OPNsense 17.1 Released, Based On FreeBSD 11

An anonymous reader quotes Phoronix: OPNsense 17.1 is now available as the newest release of this network-focused FreeBSD-based operating system forked from pfSense. It's now been two years since the first official release of OPNsense and to celebrate they have out a big update. OPNsense 17.1 re-bases to using FreeBSD 11.0, there's now a SSH remote installer, new language support, more hardening features used from HardenedBSD, new plugins, integrated authentication via PAM, and many other improvements. Some of the new plug-ins include FTP Proxy, Tinc VPN, and Let's Encrypt support.
This version has been named "Eclectic Eagle".

Past pfSense user

[OffTheLip]

Really was a fan of pfSense as an easy way to protect a network of many. Good to hear it's still a project.

Re:Past pfSense user

OPNsense and pfSense are two different projects, the former seems to be sort of an odd copy/fork of the latter (there's some drama between the two that I don't claim to understand).

Re:Past pfSense user

[Bigbutt]

I had to go read the About and the Why Fork section in the docs to see what was going on. Apparently some company bought much of pfSense, changed licenses, and branded some of it. The OPNsense folks, who were supporting it up to then, decided to fork the code.

I have been setting up my own firewall for about 20 years now I guess and recently, at the recommendation of a couple of friends, snagged pfSense for my new home VMWare environment. Worked for replacing the firewall and even better for the other services I was configuring on my own on my old gear. I may whip up a quick VM and load up OPNsense just to see what the fuss is about.

[John]

Re:Past pfSense user

From what I've read, the OPNsense folks are arseholes. Which I guess I could overlook if OPNsense was either better or different to pfSense. It's a shame it's neither of these.

Re:Past pfSense user

[Bigbutt]

Eh. As you said, I don't care if they're assholes. If it's better, I don't have a problem using it. My firewall blocks all incoming connections so I don't have a real complicated setup. Now, with the additional features of pfSense, I've been using its DNS server, Load Balancer, NTP, and DHCP services for my internal environment. I've checked out some of the stats and cast syslog to my internal syslog server but nothing much more than that.

Throwing OPNSense up as a test isn't going to be a big deal and who knows, it might actually be better (for what I do). :shrug:

[John]

Re:Past pfSense user

[unixisc]

If that company makes routers or cable boxes, I would be interested in one that runs pFsense. Particularly the idea that it could be more secure than the Linux based ones, and that it would be somewhat mature in its IPv6 support

Re:Past pfSense user

[Billly+Gates]

It is. They sell racks with pfsense loaded on. I was reading maximumpc which is now owned by pcgamer last year from an editor who tried 10 GBS internet for his own. Guess what?

I saw a screenshot of his rack in his garage and I recognized the pfsense screen :&). Comcast uses the same equipment for load balancing and routing fast Ethernet and bundled it for him. He bought the rack as nothing consumer grade could handle greater than 2 gigs as a router and VPN for his home. Pfsense is actually owned by the FreeBSD project too so it's not fully private.

I use it at home for my virtual machines for my silly mcse exams. I used server 2k3 as a router for my virtual networks previously. Anyway I have a cloned image of pfsense for VMware and Hyper-V as the Freebsd project included guest services for both in the kernel

Re:Past pfSense user

[unixisc]

pFsense is actually a fork of m0n0wall, itself a fork of FreeBSD. iXsystems owns TrueOS (formerly PC-BSD) and somewhat implicitly, FreeBSD, but not pFsense.

Yawn

BSD stories right after I wake up make me want to sleep more.

Re:Yawn

[thsths]

Indeed. I am secret BSD fan, but all these forks are getting boring, and surely they do not help to make BSD more relevant.

Re:Yawn

[unixisc]

There ain't close to the number of forks of FreeBSD the way there are of Linux. Just a handful. OpenBSD has just 1 or 2 forks, NetBSD has just 1 - OpenBSD, and FreeBSD has a few, but which can be counted on 1 hand

Aw fork it

[frovingslosh]

Just what the world needs, more different versions of Linux. It is so neat to see that people can avoid working together and instead put their efforts into many many different versions of Linux, each with their own ego and their own ways of doing things. So what if the average user gets more and more confused and can never figure out what is going on. Linux is not intended for the average user, it is intended for the Linux high priests, who can belittle the average user for finding things so confusing.

Re:Aw fork it

[TheRaven64]

You used the word Linux a lot of times for a story that has absolutely nothing to do with Linux.

Re:Aw fork it

Linux is mostly for embedded devices and servers, there really is very little reason for an average use to inflict Linux on themselves.

Re:Aw fork it

16 years of big brother democrats caused this

Re:Aw fork it

I am an average user. I don't know any high priest stuff. I can hardly even compile an application from source - more often than not, I end up with some error message, and start looking for an installable deb-file instead.

I just use Linux because Windows is a data security nightmare. And data security has never been more important for the average user, than it is today. I do all my banking stuff online. I do all official stuff like my taxes and passport and visa applications online. I do all my medical things online. I'm not about to do that on Windows, hell no! That's why Linux is intended for me, the average user.

Re:Aw fork it

[hey!]

And the world needs another comment from someone who hasn't bothered to read the article summary? OPNsense is a BSD based firewall.

Re:Aw fork it

[I'm+just+joshin]

Whoosh...

Re:Aw fork it

[Billly+Gates]

Dude? It's not Linux. It's Freebsd and no it's not a distro by some fat guy in a basement either. It's part of the Freebsd project and foundation. Get with the program!

Re:Aw fork it

I'm an American. I love this country and the freedoms that we used to have.

The thread you are posting in has literally nothing to do with Linux.

I see that you have fully embraced utter stupidity and spewing alternative "facts" as part of your personal agenda and general modus operandi.

You are going to sink your own country.

And you don't even understand why it is so...

It's dead, Jim.

Or maybe it just smells that way.

pshaw!

BSD sucks, GNU/Linux forever! Anti-GPL infidels are nothing but slaves to their proprietary overlords. Let my people go! Give up your unholy non-copyleft ways now and perhaps you won't be smote when our Lord, St. IGNUcius, delivers us to the promised land! Amen, hallelujah, and may the source be with you (and GPLed)!

Re:pshaw!

In a way, BSD developers and users are automatically racist.

Re:pshaw!

[hey!]

I don't think he's paying attention.

Trump

Trump forked several women (if by forked you mean grabbed them by the pussy). If children were subjected to this we'd be outraged but it was adult white women so it's OK. Why do Trump supporters lack a moral compass? What's wrong with Trump supporters? They must be mostly gay white men who hate women.

Add Openconnect client and server support, please.

Both are available on BSD pkg already, but without web-gui and stats, it's a hack at best to use IT.

I know, using Cisco AnyConnect to connect non Cisco product is violating their license thus replacing ASA wouldn't go without client charges also. But it would be ok to connect openconnect client to ASA.

However DTLS/ TLS vpn is so much reliable than IPSec when remote access is needed compared to counterparts that using IPSec or any other properietary tcp/update ports does not make sense.

 

FreeBSD is dying - almost proven here

I am FreeBSD user addicted to it since 1998. It is amazing to see this project still up and growing, especially because *BSD is "dying" for almost 14 years (see https://slashdot.org/comments.pl?sid=70502&cid=6404771)

FreeBSD is dying - almost proven here

I am *BSD user addicted to it since 1998. It is amazing to see this project still up and growing, especially because FreeBSD is "dying" for almost 13 years.

Lack of Tinc kills pfSense for me

[Wokan]

I had the newest pfSense installed when I found out they hadn't ported the 2.2.x tinc plugin to 2.3. I switched to a Linux based firewall, but ipv6 setup hasn't worked yet after working flawlessly under pfSense. OPNsense sounds like it might just be the answer I've been looking for.

Good Guys

Only my personal experience, but I've been running it for several releases.

Every post in the forum when I had a question was answered by those willing and trying to help, including answers by devs.

Every bug submission I've made has been attended to quickly with pre-point fixes for me to test and then released as patches for all.

I recommend it to anyone who wants to give it a try. They've added a lot of polish over the past few releases. It's been rock solid for me for a couple of years now with upgrading to major releases in place with zero loss of settings or any problems.

Just my 2 cents.

Pfsense?

[Billly+Gates]

Everyone and their brother uses pfsense and is part of the Freebsd project. Is OPNsense just a clone or a fork? What does it do that pfsense can't?

Anyone with experience of this?

[dremspider]

I have been using pfsense for a few years now. I have been interested in this because i has an api. Long term i would like to build out something that can block ips based on elasticsearch queries using elastalert. If anyone has good or bad stories feel free to share!

Re:Tinc part of pfsense for years

[Billly+Gates]

Here is an article from 2014 http://pfsensesetup.com/vpn-tu...?

Also the ports are included too so if something is not installed it's a CD /usr/ports and a make install clean away

Worth a Try

PFSense has turned into huge sales pitch. Any mention of using your own custom built hardware is met with a sales pitch to use PFSense's overpriced pre-built hardware with pre-loaded software. Hard to tell if they're paid shills, partners, or just drooling fanboys (probably a mix of all three). My guess, the only support in the near future will be community based - all real support will be paid only or only if you're running it on their hardware. Good to see that Opnsense is offering an alternative.

What is in a name?

[manu0601]

What does OPN stands for?

Re:What is in a name?

The project's name is derived from open and sense and stands for: "Open (source) makes sense."

I just purchased some pfSense appliances

They seem pretty nice. Tiny 1RU cases, smaller than most switches.

These things run intel atom or Xeon chips, and use intel chipsets and Ethernet phys. The hardware is optimised for pfSense, whatever that means.

But, the company seem like it's now run by a bunch of kikes. You must pay $99 per year for access to their precious documentation. You probably need to download the free version, install it somewhere, pay up your $99, just so you can verify the thing does what you need.

However, it does do pfsync, bgp, and can route traffic at very high speed for very low cost. And, unlike Cisco, juniper, sonicwall, and friends, there hasn't been any stupid shit like hard coded credentials, or uncloseable wan ports...

OPN is a fork of pf. (Re:Pfsense?)

Everyone and their brother uses pfsense and is part of the Freebsd project. Is OPNsense just a clone or a fork? What does it do that pfsense can't?

OPN is a fork of pf. Here's their reasoning behind it:

* https://docs.opnsense.org/fork/thefork.html

I have no idea how legitimate these concerns are/were at the time.