I have ditched pfSense - and here's why!

แชร์
ฝัง
  • เผยแพร่เมื่อ 16 ธ.ค. 2024

ความคิดเห็น • 162

  • @TheTinkerDad
    @TheTinkerDad  4 ปีที่แล้ว +148

    Based on the number of dislikes I think many people misunderstand the point of this video. No problem, lesson learned, I've kinda failed to deliver my message properly with this one and I apologize for it. For those, who want to understand the motivation, here's a short explanation. First of all, it's not about "OMG, PfSense is not running properly with a Realtek NIC!" - it's about how hardware compatibility is handled by PfSense. Basically they say, you're either running with an Intel NIC or you're on your own, and also, they keep pointing fingers at FreeBSD when it comes to hardware issues. Fine. However, they are running on an outdated version of FreeBSD, hence the FreeBSD people simply shrug, when it comes to complaints about HW compatibility in case of PfSense. So once again, you're on your own. In my opinion, this is not how things should go, especially not in case of opensource projects. There's a reason a lot of people (some even here in the comments!) suggest to simply switch to OpnSense or to some other similar solution. So, the problem is valid and I've only expressed my personal opinion about it.

    • @arjayUU
      @arjayUU 4 ปีที่แล้ว +2

      For trouble with NICs or Ethernet to USB adapters I remember there is an Option for disabling hardware checksum offloading. CWNE88 mentions it in his video on using pfsense as a VM under Proxmox.
      Maybe this could help.

    • @TheTinkerDad
      @TheTinkerDad  4 ปีที่แล้ว +1

      Hey,
      Thanks for the tip! Tbh I've been running PfSense in VMs before and it worked just fine. In case of the NIC I've used as an example here, it was simply a driver problem - the chip was too new, had to be patched into the kernel module, otherwise FreeBSD couldn't even recognize it as a valid NIC. Anyway, I appreciate your comment as it might still be helpful for others. :)

    • @sopota6469
      @sopota6469 3 ปีที่แล้ว +10

      So... you had issues with a NIC not recommended for pfSense. No one saw that coming.

    • @TheTinkerDad
      @TheTinkerDad  3 ปีที่แล้ว +7

      ​@@sopota6469 Actually the only "not recommended" NICs in the PfSense documentation are USB adapters. :)

    • @charlesdean03
      @charlesdean03 3 ปีที่แล้ว +1

      No based on the dislikes you should understand some people know more about Pfsense then you and they know how to work with it. Do you think organizations like wallstreet dont use BSD older version?? it was funny that i saw what you were saying and you lack in the intellect on networking. Also Mac has a lot of those old BSD implementation running on the backend as well!!! so what now you will say mac is bad functional out of the box? lol

  • @gwrench200
    @gwrench200 3 ปีที่แล้ว +9

    Do not let negative comments discourage you. Honestly i came here because I have been using pfsense in our office for years as well for serveral enterprise clients. Concentrate on what worked for you rather than what did not and why so. A differently titled vidieo like ""Why i prefered ipfire over pfsense"" might have received less flak. Years ago when I started evaluating firewall to use, I started with an Intel card, simply cause it supports all the distributions and thus allowed me to properly evaluate **any** distro out there while using the **same** hardware.

  • @Ardren
    @Ardren 4 ปีที่แล้ว +21

    Those type of issues really do suck. Were you not able to find a replacement for the $12 USD Realtek card? Second hand dual port Intel cards here are about $30 USD, which isn't much to be able to run pfSense/OPNSense in my opinion.

    • @Tofflus
      @Tofflus 4 ปีที่แล้ว +4

      agree!, i use a quad port intel nic from ebay for 15$

    • @TheTinkerDad
      @TheTinkerDad  4 ปีที่แล้ว +5

      I could have bought intel NICs, but I don't need them. I'm running a bunch of sensors and embedded devices transferring literally a few KBs of data each day. Also, I've managed to build a kernel module and eventually got the whole thing working, so my problem is more like how the whole thing is supported: you either buy intel cards or NetGate's own hardware or you're left alone in the wild. That's not the typical opensource mentality - what I love about opensource is that stuff gets ported to everything eventually and there's a broad community to help each other, experiment, fork, modify and hack around in general. In case of PfSense, it feels like a proprietary product - you either love it the way it is or leave it. Because of this, the majority of the PfSense users are like "bro, buy an intel NIC", while the average linux/oss guy like me is like "What? you can't get it running on a rusty toaster oven? Let me try to help you!"
      So it's more like the difference of mentality rather than a real technical problem I guess... But then again: no hate from my side - the nice thing about opensource is that there are always alternatives. :)

    • @Ardren
      @Ardren 4 ปีที่แล้ว +4

      ​@@TheTinkerDad I mean, I didn't use Intel cards because of performance. I used them because I knew they'd work on anything and the drivers would be rock solid :-)
      I actually dislike the pfSense project/leadership, they have done some pretty crappy things. Since that came to light I've switched to OPNSense which still has the same hardware compatibility problems as it's just a fork, though they seem to run a later version of FreeBSD.

    • @sopota6469
      @sopota6469 3 ปีที่แล้ว +4

      @@TheTinkerDad If you weren't going to follow manufacturer guidelines, why bother in the first place? You seem like the guy who flashes new firmware in routers ignoring the known issues section and then tries to avoid the blame when everything falls apart.

    • @jonathan.sullivan
      @jonathan.sullivan 2 ปีที่แล้ว +2

      Pfsense, helping drive the second hand NIC market and keeping them out of landfills. It would be one thing if this was on one of their paid appliances but you paid $0 for the open source software and it does it's best to work in most environments. There are plenty of other manufacturers that have issues with Realtek NICs. I'm sure pfsense is sad they lost your business... Oh wait....$0.

  • @Phil-D83
    @Phil-D83 4 ปีที่แล้ว +10

    Opensense or ipfire are good alternatives. For cheaper hardware, ipfire might be better

    • @TheTinkerDad
      @TheTinkerDad  4 ปีที่แล้ว +1

      Yes, thank you! My target audience are mostly smart home builders / hobbyists / tinkerers, who want protection for their IOT devices, but don't need enterprise solutions. Right now, I'm playing with IpFire, so I can suggest a working solution the next time somebody will ask me about running a firewall on a RPi or some leftover low power PC.

    • @Phil-D83
      @Phil-D83 4 ปีที่แล้ว +2

      @@TheTinkerDad i had pfsense running on a kludge core 2 setup. Added some intel lan cards. Rest old parts. When the mb died, swapped it out to a ryzen 3200g with 16gb and set it up in a vm.

  • @KrumpetKruncher
    @KrumpetKruncher ปีที่แล้ว +2

    I appreciate your video, I think you've got a good point and you're not the only one bringing it up, thanks!

  • @Xyb3rTeCh
    @Xyb3rTeCh ปีที่แล้ว +2

    So could you share with us what is the other alternative better than PfSense?

  • @blender_wiki
    @blender_wiki 3 ปีที่แล้ว +9

    Any way you don't run professional firewall on a realtek NIC. Case closed

  • @youtubeprofile2070
    @youtubeprofile2070 2 ปีที่แล้ว +3

    Thank you for this video! I actually found it really useful and it helped me decide against using pfSense. pfSense's support for RealTek should have been first class due to its ubiquity in the mini PC market.

  • @edbouhl3100
    @edbouhl3100 2 ปีที่แล้ว +3

    For those of us who repurpose older hardware for home use it’s important to have a distribution that can cover a broad base. I just tried to install pfSense on a laptop and it definitely didn’t cooperate, probably due to the nom nic and the usb nic. So I’ll try something else.

    • @muziky2k
      @muziky2k ปีที่แล้ว +1

      I bought a late 2012 mac mini and installed PFSense natively. It has been running for over a year without fail. I plan to buy another mac mini for testing with Opensense. Of course you will need an ethernet to Thunderbolt adapter and a multiport switch, but these little boxes are a steal for less than $100.

  • @djthdinsessions
    @djthdinsessions 2 ปีที่แล้ว +2

    Pfsense is not capable of multipath routing with BGP, thats why I ditched it

  • @jeffm2787
    @jeffm2787 4 ปีที่แล้ว +1

    My SG-3100 appears to suffer serious bufferbloat issues, running a USG for now which is doing way better. OpenWRT with Cake or fq_codel beat either one. The SG-3100 just has been terrible on my FIOS connection. DSL reports shows half the speed I get from the USG and lots of buffer bloat. Going to start from scratch maybe with the SG-3100 and see if I can get it's terrible packet scheduling working good enough. Terrible compared to say OpenWRT in terms of actual results.

    • @jeffm2787
      @jeffm2787 3 ปีที่แล้ว

      @Norad Yes, however PFSense 2.4x is terrible with traffic shaping, at least compared to something like OpenWRT (fq_codel or cake). I may try out 2.5 and see if it's any better. In the past I've used OpenWRT as a transparent bridge and traffic shaper with excellent results.

    • @jeffm2787
      @jeffm2787 3 ปีที่แล้ว

      @Norad I have the hardware around to run PFSense on something other then the SG-3100. I'm not all that motivated at the moment as the USG is working really well and I have other Unifi gear to go with it. OpenWRT also works perfectly. Not sure what the deal is with the SG-3100 and my FIOS setup. It's not something simple like a cable issue, ruled that out right away. Perhaps I'll reinvestigate it. Thanks for the feedback.

    • @Traumatree
      @Traumatree 2 ปีที่แล้ว

      Buffer bloat of the SG-3100 is generated by Windows. Change the OS behind and you will never have bufferbloating anymore.

  • @sorin.n
    @sorin.n 2 ปีที่แล้ว +3

    Please put the Synopsis in the description / abstract / conclusion(s).

  • @shannon1872
    @shannon1872 3 ปีที่แล้ว

    What are you currently using ?

  • @naturebc
    @naturebc 4 ปีที่แล้ว +14

    You made a rookie mistake by not checking the hardware compatibility list "BEFORE" deciding to buy the network card for pfSense. The reason FreeBSD is used for pfSense is exactly because the OS doesn't change fast and it stable. Stability in OS means not being on the bleeding edge. But I guess some people just think everything they can think of should be plug and play. Your router software doesn't have to be on the bleeding edge. It has to be stable and free of bugs.

    • @TheTinkerDad
      @TheTinkerDad  4 ปีที่แล้ว +5

      Read the pinned comment please - it's not about that particular NIC. I exactly did what the average Joe does - grabbed the first available cheap NIC, like literally, because its capabilities match what is needed for that demo build. Also, note that the card IS supported by FreeBSD - and guess what, when you check pfSense's HW compatibility docs (see in the video), it pretty much says "Hey, check FreeBSD's HW compatibility docs." They forget to mention though that by "FreeBSD" they mean an old version that will probably never see backports of new drivers, because it has reached EOL already.
      20 years ago or something, there were "stable" and "bleeding edge", just like you say. Nowadays there's also "LTS", which clearly defines how long you should rely on a given OS version and how long devs will support it, add drivers and fix vulnerabilities.

  • @creacendo
    @creacendo ปีที่แล้ว +1

    Thank you for this video. Now I know why this pfsense unit is not coming up.

  • @lanklaas11326
    @lanklaas11326 3 ปีที่แล้ว

    I think you should try it now. I was lucky cause I also did not check this, but my crappy tp link NIC is working and the motherboard NIC with the refurbished pc I bought

  • @truesightgrabber
    @truesightgrabber 3 ปีที่แล้ว

    What about Untungle ?

  • @kevinlind3172
    @kevinlind3172 3 ปีที่แล้ว +2

    should have bought an intel card. Intel cards are compatible with everything and depending on what you need are fairly inexpensive.

    • @TheTinkerDad
      @TheTinkerDad  3 ปีที่แล้ว +1

      I wonder though what will happen on the long run if everybody buys Intel cards only? I agree, they are good, but they seriously need competition. When there's no competition, business will suffer.

    • @kevinlind3172
      @kevinlind3172 3 ปีที่แล้ว

      @@TheTinkerDad there is 1 other brand that competes with them bit they are much more expensive and is widely supported Chelsio only in 10gb market and there are cisco nice aswell.

    • @theJonnymac
      @theJonnymac 2 ปีที่แล้ว

      what happens when its an onboard ethernet chip? what about single board computers? What is the difference between switching hardware and switching software? none, there is none. so clearly you chose pfsense no matter what. but that’s not a good choice for everyone,

  • @TeamEmperor
    @TeamEmperor 3 ปีที่แล้ว

    what did you move on to?

    • @TheTinkerDad
      @TheTinkerDad  3 ปีที่แล้ว

      I haven't found a better solution yet, but right now I'm eyeing OpnSense. Initially I went with IPFire instead and although I love it for many reasons, I miss a lot of things from it.

  • @DrakeDealer
    @DrakeDealer 2 ปีที่แล้ว +1

    I'm moving away for the same reasons. The future is now.

  • @TheJoBlackos
    @TheJoBlackos 2 ปีที่แล้ว

    Not to put any blame, but Realtek is known for the lack of support on FreeBSD. Internet is full of examples of people not checking the network card support before getting the hardware for their pfsense box. It is not in any way the fault of pfsense.

  • @ecotts
    @ecotts 3 ปีที่แล้ว +4

    Opnsense all the way..

  • @Mr_Meowingtons
    @Mr_Meowingtons 2 ปีที่แล้ว

    Yeah I just get used gigabut quad port Intel or Broadcom cards off ebay for $20 shipped. They are used in server and when I get them there clean like there new still.
    Support for real Tech cards is not stellar

  • @Tofflus
    @Tofflus 3 ปีที่แล้ว +2

    i understand you about the end of life and the driver support situation. i think its a bit sad that you didn't wanna change hardware/find other solution. it would have been fun and interesting to see your videos about pfsense and hear your opinion about the OS it self. like your videos

    • @TheTinkerDad
      @TheTinkerDad  3 ปีที่แล้ว +2

      I'm not saying I've banished pfSense from my home lab for good - but that moment was when I started looking for alternatives, because it felt like my understanding of open source is different from what it means for pfSense.

    • @John-rw9bv
      @John-rw9bv 2 ปีที่แล้ว

      @@TheTinkerDad I see what you mean, but I think this is a perspective issue. The network card is THE most important hardware when it comes to a firewall, router, NAT, etc. And the driver, and the open-sourcey-ness of that driver, is the main limiting factor for software like pfSense. As such, the hardware should be chosen for the system, not the otherway around. Bear in mind that if FreeBSD doesn't support it, it's 99:100 chance because the drivers were closed source. Just a binary that only runs on Windows, OSX, and maybe some versions of Linux, but you can't see how it works. That's MOST network drivers. The limited choice of cards is a feature not a bug.

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว +1

      @@John-rw9bv Hey, that's exactly my point - FreeBSD did support it, only not the ancient EoL'd version used by the then-current version of PfSense. Also there was a PR for backporting the support but they didn't really care - based on that PR I could easily build the kernel module for myself and (what a shock!) it worked perfectly.

    • @John-rw9bv
      @John-rw9bv 2 ปีที่แล้ว

      @@TheTinkerDad I couldn't have done that haha, nice - i'll have to follow along, this was only my first video

  • @ianjacepreville
    @ianjacepreville 2 ปีที่แล้ว

    I've been using PFsense for over 4 years not virtual Pentium 4 computer recently upgraded to an i7 8 GB of RAM I run multiple services on it I run squid I run ha proxy i host my own email server my own cloud my own TV media center all with pfsecse with a 128 gig SSD I've had minor issues but they've gotten resolved and net gate who owns PSNS lets you now upgrade to pssense Plus sorry my good friend that you had issues I would give it a try and not give up open sense is good but I swear by PF sense once you know how to get around if you a few of the network card problems my install of this OS has been running continuously no problems for 4 years it's also on backup power no one last thing my server is unread please check that out

  • @Crftbt
    @Crftbt 2 ปีที่แล้ว

    Isn't the pfsense business model to sell their own hardware?

  • @TimRubel
    @TimRubel ปีที่แล้ว

    You made it sound like you were going to talk about the software you chose.

  • @satamototo
    @satamototo 3 ปีที่แล้ว +1

    Well, BSD is picky about NICs. pfSense is little more obsolete last years compared to OPNsense. But IPFire is very different distro. It's way more lighter and have no such capabilities as pfSense or OPNsense(which is NGFW with an addon called Sensei). If I need simple home router, I prefer OpenWRT over IPFire. Even on x86. Period.

    • @TheTinkerDad
      @TheTinkerDad  3 ปีที่แล้ว +1

      You're not the first who suggested OpenWRT. As soon as I'm done with my home lab revamp, it's one of the first things on my list

    • @satamototo
      @satamototo 3 ปีที่แล้ว +1

      @@TheTinkerDad , if you run the router distro as VM, IPFire is the most virtualization friendly one.

  • @arpisz1
    @arpisz1 ปีที่แล้ว +1

    Damn boy ... Buy a proper card and quit complaining...

  • @stultuses
    @stultuses 3 ปีที่แล้ว +4

    Good video with a valid concern
    Horses for courses
    I dunt see why people were complaining at you, you explained clearly why pfsense wasn't suitable for you

  • @michelterainfo
    @michelterainfo 3 ปีที่แล้ว +2

    Nooo realtek noo

  • @wallytuescher2175
    @wallytuescher2175 3 ปีที่แล้ว +2

    We dislike this bcuz you left us without an answer. What's the alternative?

    • @MichaelSmith-fg8xh
      @MichaelSmith-fg8xh 3 ปีที่แล้ว

      Supported NICs are cheap (this is what I did... $120 for a new 10gb dual port NIC in my case but 1gb is a lot cheaper). Netgate also sells prebuilt systems.

  • @منصورالقويعي-ل7ق
    @منصورالقويعي-ل7ق 3 ปีที่แล้ว

    Thanks for the video.

  • @robinhardison5817
    @robinhardison5817 2 ปีที่แล้ว

    Why are you almost whispering?

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว

      I get that a lot and I agree, there's a lot left to improve when it comes to my audio. All I can say is that I'm working on it :)

  • @jamesgriggs6432
    @jamesgriggs6432 2 ปีที่แล้ว +1

    This is like buying a am4 motherboard and a Intel CPU and complaining it don't work. It's a free software that users and developers create drivers for for free. Should have done research first. The day I thought about building one myself I knew there was limitations on hardware.

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว

      All the "research" is detailed in the video... Yes, the part about 3rdparty source code PRs, etc.

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว

      All the "research" is detailed in the video... Yes, the part about 3rdparty source code PRs, etc.

  • @chopperpl
    @chopperpl ปีที่แล้ว

    I don't get your message. Whenever you pick the firewall software the very first thing you do is to pick the hardware compatible with it. It's not the opposite. Yes, if you would like to reuse your old hardware that's laying around not used then you pick the software that's compatible with it. Why would you expect any FW software to work with the NIC of your choice especially, if it is free. I've been using pfsense for the passed 4 years for which I had purchased old HP T620 thin client. I have upgraded both memory and multiport nic and this thing is swallowing my 500Mps pipe like a beast. It is also using the onboard encryption chip to offload the SSL, suricata, pfBlocker and other cpu intensive apps and for the family of 4 with two teenagers this thing pretty much never stays above 50% of cpu utilization. To be honest, I don't care about older version of OS as long as it is regularly patched. I think your video is more about the clickbait than actual driver issues.

    • @TheTinkerDad
      @TheTinkerDad  ปีที่แล้ว

      The point of calling an OS "end of life" is not patching it anymore. The point of calling something "opensource" is to care about contributing and contributors (like the PR I mentioned in the video) and not about elitist behavior ("buy Intel stuff") or promoting proprietary hardware ("to run it on ARM you have to buy our ARM hardware"). Honestly nowadays everyone should be able to run an opensource firewall even on a toaster... It's not like firewalls are rocket science or something. Also, this "clickbait" brought me hundreds of subscribers thank you very much - which is obviously not what a "clickbait" does, right?

  • @Venomynous
    @Venomynous 2 ปีที่แล้ว +2

    You need to turn your mic up and speak more clear. You mumble and are hard to understand.

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว +1

      Will do, thanks for the feedback!

  • @Felix-ve9hs
    @Felix-ve9hs 4 ปีที่แล้ว +7

    TL;DR: "The Tinker Dad" wanted to use pfSense with his existing Hardware, but the Realtek NIC doesn't work in pfSense because of driver issues.
    If you - for example - want to use an old Laptop without a PCIe Slot and only one Realtek NIC, you are screwed. Router on a Stick etc. not possible.
    While I do agree that pfSense should have better Hardware support, it is aimed for "enterprise, large business and SOHO", which use Server Hardware.
    Also, Intel NICs are more reliable than Realtek NICs and you can get some used starting at 10-20 USD / EUR (sometimes even less).
    And about the Dislikes, I think most of them are from pfSense Fanboys, not from People who didn't understand your point in this Video.

    • @TheTinkerDad
      @TheTinkerDad  4 ปีที่แล้ว +2

      Hey Felix,
      Thanks for your comment! It's more or less correct. The real story behind this started with an earlier video - some people requested a video about running PfSense on ARM systems. Since it's pretty much impossible at the moment (not counting the dedicated PfSense hardware), I wanted to come up with a cheap alternative - the Mini ITX system we've built previously. During working on that project I've also played around with the idea of moving my own PfSense installation from the VM host (which runs with a quad Intel NIC btw) to some dedicated hardware as well. Sadly, after some time I've spent on reddit, etc. I've realized that in general I don't like how PfSense handles the whole hardware support thing (this is what I explain in the video). So, I've ended up researching alternatives that I can suggest to people and what I can eventually also use in my own setup.

  • @CLHatch65
    @CLHatch65 2 ปีที่แล้ว +1

    Myself, I avoided pfSense because of the complete lack of professionalism of the owners and employees of NetGate. To the point that they were successfully sued by the people that forked pfSense into OPNSense. I wouldn't touch pfSense with a 10 foot pole.

    • @tigreonice2339
      @tigreonice2339 2 ปีที่แล้ว

      They sold Data or what?
      So what is a good alternative to pfsense for home network (and not too expensive)

    • @privateger
      @privateger 2 ปีที่แล้ว

      @@tigreonice2339 opnsense.

    • @kevinthomas7478
      @kevinthomas7478 2 ปีที่แล้ว

      @@tigreonice2339 I definitely recommend OPNsense. I've used both. I stuck with OPNsense.

  • @NavySeal2k
    @NavySeal2k 2 ปีที่แล้ว

    So you didn't read the manual? XD

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว

      So you didn't watch the part about the pull request? XD

    • @NavySeal2k
      @NavySeal2k 2 ปีที่แล้ว

      @@TheTinkerDad So you again didn't read the manuals, Jesus Christ... after a new version is released you only get SECURITY patches for the old version for 3 month, because BSD has the paradigm to never ever break compatibility you can always update as FreeBSD user, so there is no need for backwards porting. pfSense using an EOL version stems from having a longer developenty cycle than 3month but it is a perfectly fine thing to do, BSD is rock solid and secure. This change to the 3 month medel was due to the lack of people to maintain every version with the newest security patches and has nothing to do with you ignoring the fact that in every post about pfSense people scream at ignorant users "USE INTEL" and if you have a bad experience when you ignore those screams dont give the product the blame but yourself. If you bought an 230V hairdryer in the US do you blame the hairdryer for not functioning correctly or the idiot who bought it? Your whole video is full of the Dunning-Kruger effect and the dislikes you complain about are well earned and not because of people misunderstanding you... BTW. Every release of pfSense was on the most recent FreeBSD version at that date....

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว

      @@NavySeal2k Stop wasting your breath, I've explained the whole thing multiple times in the video, than in the comments - won't do it for you one more time. You only watched the video partially, ignored all the explanation and discussion in the comments - I can't do these for you, sorry. Move on, dude.

    • @NavySeal2k
      @NavySeal2k 2 ปีที่แล้ว

      @@TheTinkerDad Nah, your explanation is just plain wrong, thats all XD

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว

      @@NavySeal2k Sure.

  • @prinler1081
    @prinler1081 4 ปีที่แล้ว +11

    Wait, you just spent a whole video throwing a fit because it didn't work for you instantly. Because you didn't do any research and you purchased a trash tp-link? Crazy man. Get another card and use the best free firewall program out there!

    • @TheTinkerDad
      @TheTinkerDad  4 ปีที่แล้ว +3

      The whole video is an experiment / research - people asked me how to run PfSense on cheap HW (damn, they keep asking how to run it on a Raspberry Pi!), so I've made an experiment. The plot twist: while working on this, I ended up realizing how much I dislike the way PfSense handles hardware compatibility - they use an outdated OS as a base and when sh.t goes down, it's always either the card or BSD to blame. It's nowhere near the real open source spirit and way too elitist for my taste. Also, keeping the ARM ports for themselves so they can sell a few of their boxes is something I dislike too.

    • @prinler1081
      @prinler1081 4 ปีที่แล้ว +2

      @@TheTinkerDad The video is misleading at best. You never "ditched it"... you never even tried it! This video should just be deleted. Give it a try or don't. We don't run Pfsense on new stuff. If we wanted new stuff we would buy Netgate hardware.

    • @TheTinkerDad
      @TheTinkerDad  4 ปีที่แล้ว +3

      It's been running on my main server for quite some time, but if you watch my previous PfSense video, I explain why I've made this experiment - it was like "people asked me, so let's see what we can do". You mate, just jumped in at the middle of the story, but I don't judge you.

  • @senseinyc
    @senseinyc ปีที่แล้ว +1

    Ok watched the whole video and I really have to say it's not the fault of the software, but it's a shared fault. First pfSense only supports what the OS supports and you made that clear. So if FreeBSD doesn't support something, then pfSense cannot. That includes kernel level drivers and protocols as well. So the second part of the shared fault is clearly yours. You assumed that FreeBSD would would on ANY new hardware. Clearly not the case, never has been. So I am hearing "wwah wah wahhhh pfSense/FreeBSD won't llet me use my hardware wahhhh Imma go make a youtube video about it!" when a little due dilligence would have saved you the headache. Error Code ID:10-T

  • @linerror
    @linerror 3 ปีที่แล้ว +4

    ignores HCL... has problems...

    • @TheTinkerDad
      @TheTinkerDad  3 ปีที่แล้ว +2

      checks HCL... notices someone couldn't be bothered to backport the PR for the driver module... ckecks PR... merges it own his own... gets it working... makes an opinion video about bad SD / maintenance practices he has observed...

    • @sopota6469
      @sopota6469 3 ปีที่แล้ว +2

      @@TheTinkerDad HCLs exist for a reason. If you want to tinker with unsupported drivers, that's fine, this is what open source is all about. But don't be surprised if anything breaks.

    • @TheTinkerDad
      @TheTinkerDad  3 ปีที่แล้ว +2

      @@sopota6469 Exactly my point! PfSense "HCL" is basically a link to the FreeBSD HCL, where it's a supported driver - in the current version of FreeBSD, but not in the EOL'd version PfSense is built upon.

  • @bandit12--
    @bandit12-- 4 ปีที่แล้ว +8

    Sorry guys I disagree. You got the wrong card

    • @TheTinkerDad
      @TheTinkerDad  4 ปีที่แล้ว

      The wrong card for PfSense, indeed. But it's pretty much okay for my needs and for most people. Unless someone wants to run PfSense, just for the sake of running PfSense. :) Even better, for most people out there, something based on a Raspberry Pi would be enough - not everybody's running a cloud service at home you see.

    • @abhayp9
      @abhayp9 4 ปีที่แล้ว +4

      @@TheTinkerDad agreed, in that case dont use enterprise grade firewall, just use regular wifi routers.

  • @ppal64
    @ppal64 3 ปีที่แล้ว +2

    Your choice. No good for you. Don’t use. Others who like it can use it. End if story. You want a solution that works out of the box? Buy Netgate box. It will work straight out of the box.

    • @TheTinkerDad
      @TheTinkerDad  3 ปีที่แล้ว

      Thanks Pranesh, but I ended up with IPFire and haven't regretted it. Also, I agree, for people who don't mind the Intel/Netgate hardware vendor lock, PfSense is probably fine.

    • @kevinthomas7478
      @kevinthomas7478 2 ปีที่แล้ว +1

      This is good advice. I bought a Protectli unit and it came with OPNsense installed on it. Very happy with it.

  • @ninjarider443
    @ninjarider443 ปีที่แล้ว

    IPFIRE ROCKS - I tested OPNSENSE and PFSENSE in my virtual lab, and not sold, i will stick with IPFIRE

  • @BandanazX
    @BandanazX 2 ปีที่แล้ว +2

    Problem is user didn't check hardware compatibility.
    Stopped watching right there. Downboat.

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว +1

      First problem: not a user, but a developer. Second: the video is about a pull request and about the development/maintenance process, not about a specific hardware. Third: my bad, I falsely assumed most people will understand how open source development works.

    • @BandanazX
      @BandanazX 2 ปีที่แล้ว +1

      @@TheTinkerDad The supported hardware is clearly mentioned... that's how open source works

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว

      so, what about the PR mentioned in the video? How about the dated base OS?

    • @BandanazX
      @BandanazX 2 ปีที่แล้ว +1

      @@TheTinkerDad Bro. You made a rookie mistake. Checking system requirements isn't anything new. Just own it. Everyone fucks up but you made a dumb video about it.

    • @BandanazX
      @BandanazX 2 ปีที่แล้ว +1

      Also, anyone who has done any networking knows that Realtek is shit. If you weren't a rookie, you'd know that too.

  • @orthodoxNPC
    @orthodoxNPC 3 ปีที่แล้ว +5

    just buy proper cards, took more effort to complain about the problem than fixing it!

  • @MikeOxlong-
    @MikeOxlong- 2 ปีที่แล้ว +2

    In all honesty, all I see here is a whole lot of ignorance regarding computers in general (unfortunately)...
    Hopefully newcomers that have stumbled upon this video can recognize this, and not be discouraged as this chap was...

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว +1

      Lets start with the fact that the video is about my opinion on bad open source practices used in case of a single software product and not about "computers in general"... Who's ignorant now?

    • @MikeOxlong-
      @MikeOxlong- 2 ปีที่แล้ว

      @@TheTinkerDad You still (and will always) remain ignorant here, and the reason is simple. You didn’t (or can’t) read and/or comprehend the operating system instructions and fundamentals to which you were trying to use, nor research whether or not your random piece of hardware was supported, let alone even understanding the concepts involved with using third party hardware on operating system platforms which do not follow the “user mode driver” model only available on mainstream desktop environments where intellectually challenged users are the norm. You also went above and beyond by creating a video to incorrectly blame a “software product”, which in and of itself has absolutely nothing to do with the “operating system” that you were trying to utilize/install. This firewall distribution is a piece of software which runs on top of an operating system called FreeBSD, much akin to someone installing and running Microsoft Windows and then adding a firewall distribution such as “Zone Alarm” that was available back in the day...
      There’s nothing you can say or do that can change the fact that this was a purely iD-10T error, where the sole blame is to be put on the user behind the wheel. I’m sorry, but this factually correct.

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว +1

      @@MikeOxlong- No offense mate, but maybe next time watch the video before commenting? Half of the video is about FreeBSD and a pull request for a kernel module driver nobody bothered to pick up... That's the point of the video. You do know, what a pull request is, right? But yes, please explain, how FreeBSD is under PfSense. :) It's a shocker, really!

  • @strangelman
    @strangelman 3 ปีที่แล้ว

    Informative video, but as a non native english speaking person it is hard to hear what you are saying. Your pronounciation is kind of "round" (my guess is that your language is spanish). You pronounce consonants very soft. I am sorry, but I thought you should know

    • @TheTinkerDad
      @TheTinkerDad  3 ปีที่แล้ว +1

      Don't worry, I'm actually happy about that feedback! I always wondered how my English sounds like, but most people are simply too polite to point out things like that or simply don't care. So thanks, and also, thanks for watching the video :)

  • @Mr.Leeroy
    @Mr.Leeroy 2 ปีที่แล้ว +2

    pfsense works out of the box, your sysadmin skills do no not. Check compatibility before investing in hardware is 101.. You have not done your homework, but you sure did a controversy vijeo.
    You require almost bleeding edge support, while at the same stating that your smart home use case does not require specialized equipment. Contradicting yourself. I could understand that this NIC was built-in some platform and you were stuck with it, but no it is cheap and easily substitutable. The fact that Intel NICs are so preferable in FW application is for a reason, Realtek is just nowhere near reliable for the task. Even if it is 'simple smart home' as you state, I bet you'd still did not want you FW to crap itself due to chancy NIC chipset. And yet you choose to continue your journey with Realtek crap and switch to other software, great logic..

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว

      Please watch the video over the 1 minute mark to understand the whole thing. The video is about a weird software development practice used for 3rdparty pull requests. The Realtek driver in question is just an example. Also, it's just a cheap NIC I used in the previous video as an example, which was about using cheap/old HW for PfSense. Also, other firewalls like OPNSense happily run with said hardware, because the developers decided to merge in that pull request... Yea, simple.

    • @Mr.Leeroy
      @Mr.Leeroy 2 ปีที่แล้ว

      @@TheTinkerDad Are you a software developer? Do you really have competence to judge dev practices of entire team of successful open source project?
      There is nothing "weird" about it. If you required rolling release fast update cycles, than again YOU made a bad choice in the first place to start using product that does not meet your expectations based purely on blind consumer logic. BSD is like the far opposing end of this, and it is not considered to be a disadvantage when in comes to networking products, but you fail to recognize that.

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว +2

      Yep, I'm a lead developer / architect with 20 years of experience. Currently I'm working at a US based multinational company specializing in Cloud / Big data, running multiple open source projects. Actually, spent about half of my career working with / on open source projects and Linux.
      But then again, for God's sake - please, watch the video before commenting. At the time of making of the video, PfSense's latest release was running on an a nearly EOL'd version of FreeBSD, which IS weird, hands down.

    • @Mr.Leeroy
      @Mr.Leeroy 2 ปีที่แล้ว

      @@TheTinkerDad Well then your admin approach is especially strange, considering "20 years experience"..
      I did watch full video. If people do not agree with the message of your video, that does not mean that they haven't seen it.
      I am not a pfSense fan boy, I hate were project is going licensing wise with this Netgate acquisition, but it has been rock solid product over the years. The shiit you give its devs in this video is straight not deserved and honestly is above their paygrade. It is Realtek's job to push drivers into upstream OSes, the fact that they don't care about BSD like most hardware vendors about Linux/Unix is a harsh reality.
      Being near EOL release is not necessary a bad thing either, since pfSense is not a package for FreeBSD, but an appliance using it as source core. How well devs handle such situation is completely on them, and it might be a fair compromise for them not to jump to next release, giving up stability while not ready, and backport security patches until new version is polished.
      Moreover, if you are a dev yourself, instead of contributing (backport the damn driver yourself, pfSense patching package is the for you), or at least lead this discussion on forums, you choose to record a meaningless YT video..

    • @TheTinkerDad
      @TheTinkerDad  2 ปีที่แล้ว +1

      ​@@Mr.Leeroy If you watched the video, you probably saw the part where I explained that someone made the driver and opened a pull request, but they didn't care too much. You can see the PR at 04:05. Also, at 05:20 you can see that the FreeBSD version they use with the current version is already EOL (my previous answer was wrong, it has been a year+ I made this video, had to rewatch!). Also at 05:20 you can see that the version which wasn't even released yet at that time (2.5) has been based on a FreeBSD version that was about to go EOL.
      Just out of curiosity, I checked the dates again - this information wasn't available yet at the time of making the video - so they released PfSense 2.5 on 17/02/2021 - more than two weeks after its base OS, FreeBSD 12.2 got EOL'd.
      All in all, they use an outdated OS as a base and when people ask why this or that isn't supported yet, the answer is: because the OS doesn't support it yet. Sure, because it's outdated.
      Also, EOL means no CVE fixes, nothing. It should not be used, especially not in software which is security related.