Checkout pfSense - have used it for years after trying m0n0wall. The recommended path forward, OPNSense, is a fork of pfSense. I have not tried it, and I get their reasons for forking and many of the improvements they are making are really, really needed - BUT the community isn't there yet where pfSense has a thriving community behind it.
If one of the active pfSense developers is asking this question[1], then Manuel Kasper's OPNsense endorsement is certainly confusing without additional context. Without a doubt, the endorsement certainly carries weight given m0n0wall's impact and legacy over the years.
Outside of Manuel himself, no single person has put as much time and effort into m0n0wall as Chris Buechler has. Chris wrote most of what's on doc.m0n0.ch, and has by far the highest post count to the m0n0wall list. Chris also had a source commit bit. We host doc.m0n0.ch to this day.
Chris is honestly baffled by what Manuel wrote. It feels like a slap in the face.
Several points:
* A definitive decision with clearly defined dates.
* Acknowledgement towards successors
* The HUGE effort and endeavor to snapshot and maintain the archives for posterity.
I did similar. Had a mini atx centos box I ended up throwing on ESXi and getting it in the front of the network through some layer 2 magic. I love shorewall.
Moved to PFSense a few months ago and I cannot recommend it enough, I have it on a Thinkserver tower which hosts all my VMs on ESX and out of a second NIC comes my wifi router.
Pfsense is such a great piece of software, DNS forwarder and build in OpenVPN.
I don't understand why PFSense and OPNsense use FreeBSD and not OpenBSD which comes with a more advanced version of PF.
Is there any reasonable explanation for their choice? I'm using FreeBSD myself but not as a router. If I should choose an OS for router, I'd probably go with OpenWRT or OpenBSD.
Another lover of PFSense here. I started out with M0n0wall, but there were a few items that drove me to pfSense ultimately (the slightly strange way setting up rules/port forwards, and the need for different IPSEC encryption algos for a corporate firewall connection.) I have pf humming along on an older Alix2d3 kit, and have had ZERO problems. I now see that there's a more powerful APU board that will be my upgrade path when this box dies, or I upgrade my internet beyond ~50mbps -- whichever comes first.
The statement that the "pf" in OpenBSD is "better" isn't necessarily true. The "pf" in FreeBSD and pfSense is a bunch faster, even on single-core.
the IPsec in FreeBSD and pfSense (especially AES-GCM) is also, much faster than that found in OpenBSD.
OpenBSD has a problem: it doesn't scale on multi-core CPUs, and the world has gone multi-core. FreeBSD took years to get this right (forking Dragonfly along the way due to disagreement about the MT model.)
I remember years ago we had a problem with pfSense because the way FreeBSD had implemented carp wasn't quite correct (WRT failover and groups of interfaces, IIRC). We had been relying on specific documented behavior in OpenBSD as we deployed OpenBSD firewalls, and whenwe switched to pfSense this bit us. There were workarounds at least.
Threema is a mobile messaging app that puts security first. With true end-to-end encryption, you can rest assured that only you and the intended recipient can read your messages. Unlike other popular messaging apps (including those claiming to use encryption), even we as the server operator have absolutely no way to read your messages.
Man, this brings back memories. My first job - started out as a summer intern at an MVNO. We needed access via RDP to the host carrier's billing platform, so we needed to establish an IPSec VPN to their network. Of course, our little WRT54G wasn't gonna do the job...
Spoke with a network engineer at the host carrier, who recommended we try out m0n0wall. Played with it for a little bit, but then was led to pfSense, which we ended up using.
Of course not. I think all of the developers agreed on finishing the project and focus on the 'new generation' m0n0wall like the OPNsense.
These guys were the main contributors:
Andrew White (awhite) <andywhite at gmail dot com>
Lennart Grahl (lgrahl) <lennart.grahl at gmail dot com>
Manuel Kasper (mkasper) <mk at neon1 dot net>
Pierre Nast (pnast) <pierre at coldev dot org>