A hardy "Welcome!" to OPNsense!
-
And they put out their second "stable" release with strongswan 5.2.2, which seriously broke some things in IPsec. It was an upgrade that needed to happen since it has a security-related fix (DoS), but it also broke rekeying to the extent a majority of systems using IPsec would have outage-inducing issues after somewhere between a few hours to a few days. Testing, anyone? We slipped a week on 2.2 release in getting those problems debugged and resolved. We pretty quickly determined there were issues, because we test things (plus have help from everyone here in doing so).
Again, easy to push out releases if you don't care or are oblivious to whether things actually work.
https://twitter.com/gonzopancho/status/554645970172923904
They've got a lot to learn.
-
-
@cmb:
And they put out their second "stable" release with strongswan 5.2.2, which seriously broke some things in IPsec. It was an upgrade that needed to happen since it has a security-related fix (DoS), but it also broke rekeying to the extent a majority of systems using IPsec would have outage-inducing issues after somewhere between a few hours to a few days. Testing, anyone? We slipped a week on 2.2 release in getting those problems debugged and resolved. We pretty quickly determined there were issues, because we test things (plus have help from everyone here in doing so).
Again, easy to push out releases if you don't care or are oblivious to whether things actually work.
https://twitter.com/gonzopancho/status/554645970172923904
They've got a lot to learn.
The tweet itself is spot on too, btw.
-
@hongkonger:
The UI Looks very flashy and modern.
I haven't managed to actually boot it on anything yet so I can't comment on that directly but…..
Whilst I agree that the pfSense webgui could be improved it's something that's pretty much at the bottom of any list of improvements I might make. I realise that having a shiny interface can in some circumstances help to sell a product but I seem to be increasingly running into interfaces/sites that have been 'polished' because someone felt they had to to keep up with rest at the expense of usability. I've commented on this before and encountered far more hostility than I expected so perhaps I'm in the minority here. I'm very firmly in the function over form camp.Steve
-
so perhaps I'm in the minority here.
Plato once said something about minorities ;D
I'm in your camp too; this is a server, it needs to be robust as a server, it doesn't need a fancy GUI. Sure, if you are swimming in money like Apple does you can pimp whatever you want, and yes, a fancy GUI is nice, but it's not top priority: where does the dollar invested get the highest return? I'd rather have The Company invest in the stable server functions with an 'old' GUI, than in a fancy GUI yet a buggy, unstable, crashing, server.
-
Could be worse. Cisco seems to think having a GUI at all, of any quality or usability is "fancy".
And yet people use the crap out of their hardware. -
If I was messing with my firewall on a daily basis I'd probably be happy to do command line stuff as it would end up staying in my memory. Since I can go a month or more without doing more than glancing at the traffic graphs I need something that is more user friendly. As it is I tend to have to look through the menus to see where what I want to do is hiding.
pfSense seems happy enough here that I pretty much just add static DHCP mappings and update to a new version once in a while as my only system changes, well other than the bi-annual reboot to blow out dust bunnies.
-
Could be worse. Cisco seems to think having a GUI at all, of any quality or usability is "fancy".
And yet people use the crap out of their hardware.I went for decades with OpenVMS/DCL using the GUI for everything, and a text editor on VT100/VT220 terminals. Actually it is really good when it is what you use every day.
We could have a config parser/checker on pfSense that would tell you anything wrong with config.xml - then document what can go in config.xml. Then the only user interface would be "your favorite FreeBSD editor" followed by the config parser in a loop until you get a valid config. Then it would save and implement. Or perhaps make a customized text editor that stops you doing stuff that is too bad.
That would save a huge number of hours developing all that HTML/PHP/JS for the pretty GUI.
:P -
For once Phil, I think I will pass on one of your ideas (-;
-
There is some call for that. There have been quite a few posts asking about a full CLI config option.
Interesting isn't it. I guess it depends what background you have as to what you expect.Steve
-
Do you like to be able to hold a beer when you are 80 years old?
Then I would suggest you minimized your CLI use and began using a mouse for whatever task you need.
Why key in 100 letters when you could do with 2 mouseclicks?
You wouldnt be where you are today if we still had nothing but CLI.
-
I plan to use a straw. :P
I don't really see why they have to exclusive though. Including both good gui and cli setup options seems to be the way to go IMHO. To a large extent that what we have already. A link in the console menu to 'reload the config file' would be useful and even maybe a direct link to 'edit the config file' with some warning.
Now that OPNsense exists it will be interesting to see if they decide to modify the CLI.
Steve
-
For once Phil, I think I will pass on one of your ideas (-;
As much as I like Phil, I think I will follow you here, Kej ;D
-
There is some call for that. There have been quite a few posts asking about a full CLI config option.
Interesting isn't it. I guess it depends what background you have as to what you expect.Steve
What could be a useful addition to have for certain tasks is what we had (have) in SAP: a sort of 'macro recorder' to mass execute tasks. I recall creating hundreds of thousands BIM's (Batch Input Map) by recording a transaction once, then executing that script with the raw data in Excel as a source, all happily combined in a FOR % in etc- dos batch file.
I know I'm talking SAP, and not pfSense, so example: migration from old Oracle ERP to SAP R/3 (later called 'MySAP' and the further subsequent renames of the mighty system):
-
Export , for example, article master data from Oracle;
-
Clean, convert, enrich data with ABAP (or whatever);
-
Record BIM-template;
-
'Do the BIM' (insider joke ;D );
-
Upload 1 million article masters to SAP MDM (Master Data Management) in 1 hour. Saved many, many, many man years of custom coding back then.
-
-
I went for decades with OpenVMS/DCL using the GUI for everything, and a text editor on VT100/VT220 terminals. Actually it is really good when it is what you use every day.
Decades with OpenVMS?
(It's like finding a long-lost relative.)
DEC only renamed Vax/VMS to "OpenVMS" in 1991 ( 5.4-2 release )
So.. decades, you only recently gave it up? For Lent, or something? ;D ;D
-
Plenty of Vax or Open VMS jobs available today if my Google search didn't go wrong.
-
Plenty of Vax or Open VMS jobs available today if my Google search didn't go wrong.
Sure… there is software running on OpenVMS that is difficult to port to a *nix system.
(Says the guy who helped put OpenVMS on an Alphabook built by Tadpole for Digital back in the day.)
http://www.thefreelibrary.com/Tadpole+Technology+announces+the+ALPHAbook+1,+the+world's+most...-a017809952But the hardware is getting old (unless you count the supported HP Itanium blade stuff.)
Fortunately, HP has spun out VMS development and they have an x86 port planned:
http://www.vmssoftware.com/news/announcement/RM/VMS_Software_Roadmap.pdfThe circle is now complete.
-
@gonzopancho:
I went for decades with OpenVMS/DCL using the GUI for everything, and a text editor on VT100/VT220 terminals. Actually it is really good when it is what you use every day.
Decades with OpenVMS?
(It's like finding a long-lost relative.)
DEC only renamed Vax/VMS to "OpenVMS" in 1991 ( 5.4-2 release )
So.. decades, you only recently gave it up? For Lent, or something? ;D ;D
Yes, it was VAX/VMS until Alpha hardware came along, then I guess just VMS then OpenVMS.
I started with VAX/VMS 4.something in around 1985 with VAX 11/750 and worked with VMS in various places up to 2009. -
@gonzopancho:
I went for decades with OpenVMS/DCL using the GUI for everything, and a text editor on VT100/VT220 terminals. Actually it is really good when it is what you use every day.
Decades with OpenVMS?
(It's like finding a long-lost relative.)
DEC only renamed Vax/VMS to "OpenVMS" in 1991 ( 5.4-2 release )
So.. decades, you only recently gave it up? For Lent, or something? ;D ;D
Yes, it was VAX/VMS until Alpha hardware came along, then I guess just VMS then OpenVMS.
I started with VAX/VMS 4.something in around 1985 with VAX 11/750 and worked with VMS in various places up to 2009.I'm so sorry! Are you feeling better now?
-
It's all in how you look at things, I suppose.
https://twitter.com/jschellevis/status/551809974465478656
http://sourceforge.net/projects/opnsense/files/stats/timeline?dates=2015-01-01+to+2015-01-30
