This weekend I have been playing with my AX6000, OpenWRT. I've been looking for it to take over some or all of the jobs that my pfsense box does.
The reasoning behind this is that my pfsense box is virtual, and that has caused me some issues over the years - It is however hardware efficient.
I have my devices all statically assigned IP addresses.
With the web wireless GUI on OpenWRT - The only way I seem to be able to see the device names is by using static hostnames.
The problem I have is that if I use OpenWRT for assigning IP addresses, I can't seem to get my pfsense box to see these names (it uses and needs to use dnsresolver), and vice versa.
Currently I have the maps on both devices, which works - But is a pain
I ditched my pfsense device, NetGate 1100, because it just couldn't keep up with my new ISP speed of 1 Gbps. I have a DynaLink AX36, so not sure of the spec comparison with th AX6000.
I have a moderately complicated home network setup. I say moderately because I run a Synology NAS behind my router. I have a Rasberry PI wireguard server, a CalDAV server, and a CardDAV server with ports open to the public internet. There's a few other tweaks too.
Anyway, I ditched my pfSense box and have been very pleased with the upgrade in network speed and I feel I haven't compromised security significantly.
I use banIP and NetworkShares packages. I backup the data folders for my Joplin, PaperMerge, Home Assistant applications on my NAS to the USB storage on my DynaLink. I have a few static leases and use quad9 as my DNS.
Depending on the complexity and security requirements of your network, I would consider just ditching your pfsense server.
I was trying to do this - Little by little. As long as openwrt could have done the same stuff. Initially (years back) I went this route because the older hardware couldn't give me enough speed on openvpn.
The current problem I have is that I need to have that pfsense box as a DNS, but passing my lan domain to openwrt to resolve doesn't seem to work. It does, directly (If I set my machines to use the openwrt as the dns) but not from the pfsense box.
From the pfsense side, I tried setting domain override and general system DNS to the openwrt box....And it either does not resolve, or takes forever to resolve
First, I'm no expert but a hobbyist, so keep that in mind. My mode is to try, usually breaking things, and then stumble upon the solution.
That said:
Are your pfsense and openwrt on different, local subnets? Use OpenWRT as your DHCP server, then set the pfsense server as your preferred DNS?
If that doesn't work, perhaps there is a routing rule that fits here for your servers and ports 53/853.
Either way, I think you're going to have to bite the bullet and set OpenWRT as your DHCP server, then reconfigure your pfsense accordingly. I imagine there's a how-to somewhere to import IPs if that's your issue.
So I've changed my setup a little, trying to get to the bottom of this. I'm half migrated between pfsense and opnsense. I've also changed my DNS to AdGuard.
The problem I have been having (rDNS) seems to be caused by the fact that I've set a 'Use Custom DNS Server' on my LAN interface of the openwrt router. If I remove this, the weird behavior/lagginess to resolve locally goes away.
The problem that I have, is that if remove that - My asus router is also unable to get external web DNS records.....Is there a way to set the DNS for just the openwrt router, without it forwarding this on to clients?
Look at the banIP package and see what it does in comparison to AdGuard. IMHO, very similar. What ekse is pfSense doing for you that you feel you need a slow transition?
Literally, I transitioned from my pfsense router + AP to 1 OpenWRT device in < 1 hour and that includes flashing OpenWRT onto the new DynaLink. That took the most time, ~30 minutes. Configuration was straight forward. Tthe only function I haven't replaced is UPS monitoring. For my home network, it's not a critical function and frankly, I haven't researched OpenWRT capabilities yet.
I've got a lot of vpn + client + selective routing.
I've ended up with opnsense + openwrt, at the moment. To be honest - I think openwrt can do basically everything, but I think they have different strengths. Having played, I much prefer the gateway grouping/policy based routing of opnsense
At the end of the day - My asus ax6000 is going to to be memory limited - I've only got around 400mb to spare. I've moved my AdGuard to a LXC container and can see that is already using 500mb
I may play around at some point with running openwrt inside a LXC container, as this has some advantages - But as of now, like I said above, I prefer the firewalling on opnsense
(I have one proxmox server + asus ax6000 and that isn't going to change)
