More shady stuff from pfsense

[zer0sum]

If you haven't already ditched pfsense for opnsense, now's the time!

It comes as no surprise to many that they are making changes without any communication at all. They pushed people from CE to a free Plus license for their homelabs, and then took it away, without a formal announcement of what exactly is changing.

The CE edition is still free, but updates are slow, and it seems to be dying a slow death.

If you go to their site and try to register for PFSENSE+ HOME OR LAB it shows as $0, but in reality you get redirected to a page with a $399 sub instead.

pfSense Software Types

Explore our subscription table below. Find the option that is best for you. Check out our Subscriptions FAQ for more detail.

www.netgate.com

 

[nkw]

Opinions on alternatives to pfSense?

I guess OPNsense if one wants to stay with *BSD, for Linux alternatives maybe VyOS or RouterOS?

 

[Dave Corder]

I migrated from pfSense to OPNsense a year or two ago. It was fairly straightforward. My Dell R210ii router has on-board Broadcom gigabit NICs and (at the time) a Chelsio dual-port SFP+ NIC - I ended up buying another Chelsio card and a 2-port PCIe Gigabit NIC with the same chipset as the R210ii and throwing them in an old spare PC so I could try out the pfSense export/OPNsense import process a couple times.

For the most part, all my rules and stuff transferred over fairly seamlessly. I do recall having to massage the XML file from pfSense in a couple areas before I could get OPNsense to import properly...possibly in the DHCP lease area and/or VLAN areas, which were the most important things for me to get migrated - I probably have over a hundred static entries for all my IoT devices, and keep them on a separate VLAN (along with my main VLAN, a management VLAN, and a guest VLAN).

Overall I'm quite happy with OPNsense as a whole, and am doubly-happy to have left the pfSense drama behind.

 

[BlueFox]

If you go to their site and try to register for PFSENSE+ HOME OR LAB you get redirected to a page with a $399 sub instead of it previously being free.

Does say to contact sales@netgate.com to get a non-commercial license on the product page. If you could automatically generate licenses for free, their subscriptions would tank.

 

[Sean Ho]

No problems routing my home network with OPN for many years now. With automatic config backups, I have no qualms about doing upgrades even in the middle of the workday. VLANs, Wireguard, IPv6, TFTP/PXE, DNSBL, haproxy, nginx, unbound overrides, WoL, NUT, etc.

Have always been curious to try out Vy, though.

 

[zer0sum]

Opinions on alternatives to pfSense?

I guess OPNsense if one wants to stay with *BSD, for Linux alternatives maybe VyOS or RouterOS?

OPNsense is awesome!

There are a few others worth taking a look at as well

Sophos Home Firewall - Cybersecurity as a Service Delivered | Sophos

OpenWRT - OpenWrt 23.05.0 - First Stable Release - 13 October 2023

 

[blunden]

Does say to contact sales@netgate.com to get a non-commercial license on the product page. If you could automatically generate licenses for free, their subscriptions would tank.

If you do, this is supposedly the response you get:

http://imgur.com/a/sgOE1n0

Source: Reddit - Dive into anything

 

[Markess]

If you go to their site and try to register for PFSENSE+ HOME OR LAB it shows as $0, but in reality you get redirected to a page with a $399 sub instead.

Its super ironic that I finally said to myself, literally THIS MORNING, "Maybe I should stop putting it off and upgrade my Community Edition install to a Home Plus license while they're still free?"

Netgate still has the instructions to do this on their website. But, when I couldn't find the registration link where the instructions said it would be, a google search led me to a different Reddit page with the same Netgate response that @blunden posted above.

Sigh.

https://www.reddit.com/r/PFSENSE/comments/17fvtvv

 

[marcoi]

ill have to look into opensense with wpa_supplicant since i have ATT fiber. I think i setup switch to do vlan0 so i just need to figure out the wpa part. if anyone done it with opensense let me know steps if you got time.

 

[zer0sum]

ill have to look into opensense with wpa_supplicant since i have ATT fiber. I think i setup switch to do vlan0 so i just need to figure out the wpa part. if anyone done it with opensense let me know steps if you got time.

Which AT&T gateway do you have?

You can run the BGW-320 in a simple bridge mode without any need for supplicants. I tested it up to 5Gbps and it was very smooth for me

 

[marcoi]

Which AT&T gateway do you have?

You can run the BGW-320 in a simple bridge mode without any need for supplicants. I tested it up to 5Gbps and it was very smooth for me

i stopped using the GW a few years ago. running certs with wpa on pfsense CE as a VM now with vlan0 on virtual switch so i can vmotion pfsense to different box when doing updates etc.

 

[nkw]

New statement from Netgate: Addressing Changes to pfSense Plus Home+Lab

I don't really have any stake in this other than running a pfSense CE instance, but this is usually the type of stuff companies do as they are heading down the tubes.

 

[RyC]

Wellp looks like the Home+Lab free Plus license is gone completely

 

[mach3.2]

The disappearance of the $129 TAC lite can't be adequately explained by piracy/commercial thief too. Why not remove the discount and make it $129?

The whole thing feels like they are hurting for money and are trying to stop the perceived revenue leak by cutting all free licenses.

 

[zer0sum]

i stopped using the GW a few years ago. running certs with wpa on pfsense CE as a VM now with vlan0 on virtual switch so i can vmotion pfsense to different box when doing updates etc.

I can update OPNsense and only lose 3-5 pings on the reboot. Not sure it's worth the trouble to do HA

 

[das1996]

i stopped using the GW a few years ago. running certs with wpa on pfsense CE as a VM now with vlan0 on virtual switch so i can vmotion pfsense to different box when doing updates etc.

There's a wpa_supplicant on dslr for freebsd13 which should work with the current opnsense (as its still freebsd13 based?). Not sure if the current build of opn directly includes the patch. If not, you can get the binary here - OPNSENSE vlan0 supporting wpa_supplicant binary - AT&T U-verse | DSLReports Forums.

Commandline would be the same as on pf. You may need to play around with boot sequence to get it running properly at start up. Some basic instructions are included in the post.

And yes, was about to make the jump to pf, but not likely any more unless something changes, and quickly. This behavior is not acceptable. At least give some notice.

 

[ketiljo]

I'm seriously considering switching to Opnsense now but I need an alternative to pfblockerNG. Any suggestions?

 

[gb00s]

Why is this shady behavior? Just because users want everything for zero doesn't mean businesses need to follow. If your supermarket tricks you every day no one calls it shady. If you run a business based on user subscription fees, you do what ever you can to suck money out of customers pockets.

Shady is to run something productive and requesting tools and services being run and maintained paying zero.

 

[blunden]

Why is this shady behavior? Just because users want everything for zero doesn't mean businesses need to follow. If your supermarket tricks you every day no one calls it shady. If you run a business based on user subscription fees, you do what ever you can to suck money out of customers pockets.

Shady is to run something productive and requesting tools and services being run and maintained paying zero.

What can be considered shady is that they were pushing home lab users to pfsense plus and essentially stopped updating pfsense CE. They then made this change suddenly without any official announcement posted.

Now people might end up in a situation where they can't downgrade to CE because the configuration file format is too new. I don't know if that has happened yet, but for people who use the rest of their license period without reading this it's fairly likely to happen.

Obviously, misuse of the home lab issue is a problem. What they should've done is communicate this change ahead of time, and make sure that any changes to the configuration format is supported by CE too until the majority of users are likely to have migrated already.

 

[CyklonDX]

Well, things likely have changed since Jim Thompson (then manager) took over whole thing.
Some other interesting details.
https://www.reddit.com/r/OPNsenseFirewall/comments/93s8px