OPNsense Forum

English Forums => Development and Code Review => Topic started by: MasterXBKC on February 27, 2018, 07:31:34 pm

Title: PFMonitor plugin for OPNSense
Post by: MasterXBKC on February 27, 2018, 07:31:34 pm
Im making this thread as a documented way to keep track of the progress in getting this plugin published, either by way of a secondary repository for third party plugins, which i am happy to host myself, for others to submit to as well.   Or for it to be included into the normal repos.   Whichever direction does not matter to me, but it needs to make some progress.

The feedback i have gotten from opnsense thus far has been:
1.  We need to figure out how we want to handle third party, or commercial plugins.
|-Understandable, i have not been the most patient, but that is because this would correct a big pain point in my platform.  I have the infrastructure to setup an alternate repo yesterday.  I have ~12 TB spinning in the datacenter right now.   And the MSP i am the Sr Engineer for has another 70TB spinning that i built.

2. 
Quote from: jschellevis
As for PFMonitor it is difficult for us to promote that as we are looking at our own central management development that includes extending the API (you can utilise this too when available for PFMonitor as the API extension is part of the open source OPNsense project).

The central management solution will be part of our open source business model so we can extend our team and increase the development effort.

This does not mean that there is no room for you and others to provide their own solution, just that we as Deciso are not interested in third party solutions at this point in time.
|-This is fine and dandy, i have no issue being in friendly competition, it drives excellence.   And this is an open-source platform is it not?   Thus by definition allowing for others to contribute their parts, ideas, etc.

3. 
Quote from: adschellevis
I'm also very busy, but if you can provide me with an account to your solution and the necessary script files, I can see if I can try this myself.... but no promises.
You can reach me at (email-address).
Best regards
|-Thank you for your efforts, as always much appreciated!

4.  Franco has been an excellent help and person to bounce things off of, Even tho i probably annoy him to much, i am extremely appreciative of everything he has done.

Its also a pain point for my users, some of which are opnsense users, and others "want" to be opnsense users, but worry about the difficulty of getting plugins installed/updates on opnsense.

I will continue my promise, that if we can get this done, i will both, donate $100 to the project, as well as link to Deciso's site/hw page from within PFMonitor, and list their devices, as is only fair.

It is with your teams support and assistance that i have the complete and tested pfmonitor plugin.

I look forward to progress on this, behind the scenes, as well as in front of them, and to both of our continued success and excellence.
Title: Re: PFMonitor plugin for OPNSense
Post by: ironcomet on February 27, 2018, 09:54:57 pm
My company has been using pfMonitor for several months now. We are a small MSP that exclusively use pfsense for our firewalls and have found this a very good way to keep track of our devices in a central way. More reports have been added and this has helped us provide documentation to our customers.

The only thing I'd like to see is a brand neutral report (no logo or allow us to add our own) for the reports.

I researched the best way to do this and found many ways using Graylog and other similar packages. This was far easier for us to implement and didn't require us maintaining another server to collect data for our customers. Overall, well worth the value.

It would make Opnsense more attractive to use for us if pfmonitor were more easily usable through a plugin. Just a thought but anything to differentiate and stand out right?
Title: Re: PFMonitor plugin for OPNSense
Post by: Sherminator on February 28, 2018, 12:02:39 pm
Hi Everyone,

I head up a small IT department, and I had been considering making the leap into PfSense based on it's functionality with PFMonitor as it was a perfect fit for my project to roll out 50 centrally managed firewalls to small branch offices. I had also been looking into spending money on 50 units plus annual  support from netgate, but i always do my homework where money is concerned, and I soon had second thoughts when i discovered this;

https://opnsense.org/opnsense-com/

I am not sure i want to spend my budget with these shady characters, and the further down the rabbit hole i went the less enamored i was with PfSense's close affilliation with Netgate if this is the sort of thing they have been up to.

Now it looks as if I don't have much in the way of options other than to buy something from the likes of sonicwall and GMS off the shelf to get the level of functionality i need, I wonder if there has been any headway in getting OPNSense to work with this central management suite?
Title: Re: PFMonitor plugin for OPNSense
Post by: franco on February 28, 2018, 04:10:21 pm
Hi all,

It's been demanding and difficult.... I've dedicated my free time to help and will do so again, but do want to spread out time evenly for everybody.

What I like to do is help people to get started and that seemed to work here too. A package was provided to allow *anyone* to install this plugin remotely using a single command line:

# pkg add -f https://your.location/your-plugin.txz

(the plugin is installed and ready for usage)

I did this a while back to pave the way for widespread distribution on my own time for free. I wouldn't want it any other way.

We emphasise that we do want commercial actors in the eco system, but we also realise that not everybody shares and that some things are so specific that they are not share-worthy. For that reason we have decided a long time ago that it's easily possible to add different repositories, roll your own, sign it, build your own OEM product, fork using a business friendly 2 Clause BSD license, etc.

We've provided this and that's a point where we would like to stop doing interaction to let everyone do the job they need to do. Everything else would create unnecessary friction, discussions, more work, etc.

To stress this point: usage is and always will be unrestricted.

I hope this part is clear....

Now, the plugins are officially vetted, reviewed, sometimes even supported additions. Things that make it to that repository will be available to thousands of users and here is where we want to draw a clear line regarding usefulness, openness, security, usability, commercial application and mutual gains.

Firstly, we do not have a clear guideline yet and pfmonitor is a special case on its own because it extracts data and sends it to a remote location. It even allows remote control, because that's what it does.

This needs to be secure and sane -- the users should be in charge of that process. If this is not properly done, there is no way we are going to merge it. The first iteration had obfuscated code so maybe that is clearer now why we said no.

Now we have code, but are faced with the task or review for said quality criteria. Who's going to judge them? Who will take up the time to review, possibly improve the plugin in the process? For me it circles back to seeing that it's useful, but I don't personally feel it's what I would like to work on because it's not part of a core mission where we would rather like to provide APIs for all components and build a central management on top as already mentioned.

The question for me is this: do we really want to bend this around us making or breaking pfmonitor because it is not added to the plugin repository?


Cheers,
Franco
Title: Re: PFMonitor plugin for OPNSense
Post by: Sherminator on February 28, 2018, 05:33:39 pm
Thanks for your comprehensive response Franco, your time and everyones time who contributes to the open source community is much appreciated by me.

I see now that it can be made to work with a one liner, of course purely for my own convenience it would help to have the package in the repository, but i understand now the complexities involved with making this happen, not to mention the other aspects of the project competing for your time.

I hope this makes it in one day, and thanks for a great product made available to the community :-)
Title: Re: PFMonitor plugin for OPNSense
Post by: MasterXBKC on February 28, 2018, 09:17:55 pm
Franco i am very gratefull for your assistance, and i appologize in full for any stress i have caused you and the team, as this again was never my intent.

And i do feel like you deserve compensation for the efforts you made on my behalf, and i have offered to pay you, and i am offering again, that i would be happy to send you $100 bucks, go have a night on the town on me, take out Mrs Franco if there is one.   ;)    At the least it should buy you a good meal and some strong drinks at your favorite venue.   And thats not to ensure that you help me in the future, it is for your help so far, no strings attached.

Alternatively, if you feel you do not need this compensation, i will spend it as a donation to the project, because while i could Fork opnsense, and do my own thing with it....

I dont see that need, you guys have done a fabulous job with it, and i mean that.   We have ceased our usage of pfsense in all new projects, and migrated about 50% of them over to opnsense now.   I would be re-inventing the wheel, just so i could put my small little mark(plugin) on it.

And i honestly feel some guilt for the friction that has occurred here, i really do, and i dont want it to be that way going forward.

I formally apologize for any friction i have caused.

Whats that old saying, Why fight when we can shine together baby.