OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
About OPNsense
OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining familiar aspects of both m0n0wall and pfSense. A strong focus on security and code quality drives the development of the project.
Features
The feature set of OPNsense includes high-end features such as forward caching proxy, traffic shaping, intrusion detection and easy OpenVPN client setup. The latest release is based upon FreeBSD for long-term support and uses a newly developed MVC-framework based on Phalcon.
OPNsense’s focus on security brings unique features such as the option to use LibreSSL instead of OpenSSL (selectable in the GUI) and a custom version based on FreeBSD.
Core Features
- Traffic Shaper
- Two-factor Authentication throughout the system
- Captive portal
- Forward Caching Proxy (transparent) with Blacklist support
- Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
- High Availability & Hardware Failover ( with configuration synchronization & synchronized state tables)
- Intrusion Detection and Prevention
- Built-in reporting and monitoring tools including RRD Graphs
- Netflow Exporter
- Network Flow Monitoring
- Support for plugins
- DNS Server & DNS Forwarder
- DHCP Server and Relay
- Dynamic DNS
- Encrypted configuration backup to Google Drive
- Stateful inspection firewall
- Granular control over state table
- 802.1Q VLAN support
- and more…
Hardware Failover
When you cannot afford downtime use our automatic and seamless hardware failover with state synchronization utilizing the common address redundancy protocol (CARP) to get the highest possible availability.
SD-WAN
For easy setup, configuration and monitoring the ZeroTier plugin can be used to setup your Software Defined WAN within minutes.
Intrusion Detection & Prevention
Get rid of the Trojans & CNC bots with state of the art inline intrusion prevention utilizing Suricata and Proofpoint‘s Emerging Threats Open rules integrated. Optional ET PRO (commercial subscription) or ET PRO Telemetry.
Two Factor Authentication
2FA is supported throughout the system, for both the user interface and services such as VPN.
Routing Protocols
Pluggable support for OSPF and BGP using the Free Range Router project.
Web Filtering
Fully integrated web proxy with access control and support for external blacklists to filter unwanted traffic.
Other options include firewall aliases and DNS blacklisting. Block ads with ease!
Find out more here.