I prefer OpenBSD, but for routers that gotta go fast, FreeBSD has better / more performing drivers.
The reason I prefer a pure freebsd base is because pfsense holds your hands to a really bad degree (particularly for ipv6 - last I tried, a few years ago, it had some insane rules that go against IEEE standards, like blocking some ICMPv6 traffic that IEEE said should be open, IIRC) and more importantly, because pfsense is buggy AF.
One of my previous employers was running pfsense and the router kept breaking. They had backups, but they got so pissed, they switched to Fortigate (). And in my own router, with no additional fancy packages or anything, basically as close to pure pfsense as you can get, a major upgrade broke the GUI and I wasn’t able to fix it.
I always updated through SSH in that Update menu (because updating through the WebGUI, guess what, was also buggy!). The original version I had was 2.4. I only upgraded through the GUI once or twice and when I saw the upgrade got interrupted in the middle, I stopped using the GUI upgrade and only upgraded via SSH through the pfsense provided upgrade menu.
Pfsense broke from 2.5 or 2.6 to either → 2.6 or 2.7, I don’t remember. I never had a broken upgrade in the CLI, but after a reboot, I was prompted by a blank web page. All my services like openvpn and the pf rules work flawlessly, but that’s thanks to the awesome freebsd backend, as the pfsense web server (probably some php pages) are toast.
I can still update via SSH just fine, but I can’t change anything in the pfsense GUI (because the web interface is broken, duh!). I don’t know if I can just change stuff on the command line, I never tried messing with packages or configurations in CLI (mostly because idk how pfsense works, like if it has some config file that always loads the saved configs during reboot, or what).
I can’t migrate it, because the server is over the pond. I could ask a family member there to slap a USB stick in a laptop to make a freebsd or openbsd installer and insert it in the server, but I’d need to literally guide them on how to install it and how to configure a VPN so I can connect to it. Which is not something I want to even deal with.
And yes, I tried the troubleshooting / repair section instructions, none worked. Which I assume would be because of the broken php configs, which do not get overwritten by the repo version (note: I never touched the web server files, in fact, the server has been running without any package or configuration change for at least 2 years, then borked itself after an upgrade).
tl;dr it’s full of bugs, don’t use pfsense. I think opnsense would be on-par on that. When it’s fresh installed, it works fine, but if you upgrade and something goes wrong, you’re SOL.