- »
- History »
- About the Fork
Welcome to about the fork. This page is intended to explain the original motivationfor forking, but keep in mind that currently less than 10% of the original legacy codebase remains. As it stands today, OPNsense has evolved from being a fork to a whole newsecurity platform with leading innovations such as weekly security updates forall components, a REST API, inline Intrusion Prevention and an intuitive modern userinterface.
Let’s fork and lift the project!
So why did we fork?¶
Back in 2014, after having sponsored pfSense® for years, we felt that there was no otheroption than to fork the project and to keep the spirit of the - original m0n0wall basedfork - alive. Below you can read about our original motivations and the birth ofOPNsense®.
Technical¶
We had technical reasons to fork.As much as we love the functionality/feature set of pfSense, we do not enjoy thecode quality and dispersed development method. We like structure, achievablegoals set forth in a roadmap withregular releases and a decent framework.
Security¶
On the security part the main issue was the need to separate logic. The GUIshould not perform tasks that require root access, and potential security issuesshould be fixed before they become a real problem.
Quality¶
As for quality, all new features will be built using a solid framework with aModel View Controller. For this purpose we choose Phalcon as it is the fastestopen source PHP framework available. And we will gradually migrate parts inheritedfrom pfSense to the new framework to avoid a big-bang approach.
Community¶
A thriving community can only exist when people are willing to share. We want tomake it easier for people to join and help to build the community. With pfSense,this has been rather difficult, as the tools to build it are difficult to use andoften do not work in the first few attempts. And since 2014 they are notfreely available any more, you need to apply for access with ESF. We believe agood open source project has nothing to hide so access to the sources should bethere for all. It will remain a mystery why ESF made that move, as commit rightsand read rights are totally different.
Note
ESF has since changed their policy several times with different license models,including the ESF 6 clause license and the latest being a Apache style license.
Transparency¶
A real concern with pfSense is transparency. Since Netgate boughtthe majority share of pfSense and renamed the company to ESF, it has beendifficult to understand the direction they want the project to go. Removing thetools from GitHub without prior warning and using the brand name to fence offcompetitors has scared quite a lot of people. Also the license had changed forno apparent reason…
Restore a firm open source project¶
With OPNsense, we have restored a stable project with clear goals and a very simplelicense that is suitable for forking and making OEM versions. We think a communityproject is there for all to use and work with.
First Release¶
Much work had already been done before the first official release:
The build-tools had been completely rewritten from the ground upwith clear and easy to read build scripts that are portable and small,
OPNsense is now a package that can be installed on top of our custom FreeBSDbuild (you can literally do pkg remove opnsense and you are left with an almoststandard FreeBSD base system),
The firmware upgrade process is now done with pkgng,
Captive portal has been rewritten and does not make use of kernel patches anymore,
New features (captive portal) have been implemented with a clear structure,
The check_reload_status functionality, effectively the backend daemon startingand stopping components, has been fully rewritten in Python (configd),
Fully reworked the GUI to a modern Bootstrap based one that is also easier tocustomize if you want to.
Future Development & Focus¶
Moving forward the focus will remain on code quality and security.
Note
A lot of work has been done to improve the code quality and with weeklyupdates we have proven to be able to act quickly on known security threats.For current status of the project and future development see our roadmap.
Deciso’s involvement¶
That being said it is important to know that Deciso has been a long time sponsorof pfSense and invested a lot of time and money into the project. Deciso helpedto make it a success in Europe. Until Netgate bought the company there was roomfor many others like us, but that has changed unfortunately.
Closing thoughts¶
In the end it all boils down to the direction we will go both technical as wellas community involvement and transparency.
You are invited! Try OPNsense, be part of the community and help the project moveforward. OPNsense is rapidly becoming the number one open source firewall platform!
Greetings, enthusiasts of network security and open-source firewall solutions! I'm here to delve into the intricacies of OPNsense, a cutting-edge security platform that has evolved from a mere fork to a comprehensive solution with groundbreaking innovations. Allow me to establish my expertise by shedding light on the evidence and insights I possess regarding the concepts embedded in the provided article.
OPNsense: Unveiling the Evolution
1. Introduction:
- Security Platform Transformation: OPNsense has transcended its origins as a fork, morphing into a sophisticated security platform boasting weekly security updates, a REST API, inline Intrusion Prevention, and a modern user interface.
2. About the Fork:
- Original Motivation: The forking decision in 2014 was triggered after sponsoring pfSense for years. OPNsense aimed to maintain the spirit of the original m0n0wall-based fork while introducing significant improvements.
3. Technical Reasons for Forking:
- Code Quality and Development Method: OPNsense advocates for structured development with achievable goals outlined in a roadmap, regular releases, and a coherent framework. This contrasts with the perceived code quality and scattered development methods of pfSense.
4. Security Concerns:
- Separation of Logic: OPNsense recognized the need to separate logic in terms of security. The GUI was redesigned to avoid tasks requiring root access, mitigating potential security issues.
5. Quality Assurance:
- Framework Choice: To ensure quality, OPNsense opted for the Phalcon framework, recognized as the fastest open-source PHP framework. The project committed to gradually migrating parts inherited from pfSense to this new framework.
6. Community Enhancement:
- Facilitating Community Involvement: OPNsense aimed to make community participation easier by providing accessible tools and source code. This contrasted with pfSense, where tools were challenging to use and not freely available.
7. Transparency Concerns:
- Issues with pfSense's Transparency: Concerns arose over transparency with pfSense, particularly after Netgate's acquisition. Changes in licensing, removal of tools from GitHub without warning, and brand name usage for competitive fencing raised suspicions.
8. Restoring an Open Source Project:
- OPNsense's Vision: OPNsense sought to restore a stable project with clear goals and a simple license suitable for forking and creating OEM versions, emphasizing the belief that open-source projects should be accessible to all.
9. First Release Achievements:
- Stability and Improvements: Before the official release, OPNsense accomplished significant milestones, including rewriting build tools, creating an easily customizable GUI, and implementing new features like captive portal with clear structures.
10. Future Development & Focus:
- Code Quality and Security: OPNsense reiterated its commitment to prioritize code quality and security in future developments, emphasizing the swift response to security threats through weekly updates.
11. Deciso’s Involvement:
- Sponsorship History: It's crucial to note that Deciso, a long-time sponsor of pfSense, invested time and resources into the project until Netgate's acquisition, altering the landscape for contributors.
12. Closing Thoughts:
- Direction and Involvement: The conclusion emphasizes the critical factors influencing OPNsense's direction—both technical and in community involvement and transparency. Users are encouraged to explore OPNsense, join the community, and contribute to the project's forward momentum.
In conclusion, OPNsense stands as a testament to the dedication to security, quality, community involvement, and transparency, offering a robust alternative in the realm of open-source firewall platforms.
