After over 10 years on pfSense, our consulting firm have transitioned to OPNsense. The drama throughout the years with pfSense and its owner is just too much. Thanks for the final nudge pfSense management. There are alternatives which they don't understand.
Perfect timing of this video. I was searching for this exact process with all the changes from Negate licensing. It would be nice to see some typical services setup: installation process on bare metal, DHCP reservations, DDNS, UPS, config backups, software updates.
I'm so happy I went with UDM Pro then SE after PFsense started having on CE version 2.5 on my custom hardware. Your channel made the transition from PFsense to UDM super easy, thank you.
I had a pfSense box for a while, an old i5 SFF PC, and decided pfSense was total overkill for me and so went to a UDM Pro which also allowed me to set up a camera system.
A series of OPNsense videos would be nice. On the Lawrence Systems forum, several people mentioned the lack of tutorials for OPNsense, so many of us would like to see them. (edit) I'm hedging bets with pfsense, going to set up an OPNsense system just so I'm prepared. Another video I'd like would be installation and configuration of e2guardian on OPNsense, it's not horrible on pfsense, but I've read there is no gui for the settings on OPNsense.
@@dabneyoffermein595 People keep telling me to calm down, pfsense CE will be fine... But I'm seeing that it no longer has feature parity, and I'm sure they are slowly working to remove the open code and replace it with closed code. People also keep telling me that OPN just isn't the same level, and part of that is they are not contributing as much code back to BSD so they are always behind, always waiting for a fix. All that said, I still haven't tested OPN yet, but it's on my (long) list of things to do. I did read about some of the sins of the past (pf), and see that same attitude in their recent news releases (go jump you freeloaders!), same thing that Redhat did and said about CentOS. I need to find time to learn OPN, really need to change my firewall at work this summer, big project considering e2guardian filters and Suricata tuning.
Would have been nice to have some more firewall rules through OPNSense. Grouping and blocking other networks from accessing the gateway. Great educational channel. 👌
Should do 2 follow-up videos, one with some firewall stuff and routing features built into OPNsense, and a second follow-up video with ZenArmor plugin that turns this into a layer 7 gateway like Unifi gateways are.
Hi Cody. With Bell and other providers pushing internet packages north of 1Gbps, I'm curious what you think about (or if you've tried) one of the Protectli 2.5Gbps NIC models and pairing that with say, Bell's 1.5Gbps plan? It seems like overkill, but I suspect they're going to keep sunsetting slower plans and forcing people into these crazy fast packages. I would want to try and take advantage of that on the custom firewall as much as possible. Thanks for the video.
Thanks for the video. Maybe you could make a video on how to correctly configure the unifi dream machine with the Opnsense firewall. opnsense would be like an additional filter to the unifi dream machine. Opnsense firewall rules are also
This seems to meet my needs. I don't use a lot of advanced features. I just need the VLAN's and the Firewall Rules. No sense paying $399 when this seems to do the job just as well.
Great video on how to setup OPNSense. But two things remain unclear to me: 1) Why? I assume there in an advantage to OPNSense over PFSense. What is it? 2) I see several people recommending Protectli hardware, and I see that it has better performance for the money. But isn't it a Chinese product? If so, isn't it risky to trust our whole security to hardware that could have been required to contain embedded spyware for the Chinese government?
Then you shouldn’t use any electronic devices/appliances. Most of the electronics whether it be the whole thing or parts of it is assembled or made in china.
I got a mini pc with 4x intel i226 rj45 ports that is almost perfect for my use case, I had plans to add a mellanox cx3 sfp card on it so I can have 10GB throughput in the router but this wont be straightforward. My current setup is a UDM-Pro, USW-Aggregation and a USW-Pro-Poe 24 and they are connected through a dac cables. Is there a way I can use the udm pro for just cameras and network management, use the USW-Pro for intervlan routing and the minipc running opnsense as the router just for internet?
the reason for usw-pro being intervlan router is because of the throughput, I have a homelab network with 3 other minipcs for a proxmox cluster with 2.5G ports , a network for my storage that has a dac cable to the usw-aggregation and the main network where I have other 2 pcs over a 10gb link with fiber. also the cameras on its own network. Although 2.5GG throughput to the opnsense might be sufficient I will see bottlenecks when my pc on main network tries to write something in the nvme volumes of my storage so ideally the traffic would stay within USW-Pro and only go to the opnsense for internet. Is that possible?
I actually managed to get the mellanox cx3 sfp card working and using sata ssd as the opnsense disk. I will run some tests and will probably use it as intervlan router as well but I would love to get the intervlan routing on the switch if this is possible and keep using udm-pro to manage the usw-pro switch, all the flex switches and APs
Lol i have 2 firewall boxes running opnsense and pfsense. I am trying to let them have the same functionality and i must say pfsense is the winner up to know. Basic functionality both score equally vlan lan etc etc. If you really want to make a difference then make a good video about adblocking, HAproxy and Acme licensing. That are the things that pfsense does better and there are more tutorials about that.
Thanx for great video i tried to this before and everything fine except the dhcp not work on VLAN. i thought it was because the lagg. i used lagg before fo lan. i decide to do as you did in video. i delete the lagg and put the lan on igc1 then i try to make the vlan from igc1 everything as you do in video. the DHCP not work. i googled this problem before, someone said must change the setting on interfaces-settings-VLAN Hardware Filtering to default or disable. And Disable hardware checksum offload check this option but same. the DHCP doesnt work on vlan. maybe you got an ideahow to fix this problem. or can you share your interfaces settings
Hi. It's not better to connect AP directly into opnsense box in one dedicated port ? (I'm thinking that all wireless connected devices to not cross through a switch and after that to an uplink between sw and opnsense box (back and fw) - it's a useless traffic from my opinion)
I've lost all respect for Netgate and had little to begin with, to not be overdramatically but they've been closed-source for a long time but still say they're open-source. I don't get why they would like to annihilate thousands of beta testers who have been active in their community for years.
no fee...both are free. boot env and AWS VPN config are really the only two major things you don't get in CE. most don't need/use any of the Plus features anyway, and are just being overly dramatic as usual any time netgate makes any changes.
Would love to see a full Opensense setup tutorial. Can't wait :)
After over 10 years on pfSense, our consulting firm have transitioned to OPNsense. The drama throughout the years with pfSense and its owner is just too much. Thanks for the final nudge pfSense management. There are alternatives which they don't understand.
Thanks for the tip. looks like transitioning off of it is over due
Good video and thanks for the mention! :)
No problem you’re the PFsense king had to mention you :)
Perfect timing of this video. I was searching for this exact process with all the changes from Negate licensing. It would be nice to see some typical services setup: installation process on bare metal, DHCP reservations, DDNS, UPS, config backups, software updates.
Great video. I would love to see you go more in depth with firewall configurations in a future video!
Yes great timing. Would love for you to go into more depth on firewall rules. Thanks for all the great videos.
cover rules please
Spot on video as per normal. Could you do a more in-depth one about opnsense firewall rules? I think that would be super helpful. Thanks again
Perfect timing too!!! Thanks for sharing this set up together with ubiquiti products
I really appreciated you making this video since what is currently going on. Thank you.
The Protecli box runs this SOOOO good ! Opnsense is nice !! Good video Cody !
whats better , a home EERO router/firewall (issued by my ISP) or a pfsense configuration for high protection home needs?
I'm so happy I went with UDM Pro then SE after PFsense started having on CE version 2.5 on my custom hardware. Your channel made the transition from PFsense to UDM super easy, thank you.
I had a pfSense box for a while, an old i5 SFF PC, and decided pfSense was total overkill for me and so went to a UDM Pro which also allowed me to set up a camera system.
A series of OPNsense videos would be nice. On the Lawrence Systems forum, several people mentioned the lack of tutorials for OPNsense, so many of us would like to see them. (edit) I'm hedging bets with pfsense, going to set up an OPNsense system just so I'm prepared. Another video I'd like would be installation and configuration of e2guardian on OPNsense, it's not horrible on pfsense, but I've read there is no gui for the settings on OPNsense.
Looks like pfsense is on its way out according to the description of this video (Lab-Version - in other words, the free version).
@@dabneyoffermein595 People keep telling me to calm down, pfsense CE will be fine... But I'm seeing that it no longer has feature parity, and I'm sure they are slowly working to remove the open code and replace it with closed code. People also keep telling me that OPN just isn't the same level, and part of that is they are not contributing as much code back to BSD so they are always behind, always waiting for a fix. All that said, I still haven't tested OPN yet, but it's on my (long) list of things to do. I did read about some of the sins of the past (pf), and see that same attitude in their recent news releases (go jump you freeloaders!), same thing that Redhat did and said about CentOS. I need to find time to learn OPN, really need to change my firewall at work this summer, big project considering e2guardian filters and Suricata tuning.
Thanks for this explainer video, Great video.
I would love to see you go more in depth with firewall configurations in a video!
Timely video. If you setup interfaces via the console most of this is very fast; from install to updated basic working wan/lan is a few minutes.
Letting you know... deeper into firewall rules please.
if you can also do a video covering truncing between opnSense and a Ubq switch, please.
I will loved show more rules for iot network. Thanks, great job.
Would have been nice to have some more firewall rules through OPNSense. Grouping and blocking other networks from accessing the gateway. Great educational channel. 👌
Defnitely would like to see a video on some more rules and setups, like VPN, ad blocking, and others. Great starting point though.
Thanks for all of your content. Please enable dark reader on browser presentations. Thank you.
But my old eyes won’t be able to see 😂
Great video, Cody! Thanks! Would love to see a video on WAN failover setup.
Thanks for this, I would liketo see more opnsense videos
Nice video, it would be nice if you could show mDNS with IoT stuff and default LAN interactions.
Would also love to see a full review/tutorial. Thank you!
Full opnsense tutorial would be a help for a nooby like me running a firewall box similar to protectli
Glad I stumbled across this. May switch to OPN from pf. Not sure yet. I’m not impacted by the plus debacle but love jumping on bandwagons.
Yeah, would love some more OPNsense videos
Going to stick with pfsense but I entend to move to CE and see what happens in 6 months, I'll re-asses then. Thanks for the video, much appreciated.
I have had loads of issues with opnsense running it in a 50 site environment as a datacentre firewall. Mainly around IPsec tunnels and updating.
please make video about firewall rule in opn sense. tahnk you.
Very nice, im sưitching now
Oh nice, make more videos with full configuration and addons for IDS & IPS like Suricata.
Should do 2 follow-up videos, one with some firewall stuff and routing features built into OPNsense, and a second follow-up video with ZenArmor plugin that turns this into a layer 7 gateway like Unifi gateways are.
Hi Cody. With Bell and other providers pushing internet packages north of 1Gbps, I'm curious what you think about (or if you've tried) one of the Protectli 2.5Gbps NIC models and pairing that with say, Bell's 1.5Gbps plan? It seems like overkill, but I suspect they're going to keep sunsetting slower plans and forcing people into these crazy fast packages. I would want to try and take advantage of that on the custom firewall as much as possible. Thanks for the video.
Great vid!
Will give OPNsense a try again.
Thanks for the video. Maybe you could make a video on how to correctly configure the unifi dream machine with the Opnsense firewall. opnsense would be like an additional filter to the unifi dream machine. Opnsense firewall rules are also
Thank you!!
This seems to meet my needs. I don't use a lot of advanced features. I just need the VLAN's and the Firewall Rules. No sense paying $399 when this seems to do the job just as well.
Great video on how to setup OPNSense. But two things remain unclear to me:
1) Why? I assume there in an advantage to OPNSense over PFSense. What is it?
2) I see several people recommending Protectli hardware, and I see that it has better performance for the money. But isn't it a Chinese product? If so, isn't it risky to trust our whole security to hardware that could have been required to contain embedded spyware for the Chinese government?
Then you shouldn’t use any electronic devices/appliances. Most of the electronics whether it be the whole thing or parts of it is assembled or made in china.
Because Netgate is making PfSense a license and charging people. OpnSense is a fork from PfSense so the features are nearly the same for free.
Me too would love to see a full Opensense setup tutorial.
Greetings from Portugal. :-)
Could you explain Firewall rules direction logic?:
1) in ?
2) out ?
Would like to see a detailed OpenVPN setup and test.
Would be good idea to do more content on firewall rules
Hi what should i buy today? pfsense or opnsense?
Hey Cody.. do you need a seperate firewall controller while using a UDM SE ?
Looks like I am reverting to pfSense CE and resume testing OPNsense as a solution for my customers.
Do you have the process of how you install OPNSense? And basic settings? Thanks.
More Videos about Opnsense Rules pls.
I got a mini pc with 4x intel i226 rj45 ports that is almost perfect for my use case, I had plans to add a mellanox cx3 sfp card on it so I can have 10GB throughput in the router but this wont be straightforward. My current setup is a UDM-Pro, USW-Aggregation and a USW-Pro-Poe 24 and they are connected through a dac cables. Is there a way I can use the udm pro for just cameras and network management, use the USW-Pro for intervlan routing and the minipc running opnsense as the router just for internet?
the reason for usw-pro being intervlan router is because of the throughput, I have a homelab network with 3 other minipcs for a proxmox cluster with 2.5G ports , a network for my storage that has a dac cable to the usw-aggregation and the main network where I have other 2 pcs over a 10gb link with fiber. also the cameras on its own network. Although 2.5GG throughput to the opnsense might be sufficient I will see bottlenecks when my pc on main network tries to write something in the nvme volumes of my storage so ideally the traffic would stay within USW-Pro and only go to the opnsense for internet. Is that possible?
I actually managed to get the mellanox cx3 sfp card working and using sata ssd as the opnsense disk. I will run some tests and will probably use it as intervlan router as well but I would love to get the intervlan routing on the switch if this is possible and keep using udm-pro to manage the usw-pro switch, all the flex switches and APs
Can you cover setting up a managenent vlan with suitable rules please
Lol i have 2 firewall boxes running opnsense and pfsense. I am trying to let them have the same functionality and i must say pfsense is the winner up to know. Basic functionality both score equally vlan lan etc etc. If you really want to make a difference then make a good video about adblocking, HAproxy and Acme licensing. That are the things that pfsense does better and there are more tutorials about that.
You must have had added some static routes on your primary router to your new vlan 11&12 subnets .
You didn’t NAT your source traffic vlan 11 &12
Had no static routes
The config has a similar appearance to Fortinet.
I would like to see Port forwarding on IP camera vlan.
Thanx for great video
i tried to this before and everything fine except the dhcp not work on VLAN. i thought it was because the lagg.
i used lagg before fo lan.
i decide to do as you did in video.
i delete the lagg and put the lan on igc1
then i try to make the vlan from igc1
everything as you do in video.
the DHCP not work. i googled this problem before, someone said must change the setting on interfaces-settings-VLAN Hardware Filtering to default or disable. And Disable hardware checksum offload check this option
but same. the DHCP doesnt work on vlan.
maybe you got an ideahow to fix this problem.
or can you share your interfaces settings
Hi. It's not better to connect AP directly into opnsense box in one dedicated port ? (I'm thinking that all wireless connected devices to not cross through a switch and after that to an uplink between sw and opnsense box (back and fw) - it's a useless traffic from my opinion)
It could be but the issues is you need to power the AP some how. You could always use a power injector
How to configure Traffic Shaping ?
Greetings from Poland.
will opensense install and work on a cisco firewall asa 5520
not sure never tried
Im missing a 16 Port pro Switch but I don’t think it will come
more from opnsense!!
I've lost all respect for Netgate and had little to begin with, to not be overdramatically but they've been closed-source for a long time but still say they're open-source.
I don't get why they would like to annihilate thousands of beta testers who have been active in their community for years.
Im sick of Pfsense..
no fee...both are free. boot env and AWS VPN config are really the only two major things you don't get in CE. most don't need/use any of the Plus features anyway, and are just being overly dramatic as usual any time netgate makes any changes.
Would also love to see a full Opensense setup tutorial. Can't wait :)