The developers of OPNsense have made available version 18.1 – Groovy Gecko. This version includes FreeBSD 11.1 base operating system, PHP 7.1 and jQuery 3 updates, more driver support, OpenVPN multi-remote support for clients, plugin-capable firewall NAT rules, and much more. See the link below for the full list of changes. Download the IMG file here.
In this tutorial, user eerielinux shows us how to set up a BSD home router with pfSense and OPNsense, both open-source router/firewall OS based on FreeBSD. Follow the links below for each part of the 8 part tutorial series.
Part 1 of this article series was about why you want to build your own router, and how to assemble the APU2 that I chose as the hardware to build this on. Part 2 gave some Unix history and explained what a serial console is. Part 3 demonstrated serial access to the APU and showed how to update its firmware.
This post is about the serial installation of pfSense, one of two FreeBSD-based router/firewall operating systems that we’re going to explore in this series (the other being OPNsense). As pfSense is the older and more established product, we’re beginning with that one.
This post will show how to install OPNsense, a great alternative to pfSense.
OPNsense was forked from pfSense (more on than in the next post) and thus you will find lots of similarities if you have read the post on installing pfSense. The OPNsense team decided to move forward more quickly and did lots of interesting but invasive changes. One strong point for example is that it is already based on FreeBSD 11.0. There is one drawback to this, however: a problem with the XHCI (USB3) driver can lead to the installation media not being able to mount the filesystem and boot up. This makes installing OPNsense a little bit more complicated since the APU2 only has UBS3 ports.
A little overview: In this post I will give you some background information, compare the appearance / usability of both products and then take a look at some special features before giving a conclusion.
pfSense vs. OPNsense: Who wins?
This article is about comparing both products and helping you to make a decision. It is not terribly in-depth, because that task would require its own series of articles (and a lot more free time for me to dig much deeper into the topic). But still there’s a lot you may want to know to get a first impression on which one you should probably choose. If you do some more research and write about it, please let me know and I will happily link to your work!
Revisiting the initial question
In the first post I asked the question “Why would you want to build your own router?” and the answer was “because the stock ones are known to totally suck”. I have since stumbled across this news: Mcafee claims: Every router in the US is compromised. Now Mcafee is a rather flamboyant personality and every is a pretty strong statement. But I’m not such a nit-picker and in general he’s definitely right. If you have a couple of minutes, read the article and/or watch the short Youtube interview that it has embedded.
This is the last part of this series of building a BSD home router. In the previous article we did an advanced setup of OPNsense that works but is currently wasting valuable disk space. We also configured OPNsense for SSH access. Now let’s SSH in and su – to root and continue! Choose shell (menu point 8) so that we can have a look around.
The developers of of OPNsense have made available the official release of version 17.1, dubbed “Eclectic Eagle”. You can see the full list of feature additions and changes at the official announcement below.
The OPNsense team is proud to announce the final availability of version 17.1, nicknamed “Eclectic Eagle”. This major release features FreeBSD 11.0, the SSH remote installer, new languages Italian / Czech / Portuguese, state-of-the-art HardenedBSD security features, PHP 7.0, new plugins for FTP Proxy / Tinc VPN / Let’s Encrypt, native PAM authentication against e.g. 2FA (TOTP), as well a rewritten Nano-style card images that adapt to media size to name only a few.
We would like to encourage everyone to supervise this major upgrade physically. As such, it cannot be performed from the GUI. Instead, go to the root console menu, choose option 12 and type “17.1” at the prompt. The process will download a full set of updates and reboot multiple. All operating system files and packages will be reinstalled as a consequence. This process can also be remotely triggered via SSH.
For fresh installations, images are provided with OpenSSL for 32 and 64 bit Intel architectures. The new SSH installer feature will be listening on the LAN port 192.168.1.1, give out DHCP leases to clients and can connect using the user “root” (console menu) or “installer” (the installer, of course) with the default password “opnsense”.
The respective checksums for the images can be found below this announcement and the direct download links from our capable mirror providers are as follows:
http://mirrors.nycbug.org/pub/opnsense/releases/17.1/ (US East Coast)
http://mirror.sfo12.us.leaseweb.net/opnsense/releases/17.1/ (US West Coast)
The developers of OPNsense have released their BETA of version 17.1. OPNsense is an open source firewall based on FreeBSD and is also forked from pfSense. Follow the link below to try out their latest BETA release.
Dear friends and followers,
With the best wishes for the holiday season attached we hereby humbly present our 17.1-BETA images and thank everyone for their early input, valid questions and generally keeping us on our toes throughout the past months. The next major release features FreeBSD 11.0, the SSH remote installer, new languages Italian and Czech, state-of-the-art HardenedBSD security features, PHP 7.0, native PAM authentication against e.g. 2FA (TOTP), as well a rewritten Nano-style card images that adapt to the media size to name only a few.
These will be the only beta images. They are not suitable for production environments. Release candidate builds will start in January in order to provide production-ready images. Checksums can be found below this announcement. Direct download links from our capable mirror providers are as follows:
In this BSD Now episode, hosts Kris Moore and Allan Jude interview Ike, the man behind OPNsense — an open source firewall based on pfSense. Hit play below to tune in:
For this week’s roundup of BSD related content: http://www.bsdnow.tv/episodes/2016_05_11-bsd_likes_ike
The developers of OPNsense have made available version 15.7.15. Download it here.
Here are the full patch notes:
- health: added feature to browse RRD data in a modern way
- notable ports updates: strongswan 5.3.3
- logs: added proxy server access log and updated the layout
- users: fixed ldap import warning when no users could be found
- dhcp6: fix IPv6 grabbing with PPPoE
- openvpn: fix TLS auth enable behaviour in client settings
- firewall: fix missing log option in save form
- firewall: fix missing interface address in NAT page
- firmware: sped up package queries and added package size column
- wizard: multiple fixes and security improvements
- menu: now properly translates into the selected language
- traffic shaper: unload ipfw rules on disable
The developers of OPNsense have released version 15.7.4. Changes noted are updated sudo, FreeBSD, languages, menu, firmware, and dashboard fixes, etc. Follow the link below to download the latest version.
another week it is, this time with a rather exciting TCP state fix in the FreeBSD kernel. We’ve also taken the time to work through most of the code base to eradicate code warnings and now enable them by default in the crash reporter. We’re half-expecting another stable update early next week just to make sure your infrastructure keeps running as smoothly as possible.
Here are the the full patch notes:
- updated sudo 1.8.14p3 , pcre 8.37_2 , and FreeBSD 10.1-RELEASE-p15 
- firmware: fix upgrade when using opnsense-devel package
- proxy: fix config write for multiple interfaces
- crash reporter: raise PHP log level to warnings after an extensive cleanup
- dashboard: made widgets translatable (contributed by Fabian Franz)
- firewall logs: usability improvements (contributed by Fabian Franz)
- languages: Simplified Chinsese 64% complete
- languages: German 40% complete
- menu: fixed navigation for PPPoE edit
Your OPNsense team
This week’s BSD Now episode welcomes Jos Schellevis about his new OPNsense project, forked from the open source firewall pfSense. We learn of how this project came about as well as discuss the future plans. Click play below to tune in:
Deciso has just launched their own fork of pfSense, an open source firewall, which is also based on FreeBSD.
OPNsense combines the best of open source and closed source firewalls. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources combined with a simple BSD license. This makes OPNsense the platform of choice for users, developers and commercial partners.
Companies that want to use OPNsense to create a branded version, extend its features, or even create a fork and build upon the same codebase are allowed to do so under the 2-clause BSD license.
The large feature set OPNsense includes several high-end features like load balancing, high availability and captive portal. The modern and easy-to-use Bootstrap based user interface makes configuring and managing the firewall a comfortable task for administrators. And maybe the best part; All sources and build tools are freely available without special clauses and without licensing costs.
Official OPNsense website: http://www.opnsense.org