About the Fork¶
Welcome to about the fork. This page is intended to explain the original motivation for forking, but keep in mind that currently less than 10% of the original legacy code base remains. As it stand today, OPNsense has evolved from being a fork to a whole new security platform with leading innovations such as weekly security updates for all components, a REST API, inline Intrusion Prevention and intuitive modern user interface.
So why did we fork?¶
Back in 2014, after having sponsored pfSense® for years we felt there was no other option than fork the project and keep the spirit of the - original m0n0wall based fork - alive. Below you can read about our original motivations and the birth of OPNsense®.
We had technical reasons to fork. As much as we love the functionality/feature set of pfSense, we do not enjoy the code quality and dispersed development method. We like structure, achievable goals set forth in a roadmap with regular releases and a decent framework.
On the security part the main issue was the need to separate logic. The GUI should not perform tasks that require root access and potential security issues should be fixed before they become a real problem.
As for quality, all new features will be built using a solid framework with a Model View Controller. For this purpose we choose Phalcon as it is the fastest open source PHP framework available. And we will gradually migrate parts inherited from pfSense to the new framework to avoid a big-bang approach.
A thriving community can only exist when people are willing to share. We want to make it easier for people to join and help to build the community. With pfSense this has been rather difficult as the tools to build it are difficult to use and often do not work in the first few attempts. And since 2014 year they are not freely available any more, you need to apply for access with ESF. We believe a good open source project has nothing to hide so access to the sources should be there for all. It will remain a mystery why ESF made that move as commit rights and read rights are totally different.
ESF has since changed their policy several times with different license models, including the ESF 6 clause license and the latest being a Apache style license.
A real concern with pfSense is transparency. Since Netgate bought the majority share of pfSense and renamed the company to ESF it has been difficult to understand the direction they want the project to go. Removing the tools from github without prior warning and using the brand name to fence off competitors has scared quite a lot of people. Also the license had changed for no apparent reason…
Restore a firm open source project¶
With OPNsense we have restored a stable project with clear goals and a very simple license that is suitable for forking and making OEM versions. We think a community project is there for all to use and work with.
Much work had already been done before the first official release:
- The build-tools had been completely rewritten from the ground up with clear and easy to read build scripts that are portable and small,
- OPNsense is now a package that can be installed on top of our custom HardenedBSD build (you can literally do pkg remove opnsense and are left with an almost standard HardenedBSD base system),
- The firmware upgrade process is now done with pkgng,
- Captive portal has been rewritten and does not make use of kernel patches anymore,
- New features (captive portal) have been implemented with a clear structure,
- The check_reload_status functionality, effectively the backend daemon starting and stopping components, has been fully rewritten in Python (configd),
- Fully reworked the GUI to a modern Bootstrap based one that is also easier to customize if you want to.
Future Development & Focus¶
Moving forward the focus will remain on code quality and security.
A lot of work has been done to improve the code quality and with weekly updates we have proven to be able to act quickly on known security threats. For current status of the project and future development see our roadmap.
That being said it is important to know that Deciso has been a long time sponsor of pfSense and invested a lot of time and money into the project. Deciso helped to make it a success in Europe. Until Netgate bought the company there was room for many others like us, but that has changed unfortunately.
In the end it all boils down to the direction we will go both technical as well as community involvement and transparency.
You are invited! Try OPNsense, be part of the community and help the project move forward. OPNsense is rapidly becoming the number one open source firewall platform!