A pfSense roadmap



  • @jits:

    Wow!

    There is just something magical reading the project map for 3.0 while feasting on a Cadbury’s almonds and raisin chocolate bar.

    But…any consideration for the Wireless ISP guys? No MPLS implementation? No MIPS hardware as yet? Can these be options for consideration for small ISP types?

    Did I say there would not be MPLS, or GRE support?

    No, I did not.  It’s a path, jtls.

    In any case, 2.x is always an option on existing hardware.


  • Rebel Alliance Developer Netgate

    @Michael:

    Fortran IV - holes in punched cards can be seen. And the 6 position is marked usual.  😉
    Python? Programming with spaces? Loss/extra space and the program behaves unpredictably? Forget copy/paste, move pieces of code, and so on?
    Great…  😞

    If it forces us to maintain proper style and spacing, it’s not a bad thing.



  • @jimp:

    @Michael:

    Fortran IV - holes in punched cards can be seen. And the 6 position is marked usual.  😉
    Python? Programming with spaces? Loss/extra space and the program behaves unpredictably? Forget copy/paste, move pieces of code, and so on?
    Great…  😞

    If it forces us to maintain proper style and spacing, it’s not a bad thing.

    python is a lot like lisp without the parenthesis.  Once you figure that out, it gets easy.



  • @gonzopancho:

    The next PC Engines board has a Jaguar (so: AES-NI) 2 or 4 core CPU, 2 or 4GB RAM (ECC on the 4GB model) and (wait for it), Intel NICs (I imagine these will be i217/218 class.)

    Intel NIC’s? That is awesome, where did you see this?


  • Rebel Alliance Developer Netgate

    @Michael:

    […]and the program behaves unpredictably?[…]

    Forgot something:

    Unpredictable behavior will most likely be caught by the copious amount of unit tests we’ll surely be adding during the rewrite.



  • @router_wang:

    @gonzopancho:

    The next PC Engines board has a Jaguar (so: AES-NI) 2 or 4 core CPU, 2 or 4GB RAM (ECC on the 4GB model) and (wait for it), Intel NICs (I imagine these will be i217/218 class.)

    Intel NIC’s? That is awesome, where did you see this?

    Pascal told Chrs months ago.



  • Sounds like nice hardware.  These will work well when its 32C outside, hotter inside and no airconditioning?  (Its a serious question)



  • I don’t design the PC Engines boards.

    The RCC-VE & RCC-DF will.



  • Totally

    @gonzopancho:

    apinger needs a re-write.  It’s garbage code.



  • rewrite can’t happen soon enough dual wan failover is what brought me to Pfsense on my connections it no longer works



  • @gonzopancho:

    …The next PC Engines board has a Jaguar (so: AES-NI) 2 or 4 core CPU, 2 or 4GB RAM (ECC on the 4GB model) and (wait for it), Intel NICs (I imagine these will be i217/218 class.)

    Do we have anywhere we can get more info on this? Sounds like it’s worth waiting for before my next upgrade!

    Thanks,
    Supe



  • They expect the new board mid-2015 and it’s also expected to deliver full gigabit transport with pfSense… (called 'em and asked).



  • Blocks declared using whitespace!!! Gotta be the dumbest idea ever…


  • Rebel Alliance Developer Netgate

    @jcyr:

    Blocks declared using whitespace!!! Gotta be the dumbest idea ever…

    I’ll take that over an unreadable perl script with no whitespace any day of the week. 🙂

    See above, re: coding style.


  • Rebel Alliance Developer Netgate



  • @jimp:

    Also: http://www.secnetix.de/olli/Python/block_indentation.hawk

    Mice were crying, injected, but continued to eat a cactus. ;D

    50% of the source code holds significant whitespaces. Tabs canceled because for 20 years and have not decided what to do with them.



  • @jimp:

    @jcyr:

    Blocks declared using whitespace!!! Gotta be the dumbest idea ever…

    I’ll take that over an unreadable perl script with no whitespace any day of the week. 🙂

    See above, re: coding style.

    Well, yes, it is an advantage Perl. Read compressed JS is also impossible, but one press of the button in the editor and we can see the code in your favorite style to us. Just Perl and the vast majority of system programming languages so may, not only C-like, but Python - no. 😉


  • Rebel Alliance Developer Netgate

    Because you can’t mangle python into an unreadable mess in quite the same way, so it’s not necessary. 🙂



  • That’s what I watch a lot of programs available in Python byte-compiled code. Suddenly anyone in any wrong editor will open.  😄



  • Wot?

    I design the API in the lift line.



  • You’ve clearly put a great deal of thought into the roadmap, and I’m impressed.The recently announced Intel Xeon SOC will be very interesting with v3.

    One thought/suggestion regarding packages- have you thought about enforcing a rule that requires all third party packages to have a separate jail? Freenas does this now, and it improves the security and stability of the platform. It will make creating packages a bit more work, but with COW ZFS you won’t waste disk.

    (You are migrating to root on ZFS I hope).



  • @fatsailor:

    You’ve clearly put a great deal of thought into the roadmap, and I’m impressed.The recently announced Intel Xeon SOC will be very interesting with v3.

    One thought/suggestion regarding packages- have you thought about enforcing a rule that requires all third party packages to have a separate jail? Freenas does this now, and it improves the security and stability of the platform. It will make creating packages a bit more work, but with COW ZFS you won’t waste disk.

    (You are migrating to root on ZFS I hope).

    Yes, we knew about Broadwell-DE (the codename for Xeon D), and kept it in-mind while evaluating our options.  We have a future product based on BDE in development.

    root on ZFS: perhaps even for embedded.  The issue here is that ZFS eats ram for breakfast, and lower-end systems don’t necessarily have same to spare.

    We’re quite aware of what the guys at iXsystems are doing with FreeNAS and PC-BSD.  First step here is to get to ‘pkg(ng)’ on pfSense.



  • @gonzopancho:

    Yes, we knew about Broadwell-DE (the codename for Xeon D), and kept it in-mind while evaluating our options.  We have a future product based on BDE in development.

    root on ZFS: perhaps even for embedded.  The issue here is that ZFS eats ram for breakfast, and lower-end systems don’t necessarily have same to spare.

    We’re quite aware of what the guys at iXsystems are doing with FreeNAS and PC-BSD.  First step here is to get to ‘pkg(ng)’ on pfSense.

    ZFS only really eats RAM when deduplication is used. The COW capability of ZFS combined with Jails is light years ahead of Docker et. al.

    I agree that getting pkg working is the first step, and I love that you’re getting rid of PHP!



  • I am against the idea of dropping PPTP.

    While I agree deprecating it and not supporting it (hell, hide it if necessary), there are a lot of industrial machines that only support PPTP. For example, PLCs come to mind.

    I understand the reason and I agree that noone should use PPTP but thats not a reason to remove it. With it disabled and/or not recommended, it does not hurt pfSense. Whoever chooses to enable it, is under his/her own consequences.


  • Banned

    @riahc3:

    With it disabled and/or not recommended, it does not hurt pfSense.

    I guess you figure the code is self-maintaining. And also will rewrite itself to Python by some magic.



  • “While I agree deprecating it and not supporting it (hell, hide it if necessary), there are a lot of industrial machines that only support PPTP. For example, PLCs come to mind.”

    I assume these PLCs are sitting behind a router?  Why not let pfsense tunnel all the stuff you used to use PPTP for over a different type of vpn?

    I can’t imagine a situation (other than being unable to purchase or build a pfsense) where you can’t replace PPTP.



  • @doktornotor:

    @riahc3:

    With it disabled and/or not recommended, it does not hurt pfSense.

    I guess you figure the code is self-maintaining. And also will rewrite itself to Python by some magic.

    Rewrite the code once to Python and thats it. End of support.

    On top of that, don’t write whatever the fuck you want; 2.3 is set to drop PPTP. 3.0 is far away from us. The rewrite isnt even taking in though PPTP.

    2.3 should be released with PPTP “as-is” and disabling/hiding it unless the user himself decides to enable it. If it drops in 3.0 (whenever that is in the far future), so be it (depending on what timeframe, I would probably be for dropping it).



  • @kejianshi:

    I assume these PLCs are sitting behind a router?  Why not let pfsense tunnel all the stuff you used to use PPTP for over a different type of vpn?

    Because old stuff is usually only compatible with PPTP.

    I just gave my point of view; I understand that security wise (and technology wise) the choice to drop PPTP, I just dont agree removing it; I think it should be unsupported.


  • Banned

    @riahc3:

    @doktornotor:

    @riahc3:

    With it disabled and/or not recommended, it does not hurt pfSense.

    I guess you figure the code is self-maintaining. And also will rewrite itself to Python by some magic.

    Rewrite the code once to Python and thats it. End of support.

    I assume you volunteer to do the job…  ::)



  • @doktornotor:

    @riahc3:

    @doktornotor:

    @riahc3:

    With it disabled and/or not recommended, it does not hurt pfSense.

    I guess you figure the code is self-maintaining. And also will rewrite itself to Python by some magic.

    Rewrite the code once to Python and thats it. End of support.

    I assume you volunteer to do the job…  ::)

    You are avoiding the subject.

    2.3 is to released soon.
    3.0 is to be released in a distant future.

    Leave it as-is right now unsupported in 2.3 (PHP), 2.3.1 (PHP), 2.3.2 (PHP), 2.4 (PHP), etc.

    THEN when the rewrite in Python comes (3.0) if noone wants to rewrite it in Phyton, then don’t. Release the 3.0 release without PPTP.

    Do I need to spoonfeed you any further?



  • Also, from what I understood, the team wants to move away from having a pfSense distribution to being a package called pfSense that runs on FreeBSD.

    If this is so, technically you would install FreeBSD then install a package called “pfSense” and if you still want to, you can install a package that acts like a PPTP server on FreeBSD. Thats what I understood from the blog post although I might be mistaken.

    I think that would be great personally 🙂


  • Banned

    @riahc3:

    Do I need to spoonfeed you any further?

    No, thanks. Enough time wasted debating obvious junk that should already have been removed, since it’s been utterly broken for years.



  • @doktornotor:

    @riahc3:

    Do I need to spoonfeed you any further?

    No, thanks. Enough time wasted debating obvious junk that should already have been removed, since it’s been utterly broken for years.

    I just want to go on record saying I personally use SSTP and/or OpenVPN. I do understand certain scenarios (like I listed) where PPTP might come in handy (even as a quick test).



  • @riahc3:

    Also, from what I understood, the team wants to move away from having a pfSense distribution to being a package called pfSense that runs on FreeBSD.

    If this is so, technically you would install FreeBSD then install a package called “pfSense” and if you still want to, you can install a package that acts like a PPTP server on FreeBSD. Thats what I understood from the blog post although I might be mistaken.

    I think that would be great personally 🙂

    both will exist, but having pfSense as a package (including ‘base’) will allow us to update individual components.  I suppose if someone wanted to create a “PPTP package” and add it in, that would still work.



  • Are there some public discussions about which web framework to use for pFsense 3, how the api would look like etc… or did nothing happen in that regard yet. Also is there a way to sign up somewhere if one would be interested in helping out on the effort?



  • @apollo13:

    Are there some public discussions about which web framework to use for pFsense 3, how the api would look like etc… or did nothing happen in that regard yet. Also is there a way to sign up somewhere if one would be interested in helping out on the effort?

    Not yet, right now from a web perspective we’re still focused on the Bootstrap work for 2.3. We’ll start a thread on the development board here when all that gets underway, as well as the dev mailing list. Definitely would appreciate help on that effort when we get to that point!

    In the mean time, we welcome contributions to the bootstrap effort.



  • Any ~ ETA on 2.4 as Im pretty keen to get a non corrupting Filesystem


  • Rebel Alliance Developer Netgate

    @YipYip:

    Any ~ ETA on 2.4 as Im pretty keen to get a non corrupting Filesystem

    It’ll be beta quite soon. Not too much longer now. It’s shaping up fast.



  • @jimp:

    @YipYip:

    Any ~ ETA on 2.4 as Im pretty keen to get a non corrupting Filesystem

    It’ll be beta quite soon. Not too much longer now. It’s shaping up fast.

    Currently the description of the 2.4 development snapshot says:

    HIGHLY-EXPERIMENTAL pfSense 2.4.0 ALPHA developers tree

    Are you implying that at some point in the (near?) future the description will say BETA instead of ALPHA? If so, what are the criteria for ALPHA vs. BETA? I’m looking forward to 2.4 being released so I can move away from a tunnel to native ipv6.


  • Rebel Alliance Developer Netgate

    Yes, beta soon and that page will be updated.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy