I’ve been testing out other firewalls. Vyos and Sophos home. I have vyos in a VM and sophos on bare metal. Vyos is pretty good and I like how they have implemented docker support and it has made it a game changer for making the device modular. So if you want adguard for your DNS for example you can do that directly in vyos. Vyos is a big learning curve though and I don’t want to take the time learn it all. You can watch the series on vyos
On the sophos front I am pretty impressed with it so far. You get all the threat features like Web blocking, application blocking, AV, DPI, IPS/IDS, MDR. With the configuration of certificates, that is for the AV, DPI, IPS/IDS. I am seriously considering the switch to sophos. I watching Christian Lempa’s video on it to see what it can do and he got me up to speed on how it works.
Comes with openWRT, but he said VyOS will also run on it. I need to go back many videos and see the hardware design, might be interesting to have if a bunch of things can run on it.
I will install sophos in my proxmox server today and let you know how it goes. I am getting a new fiber connection soon 3 gbps. Will try to make sophos as main router and then see.
sad as pfsense is the best of the bunch currently, (pfsense with a unifi network is a sweet smb business setup imho), but the underhand way they are going about things for me is a bye bye moment.
Ironically if they had mandated sudden integrated licence checking into pfsense and offered different licences for home users/beta testers/business users with a free licence for all installed instances up to the introduction of the licenced version (tied to the hardware/vm it is installed on) - i would have respected them
Learnt my lesson years ago when microsoft started shafting all their partners (especially after every customer install we partners did, MS made a lot of monies from it)
The recent broadcom behaviour shows nothing has changed
I’ve been following this guy from the beginning. He did mention at one point creating a front end for vyos. But I still think he is in the hardware development stages still and about to hit the software side soon.
We seem to be going around in circles here, I’ll step out
OPNsense is running on FreeBSD 14.2-RELEASE, currently the latest supported versiom of FreeBSD.
PfSense CE is running FreeBSD 14.0-RELEASE, end of life since 31st September 2024.
Or pfSense+, the point is about CE being the problem, not Plus - even though that is running on FreeBSD 15-CURRENT which isn’t released yet and used for testing; not getting into that though
Not to get too involved, but I think even OPN Business is now of BSD 14.2, if not it will be in six months or less.
With the GATEWAY device, I read through the specs again, their goal is to get OPNsense running on it, but their goal kind of conflicts because they chose an NXP ARM processor. The unofficial ARM version is working, but it’s unofficial. If they had used an AMD APU, they I would have bought one so I could run other “stuff” on it right now. The $600 for only openWRT is probably too much to get the first semi release devices.
The machined aluminum case is pretty, like Apple pretty. But there is a lot of machine time in those pieces. Since it is a 12x12 ITX size, just buying an off the shelf case would have been a good idea to get the ball rolling.
I actually just converted my CE to pfSense Plus. I was worried about not getting timely updates and decided I have taken enough freebies of the years in free software I could spend a little money. I don’t know that I am willing to pay $130 year to use the software indefinately. When Unifi has something I can run Haproxy, dynamic DNS, acme certs, I will probably buy unifi hardware. I wish they still had the homelab license. I would gladly pay $60/year for a pfSense license indefinately.
I know if I buy a pfSense box I get a license, but to get an equivalent system to my talari e100 it looks like I would be over a grand.
