

End of the m0n0wall project - lindell
http://m0n0.ch/wall/end_announcement.php

======
dstroot
Checkout pfSense - have used it for years after trying m0n0wall. The
recommended path forward, OPNSense, is a fork of pfSense. I have not tried it,
and I get their reasons for forking and many of the improvements they are
making are really, really needed - BUT the community isn't there yet where
pfSense has a thriving community behind it.

~~~
gonzo
I dont understand their reasons for forking.

~~~
otoburb
If one of the active pfSense developers is asking this question[1], then
Manuel Kasper's OPNsense endorsement is certainly confusing without additional
context. Without a doubt, the endorsement certainly carries weight given
m0n0wall's impact and legacy over the years.

[1] [https://www.pfsense.org/about-pfsense/development-
team.html](https://www.pfsense.org/about-pfsense/development-team.html)

~~~
gonzo
Outside of Manuel himself, no single person has put as much time and effort
into m0n0wall as Chris Buechler has. Chris wrote most of what's on
doc.m0n0.ch, and has by far the highest post count to the m0n0wall list. Chris
also had a source commit bit. We host doc.m0n0.ch to this day.

Chris is honestly baffled by what Manuel wrote. It feels like a slap in the
face.

------
ecaron
This should serve as the gold standard for how to implement a decision like
this.

~~~
sejje
How to make the decision? How to execute it?

And for what reason (what did you like about it?)

~~~
ecaron
Several points: * A definitive decision with clearly defined dates. *
Acknowledgement towards successors * The _HUGE_ effort and endeavor to
snapshot and maintain the archives for posterity.

------
esaym
I basically replaced my linux firewall box with shorewall and xen a few years
ago: [http://shorewall.net/XenMyWay.html](http://shorewall.net/XenMyWay.html)

Now I run a whole bunch of stuff on only one machine.

~~~
nubb
I did similar. Had a mini atx centos box I ended up throwing on ESXi and
getting it in the front of the network through some layer 2 magic. I love
shorewall.

------
cones688
Moved to PFSense a few months ago and I cannot recommend it enough, I have it
on a Thinkserver tower which hosts all my VMs on ESX and out of a second NIC
comes my wifi router.

Pfsense is such a great piece of software, DNS forwarder and build in OpenVPN.

~~~
atmosx
I don't understand why PFSense and OPNsense use FreeBSD and not OpenBSD which
comes with a more advanced version of PF.

Is there any reasonable explanation for their choice? I'm using FreeBSD myself
but not as a router. If I should choose an OS for router, I'd probably go with
OpenWRT or OpenBSD.

~~~
briHass
PFSense has a note about that choice in their FAQ:
[https://doc.pfsense.org/index.php/Why_was_FreeBSD_chosen_ins...](https://doc.pfsense.org/index.php/Why_was_FreeBSD_chosen_instead_of_another_OS)

Another lover of PFSense here. I started out with M0n0wall, but there were a
few items that drove me to pfSense ultimately (the slightly strange way
setting up rules/port forwards, and the need for different IPSEC encryption
algos for a corporate firewall connection.) I have pf humming along on an
older Alix2d3 kit, and have had ZERO problems. I now see that there's a more
powerful APU board that will be my upgrade path when this box dies, or I
upgrade my internet beyond ~50mbps -- whichever comes first.

~~~
gonzo
that FAQ is a little old.

The statement that the "pf" in OpenBSD is "better" isn't necessarily true. The
"pf" in FreeBSD and pfSense is a bunch faster, even on single-core.

the IPsec in FreeBSD and pfSense (especially AES-GCM) is also, much faster
than that found in OpenBSD.

OpenBSD has a problem: it doesn't scale on multi-core CPUs, and the world has
gone multi-core. FreeBSD took years to get this right (forking Dragonfly along
the way due to disagreement about the MT model.)

------
el_duderino
The suggested OPNsense ([https://opnsense.org](https://opnsense.org)) looks
promising.

------
zmanian
Presumably Manuel is busy with Threema.

~~~
agumonkey
Never heard of it.

 _Threema is a mobile messaging app that puts security first. With true end-
to-end encryption, you can rest assured that only you and the intended
recipient can read your messages. Unlike other popular messaging apps
(including those claiming to use encryption), even we as the server operator
have absolutely no way to read your messages._

[https://threema.ch/en](https://threema.ch/en)

------
oz
Man, this brings back memories. My first job - started out as a summer intern
at an MVNO. We needed access via RDP to the host carrier's billing platform,
so we needed to establish an IPSec VPN to their network. Of course, our little
WRT54G wasn't gonna do the job...

Spoke with a network engineer at the host carrier, who recommended we try out
m0n0wall. Played with it for a little bit, but then was led to pfSense, which
we ended up using.

That was 2006. Time does fly...

------
dexcs
m0n0 was one of the greatest open source software i've ever used. It just
worked.

For a flashback go to their gallery:
[http://m0n0.ch/wall/gallery.php](http://m0n0.ch/wall/gallery.php)

So awesome!

------
alexeyza
Thank you Manuel (and all the contributors) for creating and working on
mOnOwall! It was a great project.

------
zf00002
Any word on what Manual will be doing now? Is he going to work with pfsense or
OPNSense guys?

------
listic
Has it been just this one guy who worked on this project all along?

~~~
wooh
Of course not. I think all of the developers agreed on finishing the project
and focus on the 'new generation' m0n0wall like the OPNsense.

These guys were the main contributors:

Andrew White (awhite) <andywhite at gmail dot com> Lennart Grahl (lgrahl)
<lennart.grahl at gmail dot com> Manuel Kasper (mkasper) <mk at neon1 dot net>
Pierre Nast (pnast) <pierre at coldev dot org>

------
meesterdude
I have fond memories of m0n0wall. Thanks for the great work.

