Thanks for the update. Hopefully they provide a manageable pricing structure for home labs which I am almost certain that they will.
Well finished my conversion to OPNsenseā¦
Iāve been meaning to update the BIOS on my NUC anyways, as it had some security fixes (an advantage to buying a āname-brandā mini PC over some of the generic ones, as my NUC has received several BIOS updates now). I admitted defeat and picked up a portable monitor as that was easier than always taking a full size monitor over to the rack in my utility room.
Hit one snag, I realized pretty quickly once the OPNsense was installed, I realized I couldnāt talk to it from my office right away, as my switches are configured already for VLANs, and the old firewall, etc. So I brought out the MrsOhioYJās laptop to configure the firewall some to get everything to talk again:
Itās all setup, and as I had initially seen when I first started looking, OPNsenseās GUI is better and more intuitive than pfsense. Perhaps it was because I already had the advantage of experience with pfsense now, but I setup OPNsense with very little need to look things up. Iāll also add, I was worried about getting ad-blocking (thereās just not as much information out there about OPNsense) and such with OPNsense, but honestly itās built in and easier to setup than pfsense. My APC UPS is up and functioning the same as well, the plugin was a couple clicks, same as pfsense.
Overall Iāll say the transition was pretty painless. Not like people have anything to lose at this point, as they need to do a reinstall anyways at some point.
1 Like
I think they will fix this issue and I am not likely to switch right now for a few reasons:
- We have many pfsense systems in production at clients running on Netgate hardware
- We keep spare Netgate appliances so we can rapidly recover clients
- pfsense has integration with out business tooling such as Auvik & Blumira
- There is no easy way to move all the complicated configs over with out a lot of labor
- My team is very very familiar with pfsense and retraining people has a high cost
- Buying a licence for the business / stable version of OPNSense does not really make sense when we already have that with Netgate.
- I still donāt have the same faith in OPNSense security vs pfsense
The security one is a really big issue and because pfsense has such as large enterprise and government install base it getās poked at a LOT. Netgate has had a solid track record with security fixes especially because they staff so many FreeBSD developers. For references you can see the CVE for each of them here:
2 Likes
I just watched Toms video. I agree that this isnāt time to panic. This all may all just be really poor marketing. If they want to charge for pfsense, fine. But how is it licensed?
We need to accept that there will be business changes at Netgate. They want to be a more enterprise focused company. I commend that. As long as they didnāt wholly bastardize the essence of pfSense. From what Iāve read in the code diffs between an older version of āPlusā and a newer version of āCEā everything still seems Apache licensed. I think thats fine, they can upsell me on a pre-packaged version of those things. I donāt think thatās what changed here, but I could be wrong.
I think we need a deeper understanding of the code differences here. This is more difficult than it has to be because the source code isnāt all on Github, but that doesnāt mean its necessarily proprietary under a restrictive license. If its all just precompiled and licensed fairly but not as readily accessible to the normies, I have less of an objection than most here. I think thats a fair way to make money.
I am not a lawyer here, but hereās my understanding. Having licensed software in an open source world is simply licensing the sum of all of the codeās constituent parts when in intended use. Since the licensing mechanism itself is likely still the only proprietary code, itās fair game for anyone in the community to back port things from Plus into CE if they can make it work without the Netgate Licensing Mechanism. Iām not suggesting anyone āshouldā leech in this way (and make money off of it), but we āshouldā be allowed to anyway. I want to validate that this is the situation we are currently in.
The stuff that makes pfsense āpfsenseā is going to live between /etc/rc*' and /etc/pf*and also anything in/usr/local/pfSense/` I posted the conents of some of these folders here, and even the Netgate ZFS stuff is just Apache license. Again, I think thats reasonable. Can someone on pfSense Plus running a current release do:
ces/ZFS: ls -la /usr/local/pfSense/include/Netgate/Services/
total 10
drwxr-xr-x 3 root wheel 3 Jun 22 2022 .
drwxr-xr-x 3 root wheel 3 Jun 22 2022 ..
drwxr-xr-x 2 root wheel 8 Dec 15 2022 ZFS
[22.05-RELEASE][root@guillermo.]/usr/local/pfSense/include/www: ls -la
total 159
drwxr-xr-x 2 root wheel 22 Dec 15 2022 .
drwxr-xr-x 6 root wheel 6 Jun 22 2022 ..
-rw-r--r-- 1 root wheel 32490 Jun 22 2022 alias-utils.inc
-rw-r--r-- 1 root wheel 15211 Jun 22 2022 backup.inc
-rw-r--r-- 1 root wheel 7199 Jun 22 2022 bandwidth_by_ip.inc
-rw-r--r-- 1 root wheel 3801 Jun 22 2022 diag_arp.inc
-rw-r--r-- 1 root wheel 3216 Jun 22 2022 diag_dump_states.inc
-rw-r--r-- 1 root wheel 31176 Jun 22 2022 firewall_nat.inc
-rw-r--r-- 1 root wheel 16342 Jun 22 2022 firewall_nat_1to1.inc
-rw-r--r-- 1 root wheel 7672 Jun 22 2022 firewall_nat_npt.inc
-rw-r--r-- 1 root wheel 20817 Jun 22 2022 firewall_nat_out.inc
-rw-r--r-- 1 root wheel 2066 Jun 22 2022 firewall_schedule.inc
-rw-r--r-- 1 root wheel 17427 Jun 22 2022 firewall_virtual_ip.inc
-rw-r--r-- 1 root wheel 15468 Jun 22 2022 services_dnsmasq.inc
-rw-r--r-- 1 root wheel 14758 Jun 22 2022 system_advanced_admin.inc
-rw-r--r-- 1 root wheel 18013 Jun 22 2022 system_advanced_firewall.inc
-rw-r--r-- 1 root wheel 17184 Jun 22 2022 system_advanced_misc.inc
-rw-r--r-- 1 root wheel 8290 Jun 22 2022 system_advanced_network.inc
-rw-r--r-- 1 root wheel 14664 Jun 22 2022 system_advanced_notifications.inc
-rw-r--r-- 1 root wheel 2870 Jun 22 2022 system_advanced_sysctl.inc
-rw-r--r-- 1 root wheel 12513 Jun 22 2022 system_be.inc
-rw-r--r-- 1 root wheel 1422 Jun 22 2022 system_register.inc
[22.05-RELEASE][root@guillermo]/usr/local/pfSense/include/www:
[22.05-RELEASE][root@guillermo]/etc: ls -la
total 1567
drwxr-xr-x 29 root wheel 198 Oct 2 01:29 .
drwxr-xr-x 22 root wheel 28 Dec 15 2022 ..
drwxr-xr-x 2 root wheel 2 Jun 22 2022 X11
-rw-r--r-- 1 root wheel 297 Jun 22 2022 auto_master
drwxr-xr-x 2 root wheel 9 Dec 15 2022 autofs
drwxr-xr-x 2 root wheel 2 Jun 22 2022 bluetooth
-rw-r--r-- 1 root wheel 10658 Oct 1 16:12 bogons
-rw-r--r-- 1 root wheel 2318328 Oct 1 16:12 bogonsv6
drwxr-xr-x 2 root wheel 3 Dec 15 2022 cron.d
-rw-r--r-- 1 root wheel 1910 Oct 2 01:29 crontab
-rw-r--r-- 1 root wheel 52 Jun 22 2022 csh.cshrc
-rw-r--r-- 1 root wheel 300 Jun 22 2022 csh.login
-rw-r--r-- 1 root wheel 53 Jun 22 2022 csh.logout
-rw-r--r-- 1 root wheel 506 Jun 22 2022 ddb.conf
-rw-r--r-- 1 root wheel 1 Dec 15 2022 default-config-flavor
drwxr-xr-x 2 root wheel 5 Dec 15 2022 defaults
drwxr-xr-x 2 root wheel 8 Dec 15 2022 devd
-rw-r--r-- 1 root wheel 8729 Jun 22 2022 devd.conf
-rw-r--r-- 1 root wheel 1930 Jun 22 2022 devfs.conf
-rw-r--r-- 1 root wheel 245 Jan 31 2022 dh-parameters.1024
-rw-r--r-- 1 root wheel 424 Jan 31 2022 dh-parameters.2048
-rw-r--r-- 1 root wheel 595 Jun 22 2022 dh-parameters.3072
-rw-r--r-- 1 root wheel 769 Jan 31 2022 dh-parameters.4096
-rw-r--r-- 1 root wheel 1115 Jun 22 2022 dh-parameters.6144
-rw-r--r-- 1 root wheel 1464 Jun 22 2022 dh-parameters.8192
-rw-r--r-- 1 root wheel 5841 Jun 22 2022 disktab
drwxr-xr-x 2 root wheel 2 Jun 22 2022 dma
-rw-rw-r-- 1 root operator 0 Jun 22 2022 dumpdates
-rwxr-xr-x 1 root wheel 5088 Feb 7 2022 ecl.php
-rw-r--r-- 1 root wheel 79 May 3 2017 fstab
-rw-r--r-- 1 root wheel 224 Jun 22 2022 ftpusers
-rw-r--r-- 1 root wheel 6203 Jun 22 2022 gettytab
-rw-r--r-- 1 root wheel 616 Oct 2 01:29 group
drwxr-xr-x 2 root wheel 4 Dec 15 2022 gss
-rw-r--r-- 1 root wheel 205 Jun 22 2022 host.conf
-rw-r--r-- 1 root wheel 114 Oct 2 01:29 hosts
-rw-r--r-- 1 root wheel 3397 Jun 22 2022 hosts.allow
-rw-r--r-- 1 root wheel 53 Jun 22 2022 hosts.equiv
drwxr-xr-x 3 root wheel 65 Dec 15 2022 inc
-rw-r--r-- 1 root wheel 170 Jun 22 2022 libalias.conf
-rw-r--r-- 1 root wheel 47 Jun 22 2022 libmap.conf
-r--r--r-- 1 root wheel 3519 Oct 2 01:29 localtime
-rw-r--r-- 1 root wheel 1785 Jun 22 2022 login.access
-rw-r--r-- 1 root wheel 7064 Jun 22 2022 login.conf
-rw-r--r-- 1 root wheel 16384 Oct 2 01:29 login.conf.db
-rw-r--r-- 1 root wheel 507 Jun 22 2022 mac.conf
drwxr-xr-x 2 root wheel 2 Jun 22 2022 mail
-rw------- 1 root wheel 2719 Oct 2 01:29 master.passwd
-rw-r--r-- 1 root wheel 890 Jun 22 2022 motd
drwxr-xr-x 2 root wheel 10 Dec 15 2022 mtree
-rw-r--r-- 1 root wheel 729 Jun 22 2022 netconfig
-rwxr-xr-x 1 root wheel 2146 Jun 22 2022 netstart
-rw-r--r-- 1 root wheel 37368 Jun 22 2022 network.subr
-rw-r--r-- 1 root wheel 310 Jun 22 2022 networks
-rw-r--r-- 1 root wheel 225 Oct 2 01:29 newsyslog.conf
drwxr-xr-x 2 root wheel 6 Dec 15 2022 newsyslog.conf.d
-rw------- 1 root wheel 1635 Jun 22 2022 nsmb.conf
-rw-r--r-- 1 root wheel 188 Oct 2 01:29 nsswitch.conf
drwx------ 2 root wheel 2 Jun 22 2022 ntp
-rw------- 1 root wheel 377 Jun 22 2022 opieaccess
lrwxr-xr-x 1 root wheel 21 Jun 22 2022 os-release -> ../var/run/os-release
drwxr-xr-x 2 root wheel 17 Dec 15 2022 pam.d
-rw-r--r-- 1 root wheel 2344 Oct 2 01:29 passwd
-rwxr-xr-x 1 root wheel 2747 Jun 22 2022 pccard_ether
drwxr-xr-x 6 root wheel 6 Jun 22 2022 periodic
-rw-r--r-- 1 root wheel 29285 Jun 22 2022 pf.os
-rw-r--r-- 1 root wheel 525 Jun 22 2022 pfSense-ddb.conf
-rw-r--r-- 1 root wheel 3922 Jun 22 2022 pfSense-devd.conf
-rwxr-xr-x 1 root wheel 16667 Jun 22 2022 pfSense-rc
-rwxr-xr-x 1 root wheel 15383 Jan 31 2022 pfSense-rc.pkgsave
-rwxr-xr-x 1 root wheel 1655 Jun 22 2022 pfSense-rc.shutdown
-rwxr-xr-x 1 root wheel 1641 Jan 31 2022 pfSense-rc.shutdown.pkgsave
-rw-r--r-- 1 root wheel 40488 Jun 22 2022 pfSense.obsoletedfiles
-rw-r--r-- 1 root wheel 183 Jun 22 2022 phones
drwxr-xr-x 2 root wheel 29 Dec 15 2022 phpshellsessions
drwxr-xr-x 2 root wheel 3 Dec 15 2022 pkg
-rw-r--r-- 1 root wheel 8 Dec 15 2022 platform
drwxr-xr-x 2 root wheel 3 Dec 15 2022 ppp
-rw-r--r-- 1 root wheel 52 Jan 31 2022 printcap
-rw-r--r-- 1 root wheel 20 Oct 28 11:14 product_label
-rw-r--r-- 1 root wheel 7 Oct 28 11:14 product_name
-rw-r--r-- 1 root wheel 427 Jun 22 2022 profile
-rw-r--r-- 1 root wheel 6394 Jun 22 2022 protocols
-rw-r--r-- 1 root wheel 40960 Oct 2 01:29 pwd.db
-rw-r--r-- 1 root wheel 5105 Jun 22 2022 rc
-rwxr-xr-x 1 root wheel 8158 Jun 22 2022 rc.aarch64.install_to_device
-rwxr-xr-x 1 root wheel 763 Jun 22 2022 rc.backup_aliastables.sh
-rwxr-xr-x 1 root wheel 867 Jun 22 2022 rc.backup_captiveportal.sh
-rwxr-xr-x 1 root wheel 520 Jun 22 2022 rc.backup_dhcpleases.sh
-rwxr-xr-x 1 root wheel 1269 Jun 22 2022 rc.backup_logs.sh
-rwxr-xr-x 1 root wheel 479 Jun 22 2022 rc.backup_rrd.sh
-rwxr-xr-x 1 root wheel 4267 Jun 22 2022 rc.banner
-rw-r--r-- 1 root wheel 1457 Jun 22 2022 rc.be_functions.sh
-rwxr-xr-x 1 root wheel 14698 Jun 22 2022 rc.bootup
-rw-r--r-- 1 root wheel 4543 Jun 22 2022 rc.bsdextended
-rwxr-xr-x 1 root wheel 1036 Jun 22 2022 rc.captiveportal_configure
-rwxr-xr-x 1 root wheel 1333 Jun 22 2022 rc.captiveportal_configure_mac
-rwxr-xr-x 1 root wheel 5588 Jun 22 2022 rc.carpbackup
-rwxr-xr-x 1 root wheel 8748 Jun 22 2022 rc.carpmaster
-rwxr-xr-x 1 root wheel 1529 Jun 22 2022 rc.checkclock
-rw-r--r-- 1 root wheel 58 Jan 31 2022 rc.conf
drwxr-xr-x 2 root wheel 2 Jun 22 2022 rc.conf.d
-rw-r--r-- 1 root wheel 17 May 3 2017 rc.conf.zfs
drwxr-xr-x 2 root wheel 141 Dec 15 2022 rc.d
-rwxr-xr-x 1 root wheel 1243 Jun 22 2022 rc.disable_hdd_apm
-rwxr-xr-x 1 root wheel 1632 Jun 22 2022 rc.dumpon
-rwxr-xr-x 1 root wheel 1767 Jun 22 2022 rc.dyndns.update
-rwxr-xr-x 1 root wheel 6836 Jun 22 2022 rc.ecl
-rwxr-xr-x 1 root wheel 1313 Jun 22 2022 rc.embedded
-rwxr-xr-x 1 root wheel 1675 Jun 22 2022 rc.expireaccounts
-rwxr-xr-x 1 root wheel 1085 Jun 22 2022 rc.filter_configure
-rwxr-xr-x 1 root wheel 1049 Jun 22 2022 rc.filter_configure_sync
-rwxr-xr-x 1 root wheel 11048 Jun 22 2022 rc.filter_synchronize
-rw-r--r-- 1 root wheel 18738 Jun 22 2022 rc.firewall
-rwxr-xr-x 1 root wheel 1585 Jun 22 2022 rc.gateway_alarm
-rwxr-xr-x 1 root wheel 241 Jun 22 2022 rc.halt
-rwxr-xr-x 1 root wheel 246 Dec 15 2022 rc.haproxy_ocsp.sh
-rw-r--r-- 1 root wheel 13585 Jun 22 2022 rc.initdiskless
-rwxr-xr-x 1 root wheel 6844 Jun 22 2022 rc.initial
-rwxr-xr-x 1 root wheel 1705 Jun 22 2022 rc.initial.defaults
-rwxr-xr-x 1 root wheel 1780 Jun 22 2022 rc.initial.halt
-rwxr-xr-x 1 root wheel 3090 Jun 22 2022 rc.initial.password
-rwxr-xr-x 1 root wheel 1517 Jun 22 2022 rc.initial.ping
-rwxr-xr-x 1 root wheel 3646 Jan 31 2022 rc.initial.pkgsave
-rwxr-xr-x 1 root wheel 2994 Jun 22 2022 rc.initial.reboot
-rwxr-xr-x 1 root wheel 17895 Jun 22 2022 rc.initial.setlanip
-rwxr-xr-x 1 root wheel 1437 Jun 22 2022 rc.initial.setports
-rwxr-xr-x 1 root wheel 2498 Jun 22 2022 rc.initial.toggle_sshd
-rwxr-xr-x 1 root wheel 1005 Jun 22 2022 rc.interfaces_carp_configure
-rwxr-xr-x 1 root wheel 1003 Jun 22 2022 rc.interfaces_lan_configure
-rwxr-xr-x 1 root wheel 1059 Jun 22 2022 rc.interfaces_opt_configure
-rwxr-xr-x 1 root wheel 1248 Jun 22 2022 rc.interfaces_wan_configure
-rwxr-xr-x 1 root wheel 2971 Jun 22 2022 rc.ipsec
-rwxr-xr-x 1 root wheel 2982 Jun 22 2022 rc.kill_states
-rwxr-xr-x 1 root wheel 6430 Jun 22 2022 rc.linkup
-rwxr-xr-x 1 root wheel 2061 Jun 22 2022 rc.newipsecdns
-rwxr-xr-x 1 root wheel 1721 Jun 22 2022 rc.newroutedns
-rwxr-xr-x 1 root wheel 9457 Jun 22 2022 rc.newwanip
-rwxr-xr-x 1 root wheel 6703 Jun 22 2022 rc.newwanipv6
-rwxr-xr-x 1 root wheel 1220 Jun 22 2022 rc.notify_message
-rwxr-xr-x 1 root wheel 1048 Jun 22 2022 rc.ntpdate
-rwxr-xr-x 1 root wheel 4741 Jun 22 2022 rc.openvpn
-rwxr-xr-x 1 root wheel 1756 Jun 22 2022 rc.package_reinstall_all
-rwxr-xr-x 1 root wheel 1995 Jun 22 2022 rc.packages
-rwxr-xr-x 1 root wheel 1015 Jun 22 2022 rc.periodic
-rwxr-xr-x 1 root wheel 1793 Jun 22 2022 rc.php-fpm_restart
-rwxr-xr-x 1 root wheel 10028 Jun 22 2022 rc.php_ini_setup
-rw-r--r-- 1 root wheel 5105 Jan 31 2022 rc.pkgsave
-rwxr-xr-x 1 root wheel 1849 Jun 22 2022 rc.prunecaptiveportal
-rwxr-xr-x 1 root wheel 7011 Jun 22 2022 rc.ramdisk_functions.sh
-rwxr-xr-x 1 root wheel 6067 Jan 31 2022 rc.ramdisk_functions.sh.pkgsave
-rwxr-xr-x 1 root wheel 1187 Jun 22 2022 rc.reboot
-rwxr-xr-x 1 root wheel 1230 Jun 22 2022 rc.reload_all
-rwxr-xr-x 1 root wheel 1166 Jun 22 2022 rc.reload_interfaces
-rwxr-xr-x 1 root wheel 978 Jun 22 2022 rc.resolv_conf_generate
-rwxr-xr-x 1 root wheel 1284 Jun 22 2022 rc.restart_webgui
-rwxr-xr-x 1 root wheel 3977 Jun 22 2022 rc.restore_config_backup
-rwxr-xr-x 1 root wheel 2470 Jun 22 2022 rc.restore_ramdisk_store
-rwxr-xr-x 1 root wheel 2453 Jun 22 2022 rc.resume
-rwxr-xr-x 1 root wheel 1210 Jun 22 2022 rc.savecore
-rwxr-xr-x 1 root wheel 1254 Jun 22 2022 rc.savevoucher
-rw-r--r-- 1 root wheel 3551 Jun 22 2022 rc.shutdown
-rwxr-xr-x 1 root wheel 2600 Jun 22 2022 rc.start_packages
-rwxr-xr-x 1 root wheel 895 Jun 22 2022 rc.stop_packages
-rw-r--r-- 1 root wheel 50807 Jun 22 2022 rc.subr
-rwxr-xr-x 1 root wheel 2267 Jun 22 2022 rc.suspend
-rwxr-xr-x 1 root wheel 3618 Jun 22 2022 rc.ufw.install_to_emmc
-rwxr-xr-x 1 root wheel 1165 Jun 22 2022 rc.update_alias_url_data
-rwxr-xr-x 1 root wheel 5793 Jun 22 2022 rc.update_bogons.sh
-rwxr-xr-x 1 root wheel 1699 Jun 22 2022 rc.update_pkg_metadata
-rwxr-xr-x 1 root wheel 2752 Jun 22 2022 rc.update_urltables
-rw-r--r-- 1 root wheel 55852 Jun 22 2022 regdomain.xml
-rw-r--r-- 1 root wheel 2639 Jun 22 2022 remote
-rw-r--r-- 1 root wheel 160 Oct 2 01:29 resolv.conf
-rw-r--r-- 1 root wheel 54 Oct 2 01:29 resolv.pre-tailscale-backup.conf
-rw-r--r-- 1 root wheel 24 Oct 2 01:29 resolvconf.conf
lrwxr-xr-x 1 root wheel 15 Jun 22 2022 rmt -> ../usr/sbin/rmt
-rw-r--r-- 1 root wheel 1620 Jun 22 2022 rpc
drwxr-xr-x 2 root wheel 2 Jun 22 2022 security
-rw-r--r-- 1 root wheel 71609 Jun 22 2022 services
-rw-r--r-- 1 root wheel 325 Dec 15 2022 shells
drwxr-xr-x 2 root wheel 6 Dec 15 2022 skel
-rw------- 1 root wheel 9815 Jun 22 2022 snmpd.config
-rw------- 1 root wheel 40960 Oct 2 01:29 spwd.db
drwxr-xr-x 2 root wheel 9 Dec 15 2022 ssh
-rwxr-xr-x 1 root wheel 6784 Jun 22 2022 sshd
drwxr-xr-x 4 root wheel 9 Oct 2 01:29 ssl
-rw-r--r-- 1 root wheel 311 Jun 22 2022 sysctl.conf
-rw-r--r-- 1 root wheel 214 Oct 2 01:29 syslog.conf
drwxr-xr-x 2 root wheel 4 Dec 15 2022 syslog.d
lrwxr-xr-x 1 root wheel 23 Jun 22 2022 termcap -> /usr/share/misc/termcap
-rw-r--r-- 1 root wheel 12233 Jun 22 2022 termcap.small
drwxr-xr-x 2 root wheel 3 Dec 15 2022 thoth
-rw-r--r-- 1 root wheel 2123 Oct 2 01:29 ttys
-rw-r--r-- 1 root wheel 14 Jun 22 2022 version
-rw-r--r-- 1 root wheel 29 Jun 22 2022 version.buildtime
-rw-r--r-- 1 root wheel 2 Nov 21 2022 version.patch
drwxr-xr-x 2 root wheel 2 Jun 22 2022 zfs
Iāll be on the hell raisinā train if we can find proprietary shit (other than the Netgate licensing module itelf) we cant hack back into CE legally. It might just be fork time.
Interesting. Iād consider a small fee for Home use - $120 is a bit rich perhaps - $189 gets you a netgate appliance with free support (at the moment) and I only pay Ā£70/year for 5 users of M365 with 5TB of online storage!
Personally, I think a lot of companies get a lot of good will out of home lab users pushing their products into their business dealings, plus their time early release testing, unearthing bugs etc. So offering something free (and they should stop with the duplicate CE/Plus thing - wastes their efforts?) isnāt a bad move - if they are concerned 3rd parties are pre-loading plus, then enforcing a free licence key tied to a hardware id/e-mail address should stop that, or at least mean the new owner must register and accept the Tās and Cās?
What worries me more if I think hell Iāll buy and appliance and then they start charging for support, which was previously free, or I switch back to CE and they effectively abandon itā¦ Those are the things that make me look elsewhere - I only move of of Sophos Home because they couldnāt do IPv6 and Tomās Videos were a big reason I switched to pfsense.
Hopefully someone at Netgate will realise their errors and address it!
1 Like
Seems like a more reasonable home license is something like the Tailscale approach, which includes a limited free tier.
They just have to implement a better activation/authentication to thwart the license and copyright violators.
Maybe they should acquire MUDMAP and add some value for paid licenses.
Bringing this back into this conversation. This may change the scope of what is going on right now. The problem is we donāt know for sure this isnāt an outage, but I would find that highly unlikely at this time.
(2) just me or everyone? : PFSENSE (reddit.com)
EDIT: sounds like there may be a reasonable technical explaination for this and this problem was a red herring
I didnāt have an issue
[2.7.0-RELEASE][root@ntp.[redacted].com]/root: pkg update -f
Updating pfSense-core repository catalogueā¦
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching packagesite.pkg: 100% 2 KiB 1.8kB/s 00:01
Processing entries: 100%
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogueā¦
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching packagesite.pkg: 100% 155 KiB 159.1kB/s 00:01
Processing entries: 100%
pfSense repository update completed. 531 packages processed.
All repositories are up to date.
what was the fqdn of the repo? it must not be pkg.pfsense.org then?
EDIT: sounds like there may be a reasonable technical explaination for this and this problem was a red herring
Initial reports indicate everything seems fine for now:
pfSense Licensing changes - #65 by NickF - Networking & Firewalls : PFSENSE (reddit.com)
Nothing changed with CE at all,. Nothing changed with the appliances at all
Still looking for more confirmation.
In any case, appropriate action may be required. Should we let Netgate know we are unhappy by threatening to fork? Enough people both care strongly about pfSense AND donāt like what Netgate is doing right now to warrant a conversation.
And just who do you expect to maintain that fork?
Look, I know everybody including myself is not happy with the current situation. I think itās important to understand that the company felt like they needed to cut off the more automated way of getting a plus license and abusing it to protect themselves. I really believe we need to be patient and give them a chance to rectify this situation instead of throwing a fit with sending them threats. That wonāt get anyone anywhere. If individuals are that unhappy and you want to āstick it to themā then go run different firewall software and be done with it. Otherwise stop complaining and see what kind of solution they come up with and go from there.
Yes, I do not get the threats and for something that was free to begin with. Move back to CE or move on. No need for theatrics.
I did not resolve that I would personally start the fork at all. Let me clarify my statements.
I made a general message to the folks here in this thread. I believe there are other folks here would be interested in similar goals as my own. Whether other folks resolve that they would be interested as a consumer or a contributor is not really relevant yet.
Iām interested in being part of both camps, if we resolve the same basis.
in my previous message, I tried to resolve:
"I believe people in the community at large should reserve the right to start a fork pfSense CE with the intention of merging additional features back into the pfSense CE codebase"
I believe they will fix the subscription issue. The Netgate website still shows no fee for pFsense plus on your own hw.
I recall the Negate once made a statement about requiring all hw needing AES (a reasonable requirement for security conscience users) and then rescinded that decision.
A reasonable subscription fee makes sense and Netgate explaining the reasons (much like you have already done) is necessary to regain trust with users.
Hmmā¦ Maybe this is more clarifying
I donāt think that petition takes into account just how much work goes into building a firewall and how much upstream work that Netgate is providing to FreeBSD to keep it up to date. I say this as a matter of fact not as a defense of their poorly planned licence change that I hope they fix.
Also, as I mentioned regarding security. OPNSense is still running on OpenSSL 1.1.1 which reached end of life in September 2023. Netgate has moved pfsense plus 23.09 to the new version of OpenSSL.
What that means if there is a flaw found in OpenSSL 1.1.1 there is not a guarantee that there will be a fix for that version which could end up being a huge issue for all the things that depend on it, especially VPNās.
The 2.7 CE is in the same boat thoughā¦
1 Like
Yup, which is also why I think they will go back on the licence change.
Fair enough. I donāt dismiss that. They deserve to make money. If they want to maintain a fork (Plus) of their own, thatās fine. Iām only calling for a kernel panic if the development of the actual product we care about (pfsense CE) is threatened. These two forks (PLUS vs fork-sense) can be collaborative, this is a challenge to my peers to help me build a mechanism for the organic growth of the pfsense CE project. I donāt see this response as short-sighted. Maybe, itās, perhaps, just too long-sighted.
I have the highest respect for the amount of work that goes into the development of pfSense. I may be uniquely qualified to hold that opinion. But that also doesnāt mean any community action I promote matters.
This is a Sparta (THIS IS SPARTA) moment for me. Nothing has changed today, but I view Netgateās announcement as Xerxesā messenger. You can raise an army, but the few die-hard pfSense lovers like myself will defend the projects spirit. I imagine thereās much more to come from Netgate, and I hope they donāt send their messengers back over here.
Again, this is all just theoretical at this point. I see no motion to act just yet.
I had been considering moving to labā¦ lucky break, not just because of this change, but because searching I came across the unbelievable behaviour of one ceo called jamie thompson from the time opnsense forked ā¦ canāt imagine buying any netgate product now knowing Iād be ācontributingā to his salary, yuk
ā¦ coming weeks will be moving over all pfsense installs over to opnsense, unlike most people prefer the pFsense UI compared to OPNsense UI and the long time between updates, oh well still worth moving over whilst that guy is still in charge!
1 Like