New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WAN Gateway different subnet- pfSense / OPNSense
Hi All,
Bit of an off topic help request. I am migrating from pfSense to OPNsense. I am not that keen on the way pfSense are heading with their licensing (that's by the by though).
However, my dedicated server is with OVH, and the default gateway that they provide is on a different subnet, previously (in pfSense) I used shellcmd to put the following in:
route add -net GWAddress -iface WANIF
route add default GWAddress
and pfSense would load it on boot.
As such a function (shellcmd) doesn't exist in OPNSense I was going to put it in the /etc/rc script, however I am not sure if this is persistent? Does it survive boot / upgrades / updates?
If not does anyone know where I should put it?
Thanks!
Comments
Well just don't use OPNsense. It's a bad ripoff off pfpsense because he and his firm got into a childish dispute, the maintainer has some serious issues and does not know what he is doing. You are free to ignore my advise, but when shit hits the fan don't act like you didn't knew.
Seriously do your research. STAY AWAY FROM OPNSENSE
OK, given pfSenses new licensing model what do you suggest? I am sure your reason for the original fork is correct, however, OPNSense now only shares 5-10% of its code with pfSense / m0n0wall. And your argument could be used to describe the m0n0wall / pfSense split too
And for your information I did do my research.
Incidentally the fix for my issue was add a gateway and tick the far gateway box, this is a lot simpler in OPNSense than pfSense that needs shellcmd installed and for a script to run at boot.
In pfSense, under system-routing-[a specific gateway]-display advanced, there's an option called "Use non-local gateway" that allows you to use a gateway in different subnet.
You can try to find if OPNSense has a similar option.
@VirtualByte I'm trying to decide between pfSense and OPNSense for use in my home network, if you could point me to some links where the OPNSense maintainer displays the behavior you're talking about I would be grateful.
@quicksilver03 I've been using pfSense at home and at my customers sites for about 3 years (before that I used the now defunct IPCOP) and I have never had any issue with it technically. It's solid and easy to configure.
From about the middle of last year they have really begun to push their commercial offerings, going as so far to pop up a warning in the latest updates that you aren't allowed to use it for any commercial reasons. I started looking into other opensource firewalls. I really can't afford to have to quickly license all the pfSense servers I support if they decide to really push the licensing / hardware or pull the community edition (something they said they won't).
I decided on OPNSense as it was originally a fork of pfSense (as pfSense was of m0n0wall), I did some more digging and although the fork was handled poorly the community seems pretty good and they have a fixed release schedule that I like. The interface is very different, and it now only shares between 5-10% of the pfSense / m0n0wall "heritage" code.
In terms of firewalls and security appliances in general there can be a bit of a "holy" war... cisco asa vs checkpoint 1 etc...
Keep an open mind and do some digging
Well, I assume you didn't google it since you are asking. Just look for how they broke vlan support with an update. I won't bother looking it up for you.
Pfsense is a wonderfull project, it works and does the job. It's easy to use and has a loveley community. Just give it a try and you won't look back. If you really want to use OPNsense, well go ahead, but just know that at a certain time shit will hit the fan.
Thanks for your advice @VirtualByte, as it happens I use pfSense at work where it handles the needs of about 80 users quite well, apart from a couple of niggles. I agree that it is an excellent product and I'm happy with how it works for this use case.
I wanted to try something else at home, and that's why I've been looking at OPNSense. I haven't decided yet, though after some googling as you suggested I'm left with a bad impression of both projects.