pfSense vs Untangle

Hi! Long time lurker and reader, new member and my first post here.

Why is Untangle not as popular as pfSense in these pages and in YouTube?

In the past two weeks, I’ve been comparing pfSense and Untangle on my custom appliance (Celeron N5105, 8 GB RAM, 128 GB NVMe, 4 Intel i225 ports). I have a very vanilla network setup compared to many folks here: WAN failover for 2 ISPs; 3 VLANs that can’t see each other (main, guest, camera networks); 2 NordVPN tunnels; 2 WireGuard tunnels for remote access when I’m away from home; ad blocking (pfBlockerng, Web Filter); and email notifications. I think I was able to match the configuration for both software to my use case as best as I could.

With all these running, I notice that the CPU temp sometimes reaches 80°C in pfSense and I get kernel warnings about critical temperature in the logs. While with Untangle, the temp rarely reaches 55°C. It seems like pfSense is doing a lot more for the same purpose. Is this normal? Is it a FreeBSD issue? Is it the Unbound DNS resolver? Just my hardware?

here are advantages and disadvantages in using either software. Particularly the price for the Home Protect Pro ($150) to be able to use WAN Failover and Balancer in Untangle. I’m on the Basic license right now and thinking of switching to Pro. But everything seems to be far easier to setup in Untangle than in pfSense. Why is it not more popular? What am I missing with pfSense or with Untangle?

Because it’s completely free?

Most likely a combination of FreeBSD and your hardware. Linux generally has wider HW support than FreeBSD. But on most standard x86 HW it should run fine.

I would say they are pretty similiar when it comes to features, while Untangle has better webfiltering.

1 Like

Have a look Tom’s video Firewall Comparison: Untangle VS pfsense - YouTube

1 Like

If you are coming at it as a home user who doesn’t want to keep spending on consumer routers every couple of years as firmware support stops then pfSense looks appealing. If you then invest the time to learn how to use it then it’s hard to make a case to consider another product plus pay for it plus invest further time to understand how it works.

Ironically having invested in pfSense if they started to charge for it, I’d likely pay for it if it was affordable.

1 Like

$150 per year is too much for home use for many people.
Have you enabled and experiment with PowerD in pfsense power savings, to fight high temperatures?

1 Like

Thanks bb77.

You might be right. This makes me worry about network stability and long-term use related to higher than usual temperatures. I just checked my Untangle box and it’s running at 40°C right now with all those services.

Thanks, Paul. I’ve seen the video many times. In fact, this is THE video that led me to Untangle. My previous appliance had Realtek NICs that made pfSense unstable.

Thanks, neogrid. That’s a very compelling insight.

Yes, I’ve turned it on, but I didn’t see any improvement in the temperatures. Maybe I need to try out the other opions. Thanks.

Well I use pfsense on an old HP Elite Desk SFF PC (i5 2500) and right now it’s running at 41°C. Hard to say why it shows 80°C on your machine. The N5100 is a relatively new platform / CPU, maybe it is not yet fully supported by the FreeBSD kernel used on the current pfSense release… In theory it cloud also be an issue with your specific mainboard that causes wrong sensor readings…!?

Maybe you can post the exact model of your board / appliance here and sombody might be able to help. You could also try to ask in the HW section of the Netgate forums…

pfsense tells you which protocols are hardware encrypted/dectypted. You may find this info next to “Hardware crypto” on the dashboard.
If you use other protocols than these on VPN, it will make CPU hurt and increase temperature.
Use these protocols on NordVPN tunnels and replase wireguard with Openvpn, if possible.

Thanks for the replies so far. I really appreciate it. We have been using Untangle Home Protect Basic since October last year. But recently, our main ISP has been unstable. We added a backup ISP for failover last month. Unfortunately WAN Failover/Balancer is only available thru Home Protect Plus. I did a trial of the NGFW Complete and then tried pfSense. pfSense was working fine, but then I ran into these kernel temperature warnings all of a sudden. So I installed Untangle trial again. I could replace WireGuard with OpenVPN. And after more than a week of Threat Prevention, another premium app in Untangle, we haven’t had a single blocked web or non-web event. So I’m thinking we don’t need that. Web Filter blocked a lot of ads and private relay stuff from our Apple devices, but I could block those using pfBlockerNG as well. Although Untangle really makes setting up anything easy, it is really the $150 price tag for the premium apps that I don’t think I need that’s making me go back and forth between Untangle and pfSense. That’s why I asked if maybe I’m missing something that could make this decision easier.

Hi, bb77. It’s this one from AliExpress.

-4xIntel i225-V B3 2.5G UDE filter pure RJ45 LANs, 2xUSB3.0, 2xUSB2.0, 1xUSB Type-C, 1xTF card slot.
-2xDDR4 SODIMM non-ecc ram slot, max support 64GB.
-Support two storage: 1xM.2 NVMe/PCIe3.0x1 2280 SSD+1x2.5’'SATA SSD/HDD.
-1xM.2 2232 slot, support WiFi connection, also support transfer to 1xM.2 NVMe/PCIe3.0x1 2280 SSD with PCB adapter board (optional).
-Support three display: 1xHDMI2.0, 1xDP1.4, 1xType-C, 3x4K@60Hz UHD video display.
-Support wide voltage 12-19V input.
-Support AES-NI, ESXI, PVE, Watchdog, Auto power on, RTC, PXE boot, Wake-on-LAN etc.
-Full Aluminum Alloy high quality solid-built shell with three-sided Y-section ice thorns, excellent cooling performance, Exquisite production craft on outside design.
-Fanless system without cooling fan, noiselessness and durability fit for industrial grade field, work as long as 7x24 hours.
-Low consumption TDP only 10W and can be mounted back of monitor by VESA bracket(optional).

I turned on AES-NI and it increased the temperature by about 5 derees with 2 tunnels of NordVPN. I still have a few days with my Untangle trial. I will try these next. Thanks!

If your main goal is to block adds I would agree that any kind of DNS blocking like pfBlockerNG does is the better choice anyways. It may not be quite as effective for blocking specific sites and you cannot inspect the traffic of your users, but at the same time It’s way less error prone than SSL inspection. Also modern HTTP/3 / QUIC traffic cannot be inspected with traditional proxies, which means you would have to block QUIC enteirely.

I still can not think of more, regarding the high temperatures with pfSense. Alltough I find it hard to believe that a few VPN connections, even without HW acceleration, would double the temeratures to 80 degrees on a 10 watt CPU. But others are probably more knowlegable when it comes to that topic…

1 Like

Werll you are running in a fan less case so what is the ambient room temp and just where is your unit placed. Sitting on server, in rack, restricted air flow as under desk. All these things matter with these fan less systems. You might want to check contact between heat sink and the CPU and thermal paste. Leave nothing to chance, sometimes it’s the simple thing that solves the problem.

1 Like

I live in the tropics so the ambient temperature hovers around 32 indoors. The appliance is placed in an open backed shelf together with other networking equipment. I think the heat sink and the CPU has good contact. The top of the case really gets warm with pfSense. Another thing I noticed is that the temperature swings wildly in pfSense. While temperatures in Untangle are pretty stable, only changing by a degree or two when loads are demanding. In pfSense, it could change from 58°C to 78°C in a second.

Oh and I also upgraded to the Plus version from the 2.6 CE when I ran pfSense. Could that be the problem?

Maybe something with active cooling would be better then. But this still doesn’t explain the diffrence from Untange to pfSense. I mean even the lowest temps of 58° are nearly 50% higher than with Untangle.

On the WAN side inbound are you blocking or rejecting traffic? What about your outbound?

Yup, as long as they keep it reasonable for home users. If they had a reasonable fee for non-profit/education I’d try to force the issue at work too. I really should be running their hardware at work, but it has been hard to get that pushed through. That said, I really should be running Untangle at work to deal with the filtering more easily, or I wish e2gaurdian would become an official package for pfsense.

Yeah, that’s a head scratcher. For reference, here’s the temp for the Untangle. Ambient is around 27 °C right now.

I’m not sure about that, but I don’t recall changing anything in particular in the primary WAN after installing. I configured the other WAN as failover, then added VLANs, configured DHCP and firewall rules. I then installed pfBlockerNG using the wizard and the only thing I changed was the floating rules.

Where could I check if I’m blocking WAN outbound/inbound? Thanks.

Ohh, did you mean RFC1918 and bogon networks? Yes on the primary WAN, no on the backup WAN because it’s behind CGNAT.

I added a USB powered fan to move air over the fanless unit. Worked wonders and dropped the temperature significantly.
I’ve used both in the past, and even purchased Untangle home for two years while I played with it. I went back to pfsense ce, then pfsense plus. I use netgate at work.

Thanks, but I didn’t want to go that route. That’s why I got the fanless one in the first place. I think my hardware just doesn’t play well with FreeBSD. I’ll stick with Untangle for now.