Navigating to Buy pfSense +
-
"If you have more than 20 units, reach out for bulk processing options." - this is what Netgate wrote back in Feb 2022, so they had options for people to request more than 20 units - hardly home or lab. The problem, for Netgate, will resolve itself fairly quickly once all those Ali Express / eBay devices starting being sold with OpnSense instead, give it a year or two and most buyers will never have heard of pfSense - Netgate should have appreciated the free marketing. They should have limited home/lab to a maximum of 5 per email address. Their poor control over licenses has damaged the real enthusiasts for pfSense, and the relationship between us all.
In terms of the move to Plus, we were very actively encouraged to move to Plus, they wrote in Feb 2022 "We have more work to do to add additional features - taking pfSense Plus software in new directions. If now is not the right time for you, continue with pfSense CE software. We will work harder to win you over in time." - sounds like we'll be putting a lot of effort into pfSense Plus, but if you don't want existing new features and bug fixes stay with the classic CE.
I must admit I don't like how pfSense.org and Netgate seems to be the same thing, the community version of CE should be supported by the community, with some funding from Netgate since they are directly basing their business on the hard work of a community-based product, Netgate did not develop pfSense, they didn't make it, they took it and are using it to sell their hardware. It doesn't belong to them. I'd like to see a much more deliberate gap / separation between Netgate and the community, Netgate might not be around forever but communities can be forever.
I'd like to propose Netgate prioritise the community edition for bug fixes and new features and use that to test, for all of us to test, and those enhancements would then get rolled out in the paid-for professional product. We are a massive free test group. That is how some other companies deal with this. That is the way to pay back the community for this recent issue, to make sure the community can trust that Netgate is the right company to maintain this great software. The paid for product should be aimed at SMBs and Enterprises - they won't use CE as it has no support, whilst the Plus version will have a support contract - and that is what a business needs. So there is no clash between CE needs and Netgate sales. It's just one suggestion.
-
@GPz1100 said in Navigating to Buy pfSense +:
Otherwise, it's the same nonsense all over again. Remove a nic, add a nic, token is invalid. Another option is to disable functionality in a previous installation for a given token if used on new hardware.
This is where passkey would help...you can throw out the NIC or the whole computer, the passkey stay locked to a person /administrator (biometric).
-
I think a simple 2factor authentication login would have sufficed for liscencing and you just ensure only 1 device per licence. and people can buy more licences for devices.
-
@dopeytree Now that passkey has emerge, 2factor is dead as it's not as precise and secure...to me!
-
@dopeytree said in Navigating to Buy pfSense +:
I think a simple 2factor authentication login would have sufficed for liscencing and you just ensure only 1 device per licence. and people can buy more licences for devices.
@NollipfSense said in Navigating to Buy pfSense +:
@dopeytree Now that passkey has emerge, 2factor is dead as it's not as precise and secure...to me!
I get where you are trying to go with this, but this doesn't secure licensing, this is a security feature for an operational software implementation. You are trying to use authentication for verification, and I think you have it ass backwards.
They can implement a licensing model to manage number of tokens, but it should be account based. From there if you want to use passkey to get in the system, great. It's not used to generate a token, it would be used to authenticate an existing token. This is used in place of passwords.
-
Anyway the problem with their current system is any change needs a new key and even when this is supposed to be automatic it doesnt work.. I had this last week. It said your system is eligible for pfsense+ then it wouldn't let you enter any key codes becuase they are trying to control it automatically which ends up wasting support staff time as you email them.
A shitty implementation really. when instead they could just record your hardware ID and limit the no of devices per logged in account. Like apple does.
-
@dopeytree
That is by their design, because it's not available anymore without a subscription. Your only option at this point is downgrade to a substandard kept version (CE). -
@Amodin said in Navigating to Buy pfSense +:
I get where you are trying to go with this, but this doesn't secure licensing, this is a security feature for an operational software implementation. You are trying to use authentication for verification, and I think you have it ass backwards.
Well, I was thinking that way since one had to log in to Netgate just to register for the license. Now, I don't care anymore as I finally got the sick joke and what members had been saying...
Thank you for sharing though.
-
@Amodin This was a week before this shitshow.
Anyway time to move over to opnsense.
-
Doesn't surprise me, as they made changes before even posting about it, then the blog was an afterthought apparently. From reading about this mess, we were lucky to even be told.
-
@Amodin said in Navigating to Buy pfSense +:
@dopeytree
That is by their design, because it's not available anymore without a subscription. Your only option at this point is downgrade to a substandard kept version (CE).Like I said, I get where you are going with it and your heart is in the right place - it's the dishonesty that landed us here to begin with and it's a terrible situation to be in. I blame both the thieves (let's face it, that's what they are) and the company for lack of oversight and substandard management of licensing.
It could be a simple fix for them really, and they are making it more difficult on themselves by not managing home use licensing.
-
I don't really believe people stole pfsense+ it was available for free so..... how is it piracy.
My n100 box came with opnsense installed not pfsense+
I get netgate are annoyed with third party manufacturers but you know their hardware is a bit out of date compared with market offerings.
And they've binned the $129 offering which would have netting a few $million each year.
So presence CE is pretty much dead. There's no point moving to it as they will just kill off updates.
So time to explore other firewall software options or buy a netgate box.
-
@dopeytree said in Navigating to Buy pfSense +:
I don't really believe people stole pfsense+ it was available for free so..... how is it piracy.
Only the Home/Lab license was available at no cost, and I believe the license agreement clearly stated that it should only be used for non commercial use (as in: you can't just download it and put it on a device you're selling).
-
As explained I bought the cheapest n100 box from aliexpress and it didn't come pre-installed so i dont believe this 'piracy' pre installed angle.
And they could have monitised it with $129 licence. I think actually they dont want to support such a wide range of hardware. They are instead focusing on cloud solutions by geting $999 for TNSR a year license or you buy a netgate box. This means no more custom hardware bare metal to support. (There is some hardware crash happening on n100 alder lake-n chips cpus).
All cloud instances are virtualised and controlled centrallised via azure or aws.
-
@dopeytree said in Navigating to Buy pfSense +:
I don't really believe people stole pfsense+ it was available for free so..... how is it piracy.
I get netgate are annoyed with third party manufacturers but you know their hardware is a bit out of date compared with market offerings.
And they've binned the $129 offering which would have netting a few $million each year.
So presence CE is pretty much dead. There's no point moving to it as they will just kill off updates.
Read the blog about what happened on this site, it explains it. It's not piracy, it's NetGate losing out on TAC because third-party providers are violating the agreement by selling it pre-installed on hardware for profit. That's the key here - the agreement, so essentially, the software/licensing is being used out of scope, violating the "Oh we trust you to do the right thing if you claim to be a home user" aspect by NetGate.
If they would implement home licensing and have it managed just like any other kind of licensing, this would have been a moot point. You tie the token to an account (not an e-mail account, a verified NetGate account) and include the hardware if you wish (MAC addresses), but in order to claim another token, you have to invalidate and remove the old token (license key). That will allow users to reinstall if they have to with either different hardware and/or virtual MAC address changes (VM). That way the license isn't abused, or at least severely mitigated.
This is the biggest issue I have with NetGate about this - the lack of management on this point. I just came from using Sophos for over 20 years, and their management and hardware limitations of product is what drove me away - but they know how to properly license the product, so it's not abused - or severely mitigated in that aspect, to the point you don't have this issue. I only got to start using pfSense+ for a few months and I think the product is great. However, after this, the lack of management on this (frankly) stupid ass level of management has driven me away and I am looking for a new solution and taking my friends with me after promoting this product. They are of the same mindset and won't hesitate to discontinue use because of this.
I wouldn't mind using CE - if I believed it was actually going to be updated and be kept up to date, but even by NetGate's own words, that isn't going to happen. Their focus is elsewhere and it's not CE.
@dopeytree said in Navigating to Buy pfSense +:
I think actually they dont want to support such a wide range of hardware. They are instead focusing on cloud solutions by geting $999 for TNSR a year license or you >buy a netgate box.
But that's the thing here - home use is not their concern, that's why we have a user forum, to help each other out with the occasional NetGate employee chiming in for user base support - we aren't paying for it anyways, so that's really why these forums exist, to help each other out. We aren't paying for it anyways with a TAC, and commercial use with TAC will most likely have NetGate hardware.
-
@Amodin said in Navigating to Buy pfSense +:
However, after this, the lack of management on this (frankly) stupid ass level of management has driven me away
Agree...some members here are corporate executives and board governance members...
-
I want to offer a different perspective on this because I think it’s important. Let’s imagine that we are netgate and noticed an uptick in lost income because of the misuse of our software distribution. Now I’m not saying it was right or wrong but if it were me I would shut it down as well. Should we have issued a statement before shutting it down? I think it would have been the best move, but maybe we don’t know the whole story. And maybe if there were a statement before the shutdown then there would have been a mad rush to get as many free licenses as possible (just thinking out loud). I don’t know if they really intended to lose our trust, but rather they tried to make the best decision with the time they had.
I know it’s easy to feel like the victim and wanting to stick it to them with threats and say they will never use pfsense again, but I think we are all better than this. I say we might want to give them some time to rectify this situation and see what they come up with. We all aren’t perfect and yeah, everyone and every company makes mistakes. So, we could sit here and complain about the decisions being made or we can once again come together as a community and offer constructive feedback in a civil manner to improve the longevity of this great open source software that is also profitable by both parties.
-
I don't understand why people come to the conclusion that CE will no longer be supported and will be dropped. Or that 2.7 will be the last CE to be released. Clearly people don't understand that Netgate have a roadmap website for all of the release. CE 2.8 is nearly finished at this point.
https://redmine.pfsense.org/projects/pfsense/roadmap
Isn't it called Community Edition for a reason? Netgate is still making commits to it. What am I missing that everyone is negative about this?
-
@gisuck said in Navigating to Buy pfSense +:
I don't understand why people come to the conclusion that CE will no longer be supported and will be dropped. Or that 2.7 will be the last CE to be released. Clearly people don't understand that Netgate have a roadmap website for all of the release. CE 2.8 is nearly finished at this point.
https://redmine.pfsense.org/projects/pfsense/roadmap
Isn't it called Community Edition for a reason? Netgate is still making commits to it. What am I missing that everyone is negative about this?
For the very fact in the blog, they are referring to CE as a 'home lab or POC in order to evaluate Plus' now.
Also, because support for ended in 2022.
Also, because they have even stated more than once that CE doesn't get updated often. Quite frankly, why would you implement something that is barely updated and rely upon an outdated, unsupported model of what they want to not even bother touching? The only reason CE is getting 2.8 is because it was already planned for Plus and CE. I can 99.9% guarantee within the next year or two, CE will not even be updated and still used for evaluation, and nothing more.
edited for spelling
-
@chigh09 said in Navigating to Buy pfSense +:
I want to offer a different perspective on this because I think it’s important. Let’s imagine that we are netgate and noticed an uptick in lost income because of the misuse of our software distribution. Now I’m not saying it was right or wrong but if it were me I would shut it down as well. Should we have issued a statement before shutting it down? I think it would have been the best move, but maybe we don’t know the whole story. And maybe if there were a statement before the shutdown then there would have been a mad rush to get as many free licenses as possible (just thinking out loud). I don’t know if they really intended to lose our trust, but rather they tried to make the best decision with the time they had.
I know it’s easy to feel like the victim and wanting to stick it to them with threats and say they will never use pfsense again, but I think we are all better than this. I say we might want to give them some time to rectify this situation and see what they come up with. We all aren’t perfect and yeah, everyone and every company makes mistakes. So, we could sit here and complain about the decisions being made or we can once again come together as a community and offer constructive feedback in a civil manner to improve the longevity of this great open source software that is also profitable by both parties.
So just because you had a pain in your arm because YOU bumped it and caused the pain, should you have it removed entirely to spite your body? I mean, that's essentially what they've done here, when there are other remedies and options to make it right for everyone. Instead, they went the lazy route and just decided to amputate.