WireGuard in pfSense 2.5 Performance
-
yea, this is insane..
We had hoped for a better collaboration than this, and it makes me doubt the motives of the attackers. And yes, I make deliberate use of the word “attacker” here, because that’s what this is, an attack on Netgate and on the FreeBSD and pfSense communities.
JFC. I looked at the code review. Dear god, its nothing like the linux implementation, and if anyone should be critical, Jason is the AUTHOR of Wireguard. Scott did not address why Jason's communication went unanswered or why they didn't reach out to Wireguard in the first place. And I wasn't even looking for a complete apology, I think both sides handled stuff badly and lessons could be learnt, but Netgate not admitting to anything, including the piss-poor threats to Jason, is just gross.
i am new to pfSense, I just started using it when 2.4.5 came out. Read about the OPNsense non-sense and was really turned off, but hell, there are always too sides to the story. Seeing this unfold and the way Netgate is responding makes me sick.
So what have I learned from this? I’ve learned to be a little less trusting.
I have learned not to trust Netgate. I guess it time to look at alternatives, which is a shame, because one, i never thought i would be this person, saying in a forum that i am leaving Netgate because they are totally unprofessional, and two, because pfSense is a really nice project and product. I was really looking forward to some new hardware in 2021 and moving from my self-built setup to an official netgate setup this year.
-
new freebsd mailing list activity...
https://lists.zx2c4.com/pipermail/wireguard/2021-March/006504.html
Kyle from FreeBSD, admitting his mistakes and moving forward.
Scott from Netgate, writing a finger pointing blog post.
-
This post is deleted! -
@dirtyfreebooter I'm at the same point. Might be a good time to move away from the one box does it all appliance and the brittleness that can cause when upgrading.
-
@jwj sure but i already do that, one nice part of VPN on the firewall, its easy to apply firewall rules to it, though you probably work around that in various ways.
pfSense is nice. the interface is nice and easy. its a good product. Having it do firewall, DNS, DHCP, VPN is pretty nice, especially when you are not in an environment that is needs anything separate, with the hidden cost there of maintaining multiple machines, VMs, etc and keeping them updated.
i just wanted Netgate to be the mature ones here and show they are adults and want the best for FreeBSD and the community as well, and all else could be looked at and forgiven. especially during covid with all the extra stress on folks on all sides.
-
@rcmcdonald91 i mean kinda, so scott has to see the other side take the high road before netgate/he will. gross and pathetic is that is the case.
-
@dirtyfreebooter said in WireGuard in pfSense 2.5 Performance:
Netgate to be the mature ones here and show they are adults
Yup. Two ways to see this. Leadership didn't review the blog post in the context of the other chatter going on or they did and approved it. Not good either way.
[Edited: someone had the good sense to pull Scott Long's last blog post down]
Takes just a moment to break trust. Takes a long time to regain trust once lost.
Netgate isn't going to miss me. I've not spent money with them other than one $100 gold when that was a thing. I'm not going to say they are going to loose revenue generating business, but I will say this isn't going to generate any business for them. I wish them luck. A lot of the people on their payroll are good people and I hope for a good outcome for them.
I already have a multi-layer switch (catalyst 1000-24p-4x) and I could use my current gateway HW for DNS/DHCP and VPN server plus other things in VM's. Maybe get an ISR 931? I'd do it just to learn. It wasn't that many years ago I was still using consumer networking gear. AirPort Extreme...
We'll see. I need to let this soak for a while...
-
Netgate is pissed off and they have good reason for that. But is there really something to learn (in a good way)? I doubt that.
We can only hope, that something better comes out of this, a compromise. -
Someone at Netgate had the goodSense(tm) to pull down that last blog post.
-
@dirtyfreebooter said in WireGuard in pfSense 2.5 Performance:
https://www.netgate.com/blog/painful-lessons-learned-in-security-and-community.html
Blog is deleted. That's fast. :)
-
@jwj
Uh, nope. Check again. Blog is back up. Technical difficulties cited. Maybe they like that hill? -
This post is deleted! -
Yes. :)
Thanks. -
Jason Donenfeld to the rescue!
https://lists.zx2c4.com/pipermail/wireguard/2021-March/006518.html
-
@heper point in fact the “new one” has nearly all the code of the “old one”, but you wouldn’t know it for the marketing, right?
(Point in fact the old one was based on the openbsd one. And this is how open source works, right?)
-
@jwt is/was this reply intended for someone else?
