I run pfSense, and I also happen to have an ASUS router running OpenVPN as well, so I feel I can give an informed position.
- for a solid 99% of users visiting this forum, pfSense will be both overkill, and significantly more confusing than an ASUS router.
- many have difficulty hooking up and configuring IP cameras
- some don't understand why port forwarding is bad
- some face difficulty getting ASUS' OpenVPN connection working
- so for many pfSense is a much greater learning curve than they should undertake
Nothing wrong with your recommendation
@Zorac but unless the user has an interest in networking (and a lot of time to spend figuring out pfSense configurations), best to keep them in the consumer products that are well understood.
Funny story
Recently my daughters boyfriend was aggravated because he had paid for Call of Duty (limited time) Beta, and he couldn't play with his friends that had "Open NAT". He didn't understand why I was so resistant to "just do what my dad does, port forward all these ports or put our computers 'outside the firewall' because that's how they got two Xboxes to work at their house" (DMZ). He meant well but I have a high security profile by choice (even though it is more effort), I at least try.
I explained none of that was necessary, we could tweak the firewall rules so the game thought the NAT was "Open" but the PCs were still shielded behind the firewall. Unfortunately, there was very little to go on, because the PC version is brand-new "in Beta", so it took longer to fix than he wanted (by reviewing the pfSense logs to figure out what traffic was being blocked to get it sorted), but it was working by the next day.
It ended up being a firewall rule, combined with a very limited UPnP rule for each Call of Duty PC (all UPnp is blocked by default so have to work backward from there), but finding someone with pfSense with the same problem on a BETA game was challenging, and me being modestly experienced in networking also confused the situation.
I don't see most forum users having the patience to deal with this kind of headache. Most would cave to the "low security profile" pretty quickly just to get things working. I believe that's why port forwarding is the "standard response" you see to questions about accessing things inside your network (elsewhere on the internet), its easier than saying "figure out how to run a VPN"!
