I recently dumped opnsense because they took a stand against a few things I was trying to do (ex, webUI on wan port IIRC) which make sense at a high level. But I _HATE_ devices that think they know better than me. I was trying to configure it on a _LAN_ such that the identified WAN side was actually my local lan, and I spent an hour hacking it to work and was like "you know if they can't get this shit right i'm out". There are a lot of places in the technology world where someone who thinks they understand my use case makes a decision based on some narrow world view because they can't understand that not everyone trying to use their product is some idiot home user using it for their home network.
I've been a fan of opnSense for a few years now - I'm actually using it as the WAN device for our office, as well as a VPN concentrator in other contexts.
Some recent changes are driving me up the wall though - their new UIs for configuring VPNs (IPSEC and OpenVPN) are far less intuitive than what they've termed the 'legacy' UI and I note that recent versions have introduced a firewall rule migration feature that I'm not touching with a 9-ft barge pole.
These changes are making me wary about using opnSense in future, which is a pity because other than pfSense there isn't really a fully-featured, open-source firewall OS that comes close to matching it (and pfSense has its own issues). Linux is great and all - and I do use it for routing/firewall/VPN in places on our network - but there doesn't seem to be a dedicated network appliance distro that bundles in a comprehensive Web UI. Apart from OpenWRT and its ilk, but I'm not convinced that that's suitable for enterprise deployment.
