pfSense 2.5 Release Date News



  • Just curious as to any estimated release date news, what's the word?



  • Thank you members, for up voting...based on the news on Feb.13.2019 that snapshots moving to pfSense 2.5.0 and Mar.18.2019 pfSense 2.5.0 now available, it seems that we should be seeing a release candidate by now.

    As the saying goes, no news is good news; however, the suspense is killing!



  • Unless there is a particular feature you're waiting on that's only in 2.5, I don't see what the hurry is. It will look and run the same as 2.4.4. If you're running in production, you're wise to wait at least a month after release before you upgrade.


  • Rebel Alliance Developer Netgate

    It won't be for a while yet. We need to move to a FreeBSD 12.1 base and even after that, there are a number of issues to address. When we know more, we'll post about it.



  • @NollipfSense

    Will it require AES-NI CPU Crypto?



  • @JKnott "AES-NI Not Required
    The original plan was to include a RESTCONF API in pfSense 2.5.0, which for security reasons would have required hardware AES-NI or equivalent support. Plans have since changed, and pfSense 2.5.0 does not contain the planned RESTCONF API, thus pfSense 2.5.0 will not require AES-NI."

    https://www.netgate.com/blog/pfsense-2-5-0-development-snapshots-now-available.html



  • @ahking19

    Tnx. I won't have to buy new hardware then.



  • Thank you all for responding. I am one of those who had bought new equipment to meet pfSense 2.5 requirement only to learn that that won't happen; so, I just want the update to be over with. Wondered how to add that Restconf API...it would be pleasant if we could add it as a package so the folks who prepared for it could have a sense of relief.



  • @NollipfSense said in pfSense 2.5 Release Date News:

    could have a sense of relief.

    PfSense of relief! 😉



  • @JKnott said in pfSense 2.5 Release Date News:

    PfSense of relief! 😉

    Nice one!

    Jeff



  • Is the rest API still a target, or is it deadlocked in TNSR???


  • Netgate Administrator

    Not for 2.5 it isn't. That was what as driving the AES-NI requirement. See:
    https://www.netgate.com/blog/pfsense-2-5-0-development-snapshots-now-available.html#aes-ni-not-required

    Steve



  • @stephenw10 I understand that.

    I think some better idea of the future of pfSense would be appropriate. As a couple people already mentioned they spent the money to upgrade the equipment, and some of us were happy to do it if it meant an API.

    Not a huge deal. pfSense is always caught between comments like this, and trying to stay opensource. I do not want to come off as unappreciative, but if I went through all this non-sense for pfSense to pull back, I want to make a mental note why for the future.



  • @webdawg said in pfSense 2.5 Release Date News:

    I do not want to come off as unappreciative

    Same here...that's why I believe if an entity made a strategy decision, it should follow through. That's what I admired in Apple despite my expensive hardware became obsolete...but guess what, I turned around and bought many more.

    I had been causally reading up on Restconf API here: https://tools.ietf.org/html/rfc8040 If I were pfSense, I would have at least make it available as a package...that way, the open source would continue to support innovation while remaining adaptable to all members. I think that's the essence of open source.



  • @NollipfSense What do you know that we don't? Where has it been said that the plan to use RESTCONF API has been dropped? I think you are jumping to conclusions. It's only been stated that RESTCONF API is not part of the 2.5 release.

    Re: release as a package - I think you are underestimating the work involved and what the API will be used for. There has been a roadmap posts on the Netgate blog.

    https://www.netgate.com/blog/further-a-roadmap-for-pfsense.html
    https://www.netgate.com/blog/more-on-aes-ni.html

    Granted the posts are from 2015 & 2017 and maybe it is time for an updated roadmap blog post from Netgate. My guess is the API will be part of the 3.0 release, where the webGUI is rewritten. Why update the current PHP webGUI to use RESTCONF now only to replace all of PHP for 3.0 with Python? I'd rather have the developers working on 3.0.



  • @ahking19 Yeh, that is why I was asking. If the previous road-maps are not accurate...I was just looking for an update. I did not want to turn this thread bad.



  • Why was new hardware bought for a release that as yet has not official date?

    Even if you waited until it was released, before buying new hardware, it's not like it takes months to arrive anyway.



  • @ahking19 said in pfSense 2.5 Release Date News:

    What do you know that we don't? Where has it been said that the plan to use RESTCONF API has been dropped? I think you are jumping to conclusions. It's only been stated that RESTCONF API is not part of the 2.5 release.

    Absolutely nothing, in fact, I am learning from you. I didn't mean to imply RESTCONF dropping, only dropped from 2.5v. I am just wanting to learn about it since I encounter pfSense late 2016 and that the gospel was all newbies should get hardware to meet pfSense 2.5v.

    @webdawg said in pfSense 2.5 Release Date News:

    I did not want to turn this thread bad.

    Not at all and was never intended to be that way either...my hope is others checkout RESTCONF.

    @Rod-It said in pfSense 2.5 Release Date News:

    Why was new hardware bought for a release that as yet has not official date?

    I had not visited the forum for quite awhile but remembered most of the talk with newbies during 2017 -2018 on the forum was to get hardware to meet pfSense 2.5v. So, after buying the hardware and returning to the forum, that's when I found out. The good thing is I got what I was seeking in hardware, and it should able to grow with pfSense over the next five years.



  • Dang, if they're waiting on FreeBSD 12.1 we probably will not see 2.5 this year.



  • @Zermus said in pfSense 2.5 Release Date News:

    Dang, if they're waiting on FreeBSD 12.1 we probably will not see 2.5 this year.

    It surely is appearing that way!



  • @KOM
    It is not a hurry for 2.5 but also the development for 2.4.4 seems to be "frozen" as there are no package updates for it since a while.

    e.g.
    Squid is stable in version 4.8 and in pfSense in version 3.5.28 of July 2018

    ntoPNG is stable in version 3.8 from December 2018 and in pfsense in version 3.6

    There is just the "feeling" for users that pfSense is not of "high interest" of Netgate anymore because in former times there were more often regular updates, etc.



  • @ramup said in pfSense 2.5 Release Date News:

    @KOM
    It is not a hurry for 2.5 but also the development for 2.4.4 seems to be "frozen" as there are no package updates for it since a while.

    e.g.
    Squid is stable in version 4.8 and in pfSense in version 3.5.28 of July 2018

    ntoPNG is stable in version 3.8 from December 2018 and in pfsense in version 3.6

    There is just the "feeling" for users that pfSense is not of "high interest" of Netgate anymore because in former times there were more often regular updates, etc.

    Almost all of the packages available for pfSense were created by and are maintained by volunteer contributors. The pfSense team looks after very few of the available packages. For various reasons these volunteer maintainers come and go, so the support of their particular package may suffer when one of them "abandons" it.

    For example, I maintain the Snort and Suricata packages 100% as a volunteer contributor. There is no involvement of the pfSense developer team with either package other than the fact one of them "merges" updates I submit for those packages into the pfSense repository. So if a bus runs over me today, the Snort and Suricata packages would no longer be actively maintained.

    Of course other package maintainers are welcome to enter the field. In fact, I took over the Snort package several years ago after its initial creator abandoned the pfSense eco-system. I believe user @BBcan177 took over the older pfBlocker package a few years ago and morphed it into the much more capable pfBlockerNG and pfBlockerNG-devel packages. So if you are concerned about support for packages, then please consider stepping up and becoming a volunteer maintainer.



  • @bmeeks
    Thank you for this statement. I just wrote what my perception of an end user is and can only estimate that other users might think in a equivalent way in respect of regularly updates in the past.

    Unfortunately I am not a developer / programmer etc. with the necessary skills / ability to take care of a certain package.

    I appreciate that other people with the needed skills take care of certain packages like you do.
    Unfortunately there seems to be no capacity for Netgate to maintain the core (additional) packages.



  • And of coarse you can always help out by testing. :)

    https://redmine.pfsense.org/projects/pfsense/issues?query_id=105



  • @ramup Don't judge progress by package updates alone.

    pfSense Activity
    https://redmine.pfsense.org/projects/pfsense/activity

    pfSense 2.5.0 Open Issues
    https://redmine.pfsense.org/projects/pfsense/issues?query_id=104



  • @ramup said in pfSense 2.5 Release Date News:

    @bmeeks
    Thank you for this statement. I just wrote what my perception of an end user is and can only estimate that other users might think in a equivalent way in respect of regularly updates in the past.

    Unfortunately I am not a developer / programmer etc. with the necessary skills / ability to take care of a certain package.

    I appreciate that other people with the needed skills take care of certain packages like you do.
    Unfortunately there seems to be no capacity for Netgate to maintain the core (additional) packages.

    I didn't mean my post as an idictment or anything personal against anyone. I was just trying to convey that the packages on pfSense are, for the most part, done by others outside of the Netgate/pfSense core team. Those guys are busy enough working on the core firewall itself and the handful of supporting utilities and kernel patches required.

    If a pfSense user does have some PHP coding skills (primarily) and has familiarity with a particular FreeBSD port package, then please consider picking up support, or aiding in the support, of a package.



  • @bmeeks @BBcan177 All I know is these guys make pfSense ROCK...they're not only volunteer package maintainers but also volunteer teachers to whom I am grateful.



  • @ahking19 Have you seen anyone from Netgate say that they're still going to release pfsense 3.0 with VPP/DPDK and RESTCONF? Literally all evidence to date is that what was going to be PFSense 3.0 is TNSR instead, heck the preview of PFSense 3.0 looks identical to TNSR.

    It's disappointing that Netgate won't just give a clear answer, but that's their prerogative. I'd never begrudge them expecting to get paid for their efforts if that's the route they chose to go, just frustrating they won't come right out and say that instead of leaving the community to guess.

    https://fast.dpdk.org/events/slides/DPDK-2017-09-Ireland-pfSense.pdf
    https://www.reddit.com/r/PFSENSE/comments/6wosx8/a_very_short_preview_of_30_cli_and_restconf/
    https://docs.netgate.com/tnsr/en/latest/basics/working-cli.html



  • @tcsac Thanks for providing this information. I did not look into TNSR, but it does look like you seem right.

    It is a true shame if what you say is true, that functionality that is built into other enterprise devices, that pfSense is copying, is now bundled into a TNSR subscription. Sure the vector packet processing is great...but command and control bundled with it?

    I hope I am wrong, but if I am not I will be at a loss for words soon. I do not think it is there prerogative, and I think that people deserve an answer eventuall. If they really are thinking about taking this direction with their products, and software then they should just commit to it.

    It could be that is why they do not answer. Considering that the product that they release still has maintainers that do not get paid for the packages that they support. I was really looking forward to an API, and command line interfaces.

    I was really looking forward to watching a company sweep the run out from under Cisco etc...I suppose soon we will have to look elsewhere, or just continue to wait?

    I really still do wholeheartedly support pfSense, and Open Source software, and I do understand that companies need a strategy to profit from it, AND they may even need to hide that strategy, but the direction that we seem to be going here would need a change or we are all going to walk away disappointed.



  • @tcsac said in pfSense 2.5 Release Date News:

    It's disappointing that Netgate won't just give a clear answer, but that's their prerogative.

    Yes, surely it must be nefarious.... Seriously, you guys are being ridiculous. You expect them to update you on their future plans every day? Or just whenever you demand? Plans change. That's life. Netgate isn't Microsoft with tens of thousands of employees. There is only so much they can do, and sometimes plans turn out to be too ambitious or impractical based on new developments. It looks like their plans for pfSense 3.0 may have changed. Deal with it. I understand now why companies are loathe to talk about the future and roadmaps when people complain if those plans change for any reason.

    I suppose the lesson learned by Netgate is to not tell you anything in advance.



  • @KOM said in pfSense 2.5 Release Date News:

    Seriously, you guys are being ridiculous

    What you said would have been holistic and understanding without the above statement. We all are here because we like open source software, especially pfSense. @tcsac Not only expressed himself, but also provided links to documents thus making us more informed.



  • @NollipfSense They're being ridiculous because they're jumping to conclusions and assuming bad intentions.



  • @tcsac said in pfSense 2.5 Release Date News:

    https://docs.netgate.com/tnsr/en/latest/basics/working-cli.html

    anyone from Netgate say that they're still going to release pfsense 3.0 with VPP/DPDK and RESTCONF?<<

    "Still"? - not that I've read. I've never read that VPP was going to be part of pfSense 3.0.
    VPP is at the core of tnsr and it runs on linux, CentOS I believe.

    Porting pfSense from FreeBSD to Linux is not something I've heard or would expect in 3.0.



  • @KOM said in pfSense 2.5 Release Date News:

    @NollipfSense They're being ridiculous because they're jumping to conclusions and assuming bad intentions.

    @KOM Jumping to what conclusions? PFSense 3.0 was codenamed pennybacker, which is what became TNSR. I haven't asked for an update every day, in fact I've literally NEVER asked for an update. I simply spoke up because after watching people get flamed repeatedly here for just being curious about what's happening, I thought someone should give a reasoned response. I won't even begin to try to understand why people like you have such a visceral reaction in the middle of people having a rational discussion. You might want to take a deep breath before posting your next response because you seem to be overly emotional for no reason.

    https://www.reddit.com/r/PFSENSE/comments/75pt7g/pissed_with_my_edgerouter_thinking_of_switching/

    level 3
    gonzopancho
    Netgate

    4 points ·
    2 years ago

    It's been code named "Pennybacker" for 3 years now.

    Slides from two weeks ago: https://dpdksummit.com/Archive/pdf/2017Userspace/DPDK-Userspace2017-Day2-9-pfSense.pdf

    One of the slides in there explains why it's not "pfSense". It's a new thing, and deserves a new name. In this way, pfSense can continue being what it is.

    The name will be announced at launch.



  • @ahking19 said in pfSense 2.5 Release Date News:

    @tcsac said in pfSense 2.5 Release Date News:

    https://docs.netgate.com/tnsr/en/latest/basics/working-cli.html

    anyone from Netgate say that they're still going to release pfsense 3.0 with VPP/DPDK and RESTCONF?<<

    "Still"? - not that I've read. I've never read that VPP was going to be part of pfSense 3.0.
    VPP is at the core of tnsr and it runs on linux, CentOS I believe.

    Porting pfSense from FreeBSD to Linux is not something I've heard or would expect in 3.0.

    Yes, they literally said pennybacker which was presented at fd.io dpdk was PFsense 3.0. Justifications for starting over from scratch/moving away from FreeBSD are in the slide deck.

    https://www.reddit.com/r/PFSENSE/comments/75pt7g/pissed_with_my_edgerouter_thinking_of_switching/



  • @tcsac

    I won't even begin to try to understand why people like you have such a visceral reaction in the middle of people having a rational discussion.

    And I never understand the people who come to this forum and do nothing but bitch and moan about something they haven't contributed even the tiniest thing towards. Look at you, you've been here for 5 years with a whopping 31 posts. No doubt you only post when you need help or want something.

    And no, people don't get flamed for asking a question. They get negative responses because they invariably whine or jump to the conclusion that Netgate is being shady for some reason.

    You might want to take a deep breath before posting your next response...

    Blah blah blah

    Look, if WebGUI is not your flavour and you really want a CLI, spin up a FreeBSD instance and go nuts. All the CLI and text file configs you can handle.



  • @tcsac said in pfSense 2.5 Release Date News:

    Yes, they literally said pennbacker which was presented at fd.io dpdk was PFsense 3.0. Justifications for starting over from scratch/moving away from FreeBSD are in the slide deck.
    https://www.reddit.com/r/PFSENSE/comments/75pt7g/pissed_with_my_edgerouter_thinking_of_switching/

    Yeh. I almost did not post what I wrote, but once I started reading about pennbacker I needed to chime in.

    I don't know. I do not think any of us are trying to dump on the pfSense team here. I do not think any of us deserve to. I know I am trying to scratch that itch of excitement when I heard the phrase API.

    I think we are all just trying to make decisions to support our future strategies, and information about pfSense direction may be needed to move those strategies along.

    I apologize if I have offended anyone.



  • @KOM I think you are exaggerating what is going on here, and it should stop. You are turning this conversation into an argument, when we are all just trying to be good-natured. Please contain your passion, and maintain your respect in these forums.



  • @KOM said in pfSense 2.5 Release Date News:

    @tcsac

    I won't even begin to try to understand why people like you have such a visceral reaction in the middle of people having a rational discussion.

    And I never understand the people who come to this forum and do nothing but bitch and moan about something they haven't contributed even the tiniest thing towards. Look at you, you've been here for 5 years with a whopping 31 posts. No doubt you only post when you need help or want something.

    I actually have contributed, and most of my posts are me working through issues and following up with solutions and resolutions. If you had spent 30 seconds looking instead of making really poor assumptions you'd have figured that out.

    And no, people don't get flamed for asking a question. They get negative responses because they invariably whine or jump to the conclusion that Netgate is being shady for some reason.

    Asking about an update on something that was announced 3 years ago isn't whining.

    You might want to take a deep breath before posting your next response...

    Blah blah blah

    Look, if WebGUI is not your flavour and you really want a CLI, spin up a FreeBSD instance and go nuts. All the CLI and text file configs you can handle.

    I really don't understand what your issue is, but you should seriously take a step back and try to figure out why you're so toxic and hostile. You're jumping into a conversation and trying to start an argument for literally no reason. Everything you've thrown against the wall WRT: people whining or bitching or not contributing is literally fabricated bullshit. It has no place here or anywhere else, I'm not sure if you've got serious issues in real life or not, but chill the fuck out.



  • @tcsac I am hoping that it took a while to draft that response. I think we are all just passionate about this, and each want to express what we think. I can understand how you can feel attacked by @KOM , but I think you are both crossing some lines that should not be in this post.

    While I understand that you need to defend yourself, please take the rest of this conversation somewhere else.

    Thank you both for your contributions to this topic, and please continue to post relevant information.


Log in to reply