pfSense vs. OPNsense

That they’re in that menu at all is bizarre; that they aren’t near each other in that menu is just icing on the proverbial cake.

I used pfSense for 5+ years, so I don’t think it’d be accurate to speak of this or anything else as a “barrier to entry” for me. But there were a variety of reasons I chose to change to OPNsense, many of which I discussed in the old thread. That they hired a severely-impaired box turtle with a very busy schedule to design their GUI wasn’t all that high on the list, but it was still a factor.

3 Likes

No different than the quirks associated with the UI in DesignSoft Eagle. Sometimes, software succeeds in spite of a crappy set of UI choices because there aren’t many great alternatives and the underlying infrastructure is really good.

If I had to choose between the two packages, I’d likely start with OPNSense due to the underhanded things the pfSense team allegedly did to torpedo OPNSense. Or is my wetware misremembering?

3 Likes

No, and there’s no “allegedly” about it. They really did build that website. They really did register (IIRC) opnsense.com and point it to that website. And other things, many of which are discussed in the old thread.

Netgate were a much bigger factor in my decision to switch to OPNsense than was the product itself.

7 Likes

The words “petulant child” are but a start when describing that whole disaster.

1 Like

Maybe I don’t take things as seriously, but I thought the site was an amusing parody. Who would honestly believe this would be a leading banner on a site.

I guess I don’t have an issue with the UI. The system works, I can’t recall an issue due to the UI.

I’ve tried OPNsense a few times and just didn’t … seem worth the hassle of moving over. My last attempt was back in 2020, so things may have changed over there. But I’d need a reason to what to leave pfSense at this point. OPNsense has to barge in like the Kool-Aid Man with something impressive or pfSense needs to implode. I’ve been using it since probably 2009, I know pfSense and it works for everything I need and then some. I have one unit deployed at home, one at work, and a few dozen across my supported customers where they need more functionality the a Unifi router can provide.

I just checked out their site to look it over. I see they have a business editions. I clink the link for the shop and it bring me to a dead page. I know this is a small thing, but if you can’t sell me a product you have on your main page, and I find dead/broken links in under 30 seconds it doesn’t make me warm and fuzzy to swap from something I have over a decade of rock solid experience on.
image

2 Likes

573f50d1-ebdb-4d97-9f92-62255e48f8ff_text

…but when a competitor registers a domain under your product’s name, and posts that site on that domain, that IMO is very far afield of “an amusing parody.” I note you omit the banner from that page (which I’m not going to share here; the full link is in post #10 of the original thread, behind a spoiler tag), as well as some of the other captions (e.g., “look at this f-ing keyboard”, “when your VPN takes a …”, etc.).

It’s not good-natured, it isn’t in the least amusing IMO (though obviously tastes differ), and to the extent it’s a parody of anything, it’s a parody of something that’s common and supposed to be encouraged in the F/OSS world (the world Netgate desperately wants to be seen as living in): forking a project that doesn’t quite meet your needs when that project’s maintainers won’t make the changes you feel you need.

Of course. And while I’m not particularly trying to be an evangelist for OPNsense, IMO it’s important to distinguish between the products, and the companies behind them–and as I said a few posts back, I see Netgate themselves as a very big drawback for pfSense:

  • There’s the point we’ve just been discussing, their throwing a temper tantrum worthy of a three-year-old (though far more profane) when OPNsense forked
  • There’s the Wireguard fiasco from a couple of years back, when they blamed everyone but themselves for the garbage code they almost put into FreeBSD 13
  • There’s the fact that they lie about being open-source–they won’t release all the coded needed to build the software (link documenting this in the original thread)
  • There’s the pfSense+/CE issue: “pfSense+ will be free for home/lab users. Just kidding, it’s $400/year. Or maybe $129/year.” Along with the question of whether CE will ever be updated

The behavior of Netgate was, by itself, a strong reason for me to want to use something else–no doubt many other examples could be given. The transition to OPNsense wasn’t entirely smooth, and I didn’t feel that their forum support was very good; I don’t feel like that outweighs my problems with Netgate and pfSense, but obviously opinions can differ there.

5 Likes

It’s particularly hard to claim “it’s just a friendly jab” when deliberate efforts were made to conceal that said website was operated by people high up at Netgate.

3 Likes

Your the only one who said “it’s just a friendly jab” please don’t quote and attribute things to me which I didn’t say.

Although TBH I did imply it. Please actually quote someone when quoting them.

I don’t know what means were taken to conceal or hide anything. I remember seeing the website nearly a decade ago and thinking maybe the old grey neck beards will loosen up and have some friendly banter back and forth. They cried.

And it’s fine they are entirely within their right to complain and file whatever paperwork or legal claim that they did.

I would just think OPNsense is worried about loosing some very low hanging fruit of users whom would be turned away from their product because they believed this was actually OPNsense’s website.

I’ll just say maybe I’m bias or prejudicial in some way. I know no one at Netgate, I’ve done business with them buying products, and services in the past but I can’t name a single person who works/d there without looing it up. But one company poking, or as you put it “it’s just a friendly jab” at another doesn’t bother me. Companies do it all the time. F/OSS products develop cult followings (I’ll be honest with pfSense I may be in the periphery here) where they could be acting the the Japanese’s in China during WW2, and folks would damn near burn down the house of someone who disagrees with that Insert Project Here is the best thing since sliced bread.

I don’t really care about inter company drama, I’m interested in the product which to me is like a breaker box. I set it up and walk away and it just works. Difference being a few times a year I come back and update pfSense. It’s an appliance that has out lived every piece of hardware I’ve put it on as I’m still running an evolution of the original config I stared with over a decade ago starting with 10/100Mbps interfaces and now 10Gbps and 2.5Gbps.

2 Likes

I sort of answered this in the above post, but I was hoping OPNsense would have response with something amusing back. A bit of sparing shall we say. I strongly doubt any user seriously looking at OPNsense went to that website and thought that it must be the legitimate site for the project. It’s clearly parody. It would be like someone creating a McDonalds picture with the slogan “We’re Killing you” under it. What reasonable person would believe that to be truly the companies official messaging.

I don’t know what changes the guy who started OPNsense needed, but it’s not a projects responsibility to placate every user. Projects have goals and visions, which can’t be side railed for every request.

You mean the video? I just went back and looked at all the rotating images at the top and didn’t see anything there I’d think someone would find risky to repost. Those just remind me of the Despair demotivational posters. If it is the video, again shrug …I’m sure someone would be offended, especially these days.

I’m interested in the product not drama from … 2017. I just don’t care. And I’d feel exactly the same way if OPNsense made a parody site about pfSense or Netgate.

I got involved in this conversation as I say folks complaining about Hault and Reboot not being next to each other. Not the conversation has wandered out in the weeds.

Hault and reboot aren’t next to each other in the Diag menu due to the drop down menu being sorted alphabetically. Couldy ou moved them closer sure, sure but I find being bale to drop down the list looking for H or R far quicker vs having to memorize the order of menu.

The only thing I remember is the website, I’m unaware of what your referencing. As stated above I don’t care about company drama.

Just to be clear, I don’t mean this with any tone or dismissiveness. I just genuinely don’t care. The point the company is causing issue for the project I’ll just move to that project. I just know how things can be lost in a text conversation with a stranger over the internet. I seems that you and Eric may have already hit that point.

I don’t recall this, I’ve not rolled out wireguard anywhere yet an OpenVPN has been serving my needs fine.

I can’t seem to find the link your referencing. Although some Google-Fu seems to only turn up old github repo’s.

If accurate, it’s a bit disappointing the project would end up here. I could understand maybe keeping the pfSense+ behind the curtain, but everything for the CE ought to be public.

This is a change in policy. I ran the free home/lab version when they were offering it for free. I think I’m running the Lite or Home version at home. A number of my supported are running the paid versions as there is an expectation of support if there is an issue. Although most issues I run into are user config issues and just restoring a previous config resolves.

So I’d be more in the latter, I don’t care what Netgate does for the most part, although if they are hiding the code, that brakes being able to jump ship when I feel this one has been mis Captained.

1 Like

Yeah… I found your banner. It had been covered by the Wayback Machine Timeline.

1 Like

I agree. I also don’t think it’s particularly relevant, because my issue with that website wasn’t/isn’t that someone might think it was an official OPNsense website. It was rather:

  • It was so unprofessional. “Vulgar” isn’t an exaggeration. If someone saw that site on my work computer, I’d have some ‘splainin’ to do.
  • They put it on opnsense.com[1]
  • Other than one line about lack of professional support, the only real beef raised there was that OPNsense dared to do what should be expected of an Open Source Software product and forked it.

Open source software or not, domain-squatting or not, knowing that a company put up a site like that about a competitor would make me very reluctant to patronize the responsible company. But those factors make it worse.

Of course it isn’t. But it is the responsibility of F/OSS software developers to not act like spoiled toddlers when someone forks their projects. It’s not like Netgate wrote every line of pfSense from scratch either–this is how F/OSS works.

No, I mean the banner across the top of the site. I’m not going to post it here; I don’t think it fits this site’s TOS. If you want to see what I’m talking about:

  • Follow the link in my OP to the thread on the other forum
  • Go to post #10 by Jailer
  • Expand the Spoiler tag
  • Click the link behind that spoiler tag to archive.org
  • Hide the archive.org banner at the top of that page
  • Enjoy (or not) the stylized goatse.cx image that the Netgate crew thought would be appropriate to associate with a competitor’s name

I think you should read more carefully, because that they weren’t next to each other wasn’t ever the primary complaint about those menu items; the primary complaint was that they were in the Diagnostics menu at all–and you’ve already been corrected on this. That they’re alphabetically in a too-long menu rather than together at the bottom of it is also a valid complaint IMO, but secondary.

But I was a little off about the date, it was about three years ago.

Now, they sponsored this work, hired a dev who should have been able to deliver good work, and upstreamed it back to FreeBSD–all good things, and all very F/OSS-y. I don’t blame them for the garbage code. I do blame them for pointing fingers everywhere else when the garbage code was discovered.

Now, I can’t independently vouch for the accuracy of what’s written there, but he seems to bring the receipts. It’s true the page hasn’t been updated recently, but the history what it is, and I haven’t seen any reason to believe they’ve changed their spots.

…and that, I think, is why prospective users should care, at least a bit, about the company behind a project they’re considering using. Because when a product goes from “free to use” to $400/yr, you’re kind of SOL. Users are left with:

It’s worth remembering here that the messaging from Netgate when pfSense+ was announced left lots of people believing that CE wasn’t to get any more updates going forward. I haven’t followed pfSense that closely since then to know whether that turned out to be the case or not.

And that’s certainly your prerogative. But I think there are a couple of reasons it’s wise to care, at least to a degree:

  • If a company regularly acts in a way that’s inconsistent with their stated values, that is IMO a good reason to question their trustworthiness. If you claim to be all about Open-Source Software, but throw a fit when someone forks your code, well, that doesn’t seem very consistent, does it?
  • The behavior surrounding pfSense+ really gives rise to some questions about where free users are going to be in a year or three. Frequency of updates is already a sore spot for lots of pfSense users, and I don’t think this is going to help.

  1. Yes, the OPNsense folks should have been smarter and registered that domain too. But that’s no excuse. ↩︎

4 Likes

As always in pfSense vs. OPNsense debates, we are drifting away. I agree on the point that i don’t care much about the historical mumbo-jumbo between the 2 companies. There is a lot of noise in the system when it comes to “the-who-did-what-to-whom-when” so i am going to leave it at that.

With regards to CE vs Plus, it is true they have changed their business model a couple of times. I was on CE, upgraded to Plus and as it seems, at some point in time it might be the case i will need to revert to CE again. These types of decisions will always happen. We have been taking it for granted that the software is provided free of charge but companies need a profitable business model in order to survive and continue to enable us to get software for free. Or have we already forgotten that iX is also intending to dump Core at some point in time and putting all their money on Scale?

For now, everything is working peachy and if needed, i will make the change. Already tried it on my backup router and it works flawless. Same for TrueNAS, i will stick with Core for as long as i can and if needed, jump over to Scale which will be a lot more hassle than switching over from pfSense Plus to CE - you can count on that.

2 Likes

Good points here. We will all, always have our paths we take. Same goes for the discussion with CORE vs SCALE.

And that is life…
Make choices, benefit from or regret them, and make choices again.

1 Like

I feel this could have been incredibly more efficient if an actual conversation was possible.

I found the banner you’d been hinting at. WayBack Machine had it’s timeline over it so I didn’t see it. I don’t know you but we seem to be having a reasonable discussion. I didn’t feel your objection could have been from those other items I’d listed

To me it seems childish. I don’t know how old those involved are/were, how Sr. those involved or making decisions to move forward with this project, or even if they are still there.

The factors above change how “Wrong” i perceive it to be. I could go look into it, but as I’m sure will become my these on here I don’t care so much about a website from 7 years ago. Should it have happened * thinks back to banner at the top of the page * probably not, I don’t recall that from ages ago. I may have missed it then or maybe I was using a snapshot of the WayBack Machine when looking then.

At that time I was hoping it would have just led to some friendly jabs and banter of two forked products, as I think many projects take themselves a bit to seriously. I understand we’re talking about firewalls here.

Although the other side of that the entire reason why I tend to have my “I don’t care attitude” towards the company managing the projects is the code is supposed to the freely available, auditable, and fork-able.

I entirely support OPNsense to exist, and I find it a bit bothersome if the pfSense project has gone closed source. I could understand maybe having the pfSense + product be closed, the license allows for it, I would prefer it wasn’t the case, but the CE should always be open.

The entire point being when a fork is able to address the needs of the users where the original is failing seems like a healthy evolution.

This is entirely the reason I’d jumped ship from m0n0wall to pfSense around 2009. pfSense was offering things above and beyond what m0n0wall had on their horizon, and the project had been progressing well in the number of years since it’s fork.

The whole potential close sourcing of the pfSense projects bothers me more. As it puts me in a position where I need to care what Netgate does since I’m stuck, or I need to consider alternatives incase the time were to come where they pull a Broadcom/vmWare.

I just don’t care for the UI of opnSense, part of the reason why I can’t bring myself to use Proxmox since it seems very similar.

Just realized Arista bought Untangle then went Broadcom and now there is no free tier. $270/year yikes

2 Likes

Plus to CE is dead easy. Take a backup, reinstall, and import backup.

I testing it a few times before I was willing to make the jump as I didn’t trust Netgate to dangle the carrot not to lock me in without testing myself.

I’m seriously considering going back to Core as I have been less then thrilled with Scale. Although it is obviously their intended path so I’m looking to try roughing it out.

1 Like

Not in the least, and I’d considered bringing it up in my last post. But the difference is that there’s no hint of iX charging anything for SCALE. There’s always been an “Enterprise” version of TrueNAS, iX charges for that, and they have a handful of features included in it that aren’t in the free product. And, of course, they provide direct support for it. CORE vs. SCALE doesn’t change any of that.

With pfSense CE vs. Plus, you do have the new product with at least the impression among many that the old product will be left to die on the vine (as with CORE vs. SCALE), but on top of that you have that the old product is free and the new one decidedly is not. How they’re going to enforce that in an open-source product (because they’re still trying to pretend they’re a F/OSS company) is unclear.

The WIPO decision–linked in the same post that links to the Wayback of the website–addresses a lot of this, including the attempts they made to hide that it was Netgate behind the site. IIRC, it was the senior leadership of Netgate who were behind it.

De gustibus non est disputandum.

Can’t say I’ve seen that resemblance. But there’s a good free alternative in xcp-ng.

I knew about Arista (and I think they also bought Sophos), but not Broadcom. And that’s part of the problem: other than pfSense and OPNsense, there aren’t many options for a free router/firewall with a GUI that runs on x86. OpenWRT, maybe? Vyos is said to be pretty good, but CLI-only. Mikrotik’s RouterOS? Free as in beer (I think), not as in speech. Google’s finding some references to IPFire, but I don’t have any experience with it.

2 Likes

“Free” as in “alcohol-free beer: 5$”

4 Likes

So, does OPNsense, objectively do anything better than pfsense (CE) today?

I’m perfectly happy with pfsense (politics aside), I understand it’s UI etc, I like its package system… I would prefer not to have to reconfigure things from scratch. So would need a good reason to change.

Pfsense going away as a free proposition would be such a reason.

1 Like

UI differences are mostly subjective. OPNsense has a “bootstrap” installer that will let you put it on top of an existing BSD system, which can be handy in some circumstances. I expect the core routing functionality is going to be the same, seeing as how it’s all built on top of pf anyway. But here are some things that come to mind:

  • Updates
    • OS updates happen considerably more frequently than I ever saw with pfSense when I was using it (which was before the CE/Plus distinction)
    • You can update OS and packages at the same time with a single “update now” button
    • OS updates don’t always require a reboot
  • Config backups
    • OPNsense does not host their own backup service like pfSense does–that’s a point against it.
    • But you can back up to Google Drive
    • Or Nextcloud
    • Or GitHub (or anything that works like it–GitLab, GiTea, etc.)
    • Or to anything else you like with a single curl call through its API
  • Caddy
    • Caddy’s now available as an official plugin with a UI. Far simpler to configure as a reverse proxy than HAProxy

I think a lot of us expected this when they announced pfSense+. And it hasn’t happened yet, but getting rid of the free license for + sure looks like that’s where they want to go.

5 Likes

For what it’s worth 2.8.x and CE-Next is on the roadmap with the former having 87 issues closed out of 119. So it’s not just sitting there aging like milk at least.

@dan XCP-NG is one I’ve played with on and off.

2 Likes