OPNsense Forum
English Forums => General Discussion => Topic started by: phoenix on November 24, 2017, 02:48:05 pm
-
I really couldn't believe this when I read it: https://forum.opnsense.org/index.php?topic=6466.msg27740
I knew the were a bunch of arrogant !!!!!!! (put you own comment in there) but I didn't think they'd be that desperate. You guys must be doing something right, keep up the good work. :)
I, for one, am pleased I installed OPNsense and hang around these much more friendly forums and I congratulate the team for a great product and great support.
-
First time I think positive on "intellectual property rights".
I don't use paypal or the like, how to transfer some money in support of OPNsense? Reply by PM...
-
I now remember a saying:
If nobody gossip about you, if nobody talks badly about you, if nobody hates you, and if nobody tries to put you down, it means you're doing something wrong!
There is no good work passing unobserved forever, keep up this good work, and sh** like this will be only bad advertising with positive effects. I'm sure about that.
Again, keep up the good work, guys!!! (!)
PS Personally, I don't even know how I could live without OPNsense until now, I'm very glad that I discovered it (word-of-mouth, BTW, so... You get it!... ;)) and I barely wait for my OPNsense box from Deciso, and to be able to budget an even small monthly donation for the project - OPNsense box + donation expected in Jan or Feb 2018.
-
Wow...
I always tried to pay no attention to this mud fight, and ignore PFs bashing, since for me it seemed like something similar like the eternal "eamcs vs. vi" discussion. But now PF has gone too far and I'm happy having switched over to OPN. Their behaviour ist completely against my beliefs, that open source projects should stick together and inspire each other...
Very, very poor PF!
Best regards,
Wayne
-
There is a saying in US sports;
No one hates a team that sucks, they are pitied!
You must be doing something right to catch so much grief.
-
Sorry you guys had to waste the effort and money on it. I feel your pain, but will have to leave it at that (for now, at a minimum).
Being so strongly associated with pfSense, I just wanted to leave a note that I'm no longer involved there, and had no involvement in any of this.
I heard pfsense/FreeBSD-src repo is no longer being updated the past few months (e.g. they're not building from the github repos and not making the OS source available). I don't follow things there, fully consumed with work at Ubiquiti, but there are a number of little birdies that get in touch from time to time. :) That leaves OPNsense the only truly open source BSD firewall distro under active development.
-
Chris, if you have some time at U., I'd love to build your controller as a plugin for OPN, already ordered a UAP-AC-PRO and UAP-AC-LR. Would be a nice addition to the project to make this a more complete UTM. :)
-
Chris, if you have some time at U., I'd love to build your controller as a plugin for OPN, already ordered a UAP-AC-PRO and UAP-AC-LR. Would be a nice addition to the project to make this a more complete UTM. :)
... Michael is all work. :)
-
Good thing i decided to go with OPNSense over pfSense, but mainly because of elitist answers and noses stuck up in the air, not being of any help in the forum when askin for help.
-
They also distribute binary blobs on the newer versions now:
https://github.com/doktornotor/pfsense-closedsource/blob/master/var_run%20space%20totally%20consumed%20by%20gnid.pdf
Having a tool on my firewall that somehow generates a system support id I do not necessarily need on a community supported edition leaves a sore taste.
Plus they seem to be very unlucky when it comes to hire staff that deals with the public / users / reddit.
I already switched most of my config to a USG, I think I might switch to OPNsense for the things the USG cannot do yet or is too slow for (i.e. OpenVPN).
I won't be missed over there :)
-
And as of late, refusing to honor our warantees as well.....
-
Hello,
I was disappointed when I found about this netgate story and started to investigate a little, finally I was banned from dark side forum after they read my... Private Messages. They didn't deleted my account as this can be seen by all users... wow what a surprise. Not a problem as I don't want to be associated in any way with dark forces.
The interesting thing is that after I set-up in different countries a monitoring log for few pfsense firewalls v2.3.x where I don't have anything related to them active: no update, ntp, dns... and still found it is chatting to dark HQ without my consent ?!
I tracked and blocked:
162.208.116.0/22
208.123.73.0/24
and this are the destination IP where dark firewalls try to connect like crazy now without any notification:
162.208.119.40:443
162.208.119.41:443
162.208.119.38:53
-
Interesting.
162.208.119.38 is ns2.netgate.com, so if you run unbound as a resolver without any forwards and try to resolve www.netgate.com, you'll probaby see port 53 traffic a lot.
The .40 and .41 seem to be used when pressing the "check for update" button, at least when I press it, tcpdump shows SSL traffic to them.
Would be really great if OPNsense had tls-crypt support for OpenVPN, then I could give it a try. :)
-
As you can see in this print screens one pfsense firewall try to phone home every 10 minute after was unable to contact HQ C&C, it has the same IP as they banned. Unbound Resolver seem that it is not helping here...
(https://s17.postimg.org/4n72gwnln/Screenshot_2018-02-02_14-17-41.jpg) (https://postimg.org/image/4n72gwnln/) (https://s17.postimg.org/4zygn2qfv/Screenshot_2018-02-02_09-17-36.jpg) (https://postimg.org/image/4zygn2qfv/) (https://s17.postimg.org/hel8nepnv/Screenshot_2018-02-02_14-30-48.png) (https://postimg.org/image/hel8nepnv/)
Since pfsense entered Serial and Netgate Unique ID in to a community release advertised as OpenSource they can and they do track everybody who use this sw.... if you go to package they will know exactly what package you have installed and using.
If you post in pfsense/netgate forum they will know exactly your pfSense installation, package if it is linked to firewall IP.
< edited >
-
Let's please not get into conspiracy theories here. :)
-
OK I edited and only facts remained in post.
-
Thank you :)
Cheers,
Franco
-
Most software developers add "call home" functionality to their software, sending and receiving data. That's not necessarily bad. What would be bad is to send home private and user identifiable data, without user consent. There's a line nobody should cross.
-
Any sw that send data from user device without user knowing and accepting this it is bad.
-
I think this is the Update Check in the Dashboard which can be disabled ... Easy
-
Nope it is not that easy this will disable the widget update check on main screen only, and I already had that checked from along time ago.
I did some hack ( add comment to line ) to disable the check in:
/usr/local/sbin/pfSense-upgrade -> # pfsense_upgrade=$(realpath $(dirname $0)/../libexec/$(basename $0))
and
/usr/local/www/system_update_settings.php -> // exec("/usr/bin/fetch -q -o {$g['tmp_path']}/manifest \"{$g['update_manifest']}\"");
also changed the repo address and keys in each file from dir:
/usr/local/share/pfSense/keys/
/usr/local/share/pfSense/pkg/repos
...
edit:
better to disable forever the binary that generate the ID: https://www.reddit.com/r/PFSENSE/comments/6gq84t/closed_source_for_netgate_unique_id_generator/
rm /usr/sbin/gnid
then to add a startup script that delete the uniqueid:
rm /var/db/uniqueid
after a reboot it is silence for the moment even if I navigate to update and package menus.
edit2:
bogons files are also downloaded from pfsense site and because are obsolete and dangerous you have to edit:
/etc/rc.update_bogons.sh
to point it directly to source:
v4url=${v4url:-"http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt"}
v6url=${v6url:-"http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt"}
...
-
Darkness is expanding ? Anybody know the story behind this ?
(https://s7.postimg.cc/iq0vzyyrb/Screenshot_2018-05-18_21-27-06.png) (https://postimg.cc/image/iq0vzyyrb/)
It is not easy to hide the past:
https://github.com/doktornotor/pfsense-still-closedsource
https://github.com/rapi3/pfsense-is-closed-source
-
Just follow the "publicly posted" link and you can read the story. GitHub is very transparent in such cases.
-
This is nothing new. Everything is open source, except when open source and forking hurts business. Then the trademark is enforced and DCMA is leveraged. Same thing in 2014:
https://marc.info/?l=pfsense-dev&m=139961925220457&w=2
Let it go guys, nothing to see here...
Cheers,
Franco