[GTALUG] Debian Linux as-a-router Guide

Alvin Starr alvin at netvel.net
Thu Sep 7 12:45:47 EDT 2023 

On 2023-09-07 12:21, James Knott via talk wrote:
> On 2023-09-07 11:33, Val Kulkov via talk wrote:
>> On Thu, 7 Sept 2023 at 11:06, James Knott via talk <talk at gtalug.org> 
>> wrote:
>>
>>     A friend of mine is moving to pfSense or OPNsense, from OpenWRT.
>>
>> I am curious what OpenWRT didn't provide that pfSense or OPNsense do 
>> provide.
>
> Quite a lot.  pfSense (OPNsense is a fork of pfSense) is closer to the 
> "real" routers from companies like Cisco.  For example, it supports 
> routing protocols such as OSPF & BGP, which you are not likely to find 
> in consumer grade routers.  On my own network, I have 4 Ethernet ports 
> on my router, with one connected to my WAN.  One is my main LAN, which 
> also has a VLAN for my guest WiFi.  I also have a test LAN and another 
> connected to my Cisco router.  I run IPv4 & IPv6 and can also use 
> OpenVPN for remote access.  I have a DNS resolver, which goes directly 
> to the root DNS servers, an NTP server, connected to 3 stratum 1 
> servers and 3 stratum 2 servers.  It provides stratum 2 to my LAN.  It 
> can do a lot of other things that I haven't even bothered with.  I 
> have a separate access point for WiFi.
>
> There's really no comparison.
Being closer to Cisco is not an advantage in my books.

OpenWRT is a Debian based distribution that has been tuned to run in a 
small footprint that usually comes with consumer appliances but it is by 
no means limited to just that form factor.

Out of the box OpenWRT is quite basic but there are something like 9000 
software packages available to be installed.
These include things like Quagga(BGP/OSPF et al), Openvpn, Wireguard, 
IPSEC, Vlans and oddre things like VOIP packages and docker.

In general if you can find it in a mainstream linux distro you will find 
it in OpenWRT.

The GUI is ok but I have not seen many firewalls with good UI's

As pointed out the  minimum server size has grown over the years and the 
latest versions will not run on my 10 year old d-link vpn firewall 
appliance but I doubt that OPNsense would either.

There are lots of reasons to not like OpenWRT, as is true of just about 
any router OS,  but lack of core functionality is not really one of them.


-- 
Alvin Starr                   ||   land:  (647)478-6285
Netvel Inc.                   ||   Cell:  (416)806-0133
alvin at netvel.net               ||
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20230907/499aa817/attachment.html>

More information about the talk mailing list