I had so much trouble getting opnsense to work with Frontier fiber. Apparently Frontier does a non standard thing with their DHCP packets by tagging them as VLAN 0 and opnsense DHCP client was just silently dropping those. OpenWRT and Frontier’s router were fine. After three days I figured it out and now just have to compile my own version when I upgrade. I did submit a PR but not sure if it made it into a release.

Is something like that really that necessary though, sure it has a lot of features but for a simple router it takes 15mins to follow a guide on openbsd.org to set up a simple router which works really well and is really secure.

Given GP's question, they're likely not someone who would spontaneously whip up an openbsd router.

Maybe they don't care to fiddle with a command line, read up on dhcp servers, ipv6 router advertisements, pf configuration and what have you. In such a case, throwing opnsense on some machine, clicking around on three pages and calling it a day isn't that bad.

The experience is close enough to an off-the-shelf router (except for the installation part), all the while getting a much better security situation.

I actually found it easier understanding the openbsd router than pfsense when I tried it. The abstraction confused me personally.

Definitely the best choice. You will still need APs for wireless, but they're behind your OPNsense firewall, so not connected directly to WAN like AP+router combos.

An internal AP in a gateway device isnt "directly connected to WAN" any more than an external AP.

In both cases it is behind a firewall (and NAT, if applicable).