Coming soon…2.0-RC1

November 28th, 2010 by Chris Buechler

We’re aiming for the first 2.0 release candidate soon. We need your help to reach that milestone. The vast majority of the open tickets are in state feedback, meaning they need testing and commonly feedback from the initiator of the ticket (or someone else who can test that specific scenario). If you have opened any tickets currently marked as feedback, please follow up there. If you’re in a position to help test any of those, or contribute fixes for the few that are still open, we’d appreciate the help.  Thanks!

112 Responses to “Coming soon…2.0-RC1”

  1. rcfa Says:

    Great news!
    For me to start testing, I need one thing confirmed: remote upgrades of the software are stable, and upgrading from beta, to RC1, RC2, … to final is possible remotely.
    My setup will consist of two appliances, one at a colocation provider far enough away to be in another time zone, and one appliance locally.
    I can’t test until I know I won’t have to hop in an airplane to resuscitate the remote unit. As long as log-in and software update are stable, the rest I can deal with.

  2. Joseph Brower Says:

    This is exciting stuff. I’m pumped to see this moving forward so well. Hats off to the pfSense team.

  3. Sunny Says:

    Can’t wait :) Thanks for the great works!

  4. CONtROL Says:

    Excellent news! Thank you very much for your great work!

  5. mrguitar Says:

    Kudos to the developers! ….this is going to be a good Christmas. ;)

  6. Chris Buechler Says:

    rcfa: upgrades are fine from alpha versions to beta to RCs to release. Some of my production systems have been upgraded 50+ times in the past year. There is always some risk inherent in upgrading to snapshots as they don’t get individually tested and there is always a possibility of one catching only part of a multi-commit change, though at this stage of development massive changes like that are rare, and we’re good with restarting snapshot builders before anyone can get a bad snapshot. Always test before upgrading anything in production, I just make sure one of my test VMs upgrades and boots fine before installing that snapshot on my production systems.

  7. René Kabis Says:

    I have been glancing at pfSense for the last few years now, and have been held back by only one thing: a lack of native host-header forwarding. I run a number of servers, but have only one external IP address. I eventually intend to have a load-balanced setup across two ISP’s, but right now I only have one.

    Even if I have to drop down into the commandline to exit text files manually, I would love for pfSense to have some form of host header forwarding. Even a simple implementation (I have only one email server, so anything else will be vanilla-plain http across my various web servers) would be awesome, as I am not keen on adding another kitchen sink onto pfSense’s kitchen sink just to obtain host header forwarding.

    Any idea if this would be possible with the default install, even if it is all vi commandline skullduggery?

    Also, if I go for a set of 4-port SUN NICs, would I be able to “partition” the resulting network so that internal machines would only be able to see the router, and nothing else? I want to be able to “isolate” any web-facing connections on the 10/100 network from each other, and run a private internal gigabit network for any inter-machine communication. “Partitioning” the Internet-facing connections seems to be the thing to do, but is this possible with pfSense?

    Yay for 2.0, regardless!

  8. Chris Buechler Says:

    Rene: what you want is a reverse proxy, not a firewall. There are packages to accomplish that, haproxy, the Apache mod_security reverse proxy.

  9. Angel Says:

    Great, Great News, this is an excelent Chistmas gift. So It’s time for all of us (users and non full time developers) to put an extra effort, to find and/or correct bugs.

    Best Regards for all members who can do this possible.

  10. Joe Says:

    Fantastic! Well done you guys! You get an extra ration of pizza and beer! :-)

  11. Scott Ullrich Says:

    If anyone wants to stay up on pfSense development outside of this blog check out http://twitter.com/#!/sullrich/lists/pfsense-developers

  12. Uxorious Says:

    Maybe I’m blind, but I can’t seem to find the Issues in redmine that I Starred and get email notifications for…

  13. Chris Buechler Says:

    Uxorious: you can use filters to view all issues you’re watching, when you’re logged in.

  14. Uxorious Says:

    Ah yes I was indeed blind. Thanks :)

  15. Pete Boyd Says:

    Nicely on time. I’ve just auto upgraded my vanilla 2.0 test firewall on a desktop PC, from 2.0-BETA4 from a month or so ago, to 2.0-BETA4 as of December 1st. Still works fine.

  16. Cyril Says:

    Great news!
    Thank you for your work!

  17. som Says:

    nice

  18. Heder Dorneles Says:

    Congratulations on the job, I am awaiting the release.

  19. Bob Says:

    It’s about friggin time…. I mean, very nice!

  20. ilias Says:

    Will it be compatible with hyper-v server ?

  21. Zach Says:

    Just upgraded to snapshot 2 and everything is working smooth with a few exceptions of course. I am not a coder but will help out in any way i can. Again thanks for the great software!

  22. Adem Says:

    Hi Everyone,

    I have a questions for new version.The new version will have features such as web caching, and basic content filter right? Can we use a captive portal on WAN interface features of the new version?

    Many Thanks.

  23. Denicio Says:

    Boa Tarde a todos do pfsense! Aqui no Brasil utilizo o pfsense como servidor wireless estou na expectativa do lançamento da versão 2.0 como as novas funções para eu possa utiliza-lo onde trabalho como router firewall e filtragem de pacotes como no url-filter. Bem é isso vocês são os melhores e estão de parabéns com incrível sistema desenvolvido para todo o mundo.
    Abraços e sucesso a todos.

    I LOVE YOU PFSENSE!!!!

  24. james Says:

    wow… just upgraded from 1.2.3 i386 to 2.0 amd64… (today’s snapshot 11:56) (no real issue so far) I’ve only started looking around but I am impressed… I expected the same tried and true firewall I have come to greatly admire… this new version far surpasses the available features in the older versions. “system tunables”… very cool…

  25. Joe Says:

    I have been running version 2 BETA 4 in a test environment for several days now and all I can say is “Wow!”. No major problems yet. Very nice!

  26. Quick news and links: ghostbsd, pfsense, doing business with BSD | FreeBSD News Says:

    [...] pfSense 2.0 RC1 almost here: Coming soon…2.0-RC1 [...]

  27. mynullvoid Says:

    tahniah! to all those contributed… thank you

  28. Manfred Says:

    our production environment will have to wait for the final, but I’m quite tempted to upgrade our office firewalls from 1.2.3 to 2.0b4 :) thanks for all the good work!

  29. Martin Says:

    Have to say this!
    Just installed 2.0 Beta4. Outstanding work.
    Absolutely love “User Manager”!
    Absolutely love “Cert Manager”!
    Absolutely love the work done with OpenVPN!
    Absolutely love “OpenVPN Client Export”!

  30. Tito Says:

    We have upgraded six differents sites to 2.0 beta4 since 1 month ago and everything is working very well.

    All sites with proxy, pptp vpn, ipsec and one site with mutiwan.

  31. Jon Gerdes Says:

    @ilias

    Don’t see why it shouldn’t work. I run many pfSense boxes in VMWare and I suspect you should have no problems with HyperV.

    There are a few gotchas on VMWare and probably on HV as well. The one that springs to mind is that on VMWare switches, by default they disallow promiscuous mode for NICs which buggers up CARP.

    So, try it and see. I’m sure we’ll all be grateful for your testing notes and insights on the forums (have you looked there yet?)

    Cheers
    Jon

  32. xmpp-man Says:

    So far this is great BUT there is one major thing missing totally. SSH management. We really need this side by side with other VPN methods, like ipsec and OpenVPN. What is really needed is aka. SSH tunnel manager and SSH keymanagement. We really need to get all the SSH functions to work via WebUI. Now this pfSense works fine as SSHD server but the usability act as SSH gateway and client is poor.

    pfSense is so close to be perfect that I really hate to see lack of full SSH support missing from the final version. This feature could be done as package. All the functions of SSH is there but only via console. I really hope that someone could start to develop this SSH Manager UI. I’m not able to do this (read I just can’t ;-) – my skills are not in that level that I could do this)

  33. Max Ens Says:

    Excelet!!!! Cheers for the team work and Happy Hollydays!!!!

  34. Braden Says:

    In regards to remote upgrades, airline tickets, etc – I highly advise the use of IPMI support (easily found on many of SuperMicro’s “-F” mainboards) on primary router hardware, as well as crummy Atom box stapled to the wall with an alternate DSL or DMZ network connect, to serve as a back door. I can be an idiot and wipe out my remote routers without having to hop on remote reinstall. A real lifesaver.

  35. Miguel Terrón Says:

    xmpp-man, a few years ago, I contributed a shell designed to be used with ssh tunnel as a sort of VPN without shell access (I’m no sure if it’s still included in pfsense). Is this what you are talking about?

  36. Itwerx Says:

    @Adem – cache etc functions are usually handled by something like the Squid package. Captive portal on WAN port doesn’t make sense, or was that a typo..?

    @Tito – are you doing QoS on the multi-wan?

    @xmpp-man – while ssh can be hacked into something resembling a VPN that’s really not what it is designed for

  37. Goliator Says:

    I test the version 2 x64, very good work, i conect two sites by ipsec by fiber optic internet gigabyte, very fast, throughput 60 mb/s.

    Roadmap for the final version?

    Thanks for the work !!!!

  38. m4us Says:

    Great news! Just can’t wait to check the new RC in a small ISP environment. I can use some 1:1 natting and multi-VLAN routing features.

  39. andre Says:

    The world is waiting on the pfsense 2.0. Does started 2011 with this wonderful tool. Merry Christmas …..( Brazil)!

  40. Jeff Says:

    Very nice work indeed. Almost 1 year since beta release. Glad to see such thorough testing.

    Go team pFsense

  41. PhuongDT Says:

    Good news. Merry Chrismast!

  42. Dave Says:

    Thank you so much, for your work and for your patience. I’ve started using this amazing firewall platform just one years ago and since that day, I loved it. Best wishes to all of you and hope to try 2.0-RC1 as soon as. Have a nice days and…hope to see the TOR package on it :)

  43. dfwfreenet Says:

    Thanks for all the hard work on 2.0! I’ve been using 2.0-BETA4 for about a month now in a home environment without any problems.

  44. latinoxp Says:

    Merry Chrismast!
    Waiting pfsense 2.0

  45. Tito Says:

    @itwerx No, the QoS isn’t configure in the multiwan

  46. jerl Says:

    great news, happy new year, continue your great job!

  47. Josh Says:

    Just updated my September beta 4 snapshot to the latest beta 5 snapshot. No issues with my multi lan multi wan setup that I’ve found yet.

    I did try to install the current snort package (says stable and platform 2) and it didn’t install, but it’s not a deal breaker for me. I can wait for the final version for snort :)

    Awesome work guys!

  48. xmpp-man Says:

    @Miguel Terrón:

    Something like that. Now there is only psw & ssh-key user management possible for incoming ssh connections. What we need is management GUI for outgoing ssh connections. I want to use pfSense as ssh client or/and as ssh gateway for multiple endpoints. I really hope to see all of the capabilities of ssh available in pfSense also. pfSense is just great. I can’t regonize any of your contributed code in use. You might answer on that. This could be a feature to be installed as pagage. (it would be better that it would be as an build in feature)

    @Itwerx

    Thats true that psSense is not designed to act as ssh client or sshd server, but this is done all ready because ssh is in the OS!. Only thing what is needed is more usability (read: for non-advanced users). Running all of ssh features from Shell is possible, so why not build advanced webGUI for that. There is no need for “hacking” ssh to anything – We just want to use all the ssh features from webGUI, nothing more but nothing less. (Read: you don’t have to use it – I don’t use IPSEC or OpenVPN but I still like to have those and hope them to be developed further on) Oh – I really think that pfSense was not designed to be VPN concentrator either ;-)

  49. Simby Says:

    pfsene 2.0 on FreeBSD 8.2 release (2011-01-24)? :)

  50. Chris Buechler Says:

    Simby: probably around that same time frame, but we’ll stick on a FreeBSD 8.1 base.

    xmpp-man: re “pfSense was not designed to be VPN concentrator”, that’s not true at all, it’s already widely used as such and we have changes in 2.0 such as single interface support to more easily accommodate such deployments.

  51. Marcoof Says:

    Thanx to the pfsense team ! Good work, rock solid firewall !

    Ps: This realease work with soekris board?

  52. H.S. Hardy III Says:

    I look forward to your new “pfSense . The Ultimate Guide . V2″ book. I’m looking at version one on my book shelf now. Great job!

  53. Chris Buechler Says:

    Marcoof: all releases do.

  54. AcidSpunk Says:

    Thanks to pfSense team for the great job!

    I just wonder why the generic kernel of pfSense 1.2.3 RELEASE doesn’t include Marvel Yukon Gigabit cards by default? We all know that pfSense 1.2.3 is based on FreeBSD 7.2 and in the hardware list, it supports MY Gigabit cards.

    As much as possibe, it’s better to stay in stable version. That’s the reason why i switch to 2.0. Right now I’m using Shuttle XPC and pfSense 2.0 is working great! I hope RC will come soon.

    More power!

  55. Chris Buechler Says:

    AcidSpunk: every release we put out has every available driver. Device IDs change so even if a chipset is supported in 7.2, doesn’t mean future cards will be by the same driver if the manufacturer changes the ID. If it doesn’t work in 1.2.3, it doesn’t work in FreeBSD 7.2.

  56. PigBoom Says:

    Good news
    thank you pfSense team

  57. Kevin Says:

    I’m really looking forward to getting my new router (replacing my current 1.2.3 based hardware) up and working. The one issue that I wrestle with is that bridging the LAN/WLAN was one checkbox in 1.2.3. I’m finding it hard to understand how to configure then as a single network with a single DHCP/DNS service, etc. in 2.0. Guess I’ll have to buy the book! :)

  58. Jochem Says:

    How soon is soon?
    I can’t wait for the fail-over function over UTMS/3G

  59. Aubrey Kloppers (South Africa) Says:

    Hi Guys

    I would just like to say that I think this is awesome! I have been running on BETA2 in a live environment with 173 people. (Yes, I know, don’t shoot me because it is still in BETA…) Thus far, I have nothing but praise for the developers! I have no glitches, but for understanding how the Traffic Shaper works, allthoug I did get some of it working.

    Good luck with the roll-out. I can’t wait for the final product.

    Aubrey Kloppers
    ps – I am running:
    Squid
    SquidGuard
    BandwidthD
    LightSquid
    AND installed SARG – working 100%

  60. Robert Says:

    So very looking forward to it!
    Keep up the good work guys, pfSense works brilliant!

  61. itwerx Says:

    @Aubrey Kloppers – if it’s okay, we would be very curious what hardware your pfSense is running on, total WAN bandwidth, and what system load looks like. I.e. real-world performance stats with that combination of packages would be interesting info! Thx!

  62. Gradius Says:

    Any ETA for v2.0 (stable) ?

    RC1 will be out 01/24 ?

  63. Chris Buechler Says:

    as always, it’s done when it’s done. No dates.

  64. Steve Trei Says:

    I’m confused on the status of FreeSwitch. Will there be a freeswitch package for this release? Thanks!

  65. Sam Says:

    I’m very excited for the release of version 2.0. I checked out the 2.0 beta a few months ago and it was looking great. I’m sure things have came a long ways since then as well.

    I’d much rather wait patiently for a polished release then have to deal with bugs.

    Keep up the great work!

  66. Chris Buechler Says:

    Steve: FusionPBX will likely end up being the replacement for the existing Freeswitch package. It was created by Mark Crane, the developer who first created our Freeswitch package, after creating it he moved onto creating a much more full-featured interface. They already have instructions on the FusionPBX site for installing it on 2.0, hopefully Mark will make it a package to make that easier.

  67. Timm Says:

    I must say that I am loving the beta of 2.0 that I am running, when compared to version 1.2.3! In fact, the beta-5 build that I am running is now my primary router/firewall, and my old instance has moved to the secondary position.

    I can’t wait for a release candidate to squash those last couple of bugs.

    Thanks for all of your hard work!

  68. Salvor Hardin Says:

    I discovered pfSense today and tried pfSense 2.0 BETA5. It looks really nice.

    After installing, said a new update was available so I updated.
    After updating, pfSense continously pings the gateway on WAN interface.

    So I think the constant pinging was introduced in this version:
    2.0-BETA5 (amd64) built on Thu Feb 3 16:46:07 EST 2011

    I tried rebooting. The pinging happens again immediately upon rebooting.

  69. Chris Buechler Says:

    Salvor: that’s by design and has always worked that way, including in version 1.2.3, the quality graph has to get its data somehow. You can turn it off if you don’t want it. Post to forum.pfsense.org for more info.

  70. Salvor Hardin Says:

    Thanks Chris, I came back to apologize after discovering I had a Wireshark filter that hid the pinging while evaluating yesterday’s BETA 5. Oops.

    I’m impressed by what I see so far and am looking forward to deploying pfSense 2.0 BETA5 or RC1 this month at home, and release version at work whenever it is ready.

  71. Pieter Jordaan Says:

    Well done guys!

    I can’t wait for the RC release.

  72. itwerx Says:

    Second the TOR package question – is anyone working on one right now?

  73. Volodymyr Says:

    Thanks for the great software!
    Very good job!
    What kind of help can make development faster?

  74. Chris Buechler Says:

    No one is working on a TOR package that I’m aware of.

  75. Scott Ullrich Says:

    We are getting closer and closer. A couple kernel issues where holding us up and we might have just seen those fixed. Stay tuned!

  76. Waiting Says:

    When is coming soon? It’s been years now :-(

  77. Jamie Ivanov Says:

    Getting ready for RC1 and that was 4 months ago? Seriously, 2.0 has been in development for well over a year. I understand what it takes to make this work but it doesn’t sound like the pfsense team is taking this serious at all. This in itself is quite disturbing. I’ve been a fan of pfsense since it was first released but as my demands for the new features increase, my patients decreases waiting for a product to get released. It’s quite shameful. Now I have to search for a new solution. (Other vendor who puts out buggy releases) has been looking quite appealing and has gotten some good reviews. When they say they are going to release a new version with new features and whatnot, they actually do it. They don’t wait 1+ years while their development team smokes pot and eats Doritos instead of doing some actual work. Get off your lazy asses guys, this is ridiculous. Or don’t. I’m sure a lot of the pfsense community has left due to the procrastination of the development team. I will be one of them. I can’t keep moving solutions so once I go, I’m going to stick with whatever I choose. I’m sorry it’s not with pfsense. But I need someone who will get the job done. Good bye pfsense.

  78. Chris Buechler Says:

    Jamie: you obviously have no idea what goes on behind the scenes – we have thousands of hours in the past year into getting things to release state. We added way too much to 2.0 as that’s when the project gained mass acceptance and everyone wanted lots more of everything. When every single component has massive changes, it’s taken us far, far longer than we’d like to get it finished. Lesson learned, subsequent releases will add only a few things and will be turned around every few months. But laziness isn’t even remotely close to a reason it’s taken so long. Not taking it seriously? We have several people who rely on this project to make a full time living and bust their asses every day to bring you quality software for free. Some of us work 14+ hour days literally 360 days a year, at the expense of having any sort of personal life. Messages like yours certainly provide tons of motivation and gratitude for many thousands of hours of work.

    And no, users have not left, in fact the project continues to grow more and more with every month, it’s bigger now than it ever has been. More installs, more users, and more commercial success every month.

    We’re getting there, I just got in a fix for DPD and dynamic IPsec over the weekend which was one big remaining issue. Ermal is working on the last couple kernel issues and that’s it, that’s all that is left – then we’ll be at RC1.

  79. LibraryMark Says:

    I for one am willing to wait for it. I am sure that it will be worth the wait.

  80. Alan Says:

    I’m willing to wait to, perfection takes a while. I’d rather wait for the devs to work out the bugs, then for them to rush this. The pfSense team do an amazing job and set the bar really high even for products from Cisco, Juniper etc. Thanks for all the hard work!!!

  81. Belthazar Says:

    Jamie, go be miserable with whoever you choose as your new vendor. Seriously you must be suffering from some kind of complex… Grow up!

  82. stuen93 Says:

    Well I am certainly anxious for the new features I appreciate the work that everyone puts in to pfsense. We moved to pfsense last summer from an old cisco PIX. It was a smooth transistion and now we have features like OpenVPN and snort that we would have to pay a lot for without using a project like this.

    thanks!

  83. stuen93 Says:

    oops… should have been While I am… not Well

  84. Bobby Says:

    You guys rock. I’ve been using betas 3, 4, and 5 in a production router for quite some time and as far as I’m concerned, your betas are more roadworthy than many peoples “stable” releases.

  85. darklogic Says:

    Jamie Ivanov

    I think you need to redo your resume boy…

    http://www.radioactiverussian.com/resume.html

    I can’t believe you would even make statements to the pfsense team like this. Besides 1.2.3-REALEASE is stable and secure. Anyone who knows anything about security “knows” that making multiple changes and upgrades to any security platform is more accepted to breaches and security holes. I would rather wait for all the know security holes to be filled before releasing something into production. I also fill the pfsense team has been more than accepting with letting everyone know how things are coming along. Furthermore Google pfsense roadmap, or better yet help with some of the issues if you know how these things work, “step up to the plate”!!!

    Also, be a man and grow a pair, name this other vender with confidence because I am proud to say I use pfsense as my edge firewall.

    I would like to end this note by apologizing for posting this message in defense to the pfsense team. This is the kind of crap we don’t need in our community and I want to thank the pfsense team and all the contributors that have made this superior product possible.

    And for one final note to Jamie Ivanov from a German to a Russian, “CAN YOU BLUSH”!!!

  86. Seko Says:

    Great Work guys!

    PFsense has been an amazing free firewall appliance during the years.

    I know it`s taking a much longer time that everyone expect for the next release 2.0, but it will certainly be very stable and full of features.

    Keep going and just ignore comments like the one from Jamie (or ask him to pay your sallary)

    Next stop: PFSENSE 2.0

  87. Jamie Ivanov Says:

    I’m not trying to start a flame war, I’m just stating my perspective. Seems like people seem to reject it instead of listening with an open mind.

    Chris: I know what goes on behind the scenes. As I’ve been closely following pfsense and customizing my own pfsense, I know the work that goes on. I also work hands on with parts of the core freebsd team itself testing applications and drivers, I’m not new to how this stuff works. Your numbers simply don’t add up. If the amount of manpower you claim goes into it then there would have been several releases by now. I’m glad pfsense is growing, all the more reason to get something done. I loved pfsense since it was first introduced but look at the simple fact, its been well over a year and 2.0 has still not even made it to an RC state. From when 2.0 was first introduced, it shouldn’t take over a year to make it to RC for sure, it should have hit RC by last august and should have been a release by now and working on other fixes for a 2.1, 2.2, etc release. The only explanation is that either your core support staff is too small to support the project that lies ahead of you or the staff is simply lazy. Simple facts.

    I’ve been running version 1.3 since 2005, a mysterious improvement that appeared on ftp servers then vanished. The regular 1.2.x branch is missing a lot of what 1.3 has. I’ve been patiently awaiting 2.0 for way too long. If you are going to do something, then do it. Get it done. People have expectations and demands, what is going to happen with 3.x? Are you going to take 2-3 years to release a product? By the time it gets released it will be outdated.

    Maybe you take my criticism the wrong way. I do love pfsense and it pains me to have to move to something that delivers on what they promise. I fully appreciate the work that has gone into the previous releases. Progress on 1.x branch was wonderful. While I do understand the technologies have changed and 2.0 has a wealth more advances.

    I’m simply not going to support an organization that takes over a year to release something. That just shows a lack of effort or concern. I appreciate all the hard work that went into pfsense and I love every part of it up to this point but I feel that since 2.0 became part of the mix things just fell apart. I’m sure it will be worth the wait, but I’m done waiting. I simply cannot support this project any longer.

    Like it or not, that is how I feel. Take it for what you will, negative or constructive. I’m not trying to start a flame war or anything, this is just how I feel and my opinion.

  88. SpiK369 Says:

    Thanks for all of your hard work!

  89. nipstech Says:

    I’ve been running the 2.0 Beta5 since I became aware of it and have no reason to go back to 1.x. The only gripe I have is that some of the packages, snort, ip-block and country block have some problems. When I’m on the Snort page, it wants to take you to /snort/index.php instead of /index.php. Country block must be manually enabled any time the firewall state changes. IP Blocklist always shows that it’s blocking 0 networks/IPs even though it’s running. I uninstalled it.

    Other that that, you guys impress me enough that I’m thinking of getting some linux education from a friend who’s a linux guru so I can possibly help y’all…keep up the great work!

  90. Rhett Says:

    Things are great! Do not listen to Jamie! We all just want the thing to be stable.
    I really don’t care when the 2.0 gets released. I am perfectly happy with 1.2.3.

    I think Jamie is looking for a product like Microsoft Windows for his firewall. He wants you guys to release Vista and Windows Me like versions of pfsense, just so that we can get all pissed off. My main concern with pfsense is stability, and at this point I know that it is.

    I do not want my end users to work out the bugs

  91. Chris Buechler Says:

    Jamie: you should just stop, you obviously didn’t read what I said, and it’s just more clear you have no idea what goes on here. Don’t have enough resources indeed, that was especially true a couple years ago when we had 0 full time people on the project, but that’s changed considerably since then. You can further improve that, contribute in some fashion. Things go as fast as they can with the number of people we have working, which is dependent on how much money people are willing to give us, and how many volunteers in the community are willing to step up.

    Rhett: yeah apparently he uses no software at all. Microsoft with billions in resources, and a weekly coffee budget that probably exceeds our total annual revenues, took several years to put out the wreck that was Vista. You can look at any other software company on the planet and find the same.

    That said – all the kernel issues are fixed as of this morning’s snapshot! Thanks to Ermal and everyone else and those who helped test. We’re enhancing some of the queuing in the shaper over the next day or two and RC1 is done.

  92. Chris Buechler Says:

    nipstech: some of the package maintainers haven’t gotten their packages up to speed for 2.0 yet, post to the packages board on the forum with any issues you find.

  93. Belthazar Says:

    Hi Chris,

    Just a small token of appreciation for the effort you and the other developers are putting into this project and providing us all with an excellent product.

    To the pfSense users out there
    Anyone interested to equal or better my donation of $50 (or whatever amount you feel comfortable with)? If so go to http://pfsense.org/donate.html

    Regards,
    Belthazar

  94. Jordi Orinell Rabell Says:

    Great news RC1 within days, to congratulate the team of pfSense, version 2.0, this really my improved, and support 64bits.

    I have three PFsense 2.0 and virtualized production methods and work very well.

  95. darklogic Says:

    I think you guys are doing a great job. Reason I feel this way, is because I wanted to post a screen shot of my system uptime and almost cried a couple of days ago when the system locked up and rebooted because I did something wrong with the carp interfaces which caused my session to lock up and reboot the system.

    I was inspired to see how long I could have a production system running before a reboot would be needed. I was inspired by a screen shot that someone took of Monowall with an uptime of something crazy like over 600 days. Unfortunately the reboot came at my own error. The up time of my production pfsense box running packages such as SNORT and CountryBlock was up and running for (428 days) before accidental reboot. I really wish I got at least 1 screenshot for better belief. The start run time was pfsense 1.2.3 RELEASE Dec. 6th 2009 to Feb 7th 2011.

    Now does anyone think pfsense is not stable? Also I would like to know if anyone has a pfsense system that has ran longer than that regardless of version?

    I just wanted to put this out there for anyone questioning the pfsense team and their abilities to produce a great product that is better than most all paid firewalls for free.

    Keep up the awesome work guys.

  96. Dagoberto Says:

    Viva Pfsense

  97. Chris Buechler Says:

    *shakes head* some of the comments I’m not letting through moderation in interest of keeping a family-friendly blog are something else. Let’s just say a number of people have some funny comments and name calling for our friend Jamie.

    Please, let’s leave it for what it is folks – he has a valid point to some extent that I addressed above. Yes this release has taken much longer than it should have, but I explained why above, and that this isn’t going to be the case going forward as we make much smaller improvements, we’ll never again vastly enhance the capabilities of every single portion of the system from one release to another (at this point we couldn’t if we wanted to, there isn’t enough missing functionality). What we’ve planned for 2+ years now is having roughly 6 month release cycles post-2.0.

    I’ll put up a new post with more on future plans later.

  98. Andrei Says:

    Hi everyone. I just started playing with pfsense couple of weeks ago and I’m very impressed. As a small token of appreciation, I donated 20$ and I hope I’ll have the chance to use it in production so I can make more. Thanks pfsense team.

    P.S.: I know I haven’t been waiting so long for 2.0 as many of you, but I think we agree when I say that it was worth it.

  99. Tom Says:

    I am suggesting that licence of Pfsense for bussiness (more than 5 LAN hosts) must be purchased for about 200$ – 300$ for single CPU machine.
    This will speed-up Pfsense dev. team.

  100. Morphal Says:

    darklogic: It’s not quite as long as your uptime, but I did have pfSense (1.2.3-RC1 I think) running for about 380 days (I thought I had a screenshot somewhere, but I can’t find it if I do). Not because I was intentionally trying to get a long uptime–I just never had a need or reason to reboot. In fact, the only reason I even rebooted at all after ~380 days was because I decided to go ahead and install the final release of 1.2.3, and even since then I’ve only rebooted once for a reason unrelated to pfSense: about 60 days after the upgrade, I came home to find the UPS that the pfSense computer was connected to powered off. We had pretty bad weather that night and there was probably a long power outage while I was gone. And yeah…home…I’m just running pfSense on my home network, on a 10+ year old Gateway consumer-grade mini tower with a Pentium II that I salvaged from my work a few years ago because they told me they were just going to throw it out! It even has a huge 2GB hard drive in it! haha. It makes a great pfSense box for me.

    This has got to be one of the most rock-solid, stable pieces of software I’ve ever used. I’m not sure I could break it even if I wanted to. I’m back up to just under 164 days of uptime now. I’d install the latest 2.0 beta right now, but since RC1 appears to be just around the corner I’ll just wait for that so I don’t have to install twice in a row.

  101. Morphal Says:

    A little addition to my above post: I actually *never* rebooted 1.2.3-RC1. It was running non-stop from the time I upgraded to it to the time I upgraded to 1.2.3 over a year later.

  102. maccam94 Says:

    I think what Jamie doesn’t understand is the scope of the new version. Of course you don’t want releases to take too long, but the release cycle is not just related to how hard your developers work or how many you have. The other key factor is the scope, and it sounds like the scope for 2.0 was much too large. In the future, you will simply need to try to iterate better, avoid scope creep, and not bite off more than you can chew at one time.

  103. Chris Buechler Says:

    maccam94: exactly. Lots of lessons learned in the process here.

    Tom: that’s one thing we won’t do is make people pay for what’s freely available now, or restrict it in some fashion unless you pay. We’re looking at options for increasing revenues, without doing anything like that. We’ve done very well to date, but more resources is always better.

  104. Alan Says:

    Another testament to pfSense, I just got done with an install for a friend, Intel Atom D510, 1GB RAM, Dual Gig NICs and a 4GB CF in a SATA II adapter. I tried to destroy it on my local network (on the WAN side of the pfSense) with DOS and every other test I could run from Backtrack, pfSense didn’t even budge, just kept pumping right along, the CPU peaked at 50% for about 2 seconds. That’s with 1.2.3. Can’t wait to try 2.0!

  105. darklogic Says:

    Morphal, Thanks for your reply:

    That is awesome, 380 is still amazing. That statement with my statement indicates that pfsense is without a doubt is in no shape or form put together by anyone lazy. It is very obvious a lot has gone into this project. Just the fact that you can use such legacy hardware to run something as long as 380 days or 428 days says it all. I know that my system would have run longer than 428, but I did something stupid and forced the system to reboot.

    The system I use is not nearly as legacy as your system. It is on a DELL Poweredge 1950 with all the trimmings 4GB RAM, redundant power supply, dual quad core processors. The big thing I was trying to point out on my last post was I have a production system that has around 300 users behind it with the system running SNORT and Country block, a couple dozen IPSec VPN’s tunnels site-to-site and around 60 mobile clients that are connected at all time’s of the day. 428 days of uptime on a system load like this is very impressive from my point of view. Our facility runs 24/7 365 and never stops for holidays. This means I need reliability.

    I run pfsense at my home as well and it sits on some older hardware like yours. I believe the system I have at home is an old PIII 866 Coppermine I put together a long time ago. The system does just fine and has since the 1.0 beta days of pfsense. I will more and likely wait for the final release of the 2.0 platform before I upgrade from 1.2.3 RELEASE.

    Thanks for your input.

  106. joeinternets Says:

    Tom you are missing the point. Too much business school? the best tools are FREE.

    The day i can print out a wrench, I will have no need of canadian tire any longer. Go dev team go! I am eagerly awaiting you to drop the phat new firmwares YO

    And i leave you with, the parable of the magic hammer:

    Seriously though, I’m sure that a lot of people think the way this guy thinks. It’s an easy mistake to make, especially if you look at software as being analogous to physical property. The analogy breaks down pretty quickly if you look at it. I like to use the example of the “magic hammer”.

    If I attach a rock to the end of a stick to make a real-life hammer, and I give it to you, now I don’t have a hammer anymore. With software, I can sell the hammer to you, and I still somehow have an identical hammer (that’s how Microsoft makes the big bucks). With open source software, I give you the hammer with instructions on how to make it. I haven’t really lost anything by giving you the hammer – I still have my copy, and copying it took about 3 seconds. You are encouraged to share the hammer with your friends (and you don’t loose anything by doing so either). You can also make improvements to the hammer. Only an enterprising few will do this, but the effect is cumulative. When someone forges a brass head for the hammer, poof! Everyone’s hammers are now better. Steel head? Poof! Claw on the back for pulling nails? Poof! It doesn’t take long before everybody has a really good hammer.

  107. aznetplus Says:

    We love pfsense, our own pfsense firewall has been running for 701 days. I did take a screen shot of it, it would have been longer, but about 23 months ago, I was working in the server rack and rebooted the wrong firewall. We have a little over 30 servers serving mail, sharepoint, sql and rdp services.

    We are very excited about the 2.0 version, our testing has been looking very good. Please take your time and produce a great product like all your other releases have been. Everyone Raise your glass and solute to the pfsense team.

    Thank you!!!

  108. darklogic Says:

    And to think I was feeling cocky over my 428 day span. 701 days holy crap!!!

    Well again, another satisfied consumer thanks to the pfsense team.

  109. Miguel Says:

    darklogic,

    I have been running 1.2 for the last 527 days with an average load of 40mbps, I have several production systems for several known companies (healthcare, communications, etc) with several VPN connections and other services. I have not have any problem so far.

    http://tinyurl.com/46sp3s6

    Thanks for an amazing software.

  110. darklogic Says:

    Miguel,

    That is amazing, thanks for the screen shot. It is really cool to see how reliable pfsense is in a mission’s critical environment no matter what the hardware is.

    Yet again another satisfied end user thanks to the pfsense team and all their lazy work they do lol ;-) “Man I can’t believe that comment was actually made”.

    I am really excited for the 2.0 release. And as always keep up the unbeatable work you do.

  111. HPTI Says:

    To all of the pfSense Team:

    Awesome job. I maintain 20+ sites with typically a dozen to three dozen users at each site, all connected to each other via VPN, and have begun the transition from IPCop to pfSense.

    Someone mentioned slow or nonexistent development cycles – IPCop has been promising a new release for a few YEARS. I had waited patiently, occasionally checking other distros for the stability, compatibility, and features I enjoyed in IPCop. An acquaintance who works for a state education agency showed me his personal pfSense box last year, I downloaded a copy, loaded it into a new hard drive on my test system – a Dell Dimension 2400 with a Celeron 2.4GHz and 2GB of RAM – and haven’t looked back.

    The IPSec implementation in pfSense is compatible with IPCop, and I have found a 1:1 relationship regarding the features I implement at my sites, so the end users haven’t noticed the transition – I can replace units one site at a time and maintain compatibility with the other sites.

    This is an awesome team that is producing awesome results!

  112. davit Says:

    nice I’m waiting…:)

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply