I don't understand why PFSense and OPNsense use FreeBSD and not OpenBSD which comes with a more advanced version of PF.
Is there any reasonable explanation for their choice? I'm using FreeBSD myself but not as a router. If I should choose an OS for router, I'd probably go with OpenWRT or OpenBSD.
Another lover of PFSense here. I started out with M0n0wall, but there were a few items that drove me to pfSense ultimately (the slightly strange way setting up rules/port forwards, and the need for different IPSEC encryption algos for a corporate firewall connection.) I have pf humming along on an older Alix2d3 kit, and have had ZERO problems. I now see that there's a more powerful APU board that will be my upgrade path when this box dies, or I upgrade my internet beyond ~50mbps -- whichever comes first.
The statement that the "pf" in OpenBSD is "better" isn't necessarily true. The "pf" in FreeBSD and pfSense is a bunch faster, even on single-core.
the IPsec in FreeBSD and pfSense (especially AES-GCM) is also, much faster than that found in OpenBSD.
OpenBSD has a problem: it doesn't scale on multi-core CPUs, and the world has gone multi-core. FreeBSD took years to get this right (forking Dragonfly along the way due to disagreement about the MT model.)
I remember years ago we had a problem with pfSense because the way FreeBSD had implemented carp wasn't quite correct (WRT failover and groups of interfaces, IIRC). We had been relying on specific documented behavior in OpenBSD as we deployed OpenBSD firewalls, and whenwe switched to pfSense this bit us. There were workarounds at least.
Is there any reasonable explanation for their choice? I'm using FreeBSD myself but not as a router. If I should choose an OS for router, I'd probably go with OpenWRT or OpenBSD.