Why I am Not Using OPNSense [YouTube Release]

Additional Resources:

Forum Post

Connecting With Us

Lawrence Systems Shirts and Swag

►👕 Lawrence Systems


Amazon Affiliate Store
:shopping_cart: Lawrence Systems's Amazon Page

UniFi Affiliate Link
:shopping_cart: Ubiquiti Store

All Of Our Affiliates that help us out and can get you discounts!
:shopping_cart: Partners We Love – Lawrence Systems

Gear we use on Kit
:shopping_cart: Kit

Use OfferCode LTSERVICES to get 10% off your order at
:shopping_cart: Tech Supply Direct | Refurbished Tech | Server Supply Store

Digital Ocean Offer Code
:shopping_cart: DigitalOcean | Cloud Infrastructure for Developers

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: Buy VPN with Credit Card or PayPal | Private Internet Access

:moneybag: https://www.patreon.com/lawrencesystems

00:00 Why I Am Not Using OPNSense
01:50 My Perspectives and Framing
02:40 Security Fixes
03:19 FreeBSD Code Contribution
05:34 VPN Performance
07:12 Building on FreeBSD Main

1 Like

I definitely appreciate your point of view on this and you made some good points. As someone who switched from offense to nonsense, I’ll admit that I didn’t realize it was so slow on some of the security patches (I did realize it was behind on BSD versions).

The one thing I would disagree with, is equating upstream contributions with being “better.” While it is always good for companies that use open source to give back by contributing code upstream, and it undoubtedly makes open source stronger, I don’t think it makes them more appealing than the competition, especially given the requirement that you buy their branded hardware or a subscription to get their full product. Don’t get me wrong, they have to make money somehow, but I’m not sure that would affect my decision.

The pfsense CE version is still free and without upstream contributions nothing will come out of the downstream.

I am curious on how you still feel about netgate and their shenanigans. Are you so invested in pfsense and as for your company you deploy this everywhere you can’t go back on your word on using pfsense? Do you think that what they have done in the past is worth supporting them as a company?

I still bought a 2yr license for pfsense+, but I do plan on moving away from them on down the road. I still would like to hear from you and your thoughts.

Nice video. I especially liked the first minute or so regarding users distro choices. :+1:

1 Like

Typo squatting is immature and so is the OPNSense people defacing the pfsense wikipedia page, but if all you do is judge people by their bad actions of the past without the ability to forgive you are going to have a hard time using any open or closed source project.

As I noted in the video we are tasked with securing our clients and pfsense is among the firewalls we use, but not exclusively. CNWR offers Meraki, Cisco, and Arista as part our offering. Also as noted in the video Netagte contributes much of firewall related code to and network driver support to upstream FreeBSD so they are keeping that project going and of course this helps the downstream projects.

And as the title says: “Why I am not using OPNSense” not why others should not use it. Use what makes you happy but that video will continue to be my reply to all the people in my YouTube comments and other forums & social sites as a reply as to why I am not doing videos about OPNSense.


I’m not an OPNSense user and probably wont be in the future and I do appreciate your feedback on this. I am in no way trying to bat for them at all lol.

Those are decent points, the best being the security fixes. The point about VPN performance won’t affect medium/large companies or experienced admins. Code contribution to the kernel is not something a small company should be expected to support in 2024. Where else would you expect small companies (and by implication, socially conscious buyers of said product) to have kernel developers in 2024?!? I know, BSD is a special case, but they are doing this to themselves. I think the only reason you harp on this is because it appears to be a solid punch in their gut. Which it is. But it kind of looks like you are casting too much shade on a small open source community with far less resources.

I should not comment on this b/c I don’t use either of these products. But I have a little free time today and I’m bored.