I think charging money for the Plus version is ok, even if they only did it because the owner wants to build a bigger swimming pool or buy a larger house. But I canāt really understand these constant communication breakdowns with every change in their product strategy. Thatās not exactly how you build trust.
Maybe they do want to trick people after all, or they are simply no good marketing and business strategists. Probably a bit of both.
Then again, there would have been an outcry on Reddit anyway even if they had offered the $129 option right away. However, this would have left Netgate much more credible because it would have been consistent with what they communicated from the start when the Homelab version was first introduced.
EDIT:
My last sentence was not quite correct.
They killed the āHome and Labā version, plain and simple. And they almost killed the TAC Lite version too, which they now brought back after the uproar. But it was always the TAC Lite version that would eventually cost $129/yr, and never the āHome or Labā version.
One question, Does anyone of you would like to share a discount code for Netgate appliances? I would rather buy an appliance from them and be done for a while.
Not sure that represents value to me - paying for support, which I generally get from forums etc, for software which in large part wasnāt written by Netgate? For very few additional features over CE which I donāt really need. By comparison I pay Ā£70/yr for M365 family - so entire office suite for 5 users and 5tb of online storage. Iād prefer a license to use with no support - say $50/yr. And why do you get lifetime support FOC when you buy their hardware?
Back to CE perhaps, buy a Netgate box - cheaper over a couple of years use - though losing trust in your firewall supplier isnāt great - will they suddenly renege on free updates or CE development or look elsewhere.
I honestly donāt need the support from Netgate (via TACLite, etc) but iād hate to move to CE now and then be missing out on future features later? I guess I could always go to CE now and upgrade later if a feature came out that I wanted. As long as the security updates are being made, thatās what I really care about.
We will be producing a release of pfSense Community Edition to bring it up to parity with pfSense Plus 23.09, with special emphasis on including OpenSSL 3.0.12. By making these releases, both pfSense Plus and pfSense CE will be based on current versions of these important software components.
I think they will get it in sync this time, but have a weird feeling it wont stay in sync later on.
Being in sync is a good to have but its not a deal-breaker if its not the case. The important thing is that the versions they use are still supported and patched.
Look at the price difference between one of the top end Netgate devices and the cost of a SuperMicro 1u server with similar components. The support is built into the device cost, and a lot of companies like this (mine included). Itās something Iāll need to consider in the next year or two when it will be time to replace my current hardware.
Yup, me too. And mostly from a statement that I canāt find now, but Iām certain I read something about not getting the newest network stack in CE. Either their forums or a reddit thread but posted by a Netgate employee. Iāve also read too much of the back history between pf and OPN, and I must say that I do not like what Iām reading! Look around the 2017 time frame, sins of the past can come around to haunt you.
Iām not completely running away, but I will have a backup plan in place, maybe more than one if I can find another good firewall to use besides OPNsense.
Well you wonāt likely get any guarantees that they will support CE forever. However as long as they upgrade and patch components that are security relevant, Iām fine with that. When it comes to new features, the gap between Plus and CE will likely to get bigger in the future.
However, the question you need to ask yourself is whether you need a certain feature or not. If you could live without that feature until now, you donāt suddenly need it just because it was introduced in the Plus version, otherwise your requirements have changed, in which case you have to re-evaluate anyway. And yes, certain features are simply not available for free anywhere, at least not as a turnkey feature.
We could buy a netgate appliance it will pay for itself in a few years
We could bite the bullet and spend the $129/yr
We could use the CE in hopes they will keep it in sync at all times
Move to a different solution altogether
I donāt want to move away from pfsense because I use it personally and professionally. I tired some opnsense just in case I needed swap to a different solution and it was not fun to use. There were some weird quirks with the āAuto generated rulesā
Or we can postpone that decission until they stop supporting CE or until we absolutely need a feature that was introduced in Plus. Whatever happens first.
Id rather spend my money on this than any streaming subscriptionā¦
(Its quite funny how many ppl just doesnt realize how much money they waste on those.)
Yes, I agree. Going to dump one of them the next time I see the price increase. This means probably in the next few days when it renews for the month. Iām watching more Tubi than Netflix these days, so not really going to hurt me.
One big issues right now with OPNSense that makes it a no go for me is that fact that they are still based on OpenSSL 1.1.1 which is end of life and not getting security updates: https://www.openssl.org/news/vulnerabilities.html
And YES, pfsense is still using it as well but they have a date of when it will be fixed, OPNSense does not.
In their October 25th 2023 OPNSense release notes they that their plan is to eventually upgrade from the out of support version but not yet and no timeline.
From their post:
A word of caution for third party repository users. FreeBSD currently changes
a number of things in their ecosystem. The first change is the move of the
āopensslā package to āopenssl111ā since the former is now based on version 3.
This can and likely will disrupt updates of third party packages not having
followed this change. While we want to use OpenSSL 3 eventually being in
the middle of a stable run is not the time and place to do it. Source
There has already been one OpenSSL flaw found that is not addressed in the out of support version, but patched in current which is CVE-2023-5363
This one is moderate but if a bigger one is found whatās the solution? If they canāt get one out by a known end of life date due to not having enough staff to build the code what would the plan be if there was a major issue?
I am curious if they are going to require tac lite even for netgate appliances too. I was checking out amazon and it says their appliance comes with 1 year tac lite?
We use Netgate hardware for our clients so there is no need, but if I move back to pfsense plus in our lab then I will spend the money. The video I made was me rolling back our lab system.
This is assuming they donāt change their mind againā¦ Decide they arenāt making enough money and decide they need to start charging even users of āofficial hardwareā for updates.
This is the slippery slope problem they create with not just pausing and taking a moment to release a solid game plan they stick to. Could just be my pessimistic side coming out though.
Interesting and tbh thought this might happen. Tom nailed it in his original video. They just went about it the wrong way in reality.
So
pfsense+ $129 (Ā£106)
Untangle Home Pro $150 (Untangle/Arista community deathly silent these days).
Sophos XG home
These are the viable options for a home user. Whatās UniFi looking like these days? Iām not interested as I like flexibility and have enough spare firewalls knocking around. 3 at the last count, Pondesk and 2 x Sophos XG units with pfsense installed on them.
But I canāt really understand these constant communication breakdowns with every change in their product strategy. Thatās not exactly how you build trust.
