Dutch company Deciso forked pfSense over code quality and transparency concerns after years of sponsoring it. Netgate, pfSense's owner, responded by registering opnsense.com to discredit the fork — and lost a WIPO domain dispute.
OPNsense is a FreeBSD-based firewall and routing platform (originally based on HardenedBSD) featuring a web-based management interface, stateful packet filtering, VPN (OpenVPN, WireGuard, IPsec), intrusion detection (Suricata), web proxy, DNS services, and a plugin framework. It uses an MVC architecture with Phalcon PHP framework.
pfSense had been the go-to open-source firewall since it forked from m0n0wall in 2004, turning FreeBSD into a capable firewall and router platform. Deciso, a Dutch networking company, had been one of pfSense's major sponsors and contributors for years. But by 2014, they'd had enough.
The issues were both technical and political. Deciso didn't enjoy the code quality — pfSense's codebase had become monolithic and difficult to maintain, with ad-hoc development practices that made contributing upstream painful. But the bigger problem was transparency. After Netgate acquired a majority stake in pfSense, the project's direction became opaque. Tools disappeared from GitHub without warning, and the pfSense trademark was increasingly used to fence off competitors rather than build community.
In January 2015, OPNsense launched. Deciso took the pfSense codebase and rebuilt significant portions, implementing the MVC (Model-View-Controller) architecture pattern, adding a plugin framework, switching to HardenedBSD as the base for improved security, and introducing weekly security updates instead of pfSense's irregular release cycle.
Netgate's response was... aggressive. In what became one of the most petty moves in open-source history, Netgate registered the domain opnsense.com and used it to redirect to critical content about OPNsense. In November 2017, a World Intellectual Property Organization (WIPO) panel ruled that Netgate had acted in bad faith and ordered the domain transferred to Deciso.
The rivalry continued with Jim Thompson, Netgate's co-owner, publicly accusing Deciso of 'waging an attack on pfSense' and 'attempting to use controversy to market their work.' Meanwhile, when m0n0wall (the grandparent project of both pfSense and OPNsense) shut down in February 2015, its creator Manuel Kasper directed users to OPNsense — a pointed endorsement that didn't go unnoticed.
Today both projects maintain active user bases, but OPNsense has gained significant ground, particularly in Europe. Its more frequent updates, better plugin architecture, and the ongoing drama around Netgate's licensing practices (including the CE+ controversy) have steadily pushed users toward the fork.
pfSense forked from m0n0wall as an open-source firewall platform
Deciso decides to fork pfSense over code quality and transparency concerns
OPNsense launched with restructured codebase and weekly security updates
m0n0wall shuts down; creator Manuel Kasper directs users to OPNsense
WIPO rules Netgate registered opnsense.com in bad faith; domain transferred to Deciso
OPNsense provided a serious alternative in the open-source firewall space, particularly for organizations that needed more frequent security updates and better code architecture. The project's MVC framework and plugin system made it significantly more extensible than pfSense's monolithic architecture.
The fork also exposed the risks of corporate governance in open-source firewall projects. Netgate's aggressive trademark enforcement and bad-faith domain registration backfired spectacularly, generating sympathy for OPNsense and raising questions about pfSense's commitment to open-source principles.