this post was submitted on 27 Jul 2024
85 points (96.7% liked)

Selfhosted

39948 readers
309 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hiya, just getting into networking and recently completed my Tp-link Omada stack, which I'm very pleased with. Have heard great thing about all three mentioned services above, but struggle to understand which to go for. Do they have different use cases? Is one easier than the other? Which one is recommended to begin with?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 42 points 3 months ago (2 children)

pfSense and OPNsense are firewalls. OpenWRT is router firmware. They're all open source - to varying degrees - and they all have overlapping features and functionality.

Quick breakdown:

  • OpenWRT: originally developed as a replacement for the firmware on Linksys wireless access points. It has grown into a full Linux-based networking OS with extensible features and broad hardware support. The target devices are still mostly wireless routers/access points and the use cases it services are still mainly about wireless networking.
  • pfSense: Originally a fork of m0n0wall, it's a BSD-based firewall distribution. Designed primarily for firewall use cases, it can be loaded on bare metal or in VMs, but it's generally deployed "upstream" from wireless devices - typically it's the device that all of your network traffic passes through on the way in/out of the LAN. Extensible architecture and a rich ecosystem of plugins means that pfSense can also serve as a caching proxy, load balancer, intrusion detection server and logging host.
  • OPNsense: a fork of pfSense. Almost identical use cases. OPNsense has a more usable/modern UI, but lags slightly in support for new features and plugins.

So the question of pfSense or OPNsense is either/or - you'd typically pick one or the other. Note that I'm staying away from the political comments that will invariably come up around this comparison. It's enough to know that both have commercial offerings in addition to their open source versions and people have strong opinions one way or the other.

Either one of either pfSense or OPNsense in conjunction with OpenWRT is common, with OpenWRT on the wireless devices and pfSense/OPNsense at the egress to WAN. In your case, Omada already does what OpenWRT would do - along with some very limited versions of what you could do with pfSense or OPNsense.

It's worth noting that folks often deploy these three open source tools as a method to regain control rather than using a third party cloud based solution like Omada. No judgement, just saying that Omada is the polar opposite of the 'selfhosted' esthetic.

[–] [email protected] 1 points 3 months ago (1 children)

Just fyi; I am using the Omada system without using the cloud option, it is also selfhostable :) But thanks for the info/writeup!

[–] possiblylinux127 -2 points 3 months ago (1 children)

You are using the cloud though. They control it not you. If they push a bad update or decide to start selling your data there is nothing you can do

[–] kinetic_donor 3 points 3 months ago (1 children)

They what and what?? Generally the Omada-stack devices are just on-premises hardware that you control. If you enable automatic firmware updates, then yeah, "if they push a bad update" and all (similar to a Linux distro with auto updates enabled). To improve operations, and enable certain features, there is the "cloud-based controller" software (appliance), which is named weirdly, because it generally does not live in the cloud - you can self-host on-premises, though its core software component is a black box and not (F)OSS (also available as an actual hardware appliance). There have been instances of the devices "phoning home", though you might be able to limit that to some extent with firewall rules.

[–] possiblylinux127 2 points 3 months ago

My point is that you do not control it. If you want full untethered control, go with OpenWRT and possibly OPNsense as a firewall