10
Apr
2018

OPNsense/pfSense: What it brings to the table

I’ve just finished my 2018 router and am enjoying the experience so far. I’ve been wondering… what does it give me over a standard ISP-issued router, and what am I sacrificing? Well – I thought I’d list a few things I have come to appreciate over the last little while…

20180330_171401

I am running OPNsense – and so far it has been great. As for a routing platform it seems quite similar to pfSense – though I do prefer the look of the OPNsense UI (subjectively, mind). But this post isn’t about the software running – it’s about why I did this project at all. I mean, I could have just used the standard router the ISP issued me – and that was working very well before this project.

The first reason: fun! There’s something about setting up your own stuff to work the way you want it to – having ultimate control over everything to the point where you mess everything up and spend hours and hours troubleshooting. That, for me at least, is fun! It’s why I like Linux, it’s why I build my own PCs, its why I built my network from scratch. I believe it’s fine to break stuff by fiddling, as long as you can work out how to put it right again and learning along the way!

The second reason: security. OPNsense is updated on a regular basis with bug fixes and security patches:

alltheupdates.png

I bet there isn’t a single router anywhere on the planet that gets updated 4-5 times a month! You even get a full description of what goes into each update, rather than a generic “security fixes” reason that you would get from the likes of, for instance, Netgear.

The third reason: configuration. There are lots and lots of settings in this thing… many of which I don’t know what they do. That adds to the fun aspect of reason #1, but also gives you the ability to fine tune how you want things to behave. There is a very steep learning curve, and it took me a good while to figure out how to forward ports even! It gives you a level of control you won’t get from any off-the-shelf router.

The fourth reason: privacy. This seems to be getting more and more important as time goes on, and VPN’s are becoming more and more ubiquitous. You can use this to tunnel everything on your network through a VPN provider transparently, or only certain parts of your network. One big privacy-centred feature for me is being able to use DNS-over-TLS – where DNS requests that are typically unencrypted become unreadable by, for instance, your ISP or government. Future privacy-related content to come soon!

The fifth reason: reliability. I’ve had this setup running for over two months and not once have I had a problem with connectivity (except for ones I caused!). I’ve had many different routers in the past from ISPs and third-party companies in the past – not one hasn’t required me to reboot it every-so-often. Virgin Media routers especially are notorious for being unstable (in my own experience). Instead of having one box with a combined router, switch and WiFi access point, I have separated everything.

20180331_015340(0)

This separation means that if one bit stops working (often the WiFi bit, for instance) then that part can be rebooted without affecting other parts of the network.

Those are the top five reasons I did this – and the reward is so worth the effort and headache. Let’s go through what disadvantages I can think of:

  • Cost. The ISP-router was free. All in, this cost me just shy of £200 (though I did have a fair few bits lying around that I could use).
  • Power consumption (more detail here). It’s low – but not as low as a normal router.
  • Not being something that “just works”. This took a lot of setting up, and didn’t “Just work” for me.
  • The steep learning curve. I’m not a newbie when it comes to networking, and even for me this was a challenge. If you’re new to networks and all you’ve ever done is forward a port through a Belkin router, then this is not for you (unless you like a challenge and want to learn something – then it is definitely for you).

Would I do this again? Absolutely. I don’t think I’ll need to for a long while – this thing is so overkill its hilarious. I’ve yet to properly benchmark it but just based on the CPU and RAM usage – it’s barely even lifting a finger.

To conclude – I am very happy with this router. It’s far exceeded my expectations with what it is capable of, and I am slowly learning about what it can do. It feels like I discover something new each time I go into the admin panel and poke around – there’s a reason there are courses people go on to learn all this stuff. I mentioned before there will be future content on stuff it can do – so stay tuned!

The 2016 NAS: two years in!
IPv6 bogons - OPNsense errors?

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.