Pfsense CE 2.7.0 Release (?)

Dobby_

@michaellacroix said in Pfsense CE 2.7.0 Release:

Anyone know when CE 2.7. will be out of beta and the official release? I'm curios when or if netgate will let you upgrade from ce 2.7.0 to 23.01. Thanks

pfSense roadmap and you will be informed in time.

Perhaps I will be wrong with that thinking, but.....

pfSense+ coasts for business

• pfSense+ 129/€ per year (Whitebox)
• SIM card fee for LTE failback ?
• Snort rules 399 $ per year
• Blacklists from iblocklist.com 10 $ per year
• Securiteinfo ClamAV signatures 99$ per year

On top addons

• Blacklists from wellfedintelligence?
• Spamhaus antispam lists fee?
• GeoIP blocking fee?
• Radius Server fee?
• Tailscale fee?

Spending

• for pfBlocker-NG
• for Squid, lightsquid & SquidGuard

All in all, more or less 640 $/€ per year, if you compare this to other UTM devices licenses you may end up higher or lower pending on the entire dimension of the hardware.

• SuperServer E300-9D-8CN8TP ~2200 €
  (barebone price and for HA it will double)
• Supermicro SuperServer E300-9A-16CN8TP ~1600 € (barebone price and for HA it will double)

Using that hardware range ain`t you license fees around 1500 € - 3000 € each year for a commercial UTM!
(The price will double for HA)

Endian, Untangle, ClearOS, RouterOS and VyOS have all their own business model, no one complains about it!
You take it or you leave it.

A Former User

This post is deleted!

Cool_Corona

@phil_d I am still on 2.5.2 for that reason.

VLAN's doesnt play well with 2.6.0 and no update in sight.

stephenw10

What issue are you seeing with VLANs in 2.6?

Is it still there in a 2.7 snapshot?

michmoor

@phil_d do you think network drivers developed by Netgate devs should be given out for free? If so why?
Also do you think a business that provides security products do so without making a profit?
I’m genuinely curious why people like you get upset over a business making money from the work they do and then said business has the audacity to make a product for free.
So weird people complain about a free product and then get upset enough to complain , for free, on vendors website and then mention they are moving to a competitor who is also free and relies on the development work done by the company they are leaving.

A Former User

This post is deleted!

michmoor

@phil_d You stated you're moving to OPNsense. The OPNsense team uses the work that Netgate put in [2.5G intel drivers] and they will eventually put that code into their own hardware which they sell for profit.
Is that fair?
There is no bait and switch done here. Both CE and Plus are being worked on. The redmine is available to see the progress on CE. As I made mentioned in another post , there were over 400 bugs resolved in CE. I dont understand the viewpoint that they are moving to a proprietary software delivery model. The facts are not lining up so far with your assumptions.

Now, if you want to make the argument that supporting two code versions has a negative effect on feature releases and code quality due to limited resources.... that would be a fair critique.

A Former User

This post is deleted!

stephenw10

This is not the right place for this discussion. It's not a support question.

michmoor

@stephenw10 agreed.

Dobby_

Actual situation from the 2023-04-12
pfSense Roadmap

Version 2.7.0
Future pfSense CE software release

543 Tickets total
458 Tickets closed
85 Tickets open
89% of all work reached

pfSense Plus - 23.05
Release targeted for May 2023

12 Tickets total
4 Tickets closed
8 Tickets open
41% of all work reached

pfSense Plus - 23.09
Release targeted for September 2023

No Tickets open

pfSense make one big step with two greater changes
such PHP 8.x and FreeBSD 14.0 and also for more
then "one" CPU architecture.

OPNSense is walking step by step and only for one CPU architecture. But at one day they also have to change to FreeBSD 14.0 and also to PHP 8.x as I see it.

Before Netgate were selling their own hardware, there where ca. ~2.000.000 installations world wide counted,
after selling teir own hardware this amount was growing
to nearly 3.000.000 installations. (Old numbers not actual)

So why they should letting fall the CE version? Because it
is nearly something of 75 % of all installations? I personally don´t think so! And is the gain (w/ sales) not giving them right? I mean that they are on the right way?

Patch

@dobby_ said in Pfsense CE 2.7.0 Release:

Actual situation from the 2023-04-12
pfSense Roadmap

Version 2.7.0
Future pfSense CE software release

543 Tickets total
458 Tickets closed
85 Tickets open
89% of all work reached

pfSense Plus - 23.05
Release targeted for May 2023

12 Tickets total
4 Tickets closed
8 Tickets open
41% of all work reached

pfSense Plus - 23.09
Release targeted for September 2023

No Tickets open

The figures above for the Plus versions are incorrect or at least misleading. All CE item are also included in one of the plus versions. To see the actual plus counts a search on redmine for open and closed tickets for each plus version is required.

For example https://redmine.pfsense.org/projects/pfsense/issues?per_page=100&query_id=186

pfSense Plus - 23.05 has
59 Open tickets
44 Closed tickets
103 total tickets

Stewart

I'm also curious about the 2.7.0 release primarily because it is needed to support the i226-V chips from Intel and it seems most of the whitebox vendors have replaced the i225 with i226. Timing is a little frustrating on that front.

I also want to point out that Roadmap is simply a snapshot in time.
23 days ago it showed:

Version 2.7.0
Future pfSense CE software release
543 Tickets total
458 Tickets closed
85 Tickets open
89% of all work reached

Now it shows

Version 2.7.0
Future pfSense CE software release
563 Tickets total
508 Tickets closed
55 Tickets open
91% of all work reached

So, over the last 23 days there have been 20 new tickets generated and 50 tickets closed. That's over 2 per day which is steady progress. Overall they are 30 tickets closer to completion. While it shows only 2% points higher 9% of the outstanding tickets were closed.

stephenw10

Quite a few of those open tickets will be long term issues that can be moved to the next version when we branch for 2.7 so it's not entirely accurate.

Steve

Stewart

@stephenw10 I was just pointing out that to many people it seems like it's taking a long time for 2.7.0 to come out and the needle isn't moving (only going from 89%-91% in this case). In this thread there are complaints, talk of jumping ship, and accusations of motivations. I just don't get it. When you look at the numbers over time it is clear the developers are working hard and getting things done. I know the Roadmap is accurate but it is just a snapshot in time. If you don't compare it to what it has shown in the past you don't see just how far it has come and you'd think it's been stagnant at 90% for a month, which isn't the case. If some of those tickets will be addressed in later patches and releases then it's even closer.

The only reason I personally care about 2.7.0 is for the i226 support. If that support was added to 2.6.0 I wouldn't even be reading up on 2.7.0. I don't need another version number to feel like I'm keeping up. Many of my boxes skipped the 2.5.x line entirely (due to the pandemic and the DNS issues early on) and have gone from 2.4.x to 2.6.0. I trust the team and the project.

One side note, should we read into the fact that no new subversions of 2.6 were released? Is the goal to have a main version like 2.6.0 and just update via the new(ish) patch manager instead of minor releases? Or is just coincidental because the focus went into 2.7.0 with all its major changes?

stephenw10

Sorry I typo'd that! I meant that the number of open tickets is likely to go down significantly as we approach a 2.7 release so you can't use just that figure to look at when a release might happen.
After 23.05 is released we will be looking at the timing. At that point you will be able to upgrade to Plus from current 2.7 snapshot again. Both will be on php82.

Steve

SteveITS

@stewart said in Pfsense CE 2.7.0 Release:

should we read into the fact that no new subversions of 2.6 were released? Is the goal to have a main version like 2.6.0 and just update via the new(ish) patch manager instead of minor releases? Or is just coincidental because the focus went into 2.7.0 with all its major changes?

I'm not Netgate, but the System Patches package does allow for updates to any PHP code. Could be they didn't need any. Binaries would presumably need a version bump.

After 2.6 was released Netgate delayed then skipped 22.09 because of the change to FreeBSD 14 and PHP 8. If those types of changes are not being made especially at the same time then newer releases would be much easier to manage/produce.

Personally I'm not concerned. As you imply, few people need shiny new features on their router. :) Drivers are a notable exception. Per https://www.netgate.com/blog/pfsense-software-is-moving-ahead it sounds like CURRENT is more likely to have drivers for newer hardware going forward.

Stewart

@steveits Other than some OpenVPN certificate issues that can come after an upgrade 2.6.0 has been solid. And we haven't had any issues with new 2.6.0 installs either (although I'm wary of the whole DNSSEC/SSL issues with Quad9). There have been bumps over the years but ultimately pfSense has been very reliable for us. Certainly no more troublesome than some of the other vendors we've used in the past.

SillieWous

@steveits a router indeed doesn’t need to be bleeding edge with all the newest features. However it needs to be secure. And being based on an EOL distro is a security concern. It’s not an immediate threat, but it should really be updated ASAP. When it takes this long, I think it is perfectly normal people start getting concerned.

slu

Blog entry from today, no word of the CE version only to moving forward to pfSense Plus:
https://www.netgate.com/blog/pfsense-plus-software-version-23.05-rc-now-available