Alternative Home Firewall/Router OS

[xiaofan]

It seems to me OpenWRT, pfSense and OPNSense are more popular open source OS for Firewall/Router, even though you may say OpenWRT is probably not as sophisticated as pfSense/OPNSense a firewall OS.

OpenWRT is good that it has good supports of wireless compared to pfSense/OPNSense. It also has better support of different architecutre CPUs (x86, ARM, MIPS, etc). Popular low cost routers like Linksys EA7500 v2 and EA8100 v1 (free router from Starhub) are now supported by OpenWRT.

What are the alternatives for home use? What is your experience? Both open source and low cost non open source solutions can be included.

OpenWRT: https://forums.hardwarezone.com.sg/threads/openwrt-router-firmware.5967482/
pfSense: https://forums.hardwarezone.com.sg/threads/starting-pfsense-for-new-users.6390714/

 

[xiaofan]

Untangle seems to be an option as a low cost solution.

Sophos UTM and XG have free edition as well.

MikroTik Router OS may be another option as they sell license as well for you to install on x86 machines.

 

[xiaofan]

For the other free solutions, I've read about the following. All of them are based on Linux so Hardware support may be better than pfSense and OPNsense which are based on FreeBSD.

1) IPFire (I am interested in this as it supports Raspberry Pi 4/400. I have installed it as Virtual Machines to play with).

2) Vyos (seems to have more advanced features).

3) Endian Firewall (community edition is free)

4) ClearOS

 

[xiaofan]

I also read there are people who use plain Linux distros and then add firewall configuration utilities (eg: gufw, Shorewall, etc) and router replated packages to use as a router/firewall. There are also people who use FreeBSD (with pf or ipfw) and OpenBSD (with pf) as well.

 

[firesong]

For the other free solutions, I've read about the following. All of them are based on Linux so Hardware support may be better than pfSense and OPNsense which are based on FreeBSD.

1) IPFire (I am interested in this as it supports Raspberry Pi 4/400. I have installed it as Virtual Machines to play with).

2) Vyos (seems to have more advanced features).

3) Endian Firewall (community edition is free)

4) ClearOS

EdgeOS is a Vyatta (VyOS) fork.

 

[xiaofan]

I am not going to try all these as I am more familiar with OpenWRT/pfSense. But I am kind of interested in ipfire due to the support of Raspberry Pi (Linux based).

Just did a quick installation as a PVE VM on my J4105 mini PC as a test and it seems to perform well enough. The speed is basically the same as if I am using a physical router. As it is Linux based the virio driver performs well, unlike FreeBSD based pfSense.

Feature wise ipfire seems to lose to pfSense.

Test setup: PVE host -- ipfire vm -- wireless AP -- laptop

 

[loganrunning]

Am using FreshTomato on older consumer routers.
also works well on older Asus routers which are no longer supported by Merlin or it's forks.

simple yet with sufficient features above the original firmware

 

[xiaofan]

Am using FreshTomato on older consumer routers.
also works well on older Asus routers which are no longer supported by Merlin or it's forks.

simple yet with sufficient features above the original firmware

Ah, that is another good choice for old routers. I used to run Tomato FW for my two Linksys WRT54G units.

Freshtomato supports many old Asus/Netgear/Linksys routers, D-Link DIR-865L/868L are also supported.
https://wiki.freshtomato.org/doku.php/hardware_compatibility

 

[xiaofan]

DD-WRT is another more popular choice for old routers.

For example, it has support for the D-Link DIR-868L (free router from Starhub). It also has support for many Asus/Netgear/D-Link/TP-Link routers.
https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices

 

[loganrunning]

DD-WRT is another more popular choice for old routers.

For example, it has support for the D-Link DIR-868L (free router from Starhub). It also has support for many Asus/Netgear/D-Link/TP-Link routers.
https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices

unfortunately, WIP (for a long time) for DIR-865L and RT-AC1200G+

edit: these 2 work well as AP-switches though.
DIR-865L is supported on FreshTomato, but LAN/WAN throughput is limited (no CTF). ok as a standby router for it's price.

 

[xiaofan]

For some non-Asus routers, they may be ways to flash Asus FW (or Merlin or Asus Mod FW) on the router, for example, D-Link DIR-868L is one of the supported routers. Please refer to the DIR-868L thread.

NETGEAR RAX80 and R6800/R7000 are examples of Netgear routers which are supported.

Ref: alternative Asus Mod FW (not Merlin)
https://github.com/koolshare/rogsofthttps://github.com/SWRT-dev/softcenterarm

 

[loganrunning]

For some non-Asus routers, they may be ways to flash Asus FW (or Merlin or Asus Mod FW) on the router, for example, D-Link DIR-868L is one of the supported routers. Please refer to the DIR-868L thread.

NETGEAR RAX80 and R6800/R7000 are examples of Netgear routers which are supported.

Ref: alternative Asus Mod FW (not Merlin)
https://github.com/koolshare/rogsofthttps://github.com/SWRT-dev/softcenterarm

there may be some legal/IP issues, so while it technically be done...... the enforcement will depend on the rights holders. the issue has not been forced here, so the outcome not been decided in our jurisdiction, yet.

 

[loganrunning]

to add on, i don't think Asus will be doing speculative invoicing, but I'm not an insider, so it's just pure speculation lol

 

[xiaofan]

I also read there are people who use plain Linux distros and then add firewall configuration utilities (eg: gufw, Shorewall, etc) and router replated packages to use as a router/firewall. There are also people who use FreeBSD (with pf) and OpenBSD (with pf) as well.

Just came across this one, based on OpenBSD.
https://github.com/sonertari/UTMFW
(Note: the other OpenBSD based distro has just been discontinued: https://securityrouter.org/wiki/Main_Page)

And this one, based on FreeBSD (NanoBSD)
https://bsdrp.net/features

 

[xiaofan]

I am not going to try all these as I am more familiar with OpenWRT/pfSense. But I am kind of interested in ipfire due to the support of Raspberry Pi (Linux based).

Just did a quick installation as a PVE VM on my J4105 mini PC as a test and it seems to perform well enough. The speed is basically the same as if I am using a physical router. As it is Linux based the virio driver performs well, unlike FreeBSD based pfSense.

Feature wise ipfire seems to lose to pfSense.

Test setup: PVE host -- ipfire vm -- wireless AP -- laptop

Similar good performance for ipfire under ESXi.

Test setup: ESXi 6.7 host (N4500 mini PC with lousy Realtek RTL8168 gigabit Ethernet adapter and USB to gigabit adapter with ASIX AX88179) -- ipfire vm -- wireless AP -- laptop

 

[xiaofan]

Interesting read: Linux/BSD based firewall solution: I guess OPNSense and pfSense are the king of open-source firewall software now (BSD based).
https://teklager.se/en/best-free-linux-router-firewall-software/
In the end, the author recommends the following 4.
1) OPNsense
2) OpenWRT
3) pfSense
4) IPFire

Final verdict from the author:
+++++++++++++++++++++++
In short, if you plan to use WiFi in your router, choose OpenWRT. It has the absolute best support for wireless of all systems we have tested.

If you don't need WiFi support or are planning to use separate Access Points, we recommend OPNSense or pfSense.

+++++++++++++++++++++++

 

[xiaofan]

It is interesting that we have pfSense and OpenWRT thread here, but only one OPNsense thread (and a special case only).
https://forums.hardwarezone.com.sg/...wall-on-old-hardware-with-single-nic.6675808/
The interface of OPNsense seems to be very different from pfSense. Some people thinnk the OPNsense interface is more modern but I actually think they are not much different.

OPNsense introduction tutorial:
https://homenetworkguy.com/how-to/set-up-a-fully-functioning-home-network-using-opnsense/

The guy seems to have quite some nice articles about OPNsense, like the following.
https://homenetworkguy.com/how-to/ways-to-secure-access-to-opnsense-and-your-home-network/

 

[xiaofan]

Interesting comparison of OPNsense 23.1 versus pfSense CE 2.6.
https://homenetworkguy.com/review/detailed-comparison-between-opnsense-and-pfsense/
Now that OPNsense 23.7 and pfSense CE 2.7 have been released, some of the above may be a bit outdated.

 

[xiaofan]

Another comparison of OPNsense vs pfSense in 2022 so some of the info may be outdated.

 

[xiaofan]

Comparison of pfSene CE/Plus, Arista Untangle, Unifi, Sophos, Fortigate and Meraki in April 2023