pfSense No More Without Paid Version?

[Christos]

If $129 is a lot of money for someone they definitely don't need pfSense. Home AIO router for one time $100 is good enough.

I understand the anger when something free is taken away, but there will be less free things going further. The life is changing.

let’s plan for the next 5 years: would you pay $645 + your hardware for pfsense or pay same or less money for a Cisco router with 5 years lifetime? (eg cisco meraki go)

I would buy something from Cisco or Fortinet (with no license) with this amount of money over 5 years.

 

[Tech9]

This Cisco router with license will cost much more. It will be also with very limited options. My situation is different. I've paid $800 per firewall (four units) and Plus comes with it. In a business I can't have SFF PC from eBay as router. At home I don't want SFF PC from eBay and prefer 10W dedicated hardware. As I mentioned earlier my home 5100 is going EoL and I'll perhaps run CE on it with no big changes in functionality and performance. If I need something not available in CE will buy another 6100 or whatever is available there similar. 4100 looks like nice home device with 4x 2.5GbE ports.

When you buy a new iPhone for $1000 do you plan using it for next 5 years? For a personal device it's okay, but for a device used by a group of people it's too much? Netgate 4100 at $600 with lifetime Plus seems pretty cheap to me in comparison. Firewall, Plus and a 2.5GbE switch included.

 

[sfx2000]

I understand the anger when something free is taken away, but there will be less free things going further. The life is changing.

Not sure I would call it anger (or all consuming rage, aka the red mist)...

There is a sense of frustration at the inconsistency of Netgate's policies - and going across different sites/forums - it's kind of shared experience here.

Folks that went down that path of the previous pfSense Plus homelab license - committing to that, only to have the rug yanked out from underneath and no safe way to rollback to CE - that's the major issue at hand...

 

[Tech9]

What's the major issue on this forum in particular where every second new user is asked do reset their router to factory defaults first? No big deal. If the settings export/import doesn't work - start over on CE. Reconfiguring something you already know is going to be faster than finding alternative and recreating what you had on pfSense. The question comes down to how much one's time is worth.

 

[sfx2000]

What's the major issue on this forum in particular where every second new user is asked do reset their router to factory defaults first? No big deal. If the settings export/import doesn't work - start over on CE. Reconfiguring something you already know is going to be faster than finding alternative and recreating what you had on pfSense. The question comes down to how much one's time is worth.

it is more the issue of the ongoing story with Netgate at large...

Don't dismiss this lightly - there are folks with homelabs that have fairly complex configs, and pfSensePlus migrated them forward - there is no way to roll-back.

@Tech9 - I appreciate your comments - that being said, i'm not sure what your continued interest is here...if you're a paid up subscriber, there isn't a problem.

 

[Tech9]

i'm not sure what your continued interest is here...

Different point of view. This is what we have now from Netgate. Take it or leave it. And there is no new Apple thread.

 

[coxhaus]

let’s plan for the next 5 years: would you pay $645 + your hardware for pfsense or pay same or less money for a Cisco router with 5 years lifetime? (eg cisco meraki go)

I would buy something from Cisco or Fortinet (with no license) with this amount of money over 5 years.

Cisco would be way better for multiple sites. I looked at the Meraki routers and the low-priced ones seemed under whelming hardware wise. I think the Cisco Firepower would be better for a single site. The drawback is you need to be a business or Cisco does not want you as they will not sell you support which includes software updates. This is why I am not running Cisco.

 

[sfx2000]

The drawback is you need to be a business or Cisco does not want you as they will not sell you support which includes software updates. This is why I am not running Cisco.

the Cisco-Meraki stacks are nice, but pricey, esp for a homelab or a small business - when one has 200 sites, the pricing actually is very attractive...

 

[coxhaus]

200 sites are definitely Cisco's territory. But even if you run 4 or 5 sites then the Meraki ties them together well which nobody does well in the small scale. Pfsense is working on something with their plus version but they can't do it now.

Cisco's small business switches are the best small scale out there and their wireless is not bad.

 

[Christos]

Cisco's small business switches are the best small scale out there and their wireless is not bad.

But they don't have firewalls for this market* and when you get firewalls and switches from different vendors, you get worst insight of your network.

*Meraki Go firewall is a very weak product

 

[dave14305]

I’ll be trying CE soon since OPNsense/FreeBSD 13.x doesn’t support my intel i225v NICs at 2.5 Gbps.

Not sure how I got confused before, but I have OPNsense running fine today with my Intel i225v NICs. I was likely conflating the i226 issues. I ran pfSense CE for about 90 minutes a week or so ago and found it difficult to find the settings I wanted. So I went back to OpenWrt until last night.

I have IPv6 running reasonably well (it makes using ULAs on the LAN slightly more challenging). I’ve got my Unbound ad-blocking setup just fine.

Next will be to unravel how they do traffic shaping (pipes, queues, limiters, etc.).

Not a bad setup so far.

 

[coxhaus]

But they don't have firewalls for this market* and when you get firewalls and switches from different vendors, you get worst insight of your network.

*Meraki Go firewall is a very weak product

verses what? Meraki has the software to tie sites together well.

And any firewall I would run would run fine with a Cisco switch. So, I don't see where you are coming from on this one. Maybe there is some junk out there but I would not even consider it. There is no problem with Cisco and Pfsense.

 

[ddaenen1]

Two things I just heard:

1. Opnsense will move to BSD 14 as soon as their next big release.
2. Negate put Kea DHCP only to the paid version, leaving CE version with the ISC dhcp that is EOL.

That is not correct. CE 2.7.1 which is out as i upgraded my backup router to it over the weekend also has KEA. I have not changed over from ISC to KEA since it is not fully functional yet. Some DNS registrations do not work yet.

 

[coxhaus]

So, I have been looking more and more toward VyOS. It seems to me once I get a config done, I can save it and paste it in every time I have to change VyOS snapshots of the OS. I am thinking I can get it down to a short period of time for the changeover. A subscription is too expensive and does not make sense. So, I would have to work from snapshots of the OS.

If I get some time this winter, I have an older Dell PC that would work. I may try it. I bet it is going to be really fast being character mode with no GUI. The code looks like the old Cisco Pix firewalls I worked on in the past.

This is not what I want to do with my retirement, but I think VyOS would be a safe bet since there are lots of big users out there and it will not go away or change the rules much.

PS
The other interesting thing I have been thinking about if there is a Linux hack that comes out, I can grab the latest snapshot of VyOS as they post one every day for a possible fix.

 

[majika]

This Cisco router with license will cost much more. It will be also with very limited options. My situation is different. I've paid $800 per firewall (four units) and Plus comes with it. In a business I can't have SFF PC from eBay as router. At home I don't want SFF PC from eBay and prefer 10W dedicated hardware. As I mentioned earlier my home 5100 is going EoL and I'll perhaps run CE on it with no big changes in functionality and performance. If I need something not available in CE will buy another 6100 or whatever is available there similar. 4100 looks like nice home device with 4x 2.5GbE ports.

When you buy a new iPhone for $1000 do you plan using it for next 5 years? For a personal device it's okay, but for a device used by a group of people it's too much? Netgate 4100 at $600 with lifetime Plus seems pretty cheap to me in comparison. Firewall, Plus and a 2.5GbE switch included.

Not so long back I run pfsense-2.7-dev as gateway/edge device running on 4x2.5GbE port 16GB DDR4, Zen3+ Ryzen7 5825U 8c/16t as industrial type FWA, initially skeptical which turned out to be unwarranted as these things are Brutes & Silly fast for its job, got a second FWA for Proxmox to run behind with a few CT's and VM's, all-in-all running stable now for like ~5mo. Rock-solid, Cheap, Fast when all things considered.. Plus low-"ish" power ~20-25W, Prox node peeks to like 45W, under load (BIOS profile Capped)

IMHO, I wouldn't argue with netgate's dedicated devices incl LiCs, as reasonable for what it offers.. but I prefer the home build type route where at least I can have flexibility to repurpose/redeploy as say a dedicated mini-pc or dedicated server box etc.

 

[Tech9]

but I prefer the home build type route

No problem, pfSense CE is available. I was running it on different mini PCs years ago myself before pfSense Plus. Different configurations with 2x NICs, 2x USB adapters, router on a stick to managed switch, etc. I don't remember any stability issues excluding some 3rd party packages in development.

 

[ddaenen1]

I recently switched back from plus 23.05 to CE 2.7.1 on my backup router using the config from my plus 23.05 main router and apart from the boot environment option, i really could not detect any difference. I am going to run it for a bit now in a parallel network but as i ran CE 2.6.0 for some years, i have no doubt it will perform just as well.