Announcing pfSense plus
-
I appreciate that a no cost home/lab version will be offered, but is there any chance we can get a direct version upgrade instead of how the free TNSR offering is setup?
After initial excitement of the TNSR free tier, I decided not to install largely because of the upgrade hassle. I am definitely not a fan of having to backup, reregister, re-provision and restore my appliance for every new patch/feature.
-
To the pfSense team:
Why would it be a problem for 'pfSense Plus' to be held open source like pfSense CE in regards to adding trust & confidence to the product as well as adding to security and privacy in regards to be able to look under the hood of e.g. the GUI, the backend and the various tools?
-
it would be so great to have the gold membership back, only for sponsoring the CE edition / Netgate. Call it "gold sponsoring", we buy it per year (as the gold membership was).
-
Back in the days when I was asked 'what is so great about pfSense?' my answers (sorted in order of importance):
- Open Source, you can trust the code 100%
- rock stable
- really nice feature set
- awesome community
Good old times...
-Rico
-
Too bad, for us the USP of pfSense was the open source model, knowing there are (at least potentially) multiple and external eyes on the code.
Been supporting the project with both hardware purchases and gold subscriptions during the years. With open source gone the differentiator between our deployed SG-3100:s and the USG from UniFi is lost and we can move to a fully-integrated UniFi experience that is another closed-source-trust-the-company-running-it-relationship.Wishing you best of luck. So long and thank you for all the years!
-
@rico said in Announcing pfSense plus:
2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100
Surely Netgate have to be nervous when someone who has over 20 devices and has been a big supporter of those is worried?
I’m only a new convert to pfSense, as of about July, but the fact it was open source was a big thing as I was fed up of hardware that had rubbish firewalls that promised lots and delivered nothing with unresponsive support that ignored requests to fix things. I did almost buy your hardware just after Christmas, but decided to wait. I’m glad I did. :(
-
Just to make things clear....
Currently testing freebsd based FW's for the foreign state department here and closed source is a no go.
They have issues with the US spying on live traffic thats encrypted. So it can be done...
And I will always, on a personal level, run MiTM and not make anybody beeing able ro run anything other than the DNS provided.
-
@dennis_s said in Announcing pfSense plus:
Read our latest blog which includes a FAQ to learn more about this exciting change.
I can't see anything exciting in this post... only stupid decisions.
Just my 0,02$
-
I am ok with it, if there is a full free version for home use, because I don't think that those people will pay for a firewall in the first place... unless it becomes a full-fledged WiFi-router. Pls don't.
-
@bob-dig said in Announcing pfSense plus:
I am ok with it, if there is a full free version for home use, because I don't think that those people will pay for a firewall in the first place... unless it becomes a full-fledged WiFi-router. Pls don't.
Free version doesn't equal OSS version and for many projects that reach out about ditching other vendors in favor of pfSense, that IS one of the - if not THE - main incentive. So while free version for home use is fine, that does nothing for planning bigger projects at the moment. And because of the "we don't know yet" throughout the FAQ/blog post in terms of 3rd party HW, licensing, costs and future of the CE version, that is an almost impossible sell at the moment for any new project that goes on right now or in the following weeks. Because no company wants a solution that will change course, get stale in the future or other fears that already have been laid out.
-
as far as I am concerned
It is as informed as possible about this
**
It is an impossible sell** -
I completely understand the free-to-use community being frustrated by the move to close-source a product and charge for full-featured software, but I can tell you from my years working with companies to build solutions, there are a lot of companies out there that aren't allowed to use open source anything.
I don't agree with that thinking, but it is what it is in the business world.
This may make a lot of people who aren't paying anyway stop using this platform, but this is going to open another set of doors for pfSense, ones that simply don't exist under an open source code model - and those doors are going to be willing to pay - potentially a lot of money for support and to use the software.
I'm not trying to start a huge argument here, that's just fact.
-
cant agree more !
heaven and hell are two windows in the same house, or something like that
brNP
-
I have chosen pfSense a few years ago to have firewalls on which I can do whatever I need. To support Netgate and the project, I have bought about 20 appliances, mostly sg-3100. On several occasions, pfSense has proven to be a perfect choice for my needs. I have been able with some lines of code to implement custom functions and to patch all the required appliances. Also, I have invested a lot of my free time to create and contribute to ansible modules to manage our pfSense fleet and was eagerly waiting for the GUI/control code separation.
Now, since sg-3100 runs on ARM, I won't be able to run pfSense CE on them. So, to keep an open-source platform, the only choice I have is to stay forever on the last pfSense FE release. The other choice would be to go close source with pfSense plus and hope for the best (no script obfuscation ever, no closed source patches on binaries I may need to patch and build). It looks like two dead-ends to me. And I feel fooled: it wouldn't have happened to me if I hadn't decided to support Netgate and become a customer.
Anyway, I saw the argument "pfSense plus is something more, not less" multiple times on Reddit. Given my situation, I disagree: dropping pfSense FE and the open-source model for customers is definitly something less.
-
-
New blog post concerning these changes:
https://www.netgate.com/blog/pfsense-plus-pfsense-ce-dev-insights-direction.html
One change I noticed is the availability of pfSense + for non-Netgate hardware is now late 2021. I'm not sure if that is an actual change in Netgate's internal planning or just the author being careful to not over promise.
-
@jwj Can't edit so...
This is from the FAQ (as of 1-27-21):
"Today, pfSense Plus 21.02 is only available on Netgate appliances, AWS, and Azure platforms.
We plan to make pfSense Plus available for use on 3rd party hardware and select virtual machines by June 2021, if not sooner.
There will be a no charge path for home and lab use and a chargeable version for commercial use."
and in today's blog:
"The good news is that we also plan to make pfSense Plus available to work on non-Netgate hardware in late 2021, not just our appliances, and we plan to make the licensing of pfSense Plus completely free for home, hobby, and lab use."
-
@jwj
there is "only" a new gui written on Go and clixon May or September it's not important for me. 2.6CE is still planned
In the past, a release was made “when it’s ready” <- (he is stealing Jimp's motto
)
There will be CE releases after 2.6, but unlike Plus, they’ll be done when they’re ready, not on a regular cadence.
Scott Long ( welcome
) was reassuring somehow -
@kiokoman said in Announcing pfSense plus:
There will be CE releases after 2.6, but unlike Plus, they’ll be done when they’re ready, not on a regular cadence.
Works for Debian perfect ;)
-
What's the benefit for the community of these changes exactly?
-
I installed pfSense for a friend at his home. However he also runs 2 businesses from his home. How would the new licensing apply to him?
Will he be able to upgrade to pfSense+ without paying (since it's his home)? Or would he have to buy a pfSense+ licence given that he runs 2 businesses from his home?
-
None of that info has been put out yet.
But lets use a little common sense here - will these 2 bushiness he runs out of his home need the + features of pfsense? Will he need say "Zero Touch Provisioning for easier drop ship of unprovisioned appliances" ?
Will maybe need business level dashboard for all of his installs?
Will he maybe need "GUI / device control separation, which facilitates multi-instance management"
He will get + if he has an appliance - but some of these other so called features may need to be "licensed"
No costing model has been even hinted at yet..
-
Question. Will it be up to you to decide what scenario he wants?
Its up to the user. Not to vendor to decide what the user needs or wants.
-
@jwj thanks for sharing the link to the updated post!
Unfortunately Scott does not tell why pfSense Plus cannot be open source too so the users are able to trust the code.
Also pfSense CE will slowly fall behind - well that is my interpretation of Scott's words:...Where does that leave the pfSense CE releases? This is a burning question for our users, and for good reason. The pfSense community has been good to us, and we wouldn’t exist without it. In return, we’ve done our best to be good stewards in the community, both in terms of providing resources and in terms of our open source code commitment. We’re already planning a pfSense CE 2.6 release in mid-2021. We’re still fully participating in the open source communities that make up the foundation of pfSense, and we’re still driving that code upstream and into the open. This isn’t going away, but it is going to evolve as our code in pfSense Plus evolves. ....
It can be interpreted in more ways - like they would like to evolve/extend driving code upstream, but it can also be interpreted as pfSense CE is not going to get updates forever.
So a clear statement about whether the changes related to the new middleware and new GUI eventually will go into pfSense CE (open source) would make people happy in respect to continuing using pfSense... -
@cool_corona said in Announcing pfSense plus:
Not to vendor to decide what the user needs or wants.
When has that ever been the case? If he has no need for any of the stuff that will be part of + he can just use CE.
Is he even using netgate appliances?
-
But it doesnt matter....
Its irrelevant.
He is using OSS as a choice. If he is limited by any means by turning OSS into closed source, then he will run away or use a another vendor with a better feature set.
As I stated. The foreign Department here has denied use of closed for a reason.
So has many users and contributors over the years.
I have been a part of the user base since Manuel Kasper and M0n0wall.
There is no doubt that people will turn to other vendors offering OSS aplliances.
-
Where have they stated that their appliances will not run CE if they want?
My point was towards, if he is not running an appliance now - then plus is quite a bit off.. + when it first comes out is only going to be for appliances.
Won't even have the choice to run + on his own hardware for some time.. So its a bit early in the game to get all worked up over anything.
-
@cool_corona said in Announcing pfSense plus:
He is using OSS as a choice. If he is limited by any means by turning OSS into closed source, then he will run away or use a another vendor with a better feature set.
What FOSS solution has a better feature set/stability than pfSense? I added stability because that matters to me...
Look, that way I read this is: The amount of work that needs to be done to advance pfSense, rewrite the GUI and remove bottlenecks, will require significant investment. Netgate needs to be able to pay for that. If the community wants to do that and keep all of it FOSS they should do that and create a fork immediately.
-
@jwj Isnt this what Gold subscriptions is for??
-
@cool_corona Was. I bought in, twice. I suppose not enough did to pay the bills.
In an ideal world none of this would be talked about. It's not an ideal world. Programmers, project managers and support people need to get paid. FOSS projects need commercial support and funding.
We'll see how things go. There is time. I don't see this like Ubiquiti, no one is violating licenses and sucking capital out of the business. It may yet end up being a win for all concerned. Fingers crossed. If not, we'll just have to adjust and move on.
-
@jwj Its the worlds must trusted OS firewall as Netgate states it....
There should be a userbase large enough to support Netgate and the staff.
Otherwise the value proposition is not good enough.
-
@cool_corona said in Announcing pfSense plus:
Otherwise the value proposition is not good enough.
We'll each have to do that calculation for ourselves. No one is forcing anyone to use pfSense CE or to use the plus version when it rolls out.
If I had a bank account that would allow me to write a check, make it good and free for everyone, I would. Those who do don't.
In case anyone thinks I'm a fan boy or apologist I'll share some of my activities from the last few days. Downloaded VyOS and setup a build environment. Had a good look around at what a used Cisco ISR costs, what licenses would I have to pony up for. Thought about how I would setup a standalone DHCP/DNS server that isn't Microsoft. I even had a browse around the forums over at Ubiquiti to see what is up with the 2.x version of the edge router SW. I'm not pretending that nothing has changed, I'm also not panicking.
-
@jwj Mikrotik, IPfire, OPNsense is alternatives that could be worth considering.
So again the value proposition of a pfsense plus pricing model would be challenged with far more paid options out there.
A free version with paid support as it is/was is a much more viable option since it narrows the options out there of OSS Fw's
-
If you want to use something else, do so. At this point I don't see any amount of complaining that is going to change anything with Netgate in the short term.
I may very well make a change. Not because pfSense is no longer viable but because I just want to. I just bought a multi-layer switch (Ruckus ICX7150-48p) and may rethink things around that.
If, in the end, Netgate made a mistake than they will suffer the consequences of that. Such is life...
-
@johnpoz said in Announcing pfSense plus:
Where have they stated that their appliances will not run CE if they want?
Emm right in their FAQ. The ARM devices won't run on CE as there's no CE version for ARM. So SG1100-3100 are locked in on the closed source branch. :)
@al said in Announcing pfSense plus:
So a clear statement about whether the changes related to the new middleware and new GUI eventually will go into pfSense CE (open source) would make people happy in respect to continuing using pfSense...
That's the point. I have customers that asked about a good CLI, an API etc. for years. And that won't tolerate closed source either. So reading about a Go based WebUI, Clixon CLI like TNSR and API is nice indeed but if those changes WON'T go into CE (as CE is no longer "upstream" for FE/Plus) than they'll seriously look for alternatives. Also those changes or updates were promised over and over from no less then Jim or other Netgate folks even in Reddit, Twitter etc. so currently talking about them only being in Plus and no mentioning of CE getting those features as well (what would be important for package developers, too, as they could access internal functions way better via API then now!) is still dragging things along. Without a direct answer to that question no one can plan projects in the long term anymore that will cost us customer base and potential migration candidates (from other systems).
So nice blog post but still too vague.
-
Hello!
Isnt pfsense, in large part, just some code that provides a nice gui for installing/configuring underlying software?
Is the base OS that pfsense configures going closed source?
When I run "pkg info" from the shell I see a crapload of packages. Aside from maybe the "pfsense-pkg-*" ones, are any of those going closed source?
With pfsense+, will I be able to go in and look at the config files that pfsense is creating for the OS and packages?
Is pf going away and being replaced with something closed?John
-
@jegr said in Announcing pfSense plus:
So SG1100-3100 are locked in on the closed source branch. :)
And have been all along? That's my understanding, the factory images have had closed source components.
It's just the differences are going to become much bigger.
For sure if you're a ARM based Netgate appliance user and a FOSS purest you're out of luck.
-
My question was more of a what if scenario. I will split it in 2 -- as I think about this more.
-
Assume that the user upgrades to pfSense+ using the free "no-charge" option -- is he breaking the licence agreement because of his businesses? Or would it be ok, as he is using it for his personal use (in a home scenario)
-
Assume that the user stays on the CE version as they do not need any of the ZeroTier, Business dashboard etc features that you mentioned -- Would this mean that this user would be stuck on the current version for life? -- given that only security patches are promised for CE and none of the new features. The user might not need any features today, but he may need it in the future or he may need 1 particular feature that has yet to be developed.
Thanks
-
-
@al said in Announcing pfSense plus:
It can be interpreted in more ways - like they would like to evolve/extend driving code upstream, but it can also be interpreted as pfSense CE is not going to get updates forever.
So a clear statement about whether the changes related to the new middleware and new GUI eventually will go into pfSense CE (open source) would make people happy in respect to continuing using pfSense...And that is where the crux of the issue is. My interpretation is that CE is not going to get anything except security patches -- unless someone from the community or another sponsor is willing to take up CE and carry it forward as pfSense itself (probably under Netgate as the steward due to copyrights on the "pfSense" name) or as a completely different fork under a new name/management.
-
@johnpoz said in Announcing pfSense plus:
Is he even using netgate appliances?
Damn. can't edit posts in this sub-forum -- but no the user is not using netgate appliances at the moment.
@johnpoz said in Announcing pfSense plus:
My point was towards, if he is not running an appliance now - then plus is quite a bit off.. + when it first comes out is only going to be for appliances.
Won't even have the choice to run + on his own hardware for some time.. So its a bit early in the game to get all worked up over anything.Correct. It's not going to be available for non-Netgate devices. But in my opinion it's not early to get worked up about. When people are using this software as the basis of their entire network -- and especially if they are also conducting business -- then livelihoods depend on it. They don't want to be left in a position where they have 15-30 days to change to a new platform -- whatever that may be. And before you say it, yes Netgate may provide ample time possibly -- but that is not a chance that all users might be willing to take
@jwj said in Announcing pfSense plus:
In case anyone thinks I'm a fan boy or apologist I'll share some of my activities from the last few days. Downloaded VyOS and setup a build environment. Had a good look around at what a used Cisco ISR costs, what licenses would I have to pony up for. Thought about how I would setup a standalone DHCP/DNS server that isn't Microsoft. I even had a browse around the forums over at Ubiquiti to see what is up with the 2.x version of the edge router SW. I'm not pretending that nothing has changed, I'm also not panicking.
Same here. I have started looking at alternatives but I am in no rush to move. This gives me time to evaluate other options like VyOS, IPFire & even OPNSense. I chose pfSense the last time I was in this position moving from DD-WRT because OPNSense wouldn't even recognize my PATA HDD -- but then again it was early 2016 and OPNSense was in it's infancy.
I am not making any money out of using any particular router/firewall software as I use it only for my home/hobby use and maybe a bit of the self satisfaction that as a slight bit more technical than my family and friends, I can claim that I built my own router and my network is safer than their $60 off-the-shelf wireless router. So any costs that would need to be paid for a licence will definitely have to be weighed against other available solutions (free or paid) and this will be different for each and every user.
