OpenWrt to replace pfSense?

The next gen if OpenWrt will use "fw4" which is based on nftables. Once nftables is standard, then it'll also be possible to reliably use "real" nftables (ie. using nftables scripting language). When that's the case, reactive firewalls using nftables sets, maps, and such will be very possible.

High availability by using conntrackd to duplicate connection info across backup routers is also possible.

2 Likes

I managed a pfSense firewall at our office for a couple years before switching to Meraki. I also run OpenWRT at home. OpenWRT is quite capable and upgrading hasn't been a big deal for me. I concur with other posters that the lack of things such as aliases can be annoying, but it's not a deal breaker.

If you go down this path, be advised that most of the consumer routers are small pokey little ARM or MIPS devices and aren't all that powerful. You'll almost certainly want to go x86 if you expect similar performance to pfSense hardware. I have no experience running OpenWRT on x86 hardware so unfortunately I can't offer any recommendations there.

If you can save config that is... :wink:

Hi @holunde, greetings from Germany. I would like to know your decision and the experience you had in managing your school. Did OpenWrt help?

Hi @goppinath
I had a good look at OpenWrt, and it is definitely an interesting project. It's a very fast system for one thing.
But I ended up going with OpnSense, which is also a very robust project. But it is a lot more like PfSense regarding the interface. And at the time the Wireguard support was better, so we decided to go with that. But OpenWrt is still on my radar.
And thanks for getting back to me.
danish greetings
Hans Otto Lunde

1 Like

Thanks @holunde The question comes because I wanted to find the answer to why OpenWrt limits itself only to the hobbyist level and is not even suitable for small offices or schools like in your case. Unfortunately, OpenWrt is labeled as a WiFi operating system for the very old cheap hardware. But I am not making that experience and I am using OpenWrt on the Rasberry Pi 4 as a fully-fledged home router for the 1Gbps fiber connection with SQM and AdGuard Home adblocking. The WiFi part is fully managed by the UniFi system while keeping the OpwnWrt as the main router. I have been managing several such routers for my friends and family remotely around the EU for several years now. I perform remote updates, very good responses in terms of performance, initial cost for home users, and power consumption. I am not against the Sense OSs at all but trying to find the answer to the myth. Such a wonderful project is labeled as an OS for the old hardware is not fair at all. Regards