Archive for July, 2007

1.2 Release Candidate 1 released!

Saturday, July 21st, 2007

1.2-RC1 has been released! Here are just a few of the new improvements and features that have made their way into this new version:

New features/improvements present in 1.2-RC1:

  • Many IPSEC improvements when you have more than 40+ IPSEC tunnels
  • RRD Queues Graphing fixes
  • DNS Forwarder (DNS Masq) has been updated to version 2.39
  • Miniupnpd should now shutdown correctly when disabled
  • Minor RRD graph fixes for periods longer than 8 months
  • DHCPD now started before DNS Forwarder on embedded platform
  • pftpx processes now killed correctly after the queue changes (ALTQ)
  • ftpsesame recompiled against libevent-1.3

Features/improvements presnet in 1.2-BETA3:

  • Restart filter logging subsystem after time zone changes
  • Remove extra SSH password authentication line
  • IPSEC filter rule tab now hidden when IPSEC is disabled
  • Dyanmic log viewer removed due to too many issues (will reappear in 1.3)
  • Increase ephemeral port range for busy firewalls
  • More IPSEC /CARP cleanups
  • Misc logging viewer fixes

Features/improvements present in 1.2-BETA2:

  • Advanced outbound NAT fixes
  • UPNP now works on LiveCD
  • Misc log viewing fixes
  • Password field lengths now line up on nervecenter theme
  • IPSEC now works correctly on CARP interfaces out of the box
  • Routed hosts behind a policy-routed segment can now reach the LAN interface correctly when the anti-lockout rule is enabled
  • pfSync and CARP now will work correctly on extremely restrictive rulesets
  • Captive portal images fixed
  • SLBD 100% utilization fixes
  • 64 megabyte memory improvements (works but not supported)
  • Misc packet capture fixes
  • Dashboard package added
  • Update static routes on filter reload
  • Miniupnpd version bump to 20070521
  • Turn off antispoof on bridges
  • NAT reflection timeout extended to 2000 which is roughly 33 minutes
  • use_rrd_gateway location fixes
  • Fixed advanced firewall rule tunables

And the features/fixes that where introduced in 1.2-BETA-1:

  • FreeBSD updated to 6.2
  • Reworked load balancing pools which allow for round robin or failover
  • miniupnpd has proven to work so well that it is now in the base install but deactivated by default (uninstall the miniupnpd package before upgrading to avoid duplicate menu items)
  • Much enhanced RRD graphs
  • Numerous Squid Package fixes
  • PPTP Server includes WINS server settings correctly now
  • General OpenVPN stability improvements
  • “Nervecenter” theme added as default
  • Status -> DHCP leases now 1500% faster
  • Captive portal now allows traffic to port 8000 and 8001 behind the scenes
  • Multiple miscellaneous pf rule fixes to prevent broken rulesets
  • DNS server with active failover will show up when 1.2 releases (Screen shot of test >here<.)
  • dnsmasq updated to 2.36
  • olsrd updated to 0.4.10
  • Alias line item descriptions backported from -HEAD
  • Enhanced cron handling backported from -HEAD
  • dhclient changes backported from FreeBSD 7
  • miniupnpd updated
  • Speed NAT apply page up 100%
  • PPPoE auto disconnect (for our German users)
  • Soekris/WRAP error light usage now when a problem or alert occurs
  • TCPDump interface
  • VLAN assign interface improvements
  • SLBD/load balancing ping times increased to a timeout of 2 seconds
  • Package infrastructure to safely sync package data between CARP nodes added
  • Miscellaneous DHCP Server OPT interface fixes
  • 1:1 NAT outgoing FTP fixes
  • OpenVPN stability fixes
  • Traffic shaper wizard now displays errors correctly
  • BandwidthD package added
  • Pinger framework improved
  • Dynamic filter log viewer added
  • IPSec filtering is now possible. You need to create rules before traffic will pass!!
  • Individual kill state feature back ported from HEAD on Diagnostics, Show States screen
  • Fix for DHCP Load balancing edge case where monitor IP’s would be mapped through the wrong gateway.
  • Option added to turn off TX and RX hardware checksums. We are finding more and more hardware that this feature just simply doesn’t work very well.
  • OpenVPN PPPoE fixes
  • Reload VLAN interfaces correctly after adding a new one
  • Multiple client OpenVPN fixes
  • PHP upgraded to 4.4.6
  • Synchronized captive portal with m0n0wall
  • CARP IP addresses can be used on IPSec VPN connections and multi-WAN IPSec now works correctly
  • config.xml stability improvements to drastically reduce chances of corruption
  • Packages auto-fix themselves if a problem arises in the installation
  • Lighttpd upgraded to 1.4.15
  • PPPoE server subnet fixes
  • OpenVPN outgoing bandwidth limits added
  • Firewall schedules feature added
  • Server load balancing pool page added
  • Multi-WAN NAT configuration now correct in non-Advanced Outbound NAT mode
  • Load balancing ping now uses fping

1.2-RC1 will appear at a mirror near you very soon. Please let us know what you think on the forum or mailing list.

Posted by in Uncategorized | 9 Comments »

GRUB now default boot loader

Sunday, July 15th, 2007

If you have installed 1.2 beta 2, you have likely noticed GRUB is now used as the boot loader rather than the stock FreeBSD boot loader. Though I’ve seen it a number of times now, this still looks odd to me. :)


This eliminates a number of problems caused by bugs or limitations in FreeBSD’s boot loader that numerous users have run into, primarily with some SATA drives and any device that wants real mode BIOS system functions.

Posted by in Uncategorized | 2 Comments »

New Documentation Site Online

Sunday, July 15th, 2007

The old spam-plagued doc.pfsense.org site has been replaced with a fresh, clean, locked down install. Most of the old content has been moved over, though we’re still working on moving a few of the pages off the old site. The new site also contains some new content.

The old site can still be found for the time being at olddoc.pfsense.org. If you know of something there that isn’t yet moved over to the new site, please email me.

Since the number of contributors to the old site was relatively small, and dealing with spammers was a constant and time consuming battle, we’ve completely disabled user registrations and only allow logged in users to edit pages. But that’s not to say we discouraging people from contributing! If you would like an account on the new site, please email me with your desired user name and I will create one for you.

Posted by in Uncategorized | No Comments »

Announcing pfSense Commercial Support

Tuesday, July 10th, 2007

BSD Perimeter, a company founded by Scott Ullrich and me, the founders of pfSense, has officially opened for business today providing commercial support for both pfSense and m0n0wall. You can purchase online via portal.pfsense.org.

The project will not change in any way. It still is, and will remain, a free open source project. This endeavor is a means to cover project expenses, and we hope eventually it will bring in enough to support full time developers on the open source side.

This is a great opportunity for our users, as it ensures timely access to qualified individuals for your support needs.

Posted by in Uncategorized | 7 Comments »

1.2-BETA-2 released!

Wednesday, July 4th, 2007

1.2-BETA-2 has been released! Here are just a few of the new improvements and features that have made their way into this new version:

  • Advanced outbound NAT fixes
  • UPNP now works on LiveCD
  • Misc log viewing fixes
  • Password field lengths now line up on nervecenter theme
  • IPSEC now works correctly on CARP interfaces out of the box
  • Routed hosts behind a policy-routed segment can now reach the LAN interface correctly when the anti-lockout rule is enabled
  • pfSync and CARP now will work correctly on extremely restrictive rulesets
  • Captive portal images fixed
  • SLBD 100% utilization fixes
  • 64 megabyte memory improvements (works but not supported)
  • Misc packet capture fixes
  • Dashboard package added
  • Update static routes on filter reload
  • Miniupnpd version bump to 20070521
  • Turn off antispoof on bridges
  • NAT reflection timeout extended to 2000 which is roughly 33 minutes
  • use_rrd_gateway location fixes
  • Fixed advanced firewall rule tunables

And the features/fixes that where introduced in 1.2-BETA-1:

  • FreeBSD updated to 6.2
  • Reworked load balancing pools which allow for round robin or failover
  • miniupnpd has proven to work so well that it is now in the base install but deactivated by default (uninstall the miniupnpd package before upgrading to avoid duplicate menu items)
  • Much enhanced RRD graphs
  • Numerous Squid Package fixes
  • PPTP Server includes WINS server settings correctly now
  • General OpenVPN stability improvements
  • “Nervecenter” theme added as default
  • Status -> DHCP leases now 1500% faster
  • Captive portal now allows traffic to port 8000 and 8001 behind the scenes
  • Multiple miscellaneous pf rule fixes to prevent broken rulesets
  • DNS server with active failover will show up when 1.2 releases (Screen shot of test >here<.)
  • dnsmasq updated to 2.36
  • olsrd updated to 0.4.10
  • Alias line item descriptions backported from -HEAD
  • Enhanced cron handling backported from -HEAD
  • dhclient changes backported from FreeBSD 7
  • miniupnpd updated
  • Speed NAT apply page up 100%
  • PPPoE auto disconnect (for our German users)
  • Soekris/WRAP error light usage now when a problem or alert occurs
  • TCPDump interface
  • VLAN assign interface improvements
  • SLBD/load balancing ping times increased to a timeout of 2 seconds
  • Package infrastructure to safely sync package data between CARP nodes added
  • Miscellaneous DHCP Server OPT interface fixes
  • 1:1 NAT outgoing FTP fixes
  • OpenVPN stability fixes
  • Traffic shaper wizard now displays errors correctly
  • BandwidthD package added
  • Pinger framework improved
  • Dynamic filter log viewer added
  • IPSec filtering is now possible. You need to create rules before traffic will pass!!
  • Individual kill state feature back ported from HEAD on Diagnostics, Show States screen
  • Fix for DHCP Load balancing edge case where monitor IP’s would be mapped through the wrong gateway.
  • Option added to turn off TX and RX hardware checksums. We are finding more and more hardware that this feature just simply doesn’t work very well.
  • OpenVPN PPPoE fixes
  • Reload VLAN interfaces correctly after adding a new one
  • Multiple client OpenVPN fixes
  • PHP upgraded to 4.4.6
  • Synchronized captive portal with m0n0wall
  • CARP IP addresses can be used on IPSec VPN connections and multi-WAN IPSec now works correctly
  • config.xml stability improvements to drastically reduce chances of corruption
  • Packages auto-fix themselves if a problem arises in the installation
  • Lighttpd upgraded to 1.4.15
  • PPPoE server subnet fixes
  • OpenVPN outgoing bandwidth limits added
  • Firewall schedules feature added
  • Server load balancing pool page added
  • Multi-WAN NAT configuration now correct in non-Advanced Outbound NAT mode
  • Load balancing ping now uses fping

1.2-BETA-2 will appear at a mirror near you very soon. Please let us know what you think on the forum or mailing list.

Posted by in Uncategorized | 7 Comments »