When deciding on software to run on a hardware firewall, there are currently two main contenders: pfSense, which has been around for a long time, and OPNsense, which started out as a fork of pfSense. Both are fairly similar in scope and how they function underneath the GUI, so you might be wondering why you would choose one or the other. After all, if two things perform similarly, isn't it a coin toss between them? Well, strictly speaking, yes, but there are some reasons why you would want to choose one ahead of the other, especially if you have strong feelings about open-source software.

Either will put your home lab in safe hands

When it comes down to it, firewall software doesn't deviate that far from each other. That's especially true here, as OPNsense started life as a fork of pfSense, so they're functionally similar. Both have advanced features like VLAN support and the ability to run built-in VPNs and are essentially enterprise-grade router and firewall packages that don't lock anything away from the end user.

Both pfSense and OPNsense are a cut above the software running on most consumer routers. You'll be able to set up network monitoring, intrusion detection suites like Snort, and load balancing with multi-WAN support. All of these are features you might want to start learning about once you've got your basic network rules set up, and you don't need to jump into the deep end right away.

Also, because you install the router software onto hardware that's better quality than consumer gear, you gain the benefits of reliability and uptime. Your custom router and firewall will even outlast the hardware you're installing it on, as you can easily export your configuration for easy setup on new hardware in the future.

OPNsense is the better option for open-source enthusiasts

pfSense has been moving away from being truly open-source since its acquisition

OPNsense forked from pfSense in late 2014 and early 2015, citing a long list of reasons (and grievances) against continuing with pfSense and its less-than-transparent actions following a majority share purchase by NetGate. The open-source community didn't like proprietary code being included in pfSense and was shut out from decisions in its development process, while OPNsense kept true to the open-source ethos and beginnings.

Now, while there's nothing stopping companies from commercializing open-source projects in this way, Deciso, the Dutch company responsible for the fork to OPNsense, objects to some things pfSense has decided to do.

Part of that is the push for pfSense Plus, a paid-for version of the software that receives more regular security updates and diverges in feature set. Part of that is some shady behavior by pfSense/NetGate, when the company registered a fake domain claiming to be OPNsense and tried to damage OPNsense's reputation. That's more than enough to put a dark cloud over pfSense in the home lab community, but OPNsense is regarded as having a better-designed UI, so why would you pick the inferior product?

Again, both will do the core functions you want from a firewall, even without paying for pfSense Plus and its paywalled features. But only one of the two companies is living up to its open-source promises, and that should be enough to sway you towards OPNsense.

Either pfSense or OPNsense will protect your home lab, but only one is truly open source

If you don't particularly care about open-source ethics and the surrounding community, either of these custom firewall software packages will do the job you want it to do. Both have tons of tutorials and guides online to get them running how you want, and both are very close in feature set. But, OPNsense is still true to the open-source nature of m0n0wall, the firewall management GUI that spawned both pfSense and OPNsense and the only software to get the mark of approval from the developer behind m0n0wall in the first place.