• Home
  • Blog
  • Contact
  • Projects
  • Content Mirror
  • Matrix Guide

  • Why I Switched From OpenBSD To FreeBSD

    November 1, 2023

    Last week, I had to migrate my server setup to new hardware because the network chip failed in my last server, and of course it was soldered on to the motherboard so I couldn't simply replace it. Instead of re-installing OpenBSD and just copying everything over to the new disks, I switched over to FreeBSD, replacing all of OpenBSD's built-in daemons with the more "popular" versions. For example, instead of using OpenBSD's relayd and httpd, I am now using apache24. Not surprisngly, this makes it much easier to find support for my problems online. When I get stuck with OpenBSD's daemons, finding resources online is almost impossible, but by using the standard software that everyone uses, I've found that problems get solved much quicker because there are a plethora of resources available online.

    I didn't switch just for fun, nor did I make the decision quickly or easily. For the last few years, I have been incredibly loyal to OpenBSD and I am honestly sad that I'm not still using it, because I love the simplicity of OpenBSD, and managing it in all aspects was just an absolute joy. Managing my FreeBSD install is much less of a joy in many ways, mostly because it is complex and requires lots of third-party packages to replace functionality that OpenBSD ships in its base OS.

    However, I felt that switching to FreeBSD was a necessity primarily for one reason: ZFS. I'm getting to the point in my life where I am using my home server to do important things and store important data that I simply cannot afford to lose, and after having quite a scare with potential data loss after a power outage on my OpenBSD server as well as panics due to the failing network card, I have now come to the realization that data integrity is absolutely critical. I need my data to stay intact even when the power goes out or the kernel crashes, and ZFS is the best way to ensure that. Additionally, it doesn't require offline fscks, which can take up to half an hour just due to the sheer amount of data that I have. Whenever my OpenBSD server crashes, I have to fsck the disks before any services can be started up, which prolongs the downtime.

    I know that hardware fails, which is why I like that ZFS does checksumming and corrects disk errors when configured in a mirror setup. As far as I can tell, OpenBSD's FFS does not do this. I also like that ZFS can do snapshots and send them as a stream. On OpenBSD, I would rsync my data to external disks, which worked fine, except that the backups could be inconsistent due to files changing during the copy, and I couldn't keep more backups than I had hard disks, because each hard disk in the rotation would contain the latest version of my data at the time it was backed up, and that's it. With ZFS, I can simply shut down my services, take a snapshot, and then start them up again, within about 30 seconds at most. Then I can send that snapshot to an external ZFS pool and be sure that I have a perfectly consistent backup. Additionally, the pool can store multiple snapshots cheaply, so if I accidently deleted a file, I don't have to rely on not having backed up my server since the deletion; I can safely do nightly backups and know that my accidents will not be propogated through all of my backups, because I can keep the older snapshots.

    So that's really why I switched to FreeBSD. But since I've been learning how to use it and setting things up, I've noticed a few other things as well. First, the firewall is not as unintuitive as I assumed it would be. The reason I switched to OpenBSD from Linux was because I could not figure out how to make Linux act as a router in a concise and simple manner. OpenBSD's PF promised to make this task easy, and it delivered on that promise. OpenBSD absolutely shines as a router. However, FreeBSD isn't actually too bad in the router space. I used IPFW, which has a rather similar syntax to PF in many ways, and other than having to learn how it worked, I didn't find it half bad. Sure, I still don't love it as much as OpenBSD's PF, but it gets the job done. Interestingly, IPFW rules are loaded by a regular shell script, so I can utilize variables, loops, and other shell features when writing my ruleset. I also like the me keyword, which allows the router to refer to itself in rules. The syntax is much cleaner than having to create a new PF table with self in it and then refer to the table.

    The next thing I noticed was that FreeBSD is fast. I know OpenBSD doesn't win any awards for speed, but I never realized just how slow it actually is until I switched to FreeBSD. My network speeds have increased almost twofold, and the system is just so much more responsive in every way. All the services I run on it respond so much faster, and even just using the shell over SSH is noticeably faster. Disk accesses are faster too—even though my new NAS disks are slow because they're spinning, running FreeBSD on spinning disks is still faster than running OpenBSD on an SSD.

    Another thing I like is that a lot of FreeBSD's setup for networking and service management happens in a single file, /etc/rc.conf. OpenBSD's hostname.if scheme was always odd and made it difficult to get an overview of how the network interfaces are configured. With FreeBSD's rc.conf, everything is in one place, which I find a lot more intuitive. I've also noticed that FreeBSD is much stricter with how packages are installed. On FreeBSD, everything goes under /usr/local. OpenBSD was much more liberal with this—most packages would put their configuration files in /etc instead of /usr/local/etc. It's a lot more typing, but I can appreciate the organization of FreeBSD.

    Finally, mirroring the FreeBSD package repository is much easier than the OpenBSD package repository. FreeBSD's pkg utility lets you fetch packages with pkg fetch and store them in a directory , and then pkg repo allows you to create the indices on that directory to turn it into a repository. Furthermore, I can choose to mirror only a subset of packages and their dependencies, instead of having to download the entire repository to deal with dependencies. With OpenBSD, I had to rsync the entire repository. I can certainly admire the simplicity of just making the package repository a flat directory of .tgz files, but FreeBSD's apt-style repository is so much easier to work with when creating a mirror.

    Other than these few differences, the practical differences between OpenBSD and FreeBSD are minimal. Services are managed differently, and so is full disk encryption, but the man pages are good enough on FreeBSD that I have been able to figure it out pretty quickly.

    I honestly probably would still be on OpenBSD if it had ZFS or another filesystem that offered the same protections that ZFS does. The operating system itself is still far superior in my opinion, because of its ease of use and simplicity. That might just be because I'm not used to FreeBSD yet though. I definitely think FreeBSD is a lot more complex, but it is also a lot more capable. There are so many things that I gave up when I switched to OpenBSD because OpenBSD simply did not support them, but now on FreeBSD, I'm starting to rediscover some of those things, which is nice. I'm glad that FreeBSD has more options. However, the main reason I switched is simply that I just can't risk it with my data. I need ZFS for the integrity guarantees it provides, so for that reason, I have to say goodbye to OpenBSD.

    © 2019-2024 Jordan Bancino.