 Welcome to a special live stream because apparently no one thinks I have internet access or something because they fill the need to comment on every non-pf sense video that that apparently neck heat change your license and I was aware of this this morning This is why I have forums where there's also a discussion going on about it but let's start with the changes and I'm not here to Doom and gloom with the rest of you or just throw hate although you are absolutely Correct that this was not communicated well was why would you make the changes have people complain in the forums? Make changes to the site before the blog post seems like the blog post should come first to let people know Hey, this is a decision. We're gonna make and wind it down But I don't run that gate and by the way, I will actually I'll show you something real quick here I've been a neck eight or more specifically pf sense if anyone recognizes this old logo I've been using pf sense forever my relationship as I like to disclose is Nothing more than a user who does occasionally talk to people who work for a neck gate because they have Let me have products at a slightly early access and I've done reviews on that's it. That's my entire business relationship I'm not even a reseller check your website. I just happen to Do a lot of videos on firewalls and I've been working with open-sourced firewalls for oh, let me Share this tab real quick to give you an idea If anyone can recognize just based on the text on there What firewall I'm running bonus if you can throw that in the comments here, but this is from 2002 Happen to have a camera and this was my old firewall set up from over 21 years ago So I'm known it's not news to me working in the old open-source world And then I had monowall smooth wall all kinds of different Wall that was included in many of the Linux and then of course monowall being a BSD and then pf sense and everything else So I'm a long time person who's been inside of this which is why I wanted to talk about it here so this is pretty simple and We're just going to jump right into what the changes are officially from neck eight Because they have a blog post how I didn't really want to make a full produce video That's why I'm just doing this live. I'll try to answer some of the questions But this is not to be the end all be all for license changes. I'll do a more concise video later because who knows this happened Seemingly a little bit quick. So I'm gonna go with there may be more changes coming from neck eight So why do one video to start with a live stream to address the Elephant in a room addressing changes to pf sense plus and home lab today We're announcing the homelab version of pf sense plus the Commercial fork of the open source firewall pf sense is no longer available for free download The decision to stop offering a homelab home plus I say home lab It's home and lab those are two separate versions one version was for home users one was for people who want to set this up in a lab you get pf sense plus and Yeah, they've discontinued it So I'll leave this blog post of course is linked right into this video and the reason they're doing it And this is important at least from their perspective here This is just stop offering the home Plus lab version of pf sense was made in order to align with net gates business model to better serve worldwide customer base And partners will continue to invest development of product support Further unauthorized redistribution of pf sense plus home lab is a growing challenge And multiple appliance vendors downloading pf sense home lab commercial version of the software and installing it on their own Appliances which then these then sell on multiple marketplaces and their own websites in addition to copyright relations are legal issues This illicit activity puts our value relationship with all of our stakeholders in peril Um, you can find these on ebay. There's no doubt amazon ebay Probably numerous other places where companies preload these with pf sense the non-net gate one And I get that that's a problem But I think this could have been handled differently, but I don't run pf sense. So this is not my decision to make I'm just like all of you except I have a youtube channel as well That doesn't I do a lot of tutorials on pf sense But I'm really not different than any of you and any of this But the part I want to get clear because this is the question a lot of people have is what does this mean for the future And because they're still offering the community edition Although every version of the community edition according to every doom and gloomer for the last eight years is the last version of the community edition It still has not died the C e version you can still convert back to now unfortunately, and I believe it says that right in here Upgrading from pf sense c e to pf sense plus nope We go on to the app set what happens to my current install a pf sense of home and lab If you currently have pf sense home lamb solid you can continue to use it as we continue to transition from the free Home plus lab the ability to get media updates and bug fixes features may be limited and require tax description If you need to reinstall the version you will be unable to find a no cost upgrade path from pf sense c e now the good news is if you are running the current as of October 25th 2023 here version you shouldn't have any problems reinstalling pf sense c e 2.7 And that config file should work. So I don't think there's any issues with that I haven't absolutely tried that but it shouldn't be a problem because I don't believe there's anything different in the config files So you can just go back to running standard pf sense c e but the Thing is the it it's aggravating to me because they pushed plus That's the best way to describe it. They're like, hey, we should use plus. They did a blog post And they had this plus for you know, I think it said it was let's get the dates right So I don't want to be wrong about this. So let's pull this back up And I believe the plus started in Yeah Right here February 14th. Happy valentine's day Is when they started offering the home edition for home users and I had done a video Like hey, let's use this and I love some of the feet. Well, I really didn't think the features were huge except I loved the boot slicing thing loved it. That was just having the boot environments awesome Like that as a feature That's probably the biggest home lab feature that you get out of it though. The other features aren't exactly as exciting for it. So Yeah, that's how it's going to be like that's it. You're not going to be able to Get that feature now unless you buy their more expensive license now from a business standpoint just so you know, I've deployed Absolutely a ton of not just for our managed clients but consulting and everything else and networks We built for lots of customers the neck gate appliances So this is actually no effect on any of them from a business standpoint The bigger audience that I have that watches these videos I mean, there's a lot of business audience as well But obviously the home lab people that I am enthusiastic with and love giving people in technology You're going to be the most directly affected that listen to me to say Hey, let's support plus and I feel bad now because well now It's got to be switched back to c e unless you would like to pay for the license And I don't understand this is the part that I'm hoping neck gate clarifies at some point What happened to the 129 dollar deal? I think a lot of home users would have been happy to pay 129 I think the companies violating the copyright would not be happy to pay 129 Therefore it wouldn't work for them to try to you know, keep loading this on appliance. I think there's a happy middle and I don't think we Yeah, it's just both things. I don't think neck gate found the happy middle personally Maybe they're gonna have a blog post later. So I'm throwing this out there because I was like, this is a problem You you've switched it but if they would have just went to that 129 I don't think when I talked about it I didn't have any hate in the comments and this has been discussed on reddit a lot like hey 129 a year for a firewall That doesn't seem unreasonable. You know, there's always someone that says if it's anything more than free Um, it's unreasonable. But for the most part, I would say the community was happy about it. But Instead they've decided that well It's not a thing. They're just dropping it and now the and we can go ahead and pull up the pf sense Where you buy the license now because there's a price on this So let's pull up their site software subscription Throw it back up on here because this is the current as of october 25th of 2023 It starts at 399 and or 799 for their enterprise support If I think they would have done good to just say, you know We said at some point in the future except was what the statements if you go back to february of 2021 or two They'd said when they came out with this they're going to have pf sense At some point in the future cost 120 90 year I think that's very reasonable for people to build it on their own hardware 120 90 year You get kind of a basic level of support, but cool. You get the plus version I don't understand why they dropped it. There's something I'm missing and don't understand and I see it that way because I don't run pf sense I like the company I should say I don't run neck gates. I do run pf sense actually, but specifically neck gates So I don't necessarily Understand that change But there's another elephant in the room I do want to address and it's not a popular topic and I'm not really Sure how to approach it So I I did a little bit of a write up in my forum And this is just back to me working in open source for a long time watching all these projects come and go and this is a real hang up right here of The things you have to deal with Somehow and everyone wants their free firewall. I get it and people like open source because it's free I get it but look at red hat. Look at all these companies There are some big contributors to open source that you have to address because if these companies whether you like them or not Don't exist and don't contribute the projects shrivel up and die That's just the way it works and if you start looking closely here And hopefully you guys can read this on the screen. This is in my forums. There's a link to this It's easy to find in my forum because it's titled pf sense license changes. It's going to be a hot post but Please note who's donating code back to this This is one of the things I pointed out and this is something I wrote off in my forums that Whether you like neck gate or junipers in there too, but rubicon neck gate the Contributors a matter of fact they're contributing more than juniper and by the way juniper is also based on free bsd These are not insignificant contributions juniper networks in rubicon. Why would they Commit so much code to the open source thing. Well, because it benefits them But inadvertently it benefits anyone who builds firewalls off of this which is going to include open sets So while the pitchforks are out and everyone wants to just hate on neck gate and hey, like I said, they miscommunicated This is not in defense of but it's an understanding of the ecosystem that I'm preaching here of you have to understand That this ecosystem does require someone to contribute code back or the ecosystem for firewalls fails Now netflix is a huge contributor But I don't think and I could be wrong But if you went through the commits that neck that netflix is pushing back to free bsd Yeah, I don't think they're going to be all about Making firewalls work better or anything like that. I can probably guess that uh, chelsea io does But nvidia probably has different interests as well in what they contribute there So you kind of have to look at the commits and breakups and this by the way, you can look up Like sponsor committers people broke this down for linux as well I've left the source of this this is actually from the free bsd foundation this year And this is just something you have to deal with so you can actually have a Update and all of the features keep coming through for open sense if free bsd doesn't get contributions to update the firewall because Missing from this percentage breakdown is open sense, which the reason I bring up open sense is because And let me refresh the page again. I want to see Like the open sense counter Okay, we're up to 38 comments on here in this reddit post I'm switching to open sense or people talking about open sense, which is fine I don't have a problem of people who want to use open sense people like try to people love commenting that That's fine. I don't have a problem if you would like to switch that's completely your prerogative to do so and It's just something to consider that we have to think about the entire ecosystem on this now I just wanted to get that out there. This is not the end all be all for this particular topic I know this is going to go on. I am concerned with it I have reached out to netgate and their reply so far has just been hey, let's have a We're going to do a blog post on it. I said great And um, I know at some point because I do you know, I know a couple of the people there So I said, hey, what's going on guys? And maybe we'll have a talk and I can have a more Informed decision and maybe they can update some of the release. That's why I wanted to do this video now to say Yes, I'm completely aware of it. Yes. I think some of it's kind of dumb I wish they would have handled it better But this is where we're at and uh, we just have to figure out what's going to happen next and go from there there's not there's not like a easy option for this of we just going to use an art firewall and All that because someone still has to write all the code that goes into the kernel That updates the drivers that makes all the things happen to make this usable. I'm going to run Down here and see if I can't answer a few questions before I wind this down Some people saying make it back up and install it. Yeah I Predictably people saying I'm happy with open sense. That's fine. I use open sense. If it was what makes you happy Hmm looks like ip fire. There we go. People people recognize that one Uh, it's actually going to be um back then. What would I have used? I had to look up which ones were available because I want to say it was ip cop ip fire came later or the ip cop was in the first post I shown about that Oh, let's see Oh, this is probably a good question If you have a net gate appliance you still get pf sense plus So you just if you need to reload it now as far as ce I think you have to ask them for it I don't that would be With the arm version It's very specific to the arm models that net gate use So you have to reach out to them to get the appliance versions For their arm devices And why actually any of them if you want uh the reload that's you just open up a ticket with net gate for that let's see I don't know if this will work you have a product key in your email We'll also be honored if I do a clean install do you happen to know I don't think so I don't think that'll work Net gate following IBM and red hat It's a tough thing. Um, you have to figure out The balance between making money on this I I think they're missing an opportunity by not charging 129 But that's my opinion And I hear some other people agreeing with me 120 in a year. I'm okay with I don't need most of pro features it's I mean from a business standpoint 399 sheep matter of fact as a business I want to say Just some of the arista stuff because we have a project that required arista And for those you don't know how much some of the you know, even the arista equipment cost I mean we're like 30 000 into just a few switches and things like that when you start looking at even the cisco equipment and some of those other firewalls you're talking about a substantial jump in price It's not even on the same scale as what net gate charges for price That's why we like it and it's why we buy so many appliances from our business use case But I always like encouraging people to use this. I just you know I'm not going to go over what I said earlier, but basically it's the same thing Like I wish they didn't change it, but here we are Sounds like I'll be dropping back to ce. Yeah, I mean I I am Jason yes, I did go live Me and Jason slaggle we're talking about this Jason's president of cnwr And this was a discussion that me and him had just earlier today. We're talking about how bsd is really Dying so to speak he I think the word Jason used was the bsd mailing list is kind of becoming a ghost town the Jason's a longtime bsd user by the way, and Yeah, it's not what it used to be and this means we kind of rely on these couple companies propping it up You know back over to looking at this You got clara systems who I believe does storage and zfs So you just don't have a massive amount of commits from other companies. This is Um, the narrow focus and the linux version of firewalls. Yeah, we're not talking a lot about those because Outside of open wrt. The linux firewalls aren't what they used to be either Those have mostly just fallen behind on features and things like that. So it's kind of it's just a big challenge Weather channel, apple, etc. Most of them have done. Yeah What happens if bsd dies? Well if bsd dies So does everything that's going to be based on bsd essentially if there's not enough contributions now It's not it's not like it would die in the same way necessarily But if you had let's say if the people who interested in using bsd as a firewall stop contributing such as going to be your Neckate and juniper networks Then it's not likely you're going to see new firewall features or enhancements come through to the bsd Netflix has their own use case because Netflix uses it for streaming And so they are a big contributor for the things that they're most interested in now The nice thing about the way a lot of this code works They are interested in building better streaming service. So they contribute code back Which means that you get better streaming From project even if you're not Netflix anyone who wants to you know Use whatever their enhancements that are being contributed in there they get those back and that's great But if these companies start using it, this becomes a challenge This is a challenge with your ass. This is partly and just a way things kind of worked out is You have a challenge of Let me get some water real quick keeping the interests aligned in the companies that contribute to it and Ah, it's it. Yeah, someone said is an apple bsd. Yeah, but she knows apples not on a list Apples not but it was pull back up and so apples not on a contribution list and apples not exactly free bsd It is but it isn't that's a different How you get the derivatives because uh, if i'm not mistaken playstation I don't know if it still is but I know the earlier playstations. I believe we're free bsd as well Someone can correct me in the comments if i'm wrong about that But I believe they were based on at the core bsd, but If the license doesn't require you to contribute back Well, that's what's going to happen is it's not going to there's not going to be any contribution back Um, I don't think they're going to grandfather anyone in on on the license like it's not your your I have for example a non-nucleate appliance. I purposely load and use with my pf sense home edition and this is Still working right now. I'm using it to stream this live to you. It didn't die. It still seems to get updates So I don't think they're going to get rid of it, but at some point Uh, you're not going to be able to probably upgrade to the next release cycle would be my assumption This is some clarification that I think that you could probably use in there open, uh Wrt is pretty cool Um, that project is one I've actually wanted to take a look at because I wanted to test it some more as an alternative, um, but they always seem just kind of Yeah, the not as polished as pf sense was as far as especially because I use it for so many advanced things Uh, the apple user space was originally free bsd the next step in kernel irc, but it's been forked a long time Yeah, it's so custom. It's not really bsd It's that was probably a better way to describe that Okay, so yeah playstation 4 is orvis. Uh osa forka free bsd as well Not a reasonable target pressure strictly homing for professionals of budget. No big deal. Yeah Vlog post is up from netgate. Yep. I have that. Uh, Alexi. I do have that. Um, uh in the in the in the links down below Yeah, these last time I looked at it just felt I see someone else called it clunky. I'm assuming that's what they're talking about it And this is kind of my answer right here for home use you can still use pfc ce there's the only thing you're really In my opinion, like your big thing you're missing out on with pf sense ce is the boot environments I think that's a really cool feature And it sucks that now you would have to pay 390 90 year to get boot environments I think I don't know. I I really think pf sense missed the boat on that 129 I know I said that earlier, but yeah, I'm not going to keep this going for two weeks longer. Um And yes, open wrt is definitely more targeted at routers, but it's kind of interesting because they have For the zima board and open wrt install, but open jrt just doesn't uh feel Polished is the way I would describe it. You know, that's the It's probably easy. This is simplest and it's been a while since I use it, but every time it just I don't know and it doesn't feel as easy to load. It doesn't feel to be as well documented So these are all just kind of Big challenges that you face if you're trying to use that This is what you're missing out on for anyone who hasn't seen it because I've seen someone ask Although this in here, you know, this is the system boot environments that you can set up So you can just reboot it to a different environment now If you have a p if you have a neck gate device This doesn't change anything for you by the way if you didn't hear that earlier But if you are like myself and this particular one It's because I wanted to do something that the home community that I talked to a lot is doing This is an appliance that is not a neck gate appliance and it's still working so far. So Open wt is a fun tinker toy, but not great for production use. Yeah, it Is someone says open wt is like n64 so v versus ps4 I that's how I felt when I looked at it last so I'm glad it wasn't just me I I sometimes think I might be biased because I know pf sent so well And I'm like, ah, you know, I feel like a lot of things are missing and stuff like that, but Yeah, uh for businesses 399 is a sales tax for some commercial options. Uh, yeah, that's Neck gate still from a business standpoint and this is what we do at cnwr That's where the tech side of things go for those. You don't know award systems is where I produce all the content cnwr is where everything else is and yeah, that's Um at cnwr we we still look at that as a really reasonable cost compared to other options when you start looking what else is out there And I mean granted there are things missing from pf sense and when people say my use cases I really need great lever layer saving filtering. I will steer you away from pf sense if layer seven filtering is a requirement I'm sorry pf sense is not it if you would like a centrally managed Sericata or snort ids system. Sorry pf sense is not your If that's here on your requirement list, you're not going to get a recommendation for me to use pf sense Simple as that and Jason's point not here to be fair licenses have always been restricted for pf sense plus from production business use Yeah, it's uh It's just different how I don't know it's aggravating that they're doing all this there is no doubt That's why I made the video here, but I'm not here to dump on them I'm here to just talk about the big picture the free bsd Elephant in the room that if neck eight doesn't contribute code back and many other people Yeah, that's uh Gonna be a challenge and the other side of this because I see I don't know how many more people have mentioned Uh, uh vios cool, we got a vios mentioned awesome vios is cool The the challenge and this is where when we fork out to what are we going to use instead? Is what you know the community and whenever the community is unhappy they vote with their free download somewhere else It's because you're not punishing neck gate by not downloading the free version from them You're just choosing a different version where you're putting a download there Ultimately though What makes pf sense so popular and why I've done so many videos on it is one it works To there's a ton of documentation I am read as someone has so eloquently said on many of my videos tom All you really do is rtfm and make it into a video and i'm like Yeah, somehow I made the youtube channel that has a whole lot of me reading a manual and then doing a video tutorial Um, that's not wrong, but that required documentation to exist. This is where pf sense has excelled is keeping a really good documentation That is something to be said still and it makes it hard to switch So for those of you looking for the solution the now solution because you want to do something Well, you can just switch back to ce But if you don't have to do anything today because nothing broke today other than if you're going to load fresh today you're going to load version ce and Best I can tell and I will do some validation on this and confirm all of it You can load using the same xml file that you download from your current home plus edition that whatever the current release model is of october 25th of 2023 and then you can Load that config file in the ce and it should work perfectly fine. So you don't have to reset everything back up Now let's see here I don't understand that question Yeah Open source has fueled the products now they think they've gotten big enough that they don't need that Time will tell this comment pattern open source stuff. Stay tuned In general, uh, I I'm a big fan and if you follow me on Whatever elan's calling today. I think it's x or twitter and linked in and other socials I've posted the series from kory doctorow about the Enshanification cycle and that's what we're always watching to see if companies are going through that You can use boot environments via cli just not web GUI. I don't think so I believe if you have the ce version you can't do it via the uh, I There was a discussion someone sent that they thought they should be able to do it that way And it didn't work and I don't remember why it didn't work, but it didn't so And here's someone else. I use the ce version because it works for my needs Ce is perfectly fine for most personal usage. Yeah, you're as far as like you have warrior guard You have open vpn. You have the two most common things people ask about uh, you have tail scale. There's another one and What else do you need boot environments to be nice, but they're not required So the other features that come with it are I don't think is boot, you know, uh, that big of a deal Why do you recommend pf sense so much over open sense? my biggest challenge I've had in the past with open sense is really The fact that open sense is Just a little different not as well documented as pf sense and has a lot more updates Those updates can be a problem And so I don't always know how to get things done in open sense I might be a final one because I've had things where I don't know why I couldn't make something work in open Sense because I tried a couple times and I scratched my head and I'm like this is easy to do in pf sense Why isn't this working in open sense could be completely me? But my googling wasn't helping me solve the problem So I got aggravated with it more than once and I tried to actually I was for a while I was going to see if I could do videos on both But uh, trying to do both just became too much of a challenge for too little value There's other people making open sense videos So that exists There's other people documenting it and I haven't tried it in at least a year now Maybe two I think it's been two years since the last time Almost two years at least since last time I tried it, but I have no problem if people try it like I don't have any hate for it, but Uh dco is still in beta, but it is a pf sense plus feature. So yeah IP set client export. I can't really think of that being a popular home user feature. Um, so So Yeah, that's another one there Sophos home is great. Sophos home license for free. Um, you know, and I believe Yeah, jason's nailing it right here when I said earlier me and jason agree We think a lot of like a hundred dollar a year or what they were saying was 129 a year, which I whatever $100 a year to to uh, get a homelab license makes sense to I bet the majority of the 478 people watching this video right now. So hopefully There's a future where pf sense goes, you know There's 478 people watching tom's live stream thousands that will probably watch this later And uh, we could probably make a oh, I don't know 100 bucks off each of them I mean and and support the project and not have angry people. I'm hoping that's the decision they make I'm not anything more than some dude on youtube who uses pf sense But hey, I want to give voice to all of you who probably agree that a hundred bucks a year would be really reasonable to do this so Last time he's open sense the traffic shapers still use ipf w which has a different set of rules You need to use for a pf sense. You can alias and put cues in your rules Yeah There's there's some nuance differences on there You know, I've done some untangle videos that were never popular. Um, but untangle that exists as well but yeah, I I'm gonna wind this down here and I think uh Back to tv later Yes, I think the same thing for me. I've answered as many questions. I don't want to just drag this on forever I'll just have to repeat myself and that's not very effective Hopefully I will have more information at some point in time And maybe pf sense and the net gate will make net gate will make some changes Maybe they'll bring back the license Maybe there's some reason that they'll add an addendum to why they didn't that would be really cool Until then well check their blog post. That's where the official things are stated. Feel free to hit their forums up There's lots of discussion going on right now Go jump on reddit and say open sense because I'm curious how many times on these reddit posts people will say open sense Let me refresh it and see how many more times they've said it Because that is oh, I still at 38 I'm just you know looking at these reddit posts and things like that So hopefully this helps everyone at least know that tom is aware and uh, yeah Have a good night everyone more news when there is news That's all there is for now. Just reread that net gate post a couple times and uh, hopefully changes in the future. Thanks