Announcing pfSense plus

drewsaur

@fbor pfSense FE was never open source. Not sure what you are getting at here.

fbor

@drewsaur The differences are small with CE, a few packages (AWS Wizard, IPSec exporter, ...), some tuning for the hardware. I checked a few FE only files: they are not obfuscated and are all licensed under Apache license. So maybe FE is only 99.99% opensource but that's not the 0.01% I'm worried about.

With pfSense+, will I still be able to change everything I may need, at least in the "CE layers", and not get stuck asking the editor for changes ?

drewsaur

@fbor I would imagine that this will be the case for a very long time. I can’t see how, anytime soon, the majority of pfSense+ would be replaced with completely different code. That would be like https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/ - completely self-defeating.

FeFe

@al I really do not see how you cannot benefit from keeping OSS roots and your paying customers and keep advancing!

You now basically abandon it by out-forking the OSS version into Closed source and get onto the route RedHat just got with CentOS. On top of that, the trust into pfSense because of the OSS nature will be gone and the closed nature will raise questions and break trust on unseen backdoor/weakened security!

On top of that you still advertise/market/benefit the power of the OSS base, yet all the full-feature changes will not get into the CE?

Did I miss something?!?

occamsrazor

@inxsible said in Announcing pfSense plus:

Assume that the user stays on the CE version as they do not need any of the ZeroTier, Business dashboard etc features that you mentioned

@Inxsible - Did I miss some announcement about ZeroTier integration in pfSense Plus? Do you have more information? I'd be very excited if this is true.....

Symon

How do I install the 2.5.0 version on a Netgate appliance. FOSS is more important to me than the extra features. I want to use the community version with a Netgate appliance.

bimmerdriver

I've been busy, so I didn't notice this announcement until a few days ago. I just checked and noted that I joined this community in 2016 after I started using pfSense in 2015. Previously, I was using Sophos because it went downhill after going from open source to closed source. I can't say that I'm surprised by this announcement from Netgate, but it's disappointing nonetheless. Unless Netgate will make the entirety of the pfSense codebase available such that anyone could build it from scratch or even fork it, I can't see why anyone would contribute to further development and testing of CE. You would be doing development that Netgate could incorporate into pfSense plus for its commercial gain with no compensation or assurances of getting anything in return for your effort.

Around 2018, a former pfSense developer that I tested with jumped ship to OPNsense and he is very happy there. I've maintained an OPNsense test system alongside my pfSense test system since that time. For anyone who values an open source community, OPNsense should be a serious consideration.

bitfrost

@bimmerdriver

Ok, so I just started trying out pfsense and right when I registered to this forum to ask some questions, I have to read that pfsense is going to closed source and will become irrelvant sooner than later.

It will become irrelvant because the open source version won't be getting much, if any, attention, and it will die out. That means that fewer and fewer companies may still buy from Netgate because without the open source version pfsense will be forgotten and soon nobody will know about it anymore.

And who would want to rely on closed source software, especially for a security device? In times in wich the raping of peoples privacy is rapidly increasing and users are being controlled by software more and more, free software is the only way go to.

In my testing, pfsense has made a really good impression and seems like a well-made and solid software to the point that I would recommend it. But now we're not going to buy Netgate products and will have to keep looking for something else.

noplan

@bitfrost

Your statement is false!
And that's the bottom line.

Patch

@bitfrost I agree with much of what you say. Unfortunatly there is a lot of money in software as a service (rent, "cloud" versions) and sale of personal data (Googles, Facebook, instagram, Microsoft business models, China), so fighting it is likely to be difficult.

JeGr

@Patch I don't, because for the most parts that is simply belief sold as facts.

@bitfrost said in Announcing pfSense plus:

Ok, so I just started trying out pfsense and right when I registered to this forum to ask some questions, I have to read that pfsense is going to closed source and will become irrelvant sooner than later.

Nonsense to both statements. Neither is pfSense going closed source (only Plus is and was up until now anyways - so no real change!) nor will it become irrelevant sooner than later.

It will become irrelvant because the open source version won't be getting much, if any, attention, and it will die out. That means that fewer and fewer companies may still buy from Netgate because without the open source version pfsense will be forgotten and soon nobody will know about it anymore.

OSS version already got 3 updates (2.5.0, 2.5.1, 2.5.2, 2.6 dev is in the works...) so also nonsense.

And who would want to rely on closed source software, especially for a security device? In times in wich the raping of peoples privacy is rapidly increasing and users are being controlled by software more and more, free software is the only way go to.

Besides that being a directional question to almost any company, how about asking that to the many thousands of companies that already use products from other brands that also are surpisingly built upon e.g. FreeBSD and are closed source? Like Juniper? Cisco? PaloAlto? Fortigate etc. etc.? Can't say I saw them going bancrupt the last years besides tons of fuckups and security leaks.

That's not a push to closed source. I also think pfSense Plus (as that's the only thing that won't be public anymore) should stay OSS and instead have a private/closed repository for business users just like other projects do (e.g. Proxmox etc.) but things can change. Also no one is taking away from pfSense CE.

But now we're not going to buy Netgate products and will have to keep looking for something else.

Spoiler alert: Netgate products where shipped with the Factory Edition (FE), NOT the CE for years now and no one complained a bit about the FE not being OSS/OpenSource/openly available. So all I'm currently seeing is not much changes at all. That CAN and perhaps will when there are more changes in underlying things like the web-stack/UI. That's the point where Netgate has to show if those changes they talked about will only go to Plus and leave CE behind besides promising multiple times that CE WILL get a new GUI/API layer etc.

But up until that, all you were posting as simply untrue, false or guesstimates. No proof at all, so how about simply watching if they are true to their word or not?

noplan

@jegr

Your statement is 100% TRUE
And that's the bottom line !

rcfa

@impatient Oh well, there's always OpnSense and OpenWRT

Gertjan

@jegr said in Announcing pfSense plus:

FreeBSD and are closed source? Like Juniper? Cisco? PaloAlto? Fortigate etc. etc.?

Add Netflix to the list

rcfa

@jegr I think what sound different about this:

In the past it seemed the FE was always CE++; i.e. the base product being developed was CE, and then there are a few goodies, support, and extra testing added.

Now it sounds like a fork: Netscape developing a closed source edition, the community the community edition, and CE going eventually a divergent path, unless it ends up stagnating, where Netgate changes possibly coming back to CE only if Netgate deems it necessary to push changes upstream.

That may not be the reality, but that’s how it sounds.

A closed source nature would go straight back to the security through obscurity paradigm due to which I gave up other proprietary platforms for pfSense, so free home edition would defeat the purpose of using pfSense in the first place.

dennypage

@rcfa said in Announcing pfSense plus:

closed source nature would go straight back to the security through obscurity paradigm

It's wrong to equate "closed source" and "security through obscurity." They are not the same thing.

Cool_Corona

@dennypage When you work in intelligence you know that statement in not true.

Any closed source product has backdoors built in for snooping and thats what opensource should hinder.

dennypage

@cool_corona said in Announcing pfSense plus:

When you work in intelligence you know that statement in not true.
Any closed source product has backdoors built in for snooping and thats what opensource should hinder.

Wow.

Cool_Corona

@dennypage Every US product has to have behind the scenes access for intelligence purposes.

And thats a fact. Not an option.

Cool_Corona

@dennypage Thats why a lot of countries in the EU is skipping Chinese and US products and begun to develop own forks.