Is CE really slower with (security) updates compared to plus ?
-
@Patch said in Is CE really slower with (security) updates compared to plus ?:
In contrast Netgate now just develop the propriety (Plus) version. Then when they feel like it they later release / back port the features they want to release to the CE version. This approach removes all benefit of the CE version to Negate, leaving it only as competition and a burden to support. It's only value to Netgate I can see is it lets them claim pfsense is open source and limits concentrated user backlash. Time will see how long it lasts.
this is what confused me since i use proxmox / opnsense.
but afaik they have to somewhat publish their code foss since its a requirement for using freebsd.
and of course one can conspire that due to their "bad history" pfsense is not willing to push too much too fast upstream since "OPNsense is just pfsense CE with nicer GUI" (big big quotes).
but i fear they might end up in an apple situation where they barely apply to the foos rules by pushing "just enough" FOSS updates.
On the other hand iirc they are a big commit and donation giver for FreeBSD.
So i guess maybe the FreeBSD License does not require complete FOSS builds?irdk :/
maybe i just start with CE and look how it plays out.
-
@DS_DV my understanding is they do push upstream well making many valuable contributions to FreeBSD.
What is far less clear is release / continued development of pfsense CE (as opposed to the proprietary pfsense Plus)
-
@Patch i would love to hear a license expert for foss software on that ^^
but i get the point that they have to make money somehow and as long as they push upstream i think i am ok with that -
Is CE really slower with (security) updates compared to plus ?
Are you ready for a reality fact check up ?
And believe me, this one is scripted : you'll get an answer without having to go to look for yourself.Start here : read :
Auto update check, checks for updates to base system + packages and sends email alerts
Then do as told : Install the pfSense cron package.
Create the script.
Set up a cron task : have it executed like one a day or every 12 hours.
Make sure you have the pfSense Notification system activated.and now : wait ....
In nearby future you will receive a notification from your pfSense : an update is avaible !!
This can be :
pfSense itself.
One or more pfSense GUI packages - one of these : System > Package Manager > Installed Packages
And ... wait for it .... one or more FreeBSD 'pfSense' core packages, also known as the binary packages.So, if a ssh (or un bound, or curl, or whatever) FreeBSD package needs a security update, you will know it.
To install these : you'll need console (or way better : SSH) access, and use13) Update from console
or, the old fashioned way
pkg upgrade
I'm pretty sure CE receives as much 'security' updates as Plus .... but as people don't see them ... so it doesn't exists ?!?
-
@Gertjan thank you for the tutorial <3
arent automatic updates the default O.Oon OPNsense there are drop downs for that in the gui.
my configuration looks sth like that:
do you really have to play custom PHP scripts into the OS to get auto updates?
Or is it just for notifications?I use an RSS reader and have the update announcement feed for that in my "updates feed".
I would assume pfsense would also have several RSS Feeds for changelogs and announcements (: -
@DS_DV
oh auto update of my main router, not thanks, that would be a nightmare. -
Yeah, metoo.
Auto 'OS' upgrade ?
Imho, that's a no-go for my phone, firewall and car.
Maybe ok for the light bulb.Auto interface reset ?
Like the pfSense 'watchdog', that's a like applying a sledgehammer to solve a headache. Talk to your medicine, he will convince you to use other solutions. -
Get plus it’s amazing,
Comes with cloud backup, boot environments, tac support for firmware. Runs smooth -
@DS_DV said in Is CE really slower with (security) updates compared to plus ?:
do you really have to play custom PHP scripts into the OS to get auto updates?
Or is it just for notifications?That's for notification of updates.
@DS_DV said in Is CE really slower with (security) updates compared to plus ?:
Blog posts that CE is much slower when it comes to updates and patches.
Essentially you need pfsense plus if you need fast security updatesSecurity updates are done via a "System_Patches" package which is easily loaded in pfsense. It has been my experience that these are typically released promptly for both CE and plus. I suspect Netgate don't want a reputation for a "current" product with significant security vulnerabilities.
In contrast the demonstrated trajectory for ongoing general maintenance and feature releases is far less reassuring for CE.
Imo for a new project, if you are happy with pfsense plus then this is a good closed source product with a future so a reasonable choice. In contrast looking at the once open source pfsense CE for a new project, is a far more dubious choice as it's future is far less clear.
-
@Gertjan said in Is CE really slower with (security) updates compared to plus ?:
Auto 'OS' upgrade ?
Imho, that's a no-go for my phone, firewall and car.i am the exact opposite (:
everything that has internet connectivity needs to get update/upgraded asap for me.And i cant and want to have to run to all my systems just to keep checking every day if there is an update. I dont have the time for that its my homelab.
And even if it was work my boss would kill me for that timewaste XD
@Gertjan said in Is CE really slower with (security) updates compared to plus ?:
Auto interface reset ?
My ISP does require this otherwise it will reconnect at a random time during the day which i find rather annoying
@JonathanLee said in Is CE really slower with (security) updates compared to plus ?:
cloud backup, boot environments, tac support
i dont use clouds (except my own self hosted computer) and i dont need TAC as far as i am aware (:
While OpenVPN importer and Boot environments are nice i dont know if i can spare 10bucks a month for those features ^^ (we will see)In general i dont mind a bit of initial work. But the upkeep resources have to be as minimal as possible (automated) (:
@Patch said in Is CE really slower with (security) updates compared to plus ?:
Imo for a new project, if you are happy with pfsense plus then this is a good closed source product with a future so a reasonable choice. In contrast looking at the once open source pfsense CE for a new project, is a far more dubious choice as it's future is far less clear.
as a person looking to switch from OPNsense i agree that are exactly my feelings
-
@DS_DV said in Is CE really slower with (security) updates compared to plus ?:
i am the exact opposite (:
And you can, your opinion is yours. You should :) it
@DS_DV said in Is CE really slower with (security) updates compared to plus ?:
even if it was work my boss would kill
He will come after you when the companies router goes down for a maintenance update during that most important video conference call.
Simple example : You're the pilot, the plane ditched, lots of losses, and you say to the FAA : its wasn't me, the plane was on auto (pilot) mode.
You will get ...... well, no more flying for you.
The thing is : if there is a guy, and a machine, who will have the final discussion, the final responsibility ? The admin, or the 'device' ?
You are still in doubt, ok, go visit a local court house for a while.
Machines are always acquitted. people get send to jail.@DS_DV said in Is CE really slower with (security) updates compared to plus ?:
My ISP does require this otherwise it will reconnect at a random time during the day which i find rather annoying
Aahhhh, so you, and don't forget the boss, do not like it when machine take the initiative.
An upstream 'ISP' link that gets renewed or re negotiated, and you can notice it, I get it, that's not ok. I wouldn't even try to 'patch' this bad ISP behavior.
Just for my own curiosity : what ISP is this ? Is this some modem coax setup ? -
@Gertjan said in Is CE really slower with (security) updates compared to plus ?:
He will come after you when the companies router goes down for a maintenance update during that most important video conference call.
my solution is to do it day lie at midnight.
@Gertjan said in Is CE really slower with (security) updates compared to plus ?:
what ISP is this ? Is this some modem coax setup ?
its Telekom a shitty german provider or to be more precise a reseller.
but afaik its done with any DSL provider i know of and apparently most fiber optic providers as well (:with coax/docis i only hear about trouble and non working connections / connection losses all over the day no matter if its private or business.
i myself only had it for roughly 1 year to bridge a dsl gap but i denied any payment because the quality was so bad xD -
@DS_DV said in Is CE really slower with (security) updates compared to plus ?:
its Telekom a shitty german provider or to be more precise a reseller.
German Telekom only stop/reconnect the PPPoE session after 180 days, it's a problem of the reseller...