pfSense vs. OPNSense?

Patrick M. Hausen · Oct 29, 2023

@NickF For me that fork already exists and is called OPNsense. Community edition first, pull requests on github, all out in the open. Why another fork?

NickF · Oct 29, 2023

Fair question. The code diff is too wide. 2015-2023 is alot of development hours that are very different.
The stability of OPNSense is also unclear to me. There are too many edge cases I've depended on pfSense for.

Using OPNSense in this context would be like using XigmaNAS instead of TrueNAS in our world here. It's just not the same thing.

EDIT: The difference here, and why iX is a better steward of FreeNAS than Netgate is of pfSense is abundantly clear in my eyes. iX makes its money off of hardware and support. All of the underlying differences between their CORE and Enterprise versions are up on GitHub. Anyone can hack those features back in. All of the HA code, licensing, what have you. There's no secrets with TrueNAS. There would be of course no support for doing so, but that's why iX exists. Netgate is raising the corporate veil, instead. I think that further erodes our freedoms in general, and we can still have it both ways. Perhaps just optimism on my part?

danb35 · Oct 29, 2023

NickF said:
Using OPNSense in this context would be like using XigmaNAS instead of TrueNAS in our world here. It's just not the same thing.

Not even close. There is no common code between XigmaNAS and TrueNAS; they only things they have in common are (1) the general purpose of the software, and (2) each was at one time called FreeNAS. There's a great deal of common code between pfSense and OPNsense. A great deal of the pfSense documentation/tutorials/guides apply to OPNsense with only minor changes. The OPNsense UI is far better, though that isn't saying much.

If you love pfSense but don't like where the company is going, OPNsense really does seem like the logical place to go.

NickF · Oct 29, 2023

danb35 said:
here is no common code between XigmaNAS and TrueNAS; they only things they have in common are (1) the general purpose of the software, and (2) each was at one time called FreeNAS.

There once was alot of common code. I am just expanding the timeline more than you are. Reviewing history is critical. In the case of OPNSense vs pfSense, the divergence is maybe not quite as grand, but it exists.

danb35 said:
There's a great deal of common code between pfSense and OPNsense

Sure, no objection. However, There's also a great deal of code which isn't.

danb35 said:
The OPNsense UI is far better, though that isn't saying much.

I reserve the right to disagree on this, as it's subjective.

danb35 said:
If you love pfSense but don't like where the company is going, OPNsense really does seem like the logical place to go.

I disagree. It's really not quite the same. They are friends and allies to the cause, but their interests don't quite align with my own. It seems to me no one in the professional landscape is hiring OPNsense experts, just pfSense experts. If that changes, I will concede.

danb35 · Oct 29, 2023

NickF said:
I reserve the right to disagree on this, as it's subjective.

Fair enough, but I think the placement of "halt system" (and whatever terminology they used for "reboot") in the pfSense UI is, by itself, adequate evidence that the UI was designed by, um, someone who didn't give much thought to it.

NickF said:
They are friends and allies to the cause

What "cause"?

There is already a fork of pfSense. In many ways it works very similarly. If you need functionality from pfSense that OPNsense doesn't have, it seems to make a lot more sense to work to get it into OPNsense than to try to make another fork of pfSense--even leaving aside the fact that this would be quite difficult since Netgate doesn't actually publish all their code.

But, of course, do whatever you think is best; I don't have any interest in being an evangelist for OPNsense. And Netgate have long since established themselves as bad actors IMO.

Ericloewe · Oct 29, 2023

danb35 said:
The OPNsense UI is far better, though that isn't saying much.

The year is 2023. pfSense still has the reboot option hidden away under "diagnostics".

Edit: Ninja'd.

danb35 · Oct 29, 2023

Ericloewe said:
The year is 2023. pfSense still has the reboot option hidden away under "diagnostics".

Exactly. It also has "system shutdown" there. Far removed from "reboot." And called "halt system."

NickF · Oct 29, 2023

danb35 said:
Fair enough, but I think the placement of "halt system" (and whatever terminology they used for "reboot") in the pfSense UI is, by itself, adequate evidence that the UI was designed by, um, someone who didn't give much thought to it.

When you use a piece of software enough, you get into the head of who designed it to some extent. Then the layout just makes sense to you. But I hear your point, and mine may be irrational, but it is myown. lol :) I also think, in general, that moden UI design is more chaotic in the pursuit of trying to be less chaotic. This is likely because there's just been more individual people involved with writing it. Cohesion gets lost when too many people have ideas that don't jive with the central narrative.

The more developers involved in a project, the more difficult it is to deal with cognitive dissonance. We just need to accept that fact when we consider next steps. We also need to accept that we have our own cognitive dissonance. That makes next steps even more challenging.

danb35 said:
What "cause"?

I think I would define it like this. The cause of keeping OpenSource software out there for the current AND THE next generation of IT Professionals.

I also maintain that my time is valuable and learning something new has an opportunity cost. I'd rather invest that time in hacking features back into CE than trying to start fresh. This is because I respect the fact that edge cases exist. It also jives with my laziness about re-learning the UI.

EDIT: I resolve that the community of "pfSense" (which includes everyone, Netgate, users, developers, etc) should at this time consider the state of "pfSense CE" is poor. No matter who acts first, the next action take needs to be a corrective action. I think I can help, if needed.

EDIT2: I am trying to have a deep level conversation that would better be had in person with a beer. There's a communication bottleneck here we are stuck with so I am sorry to be a pain in the ass :) My own level of cognitive dissonance may be too high. But I don't think that it is, in that I feel there is still merit to my central argument "the cause". I am here posting this in that I think iXsystems supports "the cause" too, they just don't have the resources or desire to act in this instance.

Davvo · Oct 29, 2023

NickF said:
All of the underlying differences between their CORE and Enterprise versions are up on GitHub. Anyone can hack those features back in. All of the HA code, licensing, what have you. There's no secrets with TrueNAS.

I was under the impression that a few Enterprise's critical parts weren't available.
Not like I am able to go there and understand anything.

NickF · Oct 29, 2023

Davvo said:
I was under the impression that a few Enterprise's critical parts weren't available.

That changed when they merged TrueNAS and FreeNAS codebases and started maintaining/publishing much of that code in middleware on Github

Davvo · Oct 29, 2023

Massive respect for iX if they give you the resources to get the Enterprise edition for free, proven you have the skills to do so.

NickF · Oct 29, 2023

Davvo said:
Massive respect for iX if they give you the resources to get the Enterprise editing for free, proven you have the skills to do so.

My point, exactly. Netgate? Perhaps not. We will see in time.

danb35 · Oct 29, 2023

Davvo said:
Massive respect for iX if they give you the resources to get the Enterprise edition for free, proven you have the skills to do so.

Even if that is the case, they prohibit it in the EULA.

NickF · Oct 29, 2023

danb35 said:
Even if that is the case, they prohibit it in the EULA.

Insert Spiderman Reference. I am not endorsing the practice of "hacking TrueNAS". I just respect the fact that iX has entrusted the community with the ability to do so. and I mean alot. I am just trying to highlight the difference between the "TrueNAS" situation and the "pfSense" situation. TrueNAS is in good hands and in good health. I think we all agree or we wouldnt be regulars here in these forums. The truth is hackers exist, and hackers should exist if a product is to be successful. That doesn't mean we should all be hackers.

Netgate has made a more restrictive EULA for pfSense, and thats fine.
Netgate has hidden the diffs between Plus and CE to some degree. This is fine.
Netgate may be closing in on hackers next. This would degrade the health of pfSense. I'm not sure we should let them, and we can do something about it.

danb35 · Oct 29, 2023

@NickF, how many forums are you going to post that on? I've seen it on four so far (plus Reddit), in each one claiming you have a "unique respect for this community." It looks kind of spammy.

NickF · Oct 29, 2023

I posted it on the places I most frequent and in communities I feel I have some sort of stake in. I think this idea is worth spreading. I am trying to maintain a similar baseline understanding throughout. I am looking for better ideas.

NickF · Oct 29, 2023

This seems relevant

Why FreeBSD?

Before going into why FreeBSD is now my preferred OS for learning UNIX let's review why I used Linux for a long time. I started with Red Hat (before RHEL) in the early 2000s. Tried to install it on a

www.aikchar.me

also this

mjg59 | Canonical, Ubuntu and why I seem so upset about them all the time

mjg59.dreamwidth.org

I am not the first on these paths and these seem like great minds. I think we're all just a little bit crazy to support BSD based anything in 2023. But there's still good reason. Even if no other good reason exists, software diversity should be viewed like life. Biodiversity is the key to life. Diversity in software should therefore be celebrated.

At least until the ship of software is sunk, there may be good reason to cling on to the mast for now. I'd like to see if others out there are interested in helping me help this situation. Maybe someone even at Netgate itself. We can all be winners here.

Davvo · Oct 29, 2023

NickF said:
I think we're all just a little bit crazy to support BSD based anything in 2023.

If it works very well I don't see why I should change and put myself in the hands of Linux Horrible Kernel.
Granted I am no dev and understand very little of code, but hey people still use C++: why should BSD be different?

NickF · Oct 29, 2023

Yeah, but we're still just a little bit crazy to defend it. Theres plenty of good reason to not use BSD that we ignore. Cognitive dissonance. We cling together.

Being a little crazy in this context is a good thing. FreeBSD serves enough arbitrary random use cases in 2023 to be viable. :P

Davvo · Oct 29, 2023

NickF said:
Theres plenty of good reason to not use BSD that we ignore.

Like? So far my (limited) experience has been the complete opposite.

Important Announcement for the TrueNAS Community.

pfSense vs. OPNSense?

Hall of Famer

Guru

Hall of Famer

Guru

Hall of Famer

Server Wrangler

Hall of Famer

Guru

MVP

Guru

MVP

Guru

Hall of Famer

Guru

Hall of Famer

Guru

Guru

MVP

Guru

MVP

Similar threads