OPNsense is an open source, easy-to-use and easy-to-build HardenedBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining familiar aspects of both m0n0wall and pfSense. A strong focus on security and code quality drives the development of the project.
OPNsense offers weekly security updates with small increments to react on new emerging threats within in a fashionable time. A fixed release cycle of 2 major releases each year offers businesses the opportunity to plan upgrades ahead. For each major release a roadmap is put in place to guide development and set out clear goals.
Our mission is to make OPNsense the most widely used open source security platform. We give users, developers and business a friendly, stable and transparent environment.
The project's name is derived from open and sense and stands for: "Open (source) makes sense."
OPNsense Core Features
- Traffic Shaper
- Two-factor Authentication throughout the system
- Captive portal
- Forward Caching Proxy (transparent) with Blacklist support
- Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
- High Availability & Hardware Failover ( with configuration synchronization & synchronized state tables)
- Intrusion Detection and Prevention
- Build-in reporting and monitoring tools including RRD Graphs
- Netflow Exporter
- Network Flow Monitoring
- Support for plugins
- DNS Server & DNS Forwarder
- DHCP Server and Relay
- Dynamic DNS
- Encrypted configuration backup to Google Drive
- Stateful inspection firewall
- Granular control over state table
- 802.1Q VLAN support
- and more.. see features
The feature set of OPNsense includes high-end features such as forward caching proxy, traffic shaping, intrusion detection and easy OpenVPN client setup. The latest release is based upon HardenedBSD 11.2 for long-term support and uses a newly developed MVC-framework based on Phalcon.
OPNsense’s focus on security brings unique features such as the option to use LibreSSL instead of OpenSSL (selectable in the GUI) and a custom version based on HardenedBSD.
The robust and reliable update mechanism gives OPNsense the ability to provide important security updates in a timely fashion.
OPNsense is developed by a professional core team and a large group of community members. The international core team currently consists of three people. The core team determines the project roadmap, it’s technical foundation and coding guidelines.
Core Team Members
An experienced software architect with avid interest in operating systems and firewalls.
Consultant, developer and engineer with a focus on quality. First time right.
A creative thinker with over 15 years of experience in networking and telecommunications.
Cofounder of HardenedBSD with 15 years experience in information security
OPNsense is licensed under an Open Source Initiative approved license. OPNsense is and will be available with the simple 2-clause BSD license. We believe an open source project should provide the sources and the tools to build it.
Other companies and parties are encouraged to join our effort and create a thriving community to make OPNsense as successful as it can be.