for monitoring, I set up an elk stack on my main home server using containers, and use something like this: (note: not my github repo but a good example of the methods used).Then just import one CA cert on all my clients. last but not least pfsense has a nice certificate management UI, so I use pfsense for the CA for my internal network so I can replace any self-signed certificates.vlans and sub-interfaces - lets me segregate traffic, apply different policies, protect my main internal network from IOT devices, etc.dual stack ipv4/ipv6 networking (dhcpv6-pd support on pfsense works with my ISP, Comcast - it delegates a /56 for business class, or a /64 for residential).whole network ad blocking with pfblockerng (gives you the same sort of behavior as with pihole, just built into your firewall's DNS resolver rather than a standalone DNS server).Dynamic DNS client (I use google domains which it has a client for).OpenVPN server for my remote access needs.traffic shaping (helps eliminate buffer bloat / latency spikes on upload saturation) - see.DNS (with DNS over TLS upstream, and bonus it registers your DHCP client hostnames in your local zone).I will give it another try in a few months probably. Opnsense is intriguing to me, but I don't believe there's feature parity yet for all the workloads I run on my pfsense box. ![]() While I appreciate a free product like OPNsense and pfSense, I also donate to FOSS programs/services that I regularly use, so I'd donate the $50 a year just the same to the other choices as I would pay the $50 a year for Untangle, which equals the playing field on that front. Now, I see Untangle lose out a lot because it's not free.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |