Navigating to Buy pfSense +
-
@chudak said in Navigating to Buy pfSense +:
@NollipfSense said in Navigating to Buy pfSense +:
They have issued an official statement already, beyond that, they're not obligated
We are not in the courtroom. It's an open-source project and it's odd Netgate is silent, that's all :)
Okay, agree...
-
I would have more respect for Netgate if they just came out and said, "Sorry we can no longer provide a free edition" but at this point, they don't seem to be interested in an "open-source" community or a community at all.
Which is just fine, it's their product and can move towards only providing it to businesses.
Maybe this is just a sign to move to OPNSense?
-
was able to install 2.7.0 using my pfsense plus config, no problems at all. going to spin up an OpnSense VM to switch. Netgate, you guys are shady AF, it was a good run.
-
Looks like they updated the product pages, Home+Lab is now gone from there, but TAC Lite with $0.00/yr ($129/yr in future) is still listed in the tables.
Only TAC Pro and Enterprise available from the order page though, maybe TAC Lite is now by email request only?Waiting to see some official clarification on this license mess.
-
@mvikman said in Navigating to Buy pfSense +:
Looks like they updated the product pages, Home+Lab is now gone from there, but TAC Lite with $0.00/yr ($129/yr in future) is still listed in the tables.
Only TAC Pro and Enterprise available from the order page though, maybe TAC Lite is now by email request only?Waiting to see some official clarification on this license mess.
The problem and this is just a guess on my part is that they made it too easy for users to obtain free licenses as it can be automated by abusers. Now with e-mail only requests this will cut it down to almost zero. If they refined the verification process to make use of CAPTCHA it should cut down most of the abuse.
-
@gonace said in Navigating to Buy pfSense +:
Maybe this is just a sign to move to OPNSense?
The thing about businesses is they like to compete and look to see what others are doing...so, prepare for another move when that one you quoted follows suit...that's most certainly coming.
-
@Darkk said in Navigating to Buy pfSense +:
Now with e-mail only requests this will cut it down to almost zero. If they refined the verification process to make use of CAPTCHA
Maybe a combination of a passkey, an email, and a credit card that must be in the name of the home/lab user or linking a digital payment method, such as PayPal, Google Pay, etc. There won't be a charge on the credit card as it only user for verification like how cloud services require for the initial free service.
-
@NollipfSense said in Navigating to Buy pfSense +:
Maybe a combination of a passkey, an email, and a credit card that must be in the name of the home/lab user or linking a digital payment method, such as PayPal, Google Pay, etc. There won't be a charge on the credit card as it only user for verification like how cloud services require for the initial free service.
If they really want to cater to the home/lab crowd, the license should be flexible to function with hardware changes, not be bound to a single machine hash.
After all, who doesn't use different hardware to test on...
Otherwise, it's the same nonsense all over again. Remove a nic, add a nic, token is invalid. Another option is to disable functionality in a previous installation for a given token if used on new hardware. If the old hardware is reused, new hardware becomes none functional. Limit this to x many changes per day/week/month/etc.
-
@GPz1100 said in Navigating to Buy pfSense +:
If they really want to cater to the home/lab crowd, the license should be flexible to function with hardware changes, not be bound to a single machine hash.
Yup, the ability to swap an old NDI to a new one via the admin interface is an absolute must.
-
"If you have more than 20 units, reach out for bulk processing options." - this is what Netgate wrote back in Feb 2022, so they had options for people to request more than 20 units - hardly home or lab. The problem, for Netgate, will resolve itself fairly quickly once all those Ali Express / eBay devices starting being sold with OpnSense instead, give it a year or two and most buyers will never have heard of pfSense - Netgate should have appreciated the free marketing. They should have limited home/lab to a maximum of 5 per email address. Their poor control over licenses has damaged the real enthusiasts for pfSense, and the relationship between us all.
In terms of the move to Plus, we were very actively encouraged to move to Plus, they wrote in Feb 2022 "We have more work to do to add additional features - taking pfSense Plus software in new directions. If now is not the right time for you, continue with pfSense CE software. We will work harder to win you over in time." - sounds like we'll be putting a lot of effort into pfSense Plus, but if you don't want existing new features and bug fixes stay with the classic CE.
I must admit I don't like how pfSense.org and Netgate seems to be the same thing, the community version of CE should be supported by the community, with some funding from Netgate since they are directly basing their business on the hard work of a community-based product, Netgate did not develop pfSense, they didn't make it, they took it and are using it to sell their hardware. It doesn't belong to them. I'd like to see a much more deliberate gap / separation between Netgate and the community, Netgate might not be around forever but communities can be forever.
I'd like to propose Netgate prioritise the community edition for bug fixes and new features and use that to test, for all of us to test, and those enhancements would then get rolled out in the paid-for professional product. We are a massive free test group. That is how some other companies deal with this. That is the way to pay back the community for this recent issue, to make sure the community can trust that Netgate is the right company to maintain this great software. The paid for product should be aimed at SMBs and Enterprises - they won't use CE as it has no support, whilst the Plus version will have a support contract - and that is what a business needs. So there is no clash between CE needs and Netgate sales. It's just one suggestion.
-
@GPz1100 said in Navigating to Buy pfSense +:
Otherwise, it's the same nonsense all over again. Remove a nic, add a nic, token is invalid. Another option is to disable functionality in a previous installation for a given token if used on new hardware.
This is where passkey would help...you can throw out the NIC or the whole computer, the passkey stay locked to a person /administrator (biometric).
-
I think a simple 2factor authentication login would have sufficed for liscencing and you just ensure only 1 device per licence. and people can buy more licences for devices.
-
@dopeytree Now that passkey has emerge, 2factor is dead as it's not as precise and secure...to me!
-
@dopeytree said in Navigating to Buy pfSense +:
I think a simple 2factor authentication login would have sufficed for liscencing and you just ensure only 1 device per licence. and people can buy more licences for devices.
@NollipfSense said in Navigating to Buy pfSense +:
@dopeytree Now that passkey has emerge, 2factor is dead as it's not as precise and secure...to me!
I get where you are trying to go with this, but this doesn't secure licensing, this is a security feature for an operational software implementation. You are trying to use authentication for verification, and I think you have it ass backwards.
They can implement a licensing model to manage number of tokens, but it should be account based. From there if you want to use passkey to get in the system, great. It's not used to generate a token, it would be used to authenticate an existing token. This is used in place of passwords.
-
Anyway the problem with their current system is any change needs a new key and even when this is supposed to be automatic it doesnt work.. I had this last week. It said your system is eligible for pfsense+ then it wouldn't let you enter any key codes becuase they are trying to control it automatically which ends up wasting support staff time as you email them.
A shitty implementation really. when instead they could just record your hardware ID and limit the no of devices per logged in account. Like apple does.
-
@dopeytree
That is by their design, because it's not available anymore without a subscription. Your only option at this point is downgrade to a substandard kept version (CE). -
@Amodin said in Navigating to Buy pfSense +:
I get where you are trying to go with this, but this doesn't secure licensing, this is a security feature for an operational software implementation. You are trying to use authentication for verification, and I think you have it ass backwards.
Well, I was thinking that way since one had to log in to Netgate just to register for the license. Now, I don't care anymore as I finally got the sick joke and what members had been saying...
Thank you for sharing though.
-
@Amodin This was a week before this shitshow.
Anyway time to move over to opnsense.
-
Doesn't surprise me, as they made changes before even posting about it, then the blog was an afterthought apparently. From reading about this mess, we were lucky to even be told.
-
@Amodin said in Navigating to Buy pfSense +:
@dopeytree
That is by their design, because it's not available anymore without a subscription. Your only option at this point is downgrade to a substandard kept version (CE).Like I said, I get where you are going with it and your heart is in the right place - it's the dishonesty that landed us here to begin with and it's a terrible situation to be in. I blame both the thieves (let's face it, that's what they are) and the company for lack of oversight and substandard management of licensing.
It could be a simple fix for them really, and they are making it more difficult on themselves by not managing home use licensing.