Menu
What's new
By:
Filters Better Search

pfSense No More Without Paid Version?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ddaenen1 said:
I struggle with the comparison between pfSense and Mikrotik RouterOS. I have used RouterOS for several years and apart from the fact that it is way harder to configure anything compared to pfSense, some stuff it just cannot do. I switched from RouterOS to pfSense for the sole reason that pfSense allowed me to use Letsencrypt certs with an FQDN through HAproxy to provide secure external access to my Nextcloud server which started out as tinkering but now has daily use as part of my business operations.

Over time, i learned to appreciate the easy setup and configuration of packages, VLAN's, time servers and so on. In many ways, it will always be a personal choice but comparing pfSense to RouterOS is just not an apples to apples comparison.
Click to expand...
Thank you @ddaenen1 I value the feedback that comes from your extensive experience.

Netgate's change of strategy has made me rethink the way I use my firewall in general.
Should I keep putting all the services in one box (like HAproxy, certs, VPN etc) and rely on a single vendor or outsource them to a separate box that is best for the job, while keeping a "dummy" router/firewall to NAT internet traffic? For now, i'm not taking into consideration the next-gen features like IDS/IPS.

 
GHammer said:
They've come up with TAC LITE
$129/per year

Better but still a 'no' for me.
Click to expand...
There is a discount code for $30 off for the first year. I have just used it. Enter TACLITE at checkout.
 
JemTheWire said:
There is a discount code for $30 off for the first year. I have just used it. Enter TACLITE at checkout.
Click to expand...

At $100 a year, you'll soon have one of their hardware boxes paid for. Those come with TACLite free. At least for now.
 
www.snbforums.com

An upgradable Router/NAS/PC all in one? Yes.

https://www.tomshardware.com/news/intel-powered-mini-pc-nas-25gbe-router-aio-retails-for-dollar269 Depending on the firmware/OS, this is what I've been asking for, for the last decade. Time will tell if it is anything worthwhile looking at.
www.snbforums.com www.snbforums.com
 
Me. I am going to switch to 2.7.09 when it comes out. There are really no features I use that exists in the Plus version that I need.
I hope it will be an update path for upgrade when 2.7.09 comes out.
 
Last edited:
GHammer said:
At $100 a year, you'll soon have one of their hardware boxes paid for. Those come with TACLite free. At least for now.
Click to expand...
This is obviously true. But if some was going to pay anyway, it saves them some money.
 
JemTheWire said:
This is obviously true. But if some was going to pay anyway, it saves them some money.
Click to expand...

Basically, as I see to clear things up...

  1. someone uses pfSense on their own hardware with community support - 30 feet or 30 seconds whichever comes first - post support questions on their forums, tickets over on their Redmine... also open to code contributions for bug fixes, which is in the context of FreeBSD
  2. someone buys NetGate HW with extended functionality as a term-limited support agreement and license to use - there it can be production (at scale) or Lab instance (which covers Home Labs as well as real-world deployments)

Where we get into these grey zones is a supported release on non-Netgate HW... and flip-flops on policy...

I think the big challenge perhaps - and folks might not like this, is not the home lab folks directly, but SME's that take advantage of the previous terms...

As I've mentioned - @gonzopancho and his team tend to do great stuff, but also do own-goals...

Case in Point - I bought Netgate branded HW - the SG-2440 - but it wasn't - it was the RCC-VE-2440, which was direct from Netgate... When pfSense Gold policies were introduced back in the day - I asked a number of questions over on reddit on where we stood with the license agreement - mostly because I was running HW I bought direct from Netgate, but it's specially branded as pfSense HW.

After a number of back-forth - ivork, the reddit community manager, ban-hammered me because of uncomfortable questions. That was years ago, and I'm still blocked to this day over on Reddit...

ivork made a really bad decision - as that motivated me to make something similar - which I did with cafeole... and my contributions to OpenWRT and downstream on the marvell platforms - mainly just because...
Click to expand...

Oh well...

There's still the market opportunity to build a pfSense equivalent based on Linux/Debian - and while I'm very much BSD, I'm very open to doing a linux solution here...
 
Well, as I said, *Sense is dead for me. One is not trustworthy, one is assholish for questions on things they don't think you need.

I have found several candidates, but they all fail on a single item. No support for Cloudflare DDNS.
I suppose I could run ddclient on a device and that's likely what I'll end up doing.
 
GHammer said:
I have found several candidates, but they all fail on a single item. No support for Cloudflare DDNS.
Click to expand...
You can use whatever domain they offer (noip as for an example) and then link this domain to Cloudflare using CNAME.
 
I haven’t had any complaints since installing plain Debian Bookworm and managing the network with systemd-networkd, dnsmasq and nftables. There seem to be some Cloudflare DDNS container solutions out there as well to add on top.

No GUI to speak of with this setup, but I’m not beholden to any vendor craziness.
 
That's how I'm leaning.
I have fairly simple needs.
A couple of holes poked through the firewall for things I run locally, DDNS, DHCP. Done
 
Command line, I am retired and I don't want to work that hard. I will run Pfsense CE unless Opensense surpasses them.

I have been looking at this. I would need better examples to make it easy for a home setup. If someone had a working configuration for a home setup. I would need to get it down to something easy to configure so I can over lay new versions as there will not be any updates other than writing a new version on the PC. It needs to be down to a few easy steps that does not take too long to setup. I don't need DHCP so it should be a simple setup. Can I get it down to where I paste a configuration in after installing new version? I also don't need IPv6.

Firewall Configuration — VyOS 1.4.x (sagitta) documentation

docs.vyos.io docs.vyos.io

This is the best I have seen but it looks like a lot of work to start out.

VyOS from Scratch – Edition 1 – blog.kroy.io

blog.kroy.io blog.kroy.io

PS
I guess if Pfsense goes south with a little work I can do VyOS with a basic config. I am sure it would be fast.
 
Last edited:
GHammer said:
I have fairly simple needs.
Click to expand...

What is pfSense Plus giving you more than pfSense CE in this case? Instead of rebuilding your entire system just switch back to CE and done.
 
Tech9 said:
What is pfSense Plus giving you more than pfSense CE in this case? Instead of rebuilding your entire system just switch back to CE and done.
Click to expand...
I am hoping when pfsense 2.7.09 comes out there will be an upgrade to it so I don't have to roll back. just move forward.

When I was on 23.05 I had an option to upgrade to 2.7 CE which I chose because I had to wait on a new license as I changed NICs for 23.05.1.
 
Tech9 said:
What is pfSense Plus giving you more than pfSense CE in this case? Instead of rebuilding your entire system just switch back to CE and done.
Click to expand...
pfSense Plus gets updates 3 times per year instead of 1 and it has Boot Environments.
 
Remember that tnsr was supposed to replace pfSense...

TNSR Overview

TNSR software is high-performance router with industry-leading price-performance, scalability, and flexibility for edge, data center, and cloud deployments
www.netgate.com www.netgate.com

perhaps another own-goal?
 
Christos said:
Netgate's change of strategy
Click to expand...

Hmmm - what time of day is it?

There's been a lot of changes there - let's make everyone require AES-NI support, let's do Gold subs for TAC, no - let's tell everyone the future is tnsr, and then walk it back...

QAT support for Rangely, and then walk that one back. Yes, Intel's API's changed, but that's not really a reason...

Let's fork things into CE and Plus - offer homelab subs, and then walk that back.

Seriously though - pfsense is pretty good software - never had issues there - but the lack of consistency is just unprofessional from a management perspective...
 
Horrible. I have 4x Netgate appliances and about 20x Apple devices. Time for new Apple thread perhaps? Done with Netgate?
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
C Pfsense wins awards Routers 34

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 856 (members: 37, guests: 819)
Top