So, I’m confused.
-
Ok, so I know this is a pfsense forum and any response will weighted this way. And I’m not trying to start any flame wars.
I’m new to both pfsense and other *senses available. I’ve not tried out any of them yet, but have been reading around trying to find “the best” (I’m sure they’d all do the job) it’s just which community do I go with.Initially i was planning on picking up one of the bigger pfsense boxes. And I’m still leaning that direction.
One of the big drawing cards for going that route is the open source aspect. Yet I started reading claims by other senses on places like reddit that pf isn’t true open source etc and is leaning towards corporate dominance and vendor lock-in. And I highly doubt it but now I can’t shake the bad feelings about corporate overlords pushing an agenda.
I then find myself asking if I want to buy into the hardware.
Basically the whole debate and infighting between the two groups kinda scares me away from trying either.I really don’t know what to do. Is pfSense and others just using the open source name to sell products?
Not sure if I should say the company name here but I currently use little black boxes with a U on them. And I honestly can’t complain too much. There’s a few things I can’t seem to do with them specifically use them as a client in a VPN with dynamic ip, which is behind a carrier grade NAT. So I’ve been trying to look for alternatives. Pf seems to be the one with the most features and flexibility.
What are your guys thoughts should I look into pf more or look for alternative. I don’t want to waste my time. If i get no response to this post, I’ll know the community isn’t active or willing to help a newcomer. Or if I get flamed or removed for asking well, I’ll know to look elsewhere. If so, any suggestions on which community to join and who to hand money to?
My whole network and it’s planned expansions include multiple buildings across our ranch and it’s various outbuildings. With ties to another ranch of ours up the road. Traffic on the network includes video streaming, cameras, and VoIP. The planned system will include several 3kw wind generators solar and even backup generators. We get heavy snow and ice storms with power outages and downed lines.
Anyways that’s where I’m coming from and where my network is going.
Thoughts?
-
So full disclosure: I do not work for nor have I ever been employed by pfsense, Netgate or any subsidiary thereof..
I'm a user and try to contribute where I can.
pfsense is open source no matter what you hear or read. It is protected from some other projects whom would attempt and who have stolen the code without giving credit where credit is due.
The pfsense name is protected by law from others that would try and use it for their own profit. These facts seem to have upset some and they have turned to a smear campaign.
https://www.pfsense.org/getting-started/
https://docs.netgate.com/pfsense/en/latest/general/comparison-to-commercial-alternatives.html
https://docs.netgate.com/pfsense/en/latest/general/can-i-sell-pfsense.html
Good luck and welcome!
-
Everything you read is pretty much FUD from competitors, some of whom are leeches who profit from Netgate's work and give nothing back. You have one group that installs pfSense on their own hardware and then sells them as pfSense boxes, which is against the license. Their poor hardware and crappy support reflects badly on Netgate since people may not realize they're not using genuine Netgate hardware. Then you have others who forked pfSense years ago, which would be impossible if it weren't open source. What some have said is that it's not easy to configure the exact build environment you need to fully compile pfSense from source, that's not Netgate's obligation nor is it a requirement of the license.
As for community, all you have to do is look at the activity here and the replies. Questions get answered fairly quickly by joe shmoe users like me who help out because they believe in the project. There is also paid support, and bundled support if you buy a Netgate device.
-
@KOM Thanks for the response. That’s kinda the impression I was getting. It seems like netgate is the ones doing the major if not all the heavy lifting in programming because they can afford to and have the resources in talent to do so.
I currently run FreeBSD on my server, and it’s performed above and beyond any of the other Linux distrais I’ve tried, not trying to knock any district it’s just to me FreeBSD seems to just work and make much more logical sense in file layout not to mention ZFS which I love.What’s this I hear about the competition using “hardened” BSD vs what pf uses?
Also, what’s the whole FUD going around about pf having a messy tangled codebase that’s not clean.
Something doesn’t track when I read those claims, any thoughts on those points?
-
@clem16 said in So, I’m confused.:
What’s this I hear about the competition using “hardened” BSD vs what pf uses?
No idea. They might be basing it on OpenBSD perhaps?
Also, what’s the whole FUD going around about pf having a messy tangled codebase that’s not clean.
No idea, I'm a user and not a developer. Besides, if this were the case, it would affect ALL pf/*BSD projects so nobody would have any specific advantage there. What is your focus? Are you looking to compile from source or start developing patches or packages?
-
@chpalmer Thank you for your reply and links. They’ve cleared up a few questions I had, but had not specifically asked.
Another question, if I install pf or buy one of the official boxes, which I’ll probably do.
Will I be bombarded by “upgrade to paid support” or nag screens of any kind?
The website and links state no artificial limitations, but are there adverts that users are hit with constantly that they must ignore or purchase to make go away. I’m a bit of “perfectionist” and that would drive me batshit crazy. -
No.
We value your privacy as much you do.
-
If you buy, you get support by default. If you build your own and install the community edition, it has all the same functionality for the most part without any limits. IIRC there are at least one custom package that's only available to those who buy, an AWS wizard or something, I don't really care about it.
And as Chris said, they don't harass you to give them money. No nags or anything like that. There is some sort of disclaimer dialog that appears after you first connect to WebGUI after initial installation but that's it. They hope that the product speaks for itself, and that you will like it enough to purchase hardware down the line.
-
@KOM I’m actually looking at simply purchasing one of the boxes and running it at the head of my home ranch network.
I’m looking for a workhorse. But as time permits tinkering, but not be required to tinker just to get basic functionality.I’ve been burned before by a Linux distro I’ll not specifically name that after installation I spent more time on their forum looking up and parsing out how to do simple operations like say mounting a disk or other such simple nonsense that’s automatically done or simple in the BSDs but in the name of flexibility and configurability left to the user.
Thing is, yeah. I love to tinker, but tinker when times available, not be required to to get something critical like a router and firewall functional and keep it functional.
Right now I run FreeBSD and I build all my packages using poudrière from source on a separate dedicated machine.
Does pfsense still keep a separation of base system functionality?
Is pfsense considered a package on top of the base or integrated into it?
If it’s on top would I be able to build it as part of my poudrière build routines. Or is it part of the base? -
Does pfsense still keep a separation of base system functionality?
I believe so.
Is pfsense considered a package on top of the base or integrated into it?
Not originally but I believe that is what they have moved to.
If it’s on top would I be able to build it as part of my poudrière build routines. Or is it part of the base?
No idea, that would be a better question for the Development forum.
-
@KOM thanks everyone for the replies. I’ll do more reading and researching. I think I’ll pull in a copy of pf and poke with it before I grab a official box for the network, but I probably will end up using it.
I’ll be around may be asking more questions to get a good handle on things. I do appreciate all the replies and hopefully as I become more familiar I’ll someday be able to help out around here. -
@KOM said in So, I’m confused.:
If you buy, you get support by default.
To clarify:
You get HARDWARE support. We stand behind the devices we make.
You can elect to purchase technical Support from our Global Support Team.
-
It's much more a collection of packages than it used to be but it isn't a package (or set of) that can be installed onto FreeBSD.
We have a modified base: https://github.com/pfsense/FreeBSD-srcSteve
-
@stephenw10 thanks for the reply! I wasn’t planning on putting it on a vanilla version of FreeBSD. I was thinking more on the “how is it put together, and designed” side of things with an eye towards how to keep updated.
-
@clem16 said in So, I’m confused.:
eye towards how to keep updated.
You read the release notes, follow any special update instructions that are given.. But pretty much you click the little icon that shows up on your gui when there is a new version available..
Or you never update - and be like some users and come here asking how to do xyz when they are running version 2.0.1 from 2011 time frame ;)
Also make sure you check the package manager every now and then for any package updates - which again require a click of an icon..
-
Package updates should really have their own dashboard alert.
-
Agreed.. Should be a widget you can put on the main page or something - has anyone bothered to put in a feature request?
But I am normally on pfsense gui prob almost every day... Not for stuff I am doing but taking screenshot or looking up something specific for a user here, etc. ;) Every few days I will stop by the package manager page... Or if catch a forum post about an update - ie caught that acme was updated here, so went in and updated it..
-
Like the package widget you mean?
Steve
-
You should update that. ;)
-
Exactly!!! Stephenw10 - Exactly, forgot about that wiget... But when you have a lot of installed packages it takes up a lot screen space... Be easier if took up smaller space and alerted to check the package manager for update(s)
When it takes up a lot of screen space - just easier to check the page itself ;)