VYOS vs PFSense again….

gfxrelay

VYOS vs PFSense again….
Hi, thanks for a really awesome product. I am starting a new VYOS vs PFSense thread. We have 7 sites that needs to be connected over a full mesh WAN link. One interface on the server will connect to the WAN while a different one will connect to the internet. I am scoured the internet for a comparison, but I can't seem to find a decent answer. The solution needs to act as both a firewall and a router, but the main concern is performance. Without being biased which one would be better and routing heavy volumes of traffic (Voice as well as Video)

GomezAddams

Did you mean to say that one interface will connect to the Internet and one will connect to the LAN?

I assume you want to create mesh IPSEC vpns over the Internet to create a WAN between sites.

For internet speeds of 500Mb/sec or less, pfsense will easily handle the Internet routing and NAT (given powerful enough hardware). The encryption depends on how many sites you have running data at the same time. I have no experience with doing IPSEC on pfsense, but I assume that pfsense can use multiple cores for handling multiple VPN encryption streams. Anyone know for sure?

I would not use pfsense for inter-VLAN routing at each location. Use a layer 3 switch for that.

You'll also need to be concerned about routing protocols. For seven sites, static routing is going to get cumbersome. You'd want OSPF or (my preference) BGP. I've not used either in pfsense, so I can't comment on how well they work, or how easy it is to implement.