I have recently tried out ipfire on my Raspberry Pi 3+, and here are few things may worth to note down.
1) Set SERIAL-CONSOLE=ON to OFF if you are using HDMI output
.2) On-board Ethernet port is known as usb: Standard Microsystems Corp. SMSC95. And the wireless/WiFi is known as sdio: brcmfmac. Hence, if you are like myself, who uses the WiFi for WAN and Ethernet for LAN, then usb: Standard Microsystems Corp. SMSC95 should be assigned to GREEN and sdio: brcmfmac for RED.
3) To access the Web Interface, you need to use HTTPS and specify the port number 444, e.g. https://192.168.60.1:444
4) Use the Wifi Client to setup the WiFi WAN
4) ipfire supports DNS over TLS (DoT). When DoT option is used, you need provide hostname. You can find popular DNS servers and their details at https://wiki.ipfire.org/dns/public-servers
5) Default firewall setup may block PakFire to connect to remote servers. When this happens, changing the default outgoing rule from DROP to REJECT may help.
If the firewall behavior operates with an blocked outgoing chain, you need to add rules for downloading packages via port 443 (HTTPS), so that IPFire itself are allowed to download packages and the icmp protocol is able to check if the IPFire server-is-alive. (https://wiki.ipfire.org/configuration/ipfire/pakfire)
Personally I think ipfire works much better than OpenWRT on my Raspberry Pi 3+. With OpenWRT, settings often fail to apply which in turns causes rollback. ipfire seems not having this issue. Also, WiFi seems to be much stable too.
However, I won't say it is better than OpenWRT or vice versa. There are features offered in one but not available to another. For example, if you planning to set up VLANs, ipfire may not be the solution for you. Similar, if you are looking for a strong firewall with features such geo blocking, a better DNS server (unbound vs. dnsmasq), then ipfire may be the solution for you. It is all boiled down to what you want.
