Return to Level1Techs.com

Vyos vs Pfsense

I was watching some nice little videos on building a router/switch with 10GBE and 1GBE using Vyos. The CLI seems to make a fair bit of sense and the claim seems to be that it outperforms on comparable hardware.

Anyone here have personal experience w/ Vyos?

Thanks,
R.

1 Like

I am a pfSense user and if I recall correctly, Vyos was forked and became the basis for Ubiquiti's routers, with which I am also familiar.

Both of these options provide similar capabilities, so I would say that the differences are a matter of focus. First and foremost, pfSense is a firewall, which also happens to have routing capabilities. On the other hand, Vyos is a router, which also provides firewall functionality. Of the two, pfSense has far more built-in capability and functionality. But, both present the user with a command line, so at the end of the day, the only real limitation of either is your imagination.

I have used VyOS for several years and Vyatta since about 2010. It is very fast and very reliable. The configuration language is similar to Juniper Networks products. VyOS was created when Brocade stopped providing open source versions of Vyatta, the last open source version was forked into the VyOS project. I have not found anything better on the open source market.

@BarkingMad is correct about the difference of focus, although I cannot speak to the difference in capability between the two since I do not use pfSense. VyOS has a concept of firewall zones and interfaces/networks are assigned to zones (i.e. public, DMZ, private). This does a great job of abstracting the rules from the zones so the administrator can focus on what the rules are supposed to do for a zone separately from which interfaces participate in the zones. At the end of the day, both of them just configure the Linux kernel firewall to behave as you have requested. Neither distribution can exceed the capabilities of the kernel firewall.

One thing that VyOS does that pfSense does not is the ability to configure Quagga/Zebra. This is routing stack that provides routing protocols such as RIP, OSPF, BGP, VRRP and others. An example of using these would be if you had three sites with unreliable VPNs between them. Router protocols send announcements over available links, allowing other routers to know what other sites can be reached at any given time. It's very different than what a firewall does, which is block or allow packets to pass.

The best thing to do is to try both, or at least read the parts of the manual that you believe you will need. Get familiar with the configuration syntax and do some searches for questions on google to see where you find better support for the kinds of questions you will need help with.

4 Likes

Another couple of options is to use just Linux, or to run e.g. OpenWRT x86.

pfSense is bolted on top of FreeBSD, depending on hardware you have, drivers might be a problem

I just googled Vyos since I have never heard of it before and one of the results is https://www.vyos.net/ which gave me a browser warning due to a wrong certificate, that says it all for me. :smile:

1 Like

Lol.

Try https://vyos.io

Well, I filed the bug about the vyos.net cert yesterday morning, and yesterday afternoon it was fixed.

4 Likes

Just in case this thread still relevant to anyone, the vyos community forum has a thread where people discussed performance on 10g routers.
I personally haven’t used it with 10g router, but may be some one will find it useful.

Link please!

I think the original poster has been gone awhile.

If you’re interested in routing operating systems or networking, please create a new thread.