Other OpenSense - new FreeBSD-based firewall, developed in Europe

No of course not! Why should we give a try? pfSense is also BSD-licensed. Most of us don't use turnkey firewall appliances. I hope people who use have some objective criteria how to select one of those appliances. I quickly read through the section "So why did we fork pfSense?" and I have not seeing any reason beyond the fact that few people on the other side of the Atlantic needed to pay their bills and selling firewall appliances is the only thing they know how to do.

One could come up with technical reasons for forking pfSense project. Finally they use obsolete buggy version of PF instead of the completely new (yes PF has been practically rewritten in the past 5 years on OpenBSD) version on its native platform. That in part was motivation from forking pfSense from m0n0wall which uses IPFilter as a backend. However one can't give any other reason. pfSense guys are ultra nice, very competent, they are all business. They have nice business model charging for pre-built hardware, consulting, and nicely written books. Everything they do is BSD licensed, open sourced and available for free.
 
If you want to see some of the reasons why these forks of pfSense are now appearing you should read this thread on the pfSense forums. My personal opinion is that the forks are unnecessary and are no more "open" or "free" than the original pfSense. The name "pfSense" is now trademarked to protect it from bastardized clones and that means you can't call your fork "pfSense" or anything too close. Some people have taken this as an indication that the Electric Sheep Fencing LLC company (that now runs the pfSense development and offers the commercial support) is somehow violating the BSD license with their licensing terms which is simply not true.

https://forum.pfsense.org/index.php?topic=73281.0
 
I had the same concerns when originally trying to figure out why they first forked pfSense, but I did watch an interview recently on BSDNow. The guy presented a few things:
  • Desire for more FreeBSD functionality in the system (eg, utilities like pkg(8) are still included).
  • Desire for a more responsive base-OS update (pfSense moved from 8.3 to 10.1 .. that's a pretty big jump)
  • Various modules that they felt needed a code review/rewrite, including captive portal.
Whether or not they should have forked is a different discussion, but I'd guess from their perspective that it seemed like the right thing to do.

From my own usage standpoint at work, I think pfSense still currently provides a better solution for me. Primarily because of the pfSense packaging system for utilities like Quagga OSPF. If I got hit by a semi truck and am no longer there, I feel that pfSense currently provides a simple & powerful enough solution that I wouldn't be leaving my replacement in a hard spot. Though I haven't looked at how opnsense intends to handle that upgrade process (and they don't have it entirely fleshed out either, according to that interview).
 
Last edited by a moderator:
Oko said:
pfSense guys are ultra nice, very competent, they are all business. They have nice business model charging for pre-built hardware, consulting, and nicely written books. Everything they do is BSD licensed, open sourced and available for free.
Click to expand...

Thought so too until February-March 2014. Around that time one guy built unofficial pfSense 2.2-pre alpha and shared it's ISO's in forum. And following action by pfSense's team was drastic. Thread in the pfSense's forum was deleted, builder tools repo in github wiped, online documentation covering building pfSense removed from Net. Whole March people didn't know what was going to happen. When pfSense's devs allowed people access to the tools repo again, it was after signing three different agreements and you had to figure out on your own, how building from source works. Access was regulated over public key authentication and sometimes whole tools repository was down for weeks or authentication malfunctioned. Nobody from devs seemed to care much. They had rewritten the tools somewhat and it it would not work as before. And there was no new documentation provided. Go over scripts if you like and figure it out on your own. Asking them in forum did not return any response. And it was like this at least to the Nov 2014 when I last checked their progress. IF they wanted, they could have make all that much user friendlier. Obviously they did not want. Yeah, as it is, you can say "anyone could build it". In reality, you would need to know shell scripts very well in order to figure it out. Once you figure the scripts out, you shall face custom package requirements et cetera ad infinitum.

For comparison. OPNSense's building tools just work. Without putting you banging your head to the wall.

About pfSense's devs being "nice". Yeah, most were. Guy named "gonzopancho" left quite sour taste into mouth though. Often patronizing, arrogant and sometimes downright insulting talking to the people. Tried to find some of his posts as examples and failed. He now posts as "guest" user. Old posts no longer available.

OPNSense itself. It's basically pfSense. Yeah, visually bit different but origins are still recognizable. Packages system like it was in pfSense shouldn't be working yet. Wireless neither. But they seem to work hard bringing it back closer to FreeBSD. Time to time I've downloaded it's images for testing.
 
aht0 said:
Thought so too until February-March 2014. Around that time one guy built unofficial pfSense 2.2-pre alpha and shared it's iso's in forum.And following action by pfSense's team was drastic. Thread in the pfSense's forum was deleted, builder tools repo in github wiped, online documentation covering building pfSense removed from Net. Whole March people did'nt know what was going to happen. When pfSense's devs allowed people access to the tools repo again, it was after signing three different agreements and you had to figure out on your own, how building from source works. Access was regulated over public key authentication and sometimes whole tools repository was down for weeks or authentication malfunctioned. Nobody from devs seemed to care much. They had rewritten the tools somewhat and it it would not work as before. And there was no new documentation provided. Go over scripts if you like and figure it out on your own. Asking them in forum did not return any response. And it was like this at least to the Nov 2014 when I last checked their progress. IF they wanted, they could have make all that much user friendlier. Obviously they did not want. Yeah, as it is, you can say "anyone could build it". In reality, you would need to know shell scripts very well in order to figure it out. Once you figure the scripts out, you shall face custom package requirements et cetera ad infinitum.

For comparison. OPNSense's building tools just work. Without putting you banging your head to the wall.

About pfSense's devs being "nice". Yeah, most were. Guy named "gonzopancho" left quite sour taste into mouth though. Often patronizing, arrogant and sometimes downright insulting talking to the people. Tried to find some of his posts as examples and failed. He now posts as "guest" user. Old posts no longer available.

OPNSense itself. It's basically pfSense. Yeah, visually bit different but origins are still recognizable. Packages system like it was in pfSense should'nt be working yet. Wireless neither. But they seem to work hard bringing it back closer to FreeBSD. Time to time I've downloaded it's images for testing.
Click to expand...

This not the whole story at all. What really happened is that the unofficial pfSense build was offered as the genuine article and not a pfSense derivative with different name (which is absolutely fine by the way for the pfSense developers!!!) as it should have been. This prompted the trademarking of the pfSense name and closing of the tools repo until the pfSense devs had a proper infrastructure in place that requires anyone who is interested in creating their own version of pfSense to sign a legal agreement that they won't call their version "pfSense" and only then get access to the tools repo. If I would have been in the shoes of the pfSense devs I would have done the exact same thing 100%, it's their creation and they have full rights to defend it from bastardized clones.

To elaborate this a bit further, one of the main issues was support. The pfSense devs absolutely refused and continue to refuse to offer any kind of support to pfSense builds that are not released by them. That should be very understandable I hope.

Think it this way. Let's say I take the FreeBSD sources and create my own "variant" of it with some improvements that are based on my taste and preferences but I keep calling it FreeBSD. I then make my improved version available trough a public download place, advertise it here on the forums touting it to be better than the official FreeBSD and I just say I'm doing a service to the FreeBSD community. I can't offer any real support for my variant because I don't have the resources so I tell my users to turn to the official FreeBSD support channels in case they have problems with it. You think someone would have a big problem with all of this? This is in a nutshell what happened to pfSense and I'm not making this up.
 
kpa said:
This not the whole story at all. What really happened is that the unofficial pfSense build was offered as the genuine article and not a pfSense derivative with different name (which is absolutely fine by the way for the pfSense developers!!!) as it should have been. This prompted the trademarking of the pfSense name and closing of the tools repo until the pfSense devs had a proper infrastructure in place that requires anyone who is interested in creating their own version of pfSense to sign a legal agreement that they won't call their version "pfSense" and only then get access to the tools repo. If I would have been in the shoes of the pfSense devs I would have done the exact same thing 100%, it's their creation and they have full rights to defend it from bastardized clones.
Click to expand...
I think trademark issues did not enter his mind for a second. He was excited to have managed ALPHA build, before the official snapshots and wanted to share. "2.2" was much waited due to it being based on FreeBSD 10 not the old 8.3. Thus I myself consider pfSense's dev's behaviour still as utter overreaction. 99% probability that this guy had no business purpose for his builds. If you built pfSense from source, it looked exactly the same as "official" product.

Beastie7 said:
Are the PfSense guys doing a complete rewrite with a redesigned UI? Making OPNsense less necessary?
Click to expand...
OPNSense is pfSense's fork, not the opposite.
 
aht0 said:
I think trademark issues did not enter his mind for a second. He was excited to have managed ALPHA build, before the official snapshots and wanted to share. "2.2" was much waited due to it being based on FreeBSD 10 not the old 8.3. Thus I myself consider pfSense's dev's behaviour still as utter overreaction. 99% probability that this guy had no business purpose for his builds. If you built pfSense from source, it looked exactly the same as "official" product.
Click to expand...

It was the "last straw" for the pfSense devs in way. I believe though what you're saying about the guy not thinking about what he was doing. Before that incident there had been numerous pfSense clones cropping up, especially in south america, that modified pfSense with local customizations and spanish/portuguese localizations. Yet, those clones sent the user to the real pfSense website for support.

The action taken by the pfSense devs may seem excessive but you have to remember that quite a few of them are making their living from pfSense (and please no trolling about selling someone else's code, their product is pfSense support), when something is no longer just a nice hobby but your main income you automatically become very protective of it.
 
You must log in or register to reply here.
Back
Top