What is OPNsense?

What is OPNsense Firewall Distribution?

OPNsense is an open-source firewall distribution based on the UNIX-like operating system FreeBSD. It is licensed under a 2-clause BSD license and is freely available. The software evolved from a fork of pfSense. OPNsense offers a wide range of features, is easy to use, and can be used as a firewall and routing platform. Supported features include VPN, IDS and IPS, traffic shaping, two-factor authentication, and more.

What is OPNsense Firewall Distribution?

OPNsense is the name of a freely available open-source firewall distribution. It is based on the hardened, Unix-like FreeBSD operating system and evolved from a fork of pfSense in 2015. In the meantime, the firewall distribution contains only a few percent codeshare of pfSense and is considered a new, independent firewall distribution.

The name OPNsense is derived from pfSense and Open Source. The software offers a wide range of functions comparable to many commercial firewall products.

OPNsense is characterized by its simple operation via a graphical web interface and can be used as a firewall and routing platform. Supported features include virtual private networks (VPNs), intrusion detection and prevention (IDS and IPS), traffic shaping, two-factor authentication, forward caching proxy, and more.

The software can be downloaded for free and is suitable for installation on physical or virtual machines and on embedded systems. Typical applications for the software include firewalls, routers, VPN, DHCP and DNS servers, and WiFi access points. The current version of the software, which is under a 2-clause BSD license, is version 21.7 (as of July 2021).

READ:  What is a TPM (Trusted Platform Module)?

Functional range of the open-source firewall distribution

OPNsense offers a huge range of functions and can be used for private as well as commercial applications up to enterprise installations. The supported functions include the usual features of a stateful firewall, virtual private networks (VPNs), captive portals, traffic shaping, caching proxy, intrusion detection and intrusion prevention (IDS and IPS), and much more. The software is operated via a modern graphical web interface with multi-language support, integrated help, and fast navigation via the search function.

The status of the firewall can be quickly checked via the provided dashboard. The Captive Portal can be used for hotspots and allows enforcing authentication for access to the network. Supported VPN technologies include SSL, IPsec, OpenVPN, L2TP, and PPTP. To ensure high firewall availability, OPNsense provides automatic backups and hardware failover using the Common Address Redundancy Protocol (CARP).

Multiple firewalls can be operated in a failover group, seamlessly taking over the function of failed firewalls in case of problems. Supported functions of the caching proxy include category-based web filters, access control lists (ACLs), and the integration of antivirus solutions via the ICAP interface. The software’s range of functions can be expanded almost at will via plug-ins. The weekly security updates can be installed via secure update mechanisms.

READ:  What is TKIP (Temporal Key Integrity Protocol)?

Advantages of OPNsense

The open-source firewall distribution OPNsense offers numerous advantages like:

  • Freely available software – usable for commercial or private purposes
  • Easy to install, regular security updates
  • Large community of supporters on the net
  • Huge range of functions comparable to many commercial products
  • Easy to use via web interface
  • Graphical dashboards for displaying the firewall status
  • Applicable for small and large installations
  • Continuous development of the software
  • Arbitrarily expandable and customizable via plugins
  • High availability thanks to automatic hardware failover and backup mechanisms
  • Executable on different hardware and on virtual machines or embedded systems
  • Freely available, detailed online user manual