❌ Software Replacement | Replacing pfsense with opnsense and adding ipfire as additional suggestion #2254

New Issue

2021-04-07T15:56:08Z

waffshappen commented

2021-04-07 15:56:08 +00:00

(Migrated from github.com)

Description

After the previous 2 issues (add opn as suggestion) seemed to have lost traction i thought its time to create a suggestion to not just add opnsense as recommendation but replace pfsense entirely with it.

Why I am making the suggestion

In light of recent news of pfsense plus netgate states the following:

Netgate will focus most of its efforts on [the closed source] pfSense Plus

The frequency of this support [of the community edition] will be evaluated on an ongoing basis

https://www.netgate.com/blog/announcing-pfsense-plus.html

So in short: dropping non-paying customers like hot potatoes and putting future support in the hands of the community while moving new security features and improvements to the paid-only version.

Together with apparently never actually being open source in the first place ( https://github.com/rapi3/pfsense-is-closed-source ) this should make them an absolute non-recommendation on something as delicate as privacy tools you have to rely on. (Even when using the paid version).

In stark contrast opnsense, a fork of pfsense which has massively picked up development pace and ships far newer software versions and (imho) nicer plugins, is committed to the community ( https://opnsense.org/about/about-opnsense/ ). Linux-based ipfire is also going out of their way to maintain support for the community they built their success on, even going as far as to state https://blog.ipfire.org/post/ipfire-is-open-source-software-and-it-going-to-be-open-source-for-forever . As perfectly put by ipfire:

If you are doing security, and you won't give me the source code, you are doing it wrong
How can I trust you if you are not willing to prove it?

And for a good reason, as with this recent blunder coming from netgate: https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/ and the ensuing "professional" behaviour ( See the Defense Mail Jason, creator of Wireguard, hat to send out to defend from the outrageous allegations by netgate ) not shining a good light on future unreviewable closed source code in pfsense and their handling of community and external auditor review and contributions.

So for something as essential to security and as central to a network as a firewall users should not have to rely on closed source editions to keep them secure with code they cant review from a company with unprofessional behaviour towards maintainers that plans to focus on updating the closed source, unreviewable and paid edition first - whereas 2 competitors, fully open source, absolutely outdo them with community support and open source at heart. Especially with opnsense being a direct upgrade path.

Previous Issues:
https://github.com/privacytools/privacytools.io/issues/506
https://github.com/privacytools/privacytools.io/issues/497

My connection with the software

Neither author, nor competitor - just a user of opnsense and ipfire after switching from pfsense after learning of their general behaviour. Switched and never looked back.

I have 1 or 2 issues reported against opnsense and plugins whenever i found bugs which have been quickly resolved.

I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

## Description After the previous 2 issues (add opn as suggestion) seemed to have lost traction i thought its time to create a suggestion to not just add opnsense as recommendation but replace pfsense entirely with it. ## Why I am making the suggestion  In light of recent news of pfsense plus netgate states the following: > Netgate will focus most of its efforts on [the closed source] pfSense Plus > The frequency of this support [of the community edition] will be evaluated on an ongoing basis https://www.netgate.com/blog/announcing-pfsense-plus.html So in short: dropping non-paying customers like hot potatoes and putting future support in the hands of the community while moving new security features and improvements to the paid-only version. Together with apparently never actually being open source in the first place ( https://github.com/rapi3/pfsense-is-closed-source ) this should make them an absolute non-recommendation on something as delicate as privacy tools you have to rely on. (Even when using the paid version). In stark contrast opnsense, a fork of pfsense which has massively picked up development pace and ships far newer software versions and (imho) nicer plugins, is committed to the community ( https://opnsense.org/about/about-opnsense/ ). Linux-based ipfire is also going out of their way to maintain support for the community they built their success on, even going as far as to state https://blog.ipfire.org/post/ipfire-is-open-source-software-and-it-going-to-be-open-source-for-forever . As perfectly put by ipfire: > **If you are doing security, and you won't give me the source code, you are doing it wrong** > **How can I trust you if you are not willing to prove it?** And for a good reason, as with this recent blunder coming from netgate: https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/ and the ensuing "professional" behaviour ( [See the Defense Mail Jason, creator of Wireguard, hat to send out to defend from the outrageous allegations by netgate](https://lists.zx2c4.com/pipermail/wireguard/2021-March/006499.html) ) not shining a good light on future unreviewable closed source code in pfsense and their handling of community and external auditor review and contributions. So for something as essential to security and as central to a network as a firewall users should not have to rely on closed source editions to keep them secure with code they cant review from a company with unprofessional behaviour towards maintainers that plans to focus on updating the closed source, unreviewable and paid edition first - whereas 2 competitors, fully open source, absolutely outdo them with community support and open source at heart. Especially with opnsense being a direct upgrade path. Previous Issues: https://github.com/privacytools/privacytools.io/issues/506 https://github.com/privacytools/privacytools.io/issues/497 ## My connection with the software  Neither author, nor competitor - just a user of opnsense and ipfire after switching from pfsense after learning of their general behaviour. Switched and never looked back. I have 1 or 2 issues reported against opnsense and plugins whenever i found bugs which have been quickly resolved. - [x] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

This repo is archived. You cannot comment on issues.