OPNSense real world feedback

I know that this forum prefers PFSense, and I truly did want to rely on it for my needs. Problem is that I first started a couple of my biggest clients on it to get my feet wet and although I was disappointed with various issues the first couple years I decided to deploy a bunch more and even switched my own office. Switching myself was the biggest issue overall. Immediately ran into a bug that hasn’t been fixed in 2 years until 2.5 but can’t switch to 2.5 because it has even bigger bugs that to this day aren’t fixed. 2 years is unacceptable in my opinion for enterprise.

Please comment on this thread if you’ve been using OPNSense for some time and can vouch for their patching of bugs. How long does it take them? How often do you get surprise reinstalls because an update breaks something? If I can’t find enough confidence in OPNSense I think the only remaining options are proprietary systems, which I’d rather not do.

I’ve been using OPNsense for about 10 Months now in production.
I opted to go for the Business Edition as it was only €149 per year and compared to the community edition, the releases are less frequent so are usually tried and tested by the time they hit the business repository. It’s also an inexpensive way to contribute to the project and you also get a discount on other products like commercial support hours if needed in future.
The documentation is good and I’ve used their Pro Support and they were brilliant.

1 Like

Thanks for the reply. I agree that supporting the developers is important so that’s why I paid for the most expensive enterprise support for pfsense and was incredibly disappointed. I wish you had more than 10 months of data on the stability of their updates. Is your setup very advanced? Multi wan, various VLANs, various VPNs, and other modules or is it just a residential replacement? The show stopper bugs I’ve had problems with is primarily with multi WAN, which is ridiculous considering that applies to more urgent enterprise that is willing to pay to ensure they stay up.

Sorry, just the 10 months experience so far.
I am about to upgrade from my single Hyper-V VM instance of OPNsense to a HA Cluster of 2 PC Engines APU4D4 Powered Hardware units.
My current setup is basic, 1 WAN , 1 LAN, 1 IPSEC VPN
I hope somebody else with more experience with the product can help you further but my experience has been good so far.

I have ran Opnsense now for about a year. No issues so far. Miss pfblocker but Sensei package was kind of neat to play with. Toms videos on pfsense work on opnsense for the most part, just have to figure out where the option is in the opn gui vs pf gui. This fella has a few guides too OPNsense Firewall Rule "Cheat Sheet" - Home Network Guy
I remember a bug last year …can’t remember fully what it was but it was fixed later that week. All I did was roll back the update and restore my config and was gtg while waiting for the fix. I have never used their paid support but their forums are friendly and helpful. I am more of a home user though so ymmv. I think a big thing for me is after an update, I watch their reddit to see if anyone is grumpy. After a week if everyone is happy I pull the trigger.

1 Like

Have you looked into your bugs to see if they were pfsense based and not BSD based? I know some bugs that hit pfsense translate over into opnsense because both are bsd. Opnsense is currently hardened bsd but they dumped their coder for that and are talking about moving back to standard bsd from what I read. Another fav on this forum seems to be untangle, have you gave that a look?

I don’t know. First issue was on the 2.4 and it was a known problem for 2 years before getting fixed in 2.5 causing a race condition on WAN failover. Then 2.5 broke DNS Resolver. 2.5.1 broke VoIP when using dual WAN. I still haven’t dared upgrade to 2.5.2 based off precedence and have been considering switching instead of upgrading. Years ago when I first decided to start tinkering with pfsense I bought 2 official appliances from them. First one died in 6 months of not even being in production just plugged in for us to configure LAN. That replacement died a year later in production. I’ve had many times that power failures made the OS completely unbootable so I had to drive and emergency reinstall (I’ll give credit that their installer does a great job grabbing the working config and running with it.) Then to help support I paid for their most expensive enterprise support plan only to find that when I needed them they weren’t very helpful at all. Instead they kept pointing fingers at things and just sent articles to documentation as if we haven’t already read that. Genuinely wanted to support the project and had high hopes for the platform but you can’t leave enterprise in the dust like that. I’d love Untangle but they charge way too much for the client count. I’d have to pay probably $5k/year and I think there are many commercial brands cheaper than that.

Ahh gotcha …you would think you could get some kind of refund or something for lack of support there lol.

I have only used the forums for support on Opnsense when I had a question directly about it, and the folks over there are really friendly. I have had some issues with netgate folks on the reddit forums being pricks. But that is just my experience, I am sure other folks have had it the other way around.

Paid support for opnsense might be interesting if you are in the US as Deciso is based in the Netherlands. If you are in the EU then not really an issue. I had a friend order one of their devices and had to pay extra fees due to importing it as well. I kind of feel like though Companies like pfsense/UBNT/Opnsense rely on folks like Tom to fill the support Gap. They just put the product into your hand and figure the market will support it. This is all just a hobby to me, but the company I work for has around 26k employees and only uses Big names in networking. Not because those products are better, but because there is a number that you call when shit breaks and someone answers and helps till its not broke. If not or they break the SLA then there are big fees/kick backs to us for said problems. I have even seen Dell folks show up before, then you know shit really hit the fan lol.

I did use Sensei/Sunny Valley support once. I did not even pay for it at the time. I was doing the free trial and the app took a dive. I contacted their support around 5pm that day expecting them to reply back a list of things to try the next day. Next morning someone from there hits me up and walks me through setting up opnsense so they could remote in and trouble shoot Sensei for me, and fixed it. Even took the time to show me how to fix it so I could do it if it happened again, Then walked me through how to lock opnsense back down after. I was reading on their site later that day when looking to sign up for a sub and found out it was the CEO that hit me up Lol. I am sure they have full time techs now, but that still left a lasting impression on me.

Apologies for the long reply and I know it still does not really answer your question about turn times on support. I would hit up Franco in the opnsense forums and maybe ask there. They are one of the Devs and seems really active and helpful.

1 Like