Converting to OPNsense - Build Testing, Donation Proceeds, and Sustainability

Started by jamesaepp, June 07, 2025, 08:15:56 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
June 07, 2025, 08:15:56 PM
New forum user here, and new to the OPNsense community overall. Please be gentle - I tried doing quick searches for my questions, didn't find them, but figured this is probably something I am looking for the "human touch" on anyways.

Having learned over the last week or so that they won't be publishing offline installers for pfSense CE and comments from Netgate staff in a Reddit thread ... well, all remaining good will is out the window.

Before I fall under any illusions that this is a "true solution", I want to ask some questions:

  • I see there's this guide on how to build OPNsense. It doesn't look super detailed, but serviceable. Outside of CS101 classes 10 years ago, I can count on two hands the amount of times I've run `make`. I'm not a programmer and would never claim to be. What I'm getting at is - are there any people outside of Deciso staff that regularly build OPNsense from source who can attest that the build process reliably works? If builds suddenly become impossible to complete in the future, that can at least serve as a canary.
  • Where exactly do donation proceeds go? Deciso as should be expected is a commercial entity who happens to be the main sponsors of the project. If I choose to make regular donations, I want to ensure those funds are going directly to staffing/web hosting/administrative costs for supporting OPNsense development and not to general Deciso profits.
  • A criticism of OPNsense is that it is downstream of Netgate's contributions and that Netgate is the primary contributor to both pfSense CE and FreeBSD generally. I have not necessarily fact checked such arguments, but they seem reasonable at face value. If Netgate were to retract all contributions to pfSense CE and FreeBSD, what would the impacts be to OPNsense development?

June 07, 2025, 11:22:34 PM #1
Quote from: jamesaepp on June 07, 2025, 08:15:56 PMNetgate is the primary contributor to both pfSense CE and FreeBSD generally. I have not necessarily fact checked such arguments, but they seem reasonable at face value.

They are not. Just check how many source contributions to FreeBSD were made by one of Deciso's/OPNsense's lead developers Franco Fichtner. You can use the FreeBSD git repository or github as you prefer.

Also look at the list of sponsors for this year's EuroBSDCon. Oh, and last year's EuroBSDCon. Etc. [1]

That Lawrence Tech video that you are probably basing your claims on is nothing but a whole lot of FUD.

Kind regards,
Patrick

[1] https://2025.eurobsdcon.org/sponsors.html
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 07, 2025, 11:25:22 PM #2 Last Edit: June 07, 2025, 11:27:45 PM by Patrick M. Hausen
Quote from: jamesaepp on June 07, 2025, 08:15:56 PMWhat I'm getting at is - are there any people outside of Deciso staff that regularly build OPNsense from source who can attest that the build process reliably works?

Yes, there are. Forum regular @Maurice even builds and publishes from source for the aarch64/ARM platform.
Franco Fichtner gave a presentation about the fully automated reproducible release process at last year's EuroBSDCon in Dublin:

https://www.youtube.com/watch?v=yEZDaBthtbo

OPNsense is the most transparent and "open" open source project I ever worked with, probably second after FreeBSD.

What are you even talking about?

Kind regards,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 07, 2025, 11:41:00 PM #3
Quote from: Patrick M. Hausen on June 07, 2025, 11:25:22 PMWhat are you even talking about?

Please be kind, I am a newcomer. I simply feel betrayed by Netgate and am now weary of placing undue trust in any project.
June 07, 2025, 11:47:48 PM #4
Quote from: jamesaepp on June 07, 2025, 11:41:00 PMPlease be kind, I am a newcomer. I simply feel betrayed by Netgate and am now weary of placing undue trust in any project.

Valid. Your initial post did not quite read like that.

The reason why I personally back OPNsense over pfSense is exactly that. I don't want to deal with Netgate.

And with my company located in Germany and NIST-2 on the verge, a business partner located in the Netherlands, hence in the EU, is much preferred.

Kind regards,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 08, 2025, 12:51:20 AM #5
Regarding the building of it. The build instructions and the code is in a public repository, and as Patrick says, there are people who regularly build for different purposes and benefit of others i.e. for the arm arch. For now that is a bit of a niche user group but the process is tested regularly.
You probably don't mean that is needed for having images, just the build process. However if it gives you some certainty about getting your images ready-made so you can just download and install, well, that is what happens now and has been made available all along.
I say this because you gave the context that you are not a developer and having to build with make, etc. is not necessarily what you want to have to do. Well, with OPN you don't.
So in sum, the build is known to work and for everyone else and the majority, just download the image, burn it as an installer USB and install to the disk of your appliance. Like any Live distro.
June 08, 2025, 04:43:38 PM #6 Last Edit: June 08, 2025, 04:46:14 PM by jamesaepp Reason: clarifications
Responding mainly to cookiemonster here - I may have not communicated my concern here very well, let me take another run at it.

Netgate is no longer providing offline installation media for pfSense CE. Their installer is essentially a stub installer now. Their response to people concerned about this change is "well if you love offline installers so much, build it yourself" but to my knowledge there is no official build guide for pfSense CE, and (I can't find it now...) I came across criticism that a lot of the build tooling for CE is not itself open sourced, and the build process is cumbersome, requiring a lot of intermediate systems/code.

In the case of pfSense CE, it may definitely be possible for a willing and skilled individual to build it from source, but it's not *accessible* and much harder for someone independent of the corporate sponsor to complete.

I don't want to build OPNsense from source - I am perfectly happy with the installation media. I am asking (now knowing the risk to CE) how OPNsense compares as this ties into the "sustainability" questions.
June 08, 2025, 04:51:25 PM #7
For now the build process is transparent, documented, 100% open source, and repeatable by anyone.
Of course that *could* change in the future though I see no reason why Deciso would do that.

Repeating myself: that is one of the reasons why I started with this BSD based open source firewall instead of the other one.

And claims that OPNsense does not give back to the FreeBSD project are defamatory in my opinion.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 08, 2025, 06:27:18 PM #8
Hardware:
DEC740
June 08, 2025, 10:10:50 PM #9
@jamesaepp hopefully all this gives you some assurance.
June 09, 2025, 12:23:09 AM #10
For some reason I'm no longer getting email alerts when this thread is updated...weird.

I feel more confident in OPNsense's sustainability compared to Netgate. Maybe one day if I'm incredibly bored I'll throw together a VM and try to build OPNsense for the "fun" of it and see how quickly I get stuck as an ignoramus.

I am still unclear on the donation angle and where donations go. I'd be willing to throw some money at the project on a regular basis, I'd just need to know where that donation is going.
June 09, 2025, 12:38:51 AM #11
When my company decided we wanted to sponsor the project, but we need a proper invoice etc., Deciso recommended to buy business licenses instead of donations. Which is what we ended up doing.

Perfectly fine with that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 09, 2025, 04:06:00 PM #12
Why do you feel the need to build from source? They have perfectly good installers available. If you are willing to build from source, you can probably stay with PF and get what you want.

I agree with Patrick, the easiest way to help fund the project is to buy the business license, you are not forced to use it if you want the more "cutting edge" updates, but buying the license helps fund the project. In theory buying their hardware also does the same.

And yes, when compared to some of the mini-PC on the market, the Deciso hardware does seem expensive, same can be said for the Netgate hardware. When compared to a decent brand new Supermicro server and network cards, the price is not that much different.

And I guess I'm one of the few to convert from PF to OPN that actually like the UI on OPN better. It didn't take long to figure out where I needed to go. The only part I don't like better is the Suricata UI, and this might be the same in PF since I never used the newer Suricata version in PF before I moved over to OPN.
June 10, 2025, 06:23:36 AM #13
Quote from: cookiemonster on June 08, 2025, 12:51:20 AMRegarding the building of it. The build instructions and the code is in a public repository, and as Patrick says, there are people who regularly build for different purposes and benefit of others i.e. for the arm arch. For now that is a bit of a niche user group but the process is tested regularly.
You probably don't mean that is needed for having images, just the build process. However if it gives you some certainty about getting your images ready-made so you can just download and install, well, that is what happens now and has been made available all along.
I say this because you gave the context that you are not a developer and having to build with make, etc. is not necessarily what you want to have to do. Well, with OPN you don't.
So in sum, the build is known to work and for everyone else and the majority, just download the image, burn it as an installer USB and install to the disk of your appliance. Like any Live distro. Among Us Online
Thank you so much for sharing your details and thoughtfulness — your answers helped me feel less confused and anxious when I first approached OPNsense. Knowing that the build process is regularly tested, transparent, and not mandatory for a casual user like me is a big plus.

I am very happy to see the positive difference in OPNsense compared to some of the recent directions of pfSense CE. Your answers give me the feeling that this is a project with a real "living" community, not just existing on paper.

I am also curious: in your experience, for a new user who wants to get acquainted quickly and properly with OPNsense, what resources (in the form of videos, forums, or specific articles) do you find really useful, and where should I start so as not to be overwhelmed?
June 10, 2025, 07:08:55 AM #14
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1 2
User actions