Coming soon…2.0-RC1
We’re aiming for the first 2.0 release candidate soon. We need your help to reach that milestone. The vast majority of the open tickets are in state feedback, meaning they need testing and commonly feedback from the initiator of the ticket (or someone else who can test that specific scenario). If you have opened any tickets currently marked as feedback, please follow up there. If you’re in a position to help test any of those, or contribute fixes for the few that are still open, we’d appreciate the help. Thanks!
Tags: development
November 29th, 2010 at 8:54 am
Great news!
For me to start testing, I need one thing confirmed: remote upgrades of the software are stable, and upgrading from beta, to RC1, RC2, … to final is possible remotely.
My setup will consist of two appliances, one at a colocation provider far enough away to be in another time zone, and one appliance locally.
I can’t test until I know I won’t have to hop in an airplane to resuscitate the remote unit. As long as log-in and software update are stable, the rest I can deal with.
November 29th, 2010 at 1:22 pm
This is exciting stuff. I’m pumped to see this moving forward so well. Hats off to the pfSense team.
November 29th, 2010 at 4:10 pm
Can’t wait
Thanks for the great works!
November 29th, 2010 at 6:15 pm
Excellent news! Thank you very much for your great work!
November 29th, 2010 at 9:30 pm
Kudos to the developers! ….this is going to be a good Christmas.
November 30th, 2010 at 2:15 am
rcfa: upgrades are fine from alpha versions to beta to RCs to release. Some of my production systems have been upgraded 50+ times in the past year. There is always some risk inherent in upgrading to snapshots as they don’t get individually tested and there is always a possibility of one catching only part of a multi-commit change, though at this stage of development massive changes like that are rare, and we’re good with restarting snapshot builders before anyone can get a bad snapshot. Always test before upgrading anything in production, I just make sure one of my test VMs upgrades and boots fine before installing that snapshot on my production systems.
November 30th, 2010 at 3:09 am
I have been glancing at pfSense for the last few years now, and have been held back by only one thing: a lack of native host-header forwarding. I run a number of servers, but have only one external IP address. I eventually intend to have a load-balanced setup across two ISP’s, but right now I only have one.
Even if I have to drop down into the commandline to exit text files manually, I would love for pfSense to have some form of host header forwarding. Even a simple implementation (I have only one email server, so anything else will be vanilla-plain http across my various web servers) would be awesome, as I am not keen on adding another kitchen sink onto pfSense’s kitchen sink just to obtain host header forwarding.
Any idea if this would be possible with the default install, even if it is all vi commandline skullduggery?
Also, if I go for a set of 4-port SUN NICs, would I be able to “partition” the resulting network so that internal machines would only be able to see the router, and nothing else? I want to be able to “isolate” any web-facing connections on the 10/100 network from each other, and run a private internal gigabit network for any inter-machine communication. “Partitioning” the Internet-facing connections seems to be the thing to do, but is this possible with pfSense?
Yay for 2.0, regardless!
November 30th, 2010 at 3:12 am
Rene: what you want is a reverse proxy, not a firewall. There are packages to accomplish that, haproxy, the Apache mod_security reverse proxy.
November 30th, 2010 at 12:29 pm
Great, Great News, this is an excelent Chistmas gift. So It’s time for all of us (users and non full time developers) to put an extra effort, to find and/or correct bugs.
Best Regards for all members who can do this possible.
November 30th, 2010 at 1:30 pm
Fantastic! Well done you guys! You get an extra ration of pizza and beer!
November 30th, 2010 at 4:10 pm
If anyone wants to stay up on pfSense development outside of this blog check out http://twitter.com/#!/sullrich/lists/pfsense-developers
December 2nd, 2010 at 12:27 am
Maybe I’m blind, but I can’t seem to find the Issues in redmine that I Starred and get email notifications for…
December 2nd, 2010 at 12:31 am
Uxorious: you can use filters to view all issues you’re watching, when you’re logged in.
December 2nd, 2010 at 1:07 am
Ah yes I was indeed blind. Thanks
December 2nd, 2010 at 5:28 am
Nicely on time. I’ve just auto upgraded my vanilla 2.0 test firewall on a desktop PC, from 2.0-BETA4 from a month or so ago, to 2.0-BETA4 as of December 1st. Still works fine.
December 2nd, 2010 at 2:34 pm
Great news!
Thank you for your work!
December 2nd, 2010 at 8:52 pm
nice
December 3rd, 2010 at 8:57 am
Congratulations on the job, I am awaiting the release.
December 3rd, 2010 at 10:12 am
It’s about friggin time…. I mean, very nice!
December 3rd, 2010 at 3:30 pm
Will it be compatible with hyper-v server ?
December 4th, 2010 at 10:51 am
Just upgraded to snapshot 2 and everything is working smooth with a few exceptions of course. I am not a coder but will help out in any way i can. Again thanks for the great software!
December 5th, 2010 at 6:46 am
Hi Everyone,
I have a questions for new version.The new version will have features such as web caching, and basic content filter right? Can we use a captive portal on WAN interface features of the new version?
Many Thanks.
December 6th, 2010 at 11:19 am
Boa Tarde a todos do pfsense! Aqui no Brasil utilizo o pfsense como servidor wireless estou na expectativa do lançamento da versão 2.0 como as novas funções para eu possa utiliza-lo onde trabalho como router firewall e filtragem de pacotes como no url-filter. Bem é isso vocês são os melhores e estão de parabéns com incrível sistema desenvolvido para todo o mundo.
Abraços e sucesso a todos.
I LOVE YOU PFSENSE!!!!
December 6th, 2010 at 2:05 pm
wow… just upgraded from 1.2.3 i386 to 2.0 amd64… (today’s snapshot 11:56) (no real issue so far) I’ve only started looking around but I am impressed… I expected the same tried and true firewall I have come to greatly admire… this new version far surpasses the available features in the older versions. “system tunables”… very cool…
December 8th, 2010 at 5:56 pm
I have been running version 2 BETA 4 in a test environment for several days now and all I can say is “Wow!”. No major problems yet. Very nice!
December 8th, 2010 at 6:55 pm
[...] pfSense 2.0 RC1 almost here: Coming soon…2.0-RC1 [...]
December 9th, 2010 at 6:22 am
tahniah! to all those contributed… thank you
December 11th, 2010 at 5:33 pm
our production environment will have to wait for the final, but I’m quite tempted to upgrade our office firewalls from 1.2.3 to 2.0b4
thanks for all the good work!
December 13th, 2010 at 2:42 am
Have to say this!
Just installed 2.0 Beta4. Outstanding work.
Absolutely love “User Manager”!
Absolutely love “Cert Manager”!
Absolutely love the work done with OpenVPN!
Absolutely love “OpenVPN Client Export”!
December 15th, 2010 at 2:36 pm
We have upgraded six differents sites to 2.0 beta4 since 1 month ago and everything is working very well.
All sites with proxy, pptp vpn, ipsec and one site with mutiwan.
December 16th, 2010 at 6:12 pm
@ilias
Don’t see why it shouldn’t work. I run many pfSense boxes in VMWare and I suspect you should have no problems with HyperV.
There are a few gotchas on VMWare and probably on HV as well. The one that springs to mind is that on VMWare switches, by default they disallow promiscuous mode for NICs which buggers up CARP.
So, try it and see. I’m sure we’ll all be grateful for your testing notes and insights on the forums (have you looked there yet?)
Cheers
Jon
December 17th, 2010 at 11:57 am
So far this is great BUT there is one major thing missing totally. SSH management. We really need this side by side with other VPN methods, like ipsec and OpenVPN. What is really needed is aka. SSH tunnel manager and SSH keymanagement. We really need to get all the SSH functions to work via WebUI. Now this pfSense works fine as SSHD server but the usability act as SSH gateway and client is poor.
pfSense is so close to be perfect that I really hate to see lack of full SSH support missing from the final version. This feature could be done as package. All the functions of SSH is there but only via console. I really hope that someone could start to develop this SSH Manager UI. I’m not able to do this (read I just can’t
– my skills are not in that level that I could do this)
December 19th, 2010 at 11:29 pm
Excelet!!!! Cheers for the team work and Happy Hollydays!!!!
December 20th, 2010 at 3:41 pm
In regards to remote upgrades, airline tickets, etc – I highly advise the use of IPMI support (easily found on many of SuperMicro’s “-F” mainboards) on primary router hardware, as well as crummy Atom box stapled to the wall with an alternate DSL or DMZ network connect, to serve as a back door. I can be an idiot and wipe out my remote routers without having to hop on remote reinstall. A real lifesaver.
December 22nd, 2010 at 10:36 am
xmpp-man, a few years ago, I contributed a shell designed to be used with ssh tunnel as a sort of VPN without shell access (I’m no sure if it’s still included in pfsense). Is this what you are talking about?
December 22nd, 2010 at 5:47 pm
@Adem – cache etc functions are usually handled by something like the Squid package. Captive portal on WAN port doesn’t make sense, or was that a typo..?
@Tito – are you doing QoS on the multi-wan?
@xmpp-man – while ssh can be hacked into something resembling a VPN that’s really not what it is designed for
December 23rd, 2010 at 10:42 am
I test the version 2 x64, very good work, i conect two sites by ipsec by fiber optic internet gigabyte, very fast, throughput 60 mb/s.
Roadmap for the final version?
Thanks for the work !!!!
December 23rd, 2010 at 2:01 pm
Great news! Just can’t wait to check the new RC in a small ISP environment. I can use some 1:1 natting and multi-VLAN routing features.
December 23rd, 2010 at 2:09 pm
The world is waiting on the pfsense 2.0. Does started 2011 with this wonderful tool. Merry Christmas …..( Brazil)!
December 23rd, 2010 at 7:18 pm
Very nice work indeed. Almost 1 year since beta release. Glad to see such thorough testing.
Go team pFsense
December 23rd, 2010 at 8:49 pm
Good news. Merry Chrismast!
December 23rd, 2010 at 10:33 pm
Thank you so much, for your work and for your patience. I’ve started using this amazing firewall platform just one years ago and since that day, I loved it. Best wishes to all of you and hope to try 2.0-RC1 as soon as. Have a nice days and…hope to see the TOR package on it
December 24th, 2010 at 8:27 pm
Thanks for all the hard work on 2.0! I’ve been using 2.0-BETA4 for about a month now in a home environment without any problems.
December 25th, 2010 at 7:42 am
Merry Chrismast!
Waiting pfsense 2.0
December 26th, 2010 at 7:10 pm
@itwerx No, the QoS isn’t configure in the multiwan
December 27th, 2010 at 7:16 am
great news, happy new year, continue your great job!
December 27th, 2010 at 5:20 pm
Just updated my September beta 4 snapshot to the latest beta 5 snapshot. No issues with my multi lan multi wan setup that I’ve found yet.
I did try to install the current snort package (says stable and platform 2) and it didn’t install, but it’s not a deal breaker for me. I can wait for the final version for snort
Awesome work guys!
December 28th, 2010 at 8:17 am
@Miguel Terrón:
Something like that. Now there is only psw & ssh-key user management possible for incoming ssh connections. What we need is management GUI for outgoing ssh connections. I want to use pfSense as ssh client or/and as ssh gateway for multiple endpoints. I really hope to see all of the capabilities of ssh available in pfSense also. pfSense is just great. I can’t regonize any of your contributed code in use. You might answer on that. This could be a feature to be installed as pagage. (it would be better that it would be as an build in feature)
@Itwerx
Thats true that psSense is not designed to act as ssh client or sshd server, but this is done all ready because ssh is in the OS!. Only thing what is needed is more usability (read: for non-advanced users). Running all of ssh features from Shell is possible, so why not build advanced webGUI for that. There is no need for “hacking” ssh to anything – We just want to use all the ssh features from webGUI, nothing more but nothing less. (Read: you don’t have to use it – I don’t use IPSEC or OpenVPN but I still like to have those and hope them to be developed further on) Oh – I really think that pfSense was not designed to be VPN concentrator either
December 29th, 2010 at 2:20 am
pfsene 2.0 on FreeBSD 8.2 release (2011-01-24)?
December 29th, 2010 at 2:40 am
Simby: probably around that same time frame, but we’ll stick on a FreeBSD 8.1 base.
xmpp-man: re “pfSense was not designed to be VPN concentrator”, that’s not true at all, it’s already widely used as such and we have changes in 2.0 such as single interface support to more easily accommodate such deployments.
December 29th, 2010 at 9:59 am
Thanx to the pfsense team ! Good work, rock solid firewall !
Ps: This realease work with soekris board?
December 29th, 2010 at 3:45 pm
I look forward to your new “pfSense . The Ultimate Guide . V2″ book. I’m looking at version one on my book shelf now. Great job!
December 29th, 2010 at 4:12 pm
Marcoof: all releases do.
December 30th, 2010 at 3:32 pm
Thanks to pfSense team for the great job!
I just wonder why the generic kernel of pfSense 1.2.3 RELEASE doesn’t include Marvel Yukon Gigabit cards by default? We all know that pfSense 1.2.3 is based on FreeBSD 7.2 and in the hardware list, it supports MY Gigabit cards.
As much as possibe, it’s better to stay in stable version. That’s the reason why i switch to 2.0. Right now I’m using Shuttle XPC and pfSense 2.0 is working great! I hope RC will come soon.
More power!
December 30th, 2010 at 5:09 pm
AcidSpunk: every release we put out has every available driver. Device IDs change so even if a chipset is supported in 7.2, doesn’t mean future cards will be by the same driver if the manufacturer changes the ID. If it doesn’t work in 1.2.3, it doesn’t work in FreeBSD 7.2.
January 5th, 2011 at 1:38 pm
Good news
thank you pfSense team
January 7th, 2011 at 2:28 pm
I’m really looking forward to getting my new router (replacing my current 1.2.3 based hardware) up and working. The one issue that I wrestle with is that bridging the LAN/WLAN was one checkbox in 1.2.3. I’m finding it hard to understand how to configure then as a single network with a single DHCP/DNS service, etc. in 2.0. Guess I’ll have to buy the book!
January 10th, 2011 at 1:54 am
How soon is soon?
I can’t wait for the fail-over function over UTMS/3G
January 10th, 2011 at 4:49 am
Hi Guys
I would just like to say that I think this is awesome! I have been running on BETA2 in a live environment with 173 people. (Yes, I know, don’t shoot me because it is still in BETA…) Thus far, I have nothing but praise for the developers! I have no glitches, but for understanding how the Traffic Shaper works, allthoug I did get some of it working.
Good luck with the roll-out. I can’t wait for the final product.
Aubrey Kloppers
ps – I am running:
Squid
SquidGuard
BandwidthD
LightSquid
AND installed SARG – working 100%
January 12th, 2011 at 12:19 pm
So very looking forward to it!
Keep up the good work guys, pfSense works brilliant!
January 12th, 2011 at 4:38 pm
@Aubrey Kloppers – if it’s okay, we would be very curious what hardware your pfSense is running on, total WAN bandwidth, and what system load looks like. I.e. real-world performance stats with that combination of packages would be interesting info! Thx!
January 17th, 2011 at 11:36 pm
Any ETA for v2.0 (stable) ?
RC1 will be out 01/24 ?
January 18th, 2011 at 2:24 am
as always, it’s done when it’s done. No dates.
January 21st, 2011 at 10:12 pm
I’m confused on the status of FreeSwitch. Will there be a freeswitch package for this release? Thanks!
January 22nd, 2011 at 5:31 pm
I’m very excited for the release of version 2.0. I checked out the 2.0 beta a few months ago and it was looking great. I’m sure things have came a long ways since then as well.
I’d much rather wait patiently for a polished release then have to deal with bugs.
Keep up the great work!
January 22nd, 2011 at 8:19 pm
Steve: FusionPBX will likely end up being the replacement for the existing Freeswitch package. It was created by Mark Crane, the developer who first created our Freeswitch package, after creating it he moved onto creating a much more full-featured interface. They already have instructions on the FusionPBX site for installing it on 2.0, hopefully Mark will make it a package to make that easier.
January 28th, 2011 at 10:32 am
I must say that I am loving the beta of 2.0 that I am running, when compared to version 1.2.3! In fact, the beta-5 build that I am running is now my primary router/firewall, and my old instance has moved to the secondary position.
I can’t wait for a release candidate to squash those last couple of bugs.
Thanks for all of your hard work!
February 3rd, 2011 at 8:37 pm
I discovered pfSense today and tried pfSense 2.0 BETA5. It looks really nice.
After installing, said a new update was available so I updated.
After updating, pfSense continously pings the gateway on WAN interface.
So I think the constant pinging was introduced in this version:
2.0-BETA5 (amd64) built on Thu Feb 3 16:46:07 EST 2011
I tried rebooting. The pinging happens again immediately upon rebooting.
February 3rd, 2011 at 8:50 pm
Salvor: that’s by design and has always worked that way, including in version 1.2.3, the quality graph has to get its data somehow. You can turn it off if you don’t want it. Post to forum.pfsense.org for more info.
February 3rd, 2011 at 9:21 pm
Thanks Chris, I came back to apologize after discovering I had a Wireshark filter that hid the pinging while evaluating yesterday’s BETA 5. Oops.
I’m impressed by what I see so far and am looking forward to deploying pfSense 2.0 BETA5 or RC1 this month at home, and release version at work whenever it is ready.
February 4th, 2011 at 12:01 am
Well done guys!
I can’t wait for the RC release.
February 4th, 2011 at 3:36 am
Second the TOR package question – is anyone working on one right now?
February 4th, 2011 at 1:12 pm
Thanks for the great software!
Very good job!
What kind of help can make development faster?
February 4th, 2011 at 1:16 pm
No one is working on a TOR package that I’m aware of.
February 4th, 2011 at 5:38 pm
We are getting closer and closer. A couple kernel issues where holding us up and we might have just seen those fixed. Stay tuned!
February 6th, 2011 at 1:40 pm
When is coming soon? It’s been years now
February 7th, 2011 at 12:51 pm
Getting ready for RC1 and that was 4 months ago? Seriously, 2.0 has been in development for well over a year. I understand what it takes to make this work but it doesn’t sound like the pfsense team is taking this serious at all. This in itself is quite disturbing. I’ve been a fan of pfsense since it was first released but as my demands for the new features increase, my patients decreases waiting for a product to get released. It’s quite shameful. Now I have to search for a new solution. (Other vendor who puts out buggy releases) has been looking quite appealing and has gotten some good reviews. When they say they are going to release a new version with new features and whatnot, they actually do it. They don’t wait 1+ years while their development team smokes pot and eats Doritos instead of doing some actual work. Get off your lazy asses guys, this is ridiculous. Or don’t. I’m sure a lot of the pfsense community has left due to the procrastination of the development team. I will be one of them. I can’t keep moving solutions so once I go, I’m going to stick with whatever I choose. I’m sorry it’s not with pfsense. But I need someone who will get the job done. Good bye pfsense.
February 7th, 2011 at 7:55 pm
Jamie: you obviously have no idea what goes on behind the scenes – we have thousands of hours in the past year into getting things to release state. We added way too much to 2.0 as that’s when the project gained mass acceptance and everyone wanted lots more of everything. When every single component has massive changes, it’s taken us far, far longer than we’d like to get it finished. Lesson learned, subsequent releases will add only a few things and will be turned around every few months. But laziness isn’t even remotely close to a reason it’s taken so long. Not taking it seriously? We have several people who rely on this project to make a full time living and bust their asses every day to bring you quality software for free. Some of us work 14+ hour days literally 360 days a year, at the expense of having any sort of personal life. Messages like yours certainly provide tons of motivation and gratitude for many thousands of hours of work.
And no, users have not left, in fact the project continues to grow more and more with every month, it’s bigger now than it ever has been. More installs, more users, and more commercial success every month.
We’re getting there, I just got in a fix for DPD and dynamic IPsec over the weekend which was one big remaining issue. Ermal is working on the last couple kernel issues and that’s it, that’s all that is left – then we’ll be at RC1.
February 7th, 2011 at 8:09 pm
I for one am willing to wait for it. I am sure that it will be worth the wait.
February 7th, 2011 at 10:57 pm
I’m willing to wait to, perfection takes a while. I’d rather wait for the devs to work out the bugs, then for them to rush this. The pfSense team do an amazing job and set the bar really high even for products from Cisco, Juniper etc. Thanks for all the hard work!!!
February 8th, 2011 at 12:53 am
Jamie, go be miserable with whoever you choose as your new vendor. Seriously you must be suffering from some kind of complex… Grow up!
February 8th, 2011 at 8:33 am
Well I am certainly anxious for the new features I appreciate the work that everyone puts in to pfsense. We moved to pfsense last summer from an old cisco PIX. It was a smooth transistion and now we have features like OpenVPN and snort that we would have to pay a lot for without using a project like this.
thanks!
February 8th, 2011 at 8:35 am
oops… should have been While I am… not Well
February 8th, 2011 at 11:14 am
You guys rock. I’ve been using betas 3, 4, and 5 in a production router for quite some time and as far as I’m concerned, your betas are more roadworthy than many peoples “stable” releases.
February 8th, 2011 at 11:46 am
Jamie Ivanov
I think you need to redo your resume boy…
http://www.radioactiverussian.com/resume.html
I can’t believe you would even make statements to the pfsense team like this. Besides 1.2.3-REALEASE is stable and secure. Anyone who knows anything about security “knows” that making multiple changes and upgrades to any security platform is more accepted to breaches and security holes. I would rather wait for all the know security holes to be filled before releasing something into production. I also fill the pfsense team has been more than accepting with letting everyone know how things are coming along. Furthermore Google pfsense roadmap, or better yet help with some of the issues if you know how these things work, “step up to the plate”!!!
Also, be a man and grow a pair, name this other vender with confidence because I am proud to say I use pfsense as my edge firewall.
I would like to end this note by apologizing for posting this message in defense to the pfsense team. This is the kind of crap we don’t need in our community and I want to thank the pfsense team and all the contributors that have made this superior product possible.
And for one final note to Jamie Ivanov from a German to a Russian, “CAN YOU BLUSH”!!!
February 8th, 2011 at 3:59 pm
Great Work guys!
PFsense has been an amazing free firewall appliance during the years.
I know it`s taking a much longer time that everyone expect for the next release 2.0, but it will certainly be very stable and full of features.
Keep going and just ignore comments like the one from Jamie (or ask him to pay your sallary)
Next stop: PFSENSE 2.0
February 8th, 2011 at 4:25 pm
I’m not trying to start a flame war, I’m just stating my perspective. Seems like people seem to reject it instead of listening with an open mind.
Chris: I know what goes on behind the scenes. As I’ve been closely following pfsense and customizing my own pfsense, I know the work that goes on. I also work hands on with parts of the core freebsd team itself testing applications and drivers, I’m not new to how this stuff works. Your numbers simply don’t add up. If the amount of manpower you claim goes into it then there would have been several releases by now. I’m glad pfsense is growing, all the more reason to get something done. I loved pfsense since it was first introduced but look at the simple fact, its been well over a year and 2.0 has still not even made it to an RC state. From when 2.0 was first introduced, it shouldn’t take over a year to make it to RC for sure, it should have hit RC by last august and should have been a release by now and working on other fixes for a 2.1, 2.2, etc release. The only explanation is that either your core support staff is too small to support the project that lies ahead of you or the staff is simply lazy. Simple facts.
I’ve been running version 1.3 since 2005, a mysterious improvement that appeared on ftp servers then vanished. The regular 1.2.x branch is missing a lot of what 1.3 has. I’ve been patiently awaiting 2.0 for way too long. If you are going to do something, then do it. Get it done. People have expectations and demands, what is going to happen with 3.x? Are you going to take 2-3 years to release a product? By the time it gets released it will be outdated.
Maybe you take my criticism the wrong way. I do love pfsense and it pains me to have to move to something that delivers on what they promise. I fully appreciate the work that has gone into the previous releases. Progress on 1.x branch was wonderful. While I do understand the technologies have changed and 2.0 has a wealth more advances.
I’m simply not going to support an organization that takes over a year to release something. That just shows a lack of effort or concern. I appreciate all the hard work that went into pfsense and I love every part of it up to this point but I feel that since 2.0 became part of the mix things just fell apart. I’m sure it will be worth the wait, but I’m done waiting. I simply cannot support this project any longer.
Like it or not, that is how I feel. Take it for what you will, negative or constructive. I’m not trying to start a flame war or anything, this is just how I feel and my opinion.
February 8th, 2011 at 6:11 pm
Thanks for all of your hard work!
February 9th, 2011 at 12:57 pm
I’ve been running the 2.0 Beta5 since I became aware of it and have no reason to go back to 1.x. The only gripe I have is that some of the packages, snort, ip-block and country block have some problems. When I’m on the Snort page, it wants to take you to /snort/index.php instead of /index.php. Country block must be manually enabled any time the firewall state changes. IP Blocklist always shows that it’s blocking 0 networks/IPs even though it’s running. I uninstalled it.
Other that that, you guys impress me enough that I’m thinking of getting some linux education from a friend who’s a linux guru so I can possibly help y’all…keep up the great work!
February 9th, 2011 at 3:14 pm
Things are great! Do not listen to Jamie! We all just want the thing to be stable.
I really don’t care when the 2.0 gets released. I am perfectly happy with 1.2.3.
I think Jamie is looking for a product like Microsoft Windows for his firewall. He wants you guys to release Vista and Windows Me like versions of pfsense, just so that we can get all pissed off. My main concern with pfsense is stability, and at this point I know that it is.
I do not want my end users to work out the bugs
February 9th, 2011 at 10:21 pm
Jamie: you should just stop, you obviously didn’t read what I said, and it’s just more clear you have no idea what goes on here. Don’t have enough resources indeed, that was especially true a couple years ago when we had 0 full time people on the project, but that’s changed considerably since then. You can further improve that, contribute in some fashion. Things go as fast as they can with the number of people we have working, which is dependent on how much money people are willing to give us, and how many volunteers in the community are willing to step up.
Rhett: yeah apparently he uses no software at all. Microsoft with billions in resources, and a weekly coffee budget that probably exceeds our total annual revenues, took several years to put out the wreck that was Vista. You can look at any other software company on the planet and find the same.
That said – all the kernel issues are fixed as of this morning’s snapshot! Thanks to Ermal and everyone else and those who helped test. We’re enhancing some of the queuing in the shaper over the next day or two and RC1 is done.
February 9th, 2011 at 10:23 pm
nipstech: some of the package maintainers haven’t gotten their packages up to speed for 2.0 yet, post to the packages board on the forum with any issues you find.
February 10th, 2011 at 6:45 am
Hi Chris,
Just a small token of appreciation for the effort you and the other developers are putting into this project and providing us all with an excellent product.
To the pfSense users out there
Anyone interested to equal or better my donation of $50 (or whatever amount you feel comfortable with)? If so go to http://pfsense.org/donate.html
Regards,
Belthazar
February 10th, 2011 at 8:24 am
Great news RC1 within days, to congratulate the team of pfSense, version 2.0, this really my improved, and support 64bits.
I have three PFsense 2.0 and virtualized production methods and work very well.
February 10th, 2011 at 11:17 am
I think you guys are doing a great job. Reason I feel this way, is because I wanted to post a screen shot of my system uptime and almost cried a couple of days ago when the system locked up and rebooted because I did something wrong with the carp interfaces which caused my session to lock up and reboot the system.
I was inspired to see how long I could have a production system running before a reboot would be needed. I was inspired by a screen shot that someone took of Monowall with an uptime of something crazy like over 600 days. Unfortunately the reboot came at my own error. The up time of my production pfsense box running packages such as SNORT and CountryBlock was up and running for (428 days) before accidental reboot. I really wish I got at least 1 screenshot for better belief. The start run time was pfsense 1.2.3 RELEASE Dec. 6th 2009 to Feb 7th 2011.
Now does anyone think pfsense is not stable? Also I would like to know if anyone has a pfsense system that has ran longer than that regardless of version?
I just wanted to put this out there for anyone questioning the pfsense team and their abilities to produce a great product that is better than most all paid firewalls for free.
Keep up the awesome work guys.
February 10th, 2011 at 12:00 pm
Viva Pfsense
February 11th, 2011 at 3:02 am
*shakes head* some of the comments I’m not letting through moderation in interest of keeping a family-friendly blog are something else. Let’s just say a number of people have some funny comments and name calling for our friend Jamie.
Please, let’s leave it for what it is folks – he has a valid point to some extent that I addressed above. Yes this release has taken much longer than it should have, but I explained why above, and that this isn’t going to be the case going forward as we make much smaller improvements, we’ll never again vastly enhance the capabilities of every single portion of the system from one release to another (at this point we couldn’t if we wanted to, there isn’t enough missing functionality). What we’ve planned for 2+ years now is having roughly 6 month release cycles post-2.0.
I’ll put up a new post with more on future plans later.
February 11th, 2011 at 4:23 am
Hi everyone. I just started playing with pfsense couple of weeks ago and I’m very impressed. As a small token of appreciation, I donated 20$ and I hope I’ll have the chance to use it in production so I can make more. Thanks pfsense team.
P.S.: I know I haven’t been waiting so long for 2.0 as many of you, but I think we agree when I say that it was worth it.
February 11th, 2011 at 11:17 am
I am suggesting that licence of Pfsense for bussiness (more than 5 LAN hosts) must be purchased for about 200$ – 300$ for single CPU machine.
This will speed-up Pfsense dev. team.
February 12th, 2011 at 1:13 am
darklogic: It’s not quite as long as your uptime, but I did have pfSense (1.2.3-RC1 I think) running for about 380 days (I thought I had a screenshot somewhere, but I can’t find it if I do). Not because I was intentionally trying to get a long uptime–I just never had a need or reason to reboot. In fact, the only reason I even rebooted at all after ~380 days was because I decided to go ahead and install the final release of 1.2.3, and even since then I’ve only rebooted once for a reason unrelated to pfSense: about 60 days after the upgrade, I came home to find the UPS that the pfSense computer was connected to powered off. We had pretty bad weather that night and there was probably a long power outage while I was gone. And yeah…home…I’m just running pfSense on my home network, on a 10+ year old Gateway consumer-grade mini tower with a Pentium II that I salvaged from my work a few years ago because they told me they were just going to throw it out! It even has a huge 2GB hard drive in it! haha. It makes a great pfSense box for me.
This has got to be one of the most rock-solid, stable pieces of software I’ve ever used. I’m not sure I could break it even if I wanted to. I’m back up to just under 164 days of uptime now. I’d install the latest 2.0 beta right now, but since RC1 appears to be just around the corner I’ll just wait for that so I don’t have to install twice in a row.
February 12th, 2011 at 1:19 am
A little addition to my above post: I actually *never* rebooted 1.2.3-RC1. It was running non-stop from the time I upgraded to it to the time I upgraded to 1.2.3 over a year later.
February 13th, 2011 at 8:20 pm
I think what Jamie doesn’t understand is the scope of the new version. Of course you don’t want releases to take too long, but the release cycle is not just related to how hard your developers work or how many you have. The other key factor is the scope, and it sounds like the scope for 2.0 was much too large. In the future, you will simply need to try to iterate better, avoid scope creep, and not bite off more than you can chew at one time.
February 13th, 2011 at 9:29 pm
maccam94: exactly. Lots of lessons learned in the process here.
Tom: that’s one thing we won’t do is make people pay for what’s freely available now, or restrict it in some fashion unless you pay. We’re looking at options for increasing revenues, without doing anything like that. We’ve done very well to date, but more resources is always better.
February 13th, 2011 at 9:53 pm
Another testament to pfSense, I just got done with an install for a friend, Intel Atom D510, 1GB RAM, Dual Gig NICs and a 4GB CF in a SATA II adapter. I tried to destroy it on my local network (on the WAN side of the pfSense) with DOS and every other test I could run from Backtrack, pfSense didn’t even budge, just kept pumping right along, the CPU peaked at 50% for about 2 seconds. That’s with 1.2.3. Can’t wait to try 2.0!
February 14th, 2011 at 8:19 am
Morphal, Thanks for your reply:
That is awesome, 380 is still amazing. That statement with my statement indicates that pfsense is without a doubt is in no shape or form put together by anyone lazy. It is very obvious a lot has gone into this project. Just the fact that you can use such legacy hardware to run something as long as 380 days or 428 days says it all. I know that my system would have run longer than 428, but I did something stupid and forced the system to reboot.
The system I use is not nearly as legacy as your system. It is on a DELL Poweredge 1950 with all the trimmings 4GB RAM, redundant power supply, dual quad core processors. The big thing I was trying to point out on my last post was I have a production system that has around 300 users behind it with the system running SNORT and Country block, a couple dozen IPSec VPN’s tunnels site-to-site and around 60 mobile clients that are connected at all time’s of the day. 428 days of uptime on a system load like this is very impressive from my point of view. Our facility runs 24/7 365 and never stops for holidays. This means I need reliability.
I run pfsense at my home as well and it sits on some older hardware like yours. I believe the system I have at home is an old PIII 866 Coppermine I put together a long time ago. The system does just fine and has since the 1.0 beta days of pfsense. I will more and likely wait for the final release of the 2.0 platform before I upgrade from 1.2.3 RELEASE.
Thanks for your input.
February 17th, 2011 at 12:37 am
Tom you are missing the point. Too much business school? the best tools are FREE.
The day i can print out a wrench, I will have no need of canadian tire any longer. Go dev team go! I am eagerly awaiting you to drop the phat new firmwares YO
And i leave you with, the parable of the magic hammer:
Seriously though, I’m sure that a lot of people think the way this guy thinks. It’s an easy mistake to make, especially if you look at software as being analogous to physical property. The analogy breaks down pretty quickly if you look at it. I like to use the example of the “magic hammer”.
If I attach a rock to the end of a stick to make a real-life hammer, and I give it to you, now I don’t have a hammer anymore. With software, I can sell the hammer to you, and I still somehow have an identical hammer (that’s how Microsoft makes the big bucks). With open source software, I give you the hammer with instructions on how to make it. I haven’t really lost anything by giving you the hammer – I still have my copy, and copying it took about 3 seconds. You are encouraged to share the hammer with your friends (and you don’t loose anything by doing so either). You can also make improvements to the hammer. Only an enterprising few will do this, but the effect is cumulative. When someone forges a brass head for the hammer, poof! Everyone’s hammers are now better. Steel head? Poof! Claw on the back for pulling nails? Poof! It doesn’t take long before everybody has a really good hammer.
February 17th, 2011 at 5:47 pm
We love pfsense, our own pfsense firewall has been running for 701 days. I did take a screen shot of it, it would have been longer, but about 23 months ago, I was working in the server rack and rebooted the wrong firewall. We have a little over 30 servers serving mail, sharepoint, sql and rdp services.
We are very excited about the 2.0 version, our testing has been looking very good. Please take your time and produce a great product like all your other releases have been. Everyone Raise your glass and solute to the pfsense team.
Thank you!!!
February 22nd, 2011 at 8:08 am
And to think I was feeling cocky over my 428 day span. 701 days holy crap!!!
Well again, another satisfied consumer thanks to the pfsense team.
February 22nd, 2011 at 6:23 pm
darklogic,
I have been running 1.2 for the last 527 days with an average load of 40mbps, I have several production systems for several known companies (healthcare, communications, etc) with several VPN connections and other services. I have not have any problem so far.
http://tinyurl.com/46sp3s6
Thanks for an amazing software.
February 24th, 2011 at 10:47 pm
Miguel,
That is amazing, thanks for the screen shot. It is really cool to see how reliable pfsense is in a mission’s critical environment no matter what the hardware is.
Yet again another satisfied end user thanks to the pfsense team and all their lazy work they do lol
“Man I can’t believe that comment was actually made”.
I am really excited for the 2.0 release. And as always keep up the unbeatable work you do.
February 27th, 2011 at 10:42 am
To all of the pfSense Team:
Awesome job. I maintain 20+ sites with typically a dozen to three dozen users at each site, all connected to each other via VPN, and have begun the transition from IPCop to pfSense.
Someone mentioned slow or nonexistent development cycles – IPCop has been promising a new release for a few YEARS. I had waited patiently, occasionally checking other distros for the stability, compatibility, and features I enjoyed in IPCop. An acquaintance who works for a state education agency showed me his personal pfSense box last year, I downloaded a copy, loaded it into a new hard drive on my test system – a Dell Dimension 2400 with a Celeron 2.4GHz and 2GB of RAM – and haven’t looked back.
The IPSec implementation in pfSense is compatible with IPCop, and I have found a 1:1 relationship regarding the features I implement at my sites, so the end users haven’t noticed the transition – I can replace units one site at a time and maintain compatibility with the other sites.
This is an awesome team that is producing awesome results!
April 1st, 2011 at 3:52 pm
nice I’m waiting…:)