Will pfSense 2.7/23.01 become a bottleneck for new features and fixes?

keyser

Hi forum (and hopefully Netgate representatives)

I have been looking at redmine lately, and I’m becoming a little worried that pfSense 2.7/23.01 will become a major bottleneck for Netgate and pfSense’s need for new features and bugfixes.

While I applaude the general idea of going to FreeBSD 14 (release) and getting PHP updated, redmine seems to suggest that not only has 2.7/23.01 taken a huge toll on the dev team, but they are far from finished.
Worse yet, the build after that seems to still only be bug fixes of problems 2.7/23.01 introduces.
That’s going to become an almost 2 year gap since 2.6/22.01, before a new release arrives that potentially includes new features and expanded featuresets for existing services. (Yes I know, BSD 14 does bring new features now - fx vlan0 support - and opens the door for much more in the future - fx on the wireless, 4G/5G front)

That seems like a very steep price since pfSense in my opinion, would be much better of with a lot of focus on expanding the feature set of existing services.
Redmine has LOADS of feature requests that would improve the products usability tremendously with simple “expansions” on existing features:

Just to name a few:

• Multiple IPSEC instances to allow different IPSec setups on the same box.
• IPSEC IP pools for Mobile clients to create distinct rules for separate user groups.
• Proper complete SNMP MIBs/monitoring options that relays metrics of various VPN services, ZFS Filesystem and so on. Even better if it was expandable so packages could add their own MIBs to allow monitoring of package features
• More feature complete IPv6 services, fx. An expanded dhcpv6c with more options to allow use with lots of EU ISPs. A DHCPv6 server that can service assigned and tracked DHCP-PD prefixes from WAN.
• MFA authentication options for UI login
• A much more comprehensive log analytical tool built-in for those that are not up for configuring SYSLOG with Splunk, Greylog or a similar log analytics tools.

The list of requests is endless, and quite a few of them has REAL value and merits for making pfSense much more widely spread/used.

Please say I’m wrong, but it seems new ideas/feature expansions has a very hard time making it to actual assigned development time and release.

stephenw10

I assume you mean multiple mobile IPsec instances?

It is certainly true that 23.01 is 'feature-complete' at this point so there will not be anything new added to it before release. Anything new added now would be in 23.05 unless there were some extraordinary reason to do something different.

Steve

SteveITS

@keyser said in Will pfSense 2.7/23.01 become a bottleneck for new features and fixes?:

IPSEC IP pools for Mobile clients to create distinct rules for separate user groups

You can do this via assigning IPs via FreeRADIUS as I learned in my thread https://forum.netgate.com/topic/176069/multiple-ipsec-servers/.

keyser

@steveits said in Will pfSense 2.7/23.01 become a bottleneck for new features and fixes?:

You can do this via assigning IPs via FreeRADIUS as I learned in my thread https://forum.netgate.com/topic/176069/multiple-ipsec-servers/.

Yes I know, but this does not scale to hundres or more of users. I cannot statically configure a unique IP to each user.
I have made a workaround myself to enable IP pools in IPSec Mobile VPN (and made a post about it), but unsupported hacks that is deleted at upgrades - and may not be possible in the next version - is not something to base your company Mobile VPN on.

keyser

@stephenw10 Yes, Multiple IPsec VPN instanses, so I could have several Mobile VPN implementatios with very different settings running on different WAN IPs.