Open Source Firewall: OPNsense

ID N0WHERE:25616
Type n0where
Reporter N0where
Modified 2017-02-02T05:20:58


Open Source Firewall: OPNsense

OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.

OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining familiar aspects of both m0n0wall and pfSense. A strong focus on security and code quality drives the development of the project.

OPNsense offers weekly security updates with small increments to react on new emerging threats within in a fashionable time. A fixed release cycle of 2 major releases each year offers businesses the opportunity to plan upgrades ahead. For each major release a roadmap is put in place to guide development and set out clear goals.

The feature set of OPNsense includes high-end features such as forward caching proxy, traffic shaping, intrusion detection and easy OpenVPN client setup. The latest release is based upon FreeBSD 10.2 for long-term support and uses a newly developed MVC-framework based on Phalcon. OPNsense’s focus on security brings unique features such as the option to use LibreSSL instead of OpenSSL (selectable in the GUI) and a custom version based on HardenedBSD. The robust and reliable update mechanism gives OPNsense the ability to provide important security updates in a timely fashion.

Open Source Firewall: OPNsense

OPNsense Core Features

  • Traffic Shaper
  • Two-factor Authentication throughout the system
  • Captive portal
  • Forward Caching Proxy (transparent) with Blacklist support
  • Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
  • High Availability & Hardware Failover ( with configuration synchronization & synchronized state tables)
  • Intrusion Detection and Prevention
  • Build-in reporting and monitoring tools including RRD Graphs
  • Netflow Exporter
  • Network Flow Monitoring
  • Support for plugins
  • DNS Server & DNS Forwarder
  • DHCP Server and Relay
  • Dynamic DNS
  • Encrypted configuration backup to Google Drive
  • Stateful inspection firewall
  • Granular control over state table
  • 802.1Q VLAN support
  • and more.. see features

Supported hardware architectures

OPNsense® is available for x86-32 (i386) and x86-64 (amd64) bit microprocessor architectures. Full installs on SD memory cards , solid-state disks (SSD) or hard disk drives (HDD) are intended for OPNsense.

While the range of supported devices are from embedded systems to rack mounted servers, we recommend to use a 64-bit versions of OPNsense, if the hardware is capable of running 64-bit operating systems. It is possible to install and run 32-bit (x86-32, i386) versions of OPNsense® on 64-bit (x86-64, amd64) PC hardware, but we do not recommend it, especially not for new deployments.

Hardware requirements

For substantially narrowed OPNsense® functionality there is the basic specification. For full functionality there are minimum, reasonable and recommended specifications.


The minimum specification to run all OPNsense standard features that do not need disk writes, means you can run all standard features, expect for the ones that require disk writes, e.g. a caching proxy (cache) or intrusion detection and prevention (alert database).

Processor | 500MHz single core cpu
RAM | 512 MB
Install method | Serial console or video (vga)
Install target | SD or CF card with a minimum of 4GB, use nano images for installation.

Table: _ Minimum hardware requirements _


The reasonable specification to run all OPNsense standard features, means every feature is functional, but perhaps not with a lot of users or high loads.

Processor | 1 GHz dual core cpu
RAM | 1 GB
Install method | Serial console or video (vga)
Install target | 40 GB SSD, a minimum of 1GB memory is needed for the installer to run.

Table: _ Reasonable hardware requirements _


The recommended specification to run all OPNsense standard features, means every feature is functional and fits most use cases.

Processor | 1.5 GHz multi core cpu
RAM | 4 GB
Install method | Serial console or video (vga)
Install target | 120 GB SSD

Open Source Firewall: OPNsense Documentation

Open Source Firewall: OPNsense Download