Hiya, just getting into networking and recently completed my Tp-link Omada stack, which I’m very pleased with. Have heard great thing about all three mentioned services above, but struggle to understand which to go for. Do they have different use cases? Is one easier than the other? Which one is recommended to begin with?
pfSense = Firewall and router system based on FreeBSD. Has both open source and commercial versions. Built for SMB to Enterprise uses. Extremely powerful with all of the bells and whistles you’d expect from a professional firewall product.
OPNSense = Basically pfSense with a different UI. It’s a fork of pfSense. Much of the same capability, but is built by a smaller company.
OpenWRT = Replacement firmware for embedded devices (as well as x86). It’s open source WiFi router firmware that runs on tens of thousands of devices. Many vendors will even base their custom firmware on OpenWRT and put a different skin on it (GL.iNet, for example).
They all offer more or less the same network services with different UIs.
OpenWRT is specifically designed to work as a lightweight system running on consumer-grade routers. If you want this, you’ll have to check the website’s Table Of Hardware to determine if your hardware is compatible.
OPNsense and pfSense are general-purpose FreeBSD-based operating systems that you can run on discrete computers or in VMs that act as network gateways. All three are free/gratis, but you have to make an account and go through the store page to download pfSense.
I personally use OPNsense in a VM.
OpenWRT is a iot operating system. It can run anywhere and everywhere. You can totally run it on enterprise gear and x86 machines. It can work as a firewall or a operating system for a light bulb. It also has the advantage of being very extensible and you can build custom images that have only the stuff you need.
The downside is that even though the wiki is fairly good it still requires a good amount of networking knowledge to use. It isn’t bad and it ships with sain defaults but if you want to get advanced you need to know what you are doing.
It also lacks a mechanism for automatic security patching. You need to manually update it which is easier with attended upgrades but it still requires button pushing and downtime.