Why I am Not Using OPNSense
Summary of "Why I Am Not Using OPNSense" Video Transcript
Short Summary:
This video discusses the speaker's reasons for not using OPNSense as a firewall, despite its open-source nature. The main arguments revolve around OPNSense's reliance on Netgate for features and security updates, leading to slower patch releases compared to pfSense. The speaker highlights that Netgate contributes significantly to FreeBSD development, benefiting both pfSense and OPNSense, but ultimately believes pfSense offers a more reliable and efficient platform due to its direct involvement in FreeBSD development. The video emphasizes the importance of researching and making informed decisions based on individual needs and preferences, rather than blindly following trends or opinions.
Detailed Summary:
Section 1: Introduction and Context (0:00-1:50)
- The speaker clarifies that the video is not about telling people what to use, but rather sharing his personal experience and reasons for choosing pfSense over OPNSense.
- He acknowledges the common debate surrounding open-source software and the tendency for users to advocate for their preferred choices, sometimes overlooking the merits of alternatives.
- He emphasizes that his preference for pfSense stems from his professional experience in managing firewalls for businesses, providing a real-world perspective.
Section 2: Security Patching and Updates (1:50-3:19)
- The speaker argues that while OPNSense has more frequent update cycles than pfSense, it's slower in releasing security patches.
- He provides examples from 2023-2024, linking to specific instances where OPNSense lagged behind in addressing vulnerabilities.
- He emphasizes that the timing of security updates is crucial, and OPNSense's reliance on Netgate for these updates can be a disadvantage.
Section 3: FreeBSD Development and Netgate's Contribution (3:19-5:34)
- The speaker explains that OPNSense relies on Netgate for features and bug fixes, as both platforms are built on the FreeBSD operating system.
- He highlights that Netgate contributes significantly to FreeBSD development, funding developers and contributing code, which benefits both pfSense and OPNSense.
- He emphasizes that pfSense's direct involvement in FreeBSD development gives it an advantage in terms of access to the latest features and bug fixes.
Section 4: Performance Differences and Real-World Examples (5:34-7:12)
- The speaker cites examples of performance differences between pfSense and OPNSense, particularly in areas like WireGuard performance and IPsec tunnel setup.
- He argues that pfSense's direct involvement in FreeBSD development allows for better integration and optimization of features, leading to superior performance.
- He highlights a specific example of a feature (IPsec tunnel with dual W failover) available in pfSense but not yet implemented in OPNSense.
Section 5: Conclusion and Call to Action (7:12-End)
- The speaker reiterates that his preference for pfSense is based on his professional experience and the specific needs of his clients.
- He encourages viewers to research and make informed decisions based on their own requirements, rather than blindly following opinions.
- He invites viewers to engage in further discussions on his forum and social media channels.
Notable Quotes:
- "I'm not here to tell you that you're bad."
- "I'm not saying that open sense is bad, if you want to use it in your lab, that's great, keep using it."
- "This is not just basic testing, this is a lot of enterprise-level deployments."
- "They're relying on Netgate to contribute a lot to the firewall-related features."
- "It's not just writing the code and pasting it into pfSense, they're putting it into BSD so everyone can benefit from it."
- "It's not necessarily about what you should use, it's about what I'm using and why."