Addressing Licence Changes to pfSense Plus Home and Lab

Feeling smug about picking OPNsense for the new office...

This seems to be an ongoing problem with open source and open source licensing. Companies want others to contribute but once the product becomes good enough they lock the open source product and change the license by hiding it behind a SAAS subscription with a new user agreement. Seems like it's time the big players and the Foundation need to address this before it gets out of control.

I remember when Plus came out, there were people warning that Netgate would be doing this or something similar in the future. Many people didn't believe it or eventually decided to ignore it. Netgate has a weird history and a record of missteps and questionable decisions that they then defended in a not-so-professional manner. Like many, I would be more than willing to pay - even for CE - but not nearly that much.

I went to opnsense about a year ago when netgate just kept being insufferable rude pigs. Took a bit of getting used to, but it's rock solid. Now I wouldn't use anything else.

Sad I converted to Plus, CE did everything I needed. Time to give OpenSense a second look.

be optimistic all you want. Once a company starts these sorts of rug pulls they don't stop. Period. Never have been in the doom in gloom crowd, but this pattern of behavior is a well cemented one in the corporate world. You give a mouse a cookie, and it will inevitably not stop till it gets the house.

They told us to move from CE to Plus because it was better and free for home use. Now if I change any hardware on my box that runs Plus, my license becomes invalid and I have to pony up $400 or revert back to pfSense CE and lose features..... just wonderful. I've already had my license invalidated once when I changed network cards so this is a real possibility again.
Netgate isn't a good company, no morals, no ability to stick to what they say etc

My pfSense install f-ed up at some point and wouldn't do OS or plugin updates no more. I guess it was a good choice to revert back to OPNsense.
I will not do subscription models.. ever.

I've been a subscribe of this channel for many years, so i understand your reasons as you've mentioned it many times before.... But.... i think it could be a very lucrative/wise move to make a start on making some videos about that "other" firewall. It sure would boost the subscriber base! Diversity is key...Lets be honest... at some point Netgate "might" close the door, and when or if that happens it will leave a lot of home users like myself without an option.When that happens you'll already have well produced/trustworthy content to help us switch. It would be really nice to have a channel as good as yours to supply well produced/trustworthy content on setting up that "other" firewall...
When that time comes.... You'll already be there ;)

Bybye.
Hello OPNSense.
Pfsense doesn't appear to do much of developing and bugfixing anyway.

They pushed Plus, and I moved to Plus a few months ago. These guys keep changing their tune. Super annoying. Oh well, time to set aside some time and move to Opnsense. I hear Opnsense community is much nicer too.

What an opportunity for you to expand your audience and start producing some opnsense videos. You could keep producing videos for both firewalls

Getting sick of companies (Vader voice) "I have altered the terms of service pray I don't change them further"

10-15usd per month for home user license sounds not that bad, but the 400USD per year is a bit steep... the worst thing is they had strong push to free plus home/lab licenses that were free and now they just pulled this stuff...

HEY! This is my livestream timeblock!

I would happily pay around $30-40 per year for home use of an open source product. Income from home users will be a drop in the ocean compared to commercial income whether they charge $10 or $200

$399 is totally unaffordable for home users. So back to CE. Most likely I'll immediately try Opensense. I thought it said TAC lite is gone. They just screwed themselves, and all of us who followed their advice to move to the free home lab versions. I feel like "how to install Opensense" is going to be trending.

It's not the change that bothers me. It just costs so much. For a home use case, $30 to $60 is a more reasonable yearly cost.

Would pay a one time fee but that’s it. Even $129 per year for a home user is too much.
Seems like solution would be to either buy one of their appliances or switch to something else..
I think they’ve got one day to straighten this out. As of 9:55 AM this morning this video already has 13,000 views. If they don’t straighten this out quickly it’s going to be difficult to stop the momentum of people looking for alternatives and being aggravated about the whole thing

When people said this wouldn't happen back when I read the writing on the wall (same with Red Hat and other projects) and moved to opnsense.

I was hesitant to upgrade to Plus because I was afraid of a rug pull. Now, I gotta redeploy to CE. Just disappointing.

Nobody was going to pay $129/yr. Pfsense is now going down a death spiral as the dev/enthusiast community will abandon them. The writing on the wall is clear that they will abandon CE as well. The race is now on to see which project/team will rise up to take this marketshare...

And this is one of the huge reasons I didn't upgrade to plus. The other being that my system works fine and I didnt feel like doing an upgrade like that for features I didn't need.

Changes like this kept me suspicios moving from CE to Plus that this will happen sooner than later. Sadly that was true. 👎Good luck with convicing the pfSense community that CE will not be ditched sooner than later. Nothing wrong with willing to make money but turning your back on community who preach your products and services is something I cannot agree with. However, all the best to Netgate and their future plans!

shock horror ... drip drip drip :) watch the community edition *slowly* become the "poor mans edition" over the coming years... money talks and money walks! time to get my head around openwrt over the coming months, so much choice of hardware once reflashed with it, please please please do some vids on it Tom :)

I recently got an email that my 3100 is EOL because FreeBSD no longer supports 32 bit. I have only had it for a few years.... I have supported PFSense for 15 years plus, deployed it for many customers. How could they sell these in good conscience knowing they would pre-maturely hit with EOL? Very frustrating business lately

I think one of the core issues they failed to address is the bigger why? Their appliances aren't perceived that good anymore, from a hardware perspective (whether people actually use the computing or not). I think people want to pay extra for a pre-installed box, they are just doing that by buying (mostly) compatible, tested hardware from those other vendors. These vendors ask a hefty fee themselves if you look at it from a hardware POV.
I think if they paid a bit more attention to that side of the market and toward the prosumer, much could be solved here. This has been a question mark for me as well. You have the decade old 1537 and the 1541 whom even gotten pricier over the years (where I live). The side of the business they have neglected, in my opinion, is conveniently the one they are blaming others appliance vendors to fill.

I am in the process of buying the gear to build my own homelab and was looking at using pfSense. I was ok with the $129/year for TAC Lite. It sucks that they just removed that option completely. I feel like $129/year is a reasonable price for home use. Obviously I would prefer it to be free for home use but if I have to pay then $129/year then I'm ok with that. I'll have to load pfSense CE into a VM and see what's features are available there. If it has what I need then I'll go that route because the experience of knowing how to use pfSense is definitely worth it for a career in IT.

Bye bye pfSense, im transitioning to OPNsense
Maybe the future of OPNsense is a linux based fork? (if FreeBSD is slowly dying)

As long as they keep offering the community edition for free I’ll keep using it.

I was debating on upgrading to the free + for homelab. Glad I’m still on CE!

How do I downgrade?
If I backup the config pf-plus and restore it on a CE, it shows a warning message that does not seem to go away.

I remember running ipcop in highschool on an old HP netserver (8u, ~125lbs full of 18K SCSI drives, 4x1,800W PSUs) that I diverted from a landfill when my ESD company let our computer class have REALLY old systems collecting dust in their warehouse. It was completely overkill and I was way in over my head, but it was a great primer and taught me how to negotiate with Verizon's Tech Support to get them release the 11 day DHCP lease that our home router had been given. Great throwback! 😂

Glad I switched to OPNSense a couple years ago. Don't think I will ever go back.

I'm so glad I chose to install CE. Now, I just wonder how long CE will be supported.

The GL.iNet travel routers use OpenWrt with a much more refined interface on top of it. It’s limited to the particular configurations they want to promote on their devices, but you can drop down to the full OpenWrt interface when you want to.

Ce is not a bad option. Ive been using it since the early 2000s as well. I have clients with IPSec tunnels and remote offices using Ce, and have been for years, no issues. Keep a spare appliance, and a current config backup, and your gold.

Personally, I've paid $5/mo for Arista NG (formerly Untangle) for years, and IMHO it's a much better experience than PFS. Arista Plus version is $150/yr I think, which includes things like Threat Prevention, WireGuard, etc. Maybe worth a look for some.

I'm glad I procrastinated and stuck with CE.

Remind me again why people want a web interface for this stuff? It's pretty trivial to install freebsd or openbsd and update rc.conf and pf.conf as required. 30 mins in a text editor in exchange for not dealing with some third party changing the rules on me on a whim sounds like a good tradeoff. If you're not competent enough to edit some config files you're probably not competent enough to configure a firewall.

Their reasoning doesn’t make sense and they expect home labs to spend $400/yr for a license.

boot-envs are cool and such, but another feature you're missing out on it Intel QAT, which is also only available on plus

Glad i switched to OPNsense a month ago and get an better Firewall with Zenarmor IDS/IPS built in. No more ADS and Secure in one package.

I use OPNSense with multiple network handled by firewall rules. It was really easy to get up and running.

Really good news for OpnSense!

I actually bought a PFSense appliance in 2020. I wanted an easy path for installation of PFSense, but more importantly, I wanted an ARM-based appliance. Also, I felt more like I was supporting Netgate for their work on PFSense. Commonly we talk about how Free is Free as in freedom rather than free beer, but I feel that the community doesn’t actually believe that. The dichotomy around the price of free software really needs to change.

Using Protectli FW6C, tried to upgrade to 2023.5 from 2023.1, seem to work but after uninstalling pfBlockerNG, the reboot failed. Not sure if the boot failure was related to the licensing or the package corrupted the OS. Was just trying to get closer to the 2023.09 version. Ended up installing CE 2.7.1. Perhaps I will try installing pfBlockerNG again, but not today. The re-install took a couple hours as I don't do networking often and forgot some of the steps. If netgate lowers the price to under $50/year, perhaps I will go back to plus.

I'm a bit behind ( 3 months I guess ), but I just watched this video. It got me curious so I just checked my plus version and PFSense+ is reporting the last update was December 9th and I am on the current version ( at least that is what the dashboard is reporting ). Maybe updates stopped after December 31st for me? I'm not sure.

I have tested the sophos free firewall and there are some futures I love but still preferred pfsense since the main futures I need is easier to setup

I run my own business as an MSP and can tell you all, the normal enterprise grade firewall licenses go for way more then $125/yr... last one I quoted was a Watchguard T45W license that goes close to $500 and that was just Basic Live Security (mine you still has a lot of security features) the Total Support was like $1k/yr. I do agree the current prices are a little much $125 would be a good price point. Especially when I can get a tried and true Watchguard license for the same price or cheaper.

I switched to OPNsense when they pulled the shenanigans last time - haven't looked back.
It does everything I need it to do and I feel more comfortable knowing that I don't need to switch and reconfigure due to a licensing issue.
If I needed web filtering, I'd pay for something that actually does it properly. On PFSense it always felt like a feature in a beta state.

Untangle is more reasonable for home now?

I believe, and I could be wrong here, but QAT was a PFSense+ feature. I may have to move to OpnSense as it is enabled by default if the hardware is there.

I initially did Opnsense but was having issues with firewall rules. Could not get the dang thing to work. Switched to pfsense and no issues with firewall. Might have to take a crack at it again.

thanks Tom for the video
I'm pretty sure netflix contributes quite a lot of networking related code , simply because you can't have streaming without networking

6:09 QAT accelerator support is the best feature

Why din’t they made an “optional update” button to revert back to CE… 😢

I've looked on the site today and I see the Lite TAC license for $129. I feel that they've maybe come to a point where functionality has improved enough for subscription and the support demanded by subscribers may be achievable. I hope the CE version continues and improves.

I really like pfsense and netgate. Good bank for the buck.

Thanks for this informative video Tom. I bought a Netgate 1100 appliance for home use nearly 2 years ago, currently with pfSense Plus 23.05.1-RELEASE. I've been quite happy with it and have learnt a lot about networking and firewall setup in the process. My question is (for anyone who might know), does this change affect current users of Netgate appliances (meaning I would need to pay licence fees for future upgrades)? Like many here who are thinking of jumping ship to OPNsense, would that be possible with a Netgate appliance?

My annoyance is that they insisted we move to plus from CE if we wanted new features sooner (like finally moving away from FreeBSD12).

399 per year for a firewall is a lot even for my small company. 129 a year I would pay, 399 I might, but will not be happy about it.

I do not disagree with their policy going forward but giving something on which people base their system and then taking it away is not reasonable in my view. Eventually I will have to revert back to the CE edition or move to something else, great!

It is a paid option, but what are your thoughts on Mikrotik RouterOS.

So CE is going to stick around, and people are ok if they want to continue using it?

The current version should be the new CE then.
What bugs me is because i was able to build my own free box i was able to test and use the platform for myself first and then in turn i purchased negate hardware for my actual clients for deployment.
This does push a nerve for me it was a perk for supporting them imho.
I don't want to support hardware i don't use myself and i don't want to spend more and more $ on my personal network when i don't need too.
Guess i need to drop Netgate as an appliance for my customers going forward, it was nice while it lasted.

About time the complete open source society should go to court in a class action! And show a judge how they gave free contributions to this FREE open source software projects with the understanding it IS FREE and STAYS FREE!
These filthy license changes are nothing different than a wolve in sheeps clothing!

Strangely, my pfsense box with pfSense+ Software Subscription Home (Non-commercial use) update without a problem to 23.09-RELEASE (amd64) built on Tue Oct 31 16:56:00 -03 2023

"China won't respect our copyright and illegally sells products with our software. You know what will totally stop them? License changes that only our loyal hobbyist users abide by. Screwing them over instead of the problem people totally won't have any negative effect on our brand..."

I agree missed opportunity here and some people will go to opnsense just for a sake of doing it. Home lab $99/yr licence will be ok for most and will pay some netgate dev time.

Whats on that old box, FreeSCO?

I am confused. I purchased a Netgate router for my home. Do I now have to play for a subscription to get updates?

MacOS isn't FreeBSD, the added parts of BSD to their Mach kernel and userland.

Was that smoothwall on the old picture?

I just started getting into pfsense....😢 Back to looking for other projects.

Getting rid of the $129/yr option doesn't make sense. I paid for that sub but they don't say what's happening with that...?

Looks like there's now a $129/yr option on pricing (for TAC "Lite")

Hi Tom I am about to purchase the netgate SG2100 appliance, will I have to pay for a license every year to use this appliance from netgate ? I am confused now.

OpenWRT is also just super minimalist, as it is trimmed for efficiency, so you can still load on weak SoHo Routers and even access points.

Nice to remember that old IP Cop. Build a heap of them

First the license changes were to keep the code base similar, thus faster updates. That clearly wasnt the case. CE updates are far behind and growing! Now even more restrictions... At what point do you see the writing on the wall?

I'm currently looking into VyOS, looks very promising so far. But it is CLI only for now, but very suitable to deploy with Ansible.

I just got my first ofsense up and running and honestly ifnyoubsaw the open wrt is not polished ... I can't imagine what it looks like cause I think pfsense interface is meh at best
I mean I set a static route... removed it but it was still in the routing table. That's like a basic thing I should expect from a router. Notnhaving to reboot after changes

The voice of reason. Thank you Tom.

I have a "valid" license of for Plus Home/Lab version, but I never actually converted from CE to that version on my firewall hardware. My understanding is that it is impossible for me to change over now. This is the problem I have with the situation (if that is in fact true).

There is absolutely a happy middle ground... but few organisations are frankly mature enough management wise to do so.

They haven’t added any truly good features to plus that would make it worth the cost. If they added some AI features, cloud managed environments, a new UI, and some other stuff than maybe. But other than that it’s not worth it. I’ve supported pfsense so much over the years but this is a bridge too far. I’ve never looked into OPNSense but may do so now. How to shoot yourself in the foot as a small company that was built by home users. Yikes.

I imagine Netflix is heavily invested on networking performance which likely benefits firewall use cases, though they probably contribute only limited actual firewall code other than performance tweaks. They also probably have interest in stability and general core functions which benefit everyone.

Would be interesting to know how many people bother with the downgrade to CE compared with how many people take this as an opportunity to jump over to OPNsense or try something else

How about just using pf(4) & pf.conf(5) on openbsd? (Not serious - fun lab project though)

Switched to H+L two weeks ago. *Sigh*. But no hate. They are doing what they think they need to for their org. I'll go back to CE.

Sad to see but thats the way companies are going. I'm using the CE 2.7 version for now still.

From what I see on the pfsense-software-subscription page they still have the pfsence+ tac lite for $0 now and $129 in the future (scroll down to the middle).
Isn't that what you were looking for or mentioning that it would be good to keep it? Or am I missing something?

Whats a better option than pfSense for layer7 filtering??

Tom, isnt the TAC lite (127/year) still an option from within the CE as an upgrade path? Even though its currently $0/year

I'm willing to pay, but not $129/yr
I don't need or want negate support, i just want the software.
I would pay a one time fee of $89, or maybe $19.99/yr. I've bought other software, namely Plex and unRAID.
I would have stayed with CE but the compelling reason for plus was zfs and boot environments.

Can you do some videos on OpenSense? I have so much stuff going on and having to deal with this bombshell right now is totally unexpected. Damn!

I use OpenWRT for my Ubiquity Unifi 6 Lite wireless access point.

OK, I'm confused. So pfsense+ is not an option because of the cost (too costy for home use), so I would use pfsense CE. But did I understand correctly that CE will not be maintained...

... $129 is 20x in South African Currency... its to much for me as a home user... it this is their demand... for something I installed and it just sat there, working.