Announcing pfSense plus
-
Hello!
Isnt pfsense, in large part, just some code that provides a nice gui for installing/configuring underlying software?
Is the base OS that pfsense configures going closed source?
When I run "pkg info" from the shell I see a crapload of packages. Aside from maybe the "pfsense-pkg-*" ones, are any of those going closed source?
With pfsense+, will I be able to go in and look at the config files that pfsense is creating for the OS and packages?
Is pf going away and being replaced with something closed?John
-
@jegr said in Announcing pfSense plus:
So SG1100-3100 are locked in on the closed source branch. :)
And have been all along? That's my understanding, the factory images have had closed source components.
It's just the differences are going to become much bigger.
For sure if you're a ARM based Netgate appliance user and a FOSS purest you're out of luck.
-
My question was more of a what if scenario. I will split it in 2 -- as I think about this more.
-
Assume that the user upgrades to pfSense+ using the free "no-charge" option -- is he breaking the licence agreement because of his businesses? Or would it be ok, as he is using it for his personal use (in a home scenario)
-
Assume that the user stays on the CE version as they do not need any of the ZeroTier, Business dashboard etc features that you mentioned -- Would this mean that this user would be stuck on the current version for life? -- given that only security patches are promised for CE and none of the new features. The user might not need any features today, but he may need it in the future or he may need 1 particular feature that has yet to be developed.
Thanks
-
-
@al said in Announcing pfSense plus:
It can be interpreted in more ways - like they would like to evolve/extend driving code upstream, but it can also be interpreted as pfSense CE is not going to get updates forever.
So a clear statement about whether the changes related to the new middleware and new GUI eventually will go into pfSense CE (open source) would make people happy in respect to continuing using pfSense...And that is where the crux of the issue is. My interpretation is that CE is not going to get anything except security patches -- unless someone from the community or another sponsor is willing to take up CE and carry it forward as pfSense itself (probably under Netgate as the steward due to copyrights on the "pfSense" name) or as a completely different fork under a new name/management.
-
@johnpoz said in Announcing pfSense plus:
Is he even using netgate appliances?
Damn. can't edit posts in this sub-forum -- but no the user is not using netgate appliances at the moment.
@johnpoz said in Announcing pfSense plus:
My point was towards, if he is not running an appliance now - then plus is quite a bit off.. + when it first comes out is only going to be for appliances.
Won't even have the choice to run + on his own hardware for some time.. So its a bit early in the game to get all worked up over anything.Correct. It's not going to be available for non-Netgate devices. But in my opinion it's not early to get worked up about. When people are using this software as the basis of their entire network -- and especially if they are also conducting business -- then livelihoods depend on it. They don't want to be left in a position where they have 15-30 days to change to a new platform -- whatever that may be. And before you say it, yes Netgate may provide ample time possibly -- but that is not a chance that all users might be willing to take
@jwj said in Announcing pfSense plus:
In case anyone thinks I'm a fan boy or apologist I'll share some of my activities from the last few days. Downloaded VyOS and setup a build environment. Had a good look around at what a used Cisco ISR costs, what licenses would I have to pony up for. Thought about how I would setup a standalone DHCP/DNS server that isn't Microsoft. I even had a browse around the forums over at Ubiquiti to see what is up with the 2.x version of the edge router SW. I'm not pretending that nothing has changed, I'm also not panicking.
Same here. I have started looking at alternatives but I am in no rush to move. This gives me time to evaluate other options like VyOS, IPFire & even OPNSense. I chose pfSense the last time I was in this position moving from DD-WRT because OPNSense wouldn't even recognize my PATA HDD -- but then again it was early 2016 and OPNSense was in it's infancy.
I am not making any money out of using any particular router/firewall software as I use it only for my home/hobby use and maybe a bit of the self satisfaction that as a slight bit more technical than my family and friends, I can claim that I built my own router and my network is safer than their $60 off-the-shelf wireless router. So any costs that would need to be paid for a licence will definitely have to be weighed against other available solutions (free or paid) and this will be different for each and every user.
-
@inxsible said in Announcing pfSense plus:
They don't want to be left in a position where they have 15-30 days to change to a new platform
Where did you get that estimate of days from? You are never required to update - shit we have people here all the time running version 1.x for gosh sake..
Not like its going to stop working when they rollout +, or when they roll out plus for your own hardware, etc. etc.
They have made announcement about changes that are coming - that are not here yet. And nothing has been set in stone..
They announced a new version +, which in this first release is no different than CE when it comes out as 21.02 version..
And has been stated there will be a 2.6 CE version, etc.
You would think they announced the sky is falling, and we have all these chicken little's running around screaming...
I have seen a couple of shitposts over on reddit that are exactly that - its over, jumping ship to xyz.. My Gawd People.. They made a freaking announcement of NEW stuff coming... If your in the business world - you should be excited that hey your finally going to get the stuff you been asking for years.. If couple years down the road you feel they are not updating the CE version enough - then find something else you like..
But that sure and the hell isn't 30 days out, or this summer or this freaking year even.
-
@jwj said in Announcing pfSense plus:
This sounds reasonable, even generous.
I read the "blog" several times and digested the information for a week, it seems to me that CE and Plus will go their separate ways after a while...
CE will continue to be Netgate's experimental "petri dish", a lot of good info comes from this source.
In that case, if Plus gets a reasonable price and supports 3-party hardware(s), it’s still worth switching to PLUS.
Of course, if you use it a higher level than HOME and LAB.
-
The one thing that will cause me to drop pfSense like a hot rock is FUD and forum drama.
It amazes me that people with 99 pieces of gold in their hand will complain about the one piece of coal on the ground.
-
@johnpoz said in Announcing pfSense plus:
Where did you get that estimate of days from?
Out of my ass really -- to be crude about it. Which would have been obvious if you read my immediate next statement that "And before you say it, Netgate may provide ample time possibly". In your own words
@johnpoz said in Announcing pfSense plus:
And nothing has been set in stone..
The whole point was that some users might not want to wait until such an announcement is made and may want to make plans ahead of time.
@johnpoz said in Announcing pfSense plus:
You would think they announced the sky is falling, and we have all these chicken little's running around screaming...
I certainly didn't say that. In fact I even mentioned that I am in no rush. That doesn't mean I can't evaluate other options even if it's just to find out whether they will satisfy my needs. I may not even move to those if I don't like something about them (UI or the way they spell something). My only concern is if the CE version will be left hanging dry & stagnate and I realize that it may not be this year, but it will eventually is what I understand from the announcement.
I guess these questions will remain until Netgate provides a clear answer related to CE and what their plan is related to providing new features in CE.
-
@jwj said in Announcing pfSense plus:
The one thing that will cause me to drop pfSense like a hot rock is FUD and forum drama.
It amazes me that people with 99 pieces of gold in their hand will complain about the one piece of coal on the ground.Not entirely sure if that is directed at me, but I'll reply anyway.
I am not trying to spread FUD. If you read my entire statement, the "15-30 days" comment was just a way of making a point that some users might not wait until such an announcement is made to start planning changes especially to users who have purchased subscriptions and since Netgate hasn't clarified their position with regards to the CE version's future when it comes to new features etc.
-
@inxsible No, not aimed at you. Sorry if it seamed so.
-
@jwj said in Announcing pfSense plus:
forum drama.
Understandably, people scream a little at the beginning, but the test of pudding is the swallowing...
I envy it because that Ruckus switch is good stuff ...
-
@johnpoz said in Announcing pfSense plus:
You would think they announced the sky is falling, and we have all these chicken little's running around screaming...
When something is not well known or fully understand, people fill the gaps and imagine whatever is possible. It's just basic human behavior.
Maybe there have been some poor choices in communication here.
One example: explaining that going close source is for protecting the open-source community and the guys who forked from some disruptive changes is, at best, dubious. Imo, it does not make any sense. If disruption is really a concern, there is no need to go close source: an open-source fork from pfSense CE to pfSense plus would achieve exactly the same goal. So, what does this really mean ?
Similarly, when saying on one hand that the two versions will diverge more and more and, on the other hand, that the advancement of CE will mainly depend "how the project progresses itself, separate and distinct from Netgate", what should be understand other than Netgate is starting to disinvest from the development of CE ?
-
@inxsible You can't have it both ways stating you are in "no rush" but in the next sentence worry about be being "left hanging dry".
2.5 has not been released yet and Netgate has confirmed there will be a 2.6. That is probably 2 years support for CE right there.
Take a breath and see what happens in the next 12 months. Then make a decision not based on speculation of what might happen.
-
Full disclosure: I'm not a power user.
I'd like to offer up a bit of balance. I understand the arguments for OSS, but it's not important to me. It's this:
National Vulnerability Database
Note that Netgate has expeditiously addressed vulnerabilities through patches and update releases. FYI, this is a random 4-week example of the type of stuff going on in the background:
I'm not about to sift through source code. But as an armchair technocrat, I want a bit more than consumer-grade offerings. What's important to me is security, stability, features, and a commitment to the product.
It's very likely I'll stick with pfSense in one form or another. Netgate has demonstrated a generosity to the community, and I'm appreciative of their gratis COVID support when I needed it. That said, they're a business and need to turn a profit to make payroll. If OSS is a hard requirement for enough paying customers, I expect they'll make adjustments.
Appropriate acknowledgement of the NVD:
-
@ahking19 said in Announcing pfSense plus:
@inxsible You can't have it both ways stating you are in "no rush" but in the next sentence worry about be being "left hanging dry".
Not having both ways at all. You are compounding 2 different statements meant for 2 different things.
I personally am not in a rush to move to another software at this very instant.
"left hanging dry" was for the pfSense CE version as a whole -- due to the divergence from pfSense+ and not getting anything but security fixes as announced by Netgate. Please read my earlier post again.
@ahking19 said in Announcing pfSense plus:
2.5 has not been released yet and Netgate has confirmed there will be a 2.6. That is probably 2 years support for CE right there.
Take a breath and see what happens in the next 12 months. Then make a decision not based on speculation of what might happen.Your statement about "probably 2 years support for CE..." is speculation more than any of my statements. I didn't say anything about how long Netgate would support CE -- because I don't know. All I said was, that some users would not like to wait until Netgate announces how much support they will provide and until when.
-
@inxsible I don't work for Netgate so yes I'm "speculating" based on past release history and an ethos of "release it when its ready".
https://docs.netgate.com/pfsense/en/latest/releases/versions.html -
From the blog Announcing pfSense Plus
-
installed over two million times, with at least half that many in active use today
-
our customers ... In particular, however, are business, government, and education customers.
-
pfSense Plus ... move beyond the limitations of pfSense open source software
-
pfSense Plus for my own hardware or virtual machine ... There will be a no charge path for home and lab use and a chargeable version for commercial use
-
Which is the same pricing model as TNSR
I assume I will get flamed for this but that policy does not make any sense to me as it says:
-
Netgate has about 1 million users, by far the majority don't pay any money for the service they receive and this will continue.
-
We price our software product out of the range of small business. In the past service provides could help them use our CE software but in the future they will have to look elsewhere
-
We pin all our hopes for business viability of our software product line on big business, where our software product is relatively economical.
In my opinion, given Netgates user base, it would make far more sense to capitalize on micro transactions.
-
Don't give the proprietary software to any one for free, but ensure the price is low enough represents that it is excellent value for everyone.
-
Scale cost gradually with installation size, using some measurable parameter such as users devices. Use a soft limit so the system continues to work if used beyond licensed capacity but the user is informed (& Netgate collect license violation statistics)
-
At the base product have only forum and on-line manuals support (enabling it to be a low cost product). Even $20 / year x 1 million users pays for a significant amount of development.
-
Support a proportional cost increase for larger installation so larger homes or test beds do not suddenly hit a price barrier.
-
Do not offer volume discounts to mid sized customers but include higher level support which are demanded from larger paying customers. Include business level support options.
As for PfSense open source product, the future does not look bright
- Historically, pfSense FE and pfSense Community Edition (CE) have been closely related ... In 2021, they will begin to diverge from one another ... Netgate will focus most of its efforts on pfSense Plus ... pfSense CE ... security vulnerability protection ... 2) hardware support updates, and 3) bug fixes ... upgrade path to pfSense Plus (? nagware)
-
-
I have just returned from the future and everything worked out fine.
Unsubscribing from this thread for now. -
@patch said in Announcing pfSense plus:
In my opinion, given Netgates user base, it would make far more sense to capitalize on micro transactions.
+1. I had a few Gold subscriptions back then, expecting nothing in return other than ACB and the pfSense book. Now sure why they made that free, discontinued Gold and now make it super hard to give them money. Entry level for showing some love now is a TAC at Black Friday / COVID discount (399.00 a year). Why ?
-
@mfld said in Announcing pfSense plus:
@patch said in Announcing pfSense plus:
In my opinion, given Netgates user base, it would make far more sense to capitalize on micro transactions.
+1. I had a few Gold subscriptions back then, expecting nothing in return other than ACB and the pfSense book.
+1 We had it only to sponsoring Netgate and would like to see a "Gold Sponsoring" back...
-
@provels said in Announcing pfSense plus:
Unsubscribing from this thread for now.
just like you do, I'm also :)
-
-
It 's time to migrate to https://opnsense.org ?
-
-
@jwj said in Announcing pfSense plus:
Sounds like a good idea ;) I'm out.
Clarification, I'm out of this thread. Not out of pfSense.
-
Been reading both this and the other 'dev' post regarding PfS+. Curious as to the 'why?' behind closing the source of the plus edition. I don't believe this has been addressed. I have a couple ideas but hate to speculate...would love to hear from the team on this.
Just because something is open source doesn't mean it has to be free, correct? I am all for paying for great software (former Gold member, purchased support cases over the years, have a few Netgate boxes running) and would be happy to further support the project but would prefer to see PfS+ remain fully open source.
-
@provels
Maybe its better for you to be quiet -
@fbor pfSense FE was never open source. Not sure what you are getting at here.
-
@drewsaur The differences are small with CE, a few packages (AWS Wizard, IPSec exporter, ...), some tuning for the hardware. I checked a few FE only files: they are not obfuscated and are all licensed under Apache license. So maybe FE is only 99.99% opensource but that's not the 0.01% I'm worried about.
With pfSense+, will I still be able to change everything I may need, at least in the "CE layers", and not get stuck asking the editor for changes ?
-
@fbor I would imagine that this will be the case for a very long time. I can’t see how, anytime soon, the majority of pfSense+ would be replaced with completely different code. That would be like https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/ - completely self-defeating.
-
@al I really do not see how you cannot benefit from keeping OSS roots and your paying customers and keep advancing!
You now basically abandon it by out-forking the OSS version into Closed source and get onto the route RedHat just got with CentOS. On top of that, the trust into pfSense because of the OSS nature will be gone and the closed nature will raise questions and break trust on unseen backdoor/weakened security!
On top of that you still advertise/market/benefit the power of the OSS base, yet all the full-feature changes will not get into the CE?
Did I miss something?!?
-
@inxsible said in Announcing pfSense plus:
Assume that the user stays on the CE version as they do not need any of the ZeroTier, Business dashboard etc features that you mentioned
@Inxsible - Did I miss some announcement about ZeroTier integration in pfSense Plus? Do you have more information? I'd be very excited if this is true.....
-
How do I install the 2.5.0 version on a Netgate appliance. FOSS is more important to me than the extra features. I want to use the community version with a Netgate appliance.
-
I've been busy, so I didn't notice this announcement until a few days ago. I just checked and noted that I joined this community in 2016 after I started using pfSense in 2015. Previously, I was using Sophos because it went downhill after going from open source to closed source. I can't say that I'm surprised by this announcement from Netgate, but it's disappointing nonetheless. Unless Netgate will make the entirety of the pfSense codebase available such that anyone could build it from scratch or even fork it, I can't see why anyone would contribute to further development and testing of CE. You would be doing development that Netgate could incorporate into pfSense plus for its commercial gain with no compensation or assurances of getting anything in return for your effort.
Around 2018, a former pfSense developer that I tested with jumped ship to OPNsense and he is very happy there. I've maintained an OPNsense test system alongside my pfSense test system since that time. For anyone who values an open source community, OPNsense should be a serious consideration.
-
Ok, so I just started trying out pfsense and right when I registered to this forum to ask some questions, I have to read that pfsense is going to closed source and will become irrelvant sooner than later.
It will become irrelvant because the open source version won't be getting much, if any, attention, and it will die out. That means that fewer and fewer companies may still buy from Netgate because without the open source version pfsense will be forgotten and soon nobody will know about it anymore.
And who would want to rely on closed source software, especially for a security device? In times in wich the raping of peoples privacy is rapidly increasing and users are being controlled by software more and more, free software is the only way go to.
In my testing, pfsense has made a really good impression and seems like a well-made and solid software to the point that I would recommend it. But now we're not going to buy Netgate products and will have to keep looking for something else.
-
Your statement is false!
And that's the bottom line. -
@bitfrost I agree with much of what you say. Unfortunatly there is a lot of money in software as a service (rent, "cloud" versions) and sale of personal data (Googles, Facebook, instagram, Microsoft business models, China), so fighting it is likely to be difficult.
-
@Patch I don't, because for the most parts that is simply belief sold as facts.
@bitfrost said in Announcing pfSense plus:
Ok, so I just started trying out pfsense and right when I registered to this forum to ask some questions, I have to read that pfsense is going to closed source and will become irrelvant sooner than later.
Nonsense to both statements. Neither is pfSense going closed source (only Plus is and was up until now anyways - so no real change!) nor will it become irrelevant sooner than later.
It will become irrelvant because the open source version won't be getting much, if any, attention, and it will die out. That means that fewer and fewer companies may still buy from Netgate because without the open source version pfsense will be forgotten and soon nobody will know about it anymore.
OSS version already got 3 updates (2.5.0, 2.5.1, 2.5.2, 2.6 dev is in the works...) so also nonsense.
And who would want to rely on closed source software, especially for a security device? In times in wich the raping of peoples privacy is rapidly increasing and users are being controlled by software more and more, free software is the only way go to.
Besides that being a directional question to almost any company, how about asking that to the many thousands of companies that already use products from other brands that also are surpisingly built upon e.g. FreeBSD and are closed source? Like Juniper? Cisco? PaloAlto? Fortigate etc. etc.? Can't say I saw them going bancrupt the last years besides tons of fuckups and security leaks.
That's not a push to closed source. I also think pfSense Plus (as that's the only thing that won't be public anymore) should stay OSS and instead have a private/closed repository for business users just like other projects do (e.g. Proxmox etc.) but things can change. Also no one is taking away from pfSense CE.
But now we're not going to buy Netgate products and will have to keep looking for something else.
Spoiler alert: Netgate products where shipped with the Factory Edition (FE), NOT the CE for years now and no one complained a bit about the FE not being OSS/OpenSource/openly available. So all I'm currently seeing is not much changes at all. That CAN and perhaps will when there are more changes in underlying things like the web-stack/UI. That's the point where Netgate has to show if those changes they talked about will only go to Plus and leave CE behind besides promising multiple times that CE WILL get a new GUI/API layer etc.
But up until that, all you were posting as simply untrue, false or guesstimates. No proof at all, so how about simply watching if they are true to their word or not?
-
Your statement is 100% TRUE
And that's the bottom line !