pfSense Plus and pfSense CE: Dev Insights and Direction
-
With the announcement of pfSense Plus recently, I wanted to share a blog from our new Director of Software Engineering that gives insights into the development here at Netgate. Including WireGuard, pfSense CE, and pfSense Plus.
-
thank you Dennis.
To support the CE Edition, is it possible to see a "Gold Sponsoring" again?
pfSense Gold subscription
-
@dennis_s I'm a long term user and advocate of pfSense, however the recent announcement of pfSense Plus has caused me to explore alternatives.
pfSense is Open Source ... pfSense Plus is NOT.
Although pfSense CE 2.5 will be released, following that pfSense CE will diverge and almost certainly lag behind of pfSense Plus ... and I'd expect Netgate to drop CE within a couple of years ... as many users will move away from CE.
Very dissapointed ... I'm not convinced Netgate fully realise what this will do :
It will drive vast numbers of CE users away ... OK it's not going to cost Netgate money in the short term, however happy vocal CE users are is good marketing for pfSense & Netgate which drives pfSense use.
Some FE users will move away from pfSense as it becomes Closed Source ... regardless of what's said, if you can see the source in aint Open !!
Its a shame.
-
@slu I don't believe so, but I will certainly pass along the feedback.
-
@stuboy pfSense Plus is a branch of pfSense software, just as Factory Edition has been historically. Effectively, pfSense Plus is built upon a set of open source projects, namely OpenVPN, strongSwan, Free Range Routing, and of course FreeBSD. Integrating those project code bases together and adding value through that integration, e.g., GUI, API, etc. - is Netgate value-add for its customers.
While you are correct the entire code is not open source, customers can certainly see the vast majority of the underlying code of pfSense Plus, if they are so inclined.
As said many times before, there are no plans to abandon pfSense CE. It’s also an open item about when (not if) CE gets pulled up to FreeBSD 13.
-
@dennis_s said in pfSense Plus and pfSense CE: Dev Insights and Direction:
As said many times before, there are no plans to abandon pfSense CE. It’s also an open item about when (not if) CE gets pulled up to FreeBSD 13.
What about "when not if" CE gets the API/Clixon CLI/Go-based-UI as the Plus version? That's one of the main items I get asked and that is lacking in case of project planning and for e.g. package maintainers (now and future ones). As people were "promised" (or better announced) that for 2.5 with the AES-NI req that was later pulled, finding that on the "Plus" list and seeing no certainty if that will be brought back to CE it is one major point of argue ATM. It's also not a small point for packaging if one has to cater for completely different backends later on. But sadly the blog avoids that part.
-
@jegr That I don't know about. Hope to know more and share when the roadmap becomes available. I've seen this asked and I have passed along the feedback to the appropriate people.
-
As I consider purchasing a pfSense appliance soon I would like to know, if I can be sure that packages like pfBlockerNG will be in each case part of pfSense Plus and will also be maintained (if necessary by Netgate developers) in the future.
-
@cantor Popular packages, like pfBlockerNG, will continue to be available for use with pfSense Plus for the foreseeable future and they will be maintained by the package contributors or Netgate. The addition of Clixon and an API will make it easier to develop and maintain 3rd party packages and other extensions.
-
@dennis_s said in pfSense Plus and pfSense CE: Dev Insights and Direction:
@cantor Popular packages, like pfBlockerNG, will continue to be available for use with pfSense Plus for the foreseeable future and they will be maintained by the package contributors or Netgate. The addition of Clixon and an API will make it easier to develop and maintain 3rd party packages and other extensions.
Yes, but that's exactly the point why many want to see the roadmap and want to know about the promises made in the past about modenizing pfSense with 2.5 and onwards towards API, CLI and new UI without PHP. Now that's currently a "Plus only" thing. But for today's and future package maintainers as much as for customers and community waiting for those features, it's essential to know. And up until now, every post or blog was dodging or avoiding "realtalk" of that.
-
@dennis_s I'm afraid, I have lost faith ... migrating sites to OpnSense is the most likely result of this announcement.
I had hoped Netgate would quickly realise from the widespread user response that this pfSense+ move was a VERY VERY bad idea.
We use, advocate, recommend and install pfSense H/W and pfSense CE because it is Open Source and Trusted. This move has blown it for me.
You've lost my trust and are going Closed Source ... it's the end I'm afraid.
I will see if the decision is changed in the next few weeks.
Away looking at and evaluating alternatives.
-
@dennis_s said in pfSense Plus and pfSense CE: Dev Insights and Direction:
While you are correct the entire code is not open source, customers can certainly see the vast majority of the underlying code of pfSense Plus, if they are so inclined.
I don't agree with this wording to be honest.
The main reason I love pfsense is because it's open source and transparent. I myself understand that the major software that pfsense uses is open source... But that doesn't mean I fully trust it. I still want myself/community to see all and every part/aspect of the code Netgate puts into their final products period! Regardless of what you guys tell us. It helps the whole community and keeps everyone honest and accountable.
Otherwise you guys can tell us it's secure safe not spying on us etc. But we will never truly know for sure since it's now closed source. I believe many in the community would agree with me on this point.
-
@stuboy I'm sorry to hear you've lost faith and at the same respect your position. As I've said before, CE will remain open source as it always has. It will also continue to receive updates and benefit from any of the work in pfSense plus that gets upstreamed to FreeBSD.
-
@dennis_s I too respect the decision you guys have made. I realize you see further then me on the outside etc. I'll continue to use pfsense ce I still really think it's an awesome product, although I'm very concerned that I'll be left out in the cold so to speak. With regards to ongoing support and security updates.
Will I be allowed to upgrade from pfsense ce to pfsense plus with the same settings and features I'm using now without paying a huge amount of money as I heard licensing is now involved. I currently use snort, QoS, VLANs and UPNP.
-
@tman904 I know it's just me on a forum saying it, but there are no plans to abandon CE.
As to your question, yes you can move to pfSense Plus at any time. As long as you are a home user or using it in a lab, there will be no fee for pfSense Plus. In regards to your settings, at least initially everything will be compatible just as it is now if you moved from CE to FE (Netgate appliance). I can't speak to down the road as the products do diverge, but we will always do our best to make it as easy and simple for users to make the transition if/when they want to.
-
@dennis_s Thanks for clearing the confusion up for me.
One more question what is the line between home/lab and business? If I want to add a static IP on my WAN and mess around with port forwards is that considered "Business use" Or does that part refer to if I'm using your product in or installing it for other companies/freelance consulting?
That may not make sense but I don't understand what business use means to be honest.
-
It's probably fair to say that even Netgate doesn't have perfectly clear vision of how things will look 6 months or a year down the road. There are new people involved (see the blog posts) and things are changing.
I think it's entirely unfair to declare the changes a disaster for the community and the related open source projects beforehand. Time will tell and what will be will be. Positive engagement from the community can only help. Negative engagement often ends up becoming a self fulfilling prophecy.
-
@dennis_s Where can you download pfSense Plus? Or is it not available for non-netgate hardware as I do have a watchguard XTM 5 series firewall with pfSense CE currently intsalled. Would love to upgrade to Plus at home. Just can not find where to download it.
-
@stacyann33 Per the blog, "we also plan to make pfSense Plus available to work on non-Netgate hardware in late 2021"
-
As I understand pfsense Plus will be available for custom hardware summer 2021. Do you have any pricing informations? I don't mind paying a one time fee if it's not too expensive (maybe 30-50€). Any kind of subscription with monthly pay is a NoGo for me and I'll leave Pfsense
