PfSense Software Embraces Change: A Strategic Migration to the Linux Kernel
netgate.comIt's an April Fool's joke.
"jwt NETGATE 3 days ago
@johnpoz said in Serious ....:
I don't recall them doing things before about April fools
we (I) did, back in 2017 https://www.netgate.com/blog/building-a-behemoth-router
I even pointed to it in today's."
Looks like I made the right choice switching to OPNsense a couple months ago.
You mean aside from the complete lack of professionalism from Netgate \ pfSense?
When I was first looking for something to run at home I looked into them and frankly they are bad actors and should not be trusted.
How so?
I ran pfSense ages ago, well before the OPNsense fork, and I'd like to go back to one or the other for my home network but haven't had time to research the current situation. Wouldn't mind hearing from those more familiar.
I run both pfSense and OPNsense, one on each side of my IPSEC tunnel. The pfSense since 2018 and the OPNsense since 2021, when pfSense looked like they were moving away from the open source series (that is now at 2.7.2).
It was a win-win to be able to explore both. OPNsense feels a little bit less reliable because they often release (once or twice a month), but also often break things (it was always possible to solve this pretty fast, or patches appeared). I do not have a preference for the interfaces - I feel like I am finding things faster in pfSense, but that may be because I simply used it longer. Both are quite good.
pfSense is slow to adapt features (e.g. Wireguard), but concentrates on the important basics. It is a solid software that never left me, it never crashed and survived where I expected otherwise.
Given that I trust OPNsense a little bit more (because the maintainers communicate their goals clearer), I am planning to slowly phase out my pfSense and first move it behind another OPNsense box, as an internal second barrier behind my public WAN net. This may change though, I am planning the migration phase to happen between 2025-2027. Right now, it feels good to have both worlds.
This sums it up pretty well - https://www.reddit.com/r/homelab/comments/ssk8zj/til_in_2017...
Yeah, the whole Wireguard nonsense showed that Netgate is not a serious company and that pfSense is not a serious project. It's trash that belongs onto the garbage heap of history.
https://arstechnica.com/gadgets/2021/03/buffer-overruns-lice...
Are you just opposed to the Linux kernel, or just a big fan of FreeBSD, or is there a technical reason why you think a FreeBSD base is better than a Linux base for a project like this?
Maybe we’ll see decent PPPoE performance from PFSense in the future then - had to move to OpenWrt as PFSense has a single threaded implementation
I actually ended up moving away from pf\OpnSense because of this.
No matter what switches I toggled or incantations I recited I would not get full line speed.
this may be related to the performance of the intel nic driver for bsd.
I associate PPPoE with dial up modems. What is the use case of this today? Also, PPPoE has been around for a quarter century: why hasn't FreeBSD delivered on it? And how is a single thread not enough to fill a broadband pipe?
So many questions.
So DSL and maybe Fiber services. Ok, but ISPs provide or endorse some device to deal with the wire. At that point you're free to firewall your ordinary ethernet traffic with whatever you wish, no PPPoE involved, no?
PPPoE is still very common in the UK, even over fibre. I think it’s something to do with allowing multiple providers on the same infra.
The encapsulation requires a lot of CPU power, and on non specialised x86 hardware you end up needing a highly clocked CPU to get gigabit speeds.
OpenWRT is Linux based so has a multithreaded implementation.
My Flint 2 router has some sort of hardware acceleration so hammering a gigabit line shows <1% CPU, leaving lots of overhead for things like Docker.
Thanks for the useful explanation.
Despite another comment claiming this was "common" in the US, I've been on a number of ISPs in the US and never seen PPPoE used at all. Had no idea this was still going on. On fiber even!
Seems like I'd get some kind of efficient PPPoE box and put that between the ISP and whatever software router/firewall (PfSense, et al.) or "non specialized" hardware router. I suppose fragmentation could be avoided by limiting packet size a little to make room for the 8 byte PPPoE bits.
Many DSL installations use PPPoe, additionally some Fibre installs too.
It's very common in the US for DSL and also some fiber providers.
DSL
This must be an April fool's joke. It's dated 4/1.
Doesn’t read like one
their previous April Fools joke (https://www.netgate.com/blog/building-a-behemoth-router) actually said "Happy April Fool's Day" at the end. This doesn't. It's a poor attempt at a joke if it is one.
Yeah, I think this is a joke, but only because it's a big change announced on April 1; it reads pretty serious. Especially the part about how TrueNAS already made the switch - that was my first though on seeing the headline.
Maybe its half serious, to see if there is an outcry or not.
Are there prior projects that have the Linux kernel with a "FreeBSD userland"? This is the first time I'm hearing of such an idea. What would that entail? This report isn't particularly clear on such technical details.
I'd forgotten that some Debian folks tried the exactly opposite for a while, a FreeBSD kernel with a GNU userland: https://wiki.debian.org/Debian_GNU/kFreeBSD
There was also a Gentoo effort to run atop FreeBSD[0]. The challenge of course is that afaik none of the BSD kernel ABIs are considered stable. The stable interface is the BSD libc. That said, with binfmt_misc, I don't see a reason you couldn't just run (at least some) FreeBSD binaries on Linux with a thin syscall translation layer (rather something like qemu-system) and then your layer hooked via binfmt_misc. I'm not aware of anyone who has done this for FreeBSD, but prior efforts existed as alternate binfmts for SysVr4/5 ELF binaries[2]. Either way would take some elbow grease, but you *might* even be able just reuse binfmt_elf and just have a new interpreter for FreeBSD elf.
[0] https://wiki.gentoo.org/wiki/Gentoo_FreeBSD
[1] https://docs.kernel.org/admin-guide/binfmt-misc.html
[2] https://github.com/torvalds/linux/blob/master/fs/binfmt_elf....
FreeBSD has the same kind of abstraction layer that allows it to run Linux binaries, basically selecting which ABI to use per-executable. I wonder how hard it’d be to make a Linux equivalent?
Depending on the specifics on what do you mean: Truenas.
If you're going to perpetuate this awful tradition (it was a little bit funny the first couple of years, but the funny has long since worn off), at least mark your post as clearly "April Fools" on or before April 2nd. Clever April Fools gag, but poorly executed because of this.
Poorly executed april fools joke?