbsd-vs-
freebsd.html)

~~~
feld
FreeBSD pf might be outdated, but it's not insecure and it has been improved
with SMP. I don't want to argue over benchmarks but some say OpenBSD is
faster, others say that's only true on old hardware, etc etc.

A lot of those in [1] are coming to FreeBSD via the HardenedBSD project. But
honestly performance, ports, support for higher end NICs, etc are probably the
reason. I've heard from several that the network stack in FreeBSD in general
scales better. I guess it depends on who your audience is.

It sounds like you'd personally be more interested in Esdenera

[https://www.esdenera.com](https://www.esdenera.com)

------
feld
They've beaten pfSense to a release on FreeBSD 10, have modernized the web
interface (still PHP though), and will hopefully work on tightening up
security while simultaneously cooperating better with their upstream BSDs.

I wish them the best.

~~~
gonzo
I, too, wish them the best.

But pfSense 2.2 is clearly based on FreeBSD 10.1.

------
feld
test? last post didn't work

------
feld
test comment

