Not easier than mikrotik, but a computer for other needs?

openbsd

I have FreeBSD 10.2:

support for the main and backup Internet channel
support for usb modems

Almost implemented, the hands did not reach the weekend to work pancake at night. And so the MTS modem picked up, the connection is established. It's just that I need to cut the backup channel with handles and edit some configs (in the local dns unbound, in particular) when switching to a modem.

working in a virtual machine

I don’t have a graphical shell at all, everything is through the command line .. I don’t know how to raise a virtual wheelbarrow ....

web interface

For the sqstat proxy and some other "a la stat for a squid" - for them I raised Apache, a muscle, I looked at the status from the local network via the web interface.

transparent proxy including https

Judging by the articles, squid 3.5.8 primarily rolls - transparent https proxying without changing certificates, I can say that I tried a bunch of the latest versions, I didn’t try 3.5.8 ... It works - it works, but when 5+ users go online - https puts squid, https starts to slow down a lot... According to Nagibator's articles, only 3.5.8 rolls - his articles on Habré for debian:
https://habrahabr.ru/post/267851/
https://habrahabr.ru/post /272733/

on-the-fly virus scan

Xs .. if you check the virus for all incoming outgoing traffic, and for viruses for Windows .. xs .. dr.web happens for Fryakha (paid). And on Fryakha herself - what viruses ... Fire, etc. decide.

authorization of users from AD

Hey, I don't have a domain

free

+

openvpn support

I don't know, but I'm sure it's not a problem for Fryakha.

you can attach existing certificates to it

Well, there is something in Squid, creation of serts... I don't know...

creating custom firewall rules through the web interface

In PfSense, this is how it is done anyway. I write the ipfw config by hand.

user traffic count

So it has not been implemented. Although while Squid was working, it was SqStat that was collecting on the web face - who downloaded it and from where.

intrusion detection

Regular log. By keywords, you set up search and alerts. Let's just say that I don't monitor unsuccessful attempts to enter the gateway, since there are a lot of them (robots regularly try standard logins-passes), but accepted - there is a separate notification.

online monitoring of traffic by clients (you need to determine who is loading the channel at the moment)

iftop does an excellent job, a small config for it has 5-7 lines of parameters, and monitors everything online, I regularly use it to cut "bad" ones. At the same time, settings and filters are very flexible online in the process of monitoring.
Also one of these squid-stat copes, through the web interface, but I chopped off the squid so far, so I look in the iftope. And besides - if some kind of traffic goes past the proxy, then it will not be visible in this sqstat or whatever it is ...

content filtering including https by users

In Squid, the above works perfectly, but in the case of https, it will not be possible to set up a page for the user ... it will just be a browser message "Failed to load page". And so in Squid everything is flexible - both in terms of content and sites (not by their ip or dns - namely by domain names) both for groups and for individual users. "Everything is allowed except" or "Everything is forbidden except" ... whatever.
There are a lot of articles on fryakha and a forum: lissyara.su