Pfsense CE 2.7.0 Release (?)
-
@cool_corona
it's up to you to moving...Yes the patch time is in my eyes sometimes to long, I agree in this point.
-
@michaellacroix said in Pfsense CE 2.7.0 Release:
I'm curios when or if netgate will let you upgrade from ce 2.7.0 to 23.01.
It is now possible to upgrade from 2.7 to 23.01 but if you're planning to do that you should use a version that is running the same php version as 23.01(8.1). So before 2.7 went to php82 which means the Feb 15th snap or earlier.
If you're running a later snap with php82 and you upgrade to 23.01 you will (currently) need to do a forced pkg reinstall afterwards to get the required php81 modules.
Hopefully an update to pfSense-upgrade will remove that problem shortly.
Steve
-
@slu I'm not complaining or being unfair, merely stating what I believe to be a fact: with the introduction of Plus, the release pace of CE has been severely impacted - BTW, Netgate's hardware is definitely not cheap in Brazil. So, when a credible, free alternative exists, under active development, capable of running on hardware that my client already has, and able to do what he expects of a routing/firewall platform (esp. multiple WAN links and WireGuard support), I'd be remiss if I did not point that out to him.
-
@stephenw10
Thanks Steve, good to know. -
Hey Steve, I wonder how the pfsense developers are going to reconcile that? My guess is there will be a coordinated effort to get both CE and plus on the same php version on a public release?
-
Yes, the Plus dev branch is also on php82 it's just not public at the moment.
-
@cellobita is OPNsense (Desico) hardware any cheaper? If it’s the same or more then I’m not understanding why cost is an issue.
Secondly if cost is an issue then why can’t a white box server be purchased and Pfsense + installed?
The conversation around costs seems to be largely nonsensical. IT budgets are slashed….I get that…but is the cost of a Dell 610 let’s say that much more expensive than a Desico(Opnsense)?Lastly the conversation about updates is largely nonsensical as well. As I always ask and never get a good answer “What specific vulnerability that is present in pfsense that the development team has been made aware and are not addressing?”. Please post the CVEs as well.
-
@michmoor Thank you for your input - I understand the points you are making.
All my remaining deployments of pfSense are currently running on standard white boxes - their hardware specs more than enough; I wouldn't be buying dedicated hardware from OPNsense, but simply migrating to their open source, community edition software, which has no upfront cost.
I believe that over time the delta between CE and Plus is bound to get bigger; I'm not trying to convince anyone here - and have a profound respect for pfSense, having used it on dozens of clients since 2010 (my earliest deployment was on version 1.2.3) -, just present my two cents.
-
@michmoor said in Pfsense CE 2.7.0 Release:
Please post the CVEs as well.
There is no such thing. People became too spoiled. Their logic is "if its not getting updated, its abandoned".
I also like conspiracy theories where people think that rising number of outstanding issues is actually Netgate`s trick to force people to switch to + version. I laughed.No one is forcing anyone to use pfSense. If you are not happy with it, just make a transition and switch to something else. Saying that you are going to switch to alternative solution is not going to make 2.7 come out faster. No one cares.
You should be happy that release has been pushed back. It means that someone somewhere is working hard on fixing bugs. For you. For free.
Be more grateful.
-
@cellobita no one knows how big a delta will be between CE and Plus. The death of CE comes up every few months when there is an OS update so I’m not surprised.
Pfsense+ is free. Just like CE. So why aren’t you upgrading to Plus? I really have no idea what the fuss is about.Netgate has a small but dedicated development team. I’m sure there is a laundry list of things that are planned or in the works. It’s all about prioritization.
I’m still waiting on what specific update you think needs applied to pfsense. CVEs…The update argument is ridiculous to be frank.
-
@cellobita said in Pfsense CE 2.7.0 Release:
@slu I'm not complaining or being unfair, merely stating what I believe to be a fact: with the introduction of Plus, the release pace of CE has been severely impacted - BTW, Netgate's hardware is definitely not cheap in Brazil. So, when a credible, free alternative exists, under active development, capable of running on hardware that my client already has, and able to do what he expects of a routing/firewall platform (esp. multiple WAN links and WireGuard support), I'd be remiss if I did not point that out to him.
You are just contradicting yourself. You admitted you use whitebox hardware. Why bring up the cost of Netgate? You’re saying pfsense project is not in active development but you see the 2.7 roadmap. What are you complaining about here??
-
@michmoor I was under the impression that they are going to start charging for it - "The cost will increase to $129/yr for commercial use in the future." - but English is not my native language, so perhaps I misunderstood the meaning of this.
Anyway, I am not - repeat, NOT - making the case for widespread adoption of OPNsense or migration from pfSense, just considering the specific situation for my clients.
I am grateful to have a choice, even if it means staying on CE, all things considered.
-
@michmoor As I said, English is not my native language - I don't consider my previous posts to constitute a complaint, just an opinion. In Portuguese they aren't necessarily the same thing.
-
@michmoor Plus is only free for home/lab use.
For small business use it would break even pretty quickly to buy Netgate hardware instead of a license.
Re: delta, there wasn’t much that garnered my attention until boot environments. Which exist in 2.6 just don’t have a GUI. So it isn’t that large yet.
-
@steveits Thank you. I now have enough varied opinions to better assess my choices, so I'm dropping monitoring of this thread. Best wishes to all here.
-
@michaellacroix said in Pfsense CE 2.7.0 Release:
Anyone know when CE 2.7. will be out of beta and the official release? I'm curios when or if netgate will let you upgrade from ce 2.7.0 to 23.01. Thanks
pfSense roadmap and you will be informed in time.
Perhaps I will be wrong with that thinking, but.....
pfSense+ coasts for business
- pfSense+ 129/€ per year (Whitebox)
- SIM card fee for LTE failback ?
- Snort rules 399 $ per year
- Blacklists from iblocklist.com 10 $ per year
- Securiteinfo ClamAV signatures 99$ per year
On top addons
- Blacklists from wellfedintelligence?
- Spamhaus antispam lists fee?
- GeoIP blocking fee?
- Radius Server fee?
- Tailscale fee?
Spending
- for pfBlocker-NG
- for Squid, lightsquid & SquidGuard
All in all, more or less 640 $/€ per year, if you compare this to other UTM devices licenses you may end up higher or lower pending on the entire dimension of the hardware.
- SuperServer E300-9D-8CN8TP ~2200 €
(barebone price and for HA it will double) - Supermicro SuperServer E300-9A-16CN8TP ~1600 € (barebone price and for HA it will double)
Using that hardware range ain`t you license fees around 1500 € - 3000 € each year for a commercial UTM!
(The price will double for HA)Endian, Untangle, ClearOS, RouterOS and VyOS have all their own business model, no one complains about it!
You take it or you leave it. -
This post is deleted! -
@phil_d I am still on 2.5.2 for that reason.
VLAN's doesnt play well with 2.6.0 and no update in sight.
-
What issue are you seeing with VLANs in 2.6?
Is it still there in a 2.7 snapshot?
-
@phil_d do you think network drivers developed by Netgate devs should be given out for free? If so why?
Also do you think a business that provides security products do so without making a profit?
I’m genuinely curious why people like you get upset over a business making money from the work they do and then said business has the audacity to make a product for free.
So weird people complain about a free product and then get upset enough to complain , for free, on vendors website and then mention they are moving to a competitor who is also free and relies on the development work done by the company they are leaving.