A hardy "Welcome!" to OPNsense!
-
No need for accidents. If they have good ideas, we'll look at adopting them.
-
Do we know what pfSense version the fork was from?
As I read that I was thinking 'pretty sure applianceshop might object to the name…... oh wait'. ;)
Generally speaking choice is a good thing. I look forward to seeing how this pans out. :)
Steve
-
Do we know what pfSense version the fork was from?
a pfSense 2.2 beta from October.
https://github.com/opnsense/core/blob/14.12/etc/versionThe OPNsense team immediately moved back to 10.0 (not 10-STABLE):
https://github.com/opnsense/tools/commit/f4f556a2e12e2217ebd84529f64a35db84d2e427BTW, pfSense 2.2-RC1 was released Dec 10 (deliberately after 10.1-RELEASE).
https://blog.pfsense.org/?p=1506The OPNsense team have also been overly enthusiastic about stripping off Copyright. If that's who they want to be, I'm going to
let it stand (for now.) As my grandfather said, "Character is destiny." In one particular instance, they've repaired things, (likely because Scott Ullrich complained, but I don't know.)https://github.com/opnsense/tools/commit/b0079b541421194f9acd9199c7061335af1f3672
As I read that I was thinking 'pretty sure applianceshop might object to the name…... oh wait'. ;)
No, but Jos did threaten the pfSense trademark registration in Europe. "Character is destiny."
Generally speaking choice is a good thing. I look forward to seeing how this pans out. :)
Yes, I saw that you recently joined as a member of their forum.
-
Yep. Mostly because when I first tried pfSense many years ago after reading about it on Slashdot (1.0?). I read some threads on the forum and nearly registered but didn't and regretted it ever since. ::)
Steve
-
The UI Looks very flashy and modern.
-
Indeed, the GUI is nice.
They left i386 builds out of the initial release.
They removed the ability to set static routes out of their initial release, too.They removed AES-GCM (and with it, support for any real speed-up due to AES-NI), and it's not scheduled to come back until release 15.7.
https://github.com/opnsense/core/issues/11
But the GUI is nice. ;)
-
I'm waiting for the people who use that to join this forum to ask for how it actually works, and ask for help fixing problems and bugs.
Of course, lots of confusion and messy threads because it won't be clear it's not pfSense.
-
And they put out their second "stable" release with strongswan 5.2.2, which seriously broke some things in IPsec. It was an upgrade that needed to happen since it has a security-related fix (DoS), but it also broke rekeying to the extent a majority of systems using IPsec would have outage-inducing issues after somewhere between a few hours to a few days. Testing, anyone? We slipped a week on 2.2 release in getting those problems debugged and resolved. We pretty quickly determined there were issues, because we test things (plus have help from everyone here in doing so).
Again, easy to push out releases if you don't care or are oblivious to whether things actually work.
https://twitter.com/gonzopancho/status/554645970172923904
They've got a lot to learn.
-
-
@cmb:
And they put out their second "stable" release with strongswan 5.2.2, which seriously broke some things in IPsec. It was an upgrade that needed to happen since it has a security-related fix (DoS), but it also broke rekeying to the extent a majority of systems using IPsec would have outage-inducing issues after somewhere between a few hours to a few days. Testing, anyone? We slipped a week on 2.2 release in getting those problems debugged and resolved. We pretty quickly determined there were issues, because we test things (plus have help from everyone here in doing so).
Again, easy to push out releases if you don't care or are oblivious to whether things actually work.
https://twitter.com/gonzopancho/status/554645970172923904
They've got a lot to learn.
The tweet itself is spot on too, btw.
-
@hongkonger:
The UI Looks very flashy and modern.
I haven't managed to actually boot it on anything yet so I can't comment on that directly but…..
Whilst I agree that the pfSense webgui could be improved it's something that's pretty much at the bottom of any list of improvements I might make. I realise that having a shiny interface can in some circumstances help to sell a product but I seem to be increasingly running into interfaces/sites that have been 'polished' because someone felt they had to to keep up with rest at the expense of usability. I've commented on this before and encountered far more hostility than I expected so perhaps I'm in the minority here. I'm very firmly in the function over form camp.Steve
-
so perhaps I'm in the minority here.
Plato once said something about minorities ;D
I'm in your camp too; this is a server, it needs to be robust as a server, it doesn't need a fancy GUI. Sure, if you are swimming in money like Apple does you can pimp whatever you want, and yes, a fancy GUI is nice, but it's not top priority: where does the dollar invested get the highest return? I'd rather have The Company invest in the stable server functions with an 'old' GUI, than in a fancy GUI yet a buggy, unstable, crashing, server.
-
Could be worse. Cisco seems to think having a GUI at all, of any quality or usability is "fancy".
And yet people use the crap out of their hardware. -
If I was messing with my firewall on a daily basis I'd probably be happy to do command line stuff as it would end up staying in my memory. Since I can go a month or more without doing more than glancing at the traffic graphs I need something that is more user friendly. As it is I tend to have to look through the menus to see where what I want to do is hiding.
pfSense seems happy enough here that I pretty much just add static DHCP mappings and update to a new version once in a while as my only system changes, well other than the bi-annual reboot to blow out dust bunnies.
-
Could be worse. Cisco seems to think having a GUI at all, of any quality or usability is "fancy".
And yet people use the crap out of their hardware.I went for decades with OpenVMS/DCL using the GUI for everything, and a text editor on VT100/VT220 terminals. Actually it is really good when it is what you use every day.
We could have a config parser/checker on pfSense that would tell you anything wrong with config.xml - then document what can go in config.xml. Then the only user interface would be "your favorite FreeBSD editor" followed by the config parser in a loop until you get a valid config. Then it would save and implement. Or perhaps make a customized text editor that stops you doing stuff that is too bad.
That would save a huge number of hours developing all that HTML/PHP/JS for the pretty GUI.
:P -
For once Phil, I think I will pass on one of your ideas (-;
-
There is some call for that. There have been quite a few posts asking about a full CLI config option.
Interesting isn't it. I guess it depends what background you have as to what you expect.Steve
-
Do you like to be able to hold a beer when you are 80 years old?
Then I would suggest you minimized your CLI use and began using a mouse for whatever task you need.
Why key in 100 letters when you could do with 2 mouseclicks?
You wouldnt be where you are today if we still had nothing but CLI.
-
I plan to use a straw. :P
I don't really see why they have to exclusive though. Including both good gui and cli setup options seems to be the way to go IMHO. To a large extent that what we have already. A link in the console menu to 'reload the config file' would be useful and even maybe a direct link to 'edit the config file' with some warning.
Now that OPNsense exists it will be interesting to see if they decide to modify the CLI.
Steve
-
For once Phil, I think I will pass on one of your ideas (-;
As much as I like Phil, I think I will follow you here, Kej ;D
