blog.jamie.ie

why i love opnsense

Posted on Jun 4, 2021
this was originally a reddit comment.

you know how some people have that one company or product they’re just set with for life? my dad is sorta like that, he ALWAYS buys toyota, great cars. my mother was in a crash on icy roads, car got bent out of shape pretty badly, mum walked away without a scratch. he’d take our cars to toyota mechanics and they’d chat, he made friends with them. no dirty tactics, need something fixed at 8pm at night? sure, drive over and take their spare home.

he’ll never buy another brand of car. my entire family drives toyota.

my experience with opnsense is kinda like that.

so anyways, i was setting up my homelab, bought a few dell r710s and was getting to grips with vmware - i was very green. i was still using my ISP modem/router and figured hey, lets do that too. on a whim i ordered a dell r310 and went looking at what to put on it.

i looked, saw pfsense and opnsense and chose opnsense because it was open source. that’s literally the only reason.

in hindsight, this was pretty dumb of me, i should have done my research beforehand but hey, i’m dumb sometimes. little did i know it would be one of the best decisions i’d made.

i was comfortable with linux, to an extent. i usually used debian/ubuntu but never used freebsd. when installing opnsense i realised i’d also have to manually install a 10gb mikrotik driver. this concerned me, i already had a lot on my plate, i really didn’t know enough about networking and felt like i was overwhelming myself.

i hopped onto their irc (on freenode i think) and asked for help. in a few minutes i had several different people responding and they walked me through it. it wasn’t easy, but that wasn’t opnsense’s fault - but they still took time out of their day to handhold my stupid ass and walk me through it until it was working.

few months later an update comes out and this happens. i always patch early, i should know better and wait for a few days to see if there are issues but i’m stubborn, i patched and ran into this bug, it was crippling. fix was provided like 5 hours later, glorious.

fast forward 6 months, i run into another issue with an update. so i run a local CA (certificate authority), i issue certs for my idracs, for vsphere and stuff like that - just nerd stuff. an update broke part of it, no big deal, i make an issue and go to bed. next morning i wake up (on a sunday) and one of the developers has not only found the issue, but created a patch for me to pull and test.

i love opnsense and the people working on it are a delight to work with, everyone is friendly and welcoming. updates are frequent, decisions are sane (think along the lines of the wireguard freebsd kernel fiasco) and everything just works.

i’ll never use anything else.

i still idle their irc and the eagle eyed will notice i haven’t made a github issue with them in 2ish years. tl;dr, it’s been rock solid.

when people ask me which to choose i don’t say ‘opnsense’, i just advise them to check out all their options and choose what best suits them. it’s 7/7 for opnsense so far.