pfSense Digest

As Holger noted previously, the pfSense 2009 Hackathon is coming up in less than three weeks. This will be our fourth Hackathon, and each year is bigger than the last. We have held one major event every 12-18 months since the project’s inception in 2004. The last was in October 2007, with pictures here. 

These events have been invaluable to the development of the project. It’s easier to work with people whom you have met in person, and getting together as a group to focus on development makes for significant strides in a short period of time. This year the focus is on the 2.0 release – mostly wrapping up numerous loose ends and fixing bugs, as well as general discussions and planning for the 2.0 release cycle. 

Scott and I have started preparing, getting test networks and equipment in place. Holger and Seth will arrive from Germany and the Netherlands respectively in less than three weeks. Three or four other developers will join as well, for a total of 7 or 8 people. 

We need your help!
The developers are taking vacation time from their day jobs to come, and we want to ensure they won’t have any out of pocket expenses for the event. In years past, we have been able to cover expenses thanks to the donations of many of you.  We again need your help. You can donate here, and every little bit helps. For those with larger budgets, consider our commercial support which offers a number of benefits in addition to providing funding for the project. 

A big thanks to those who have contributed already!

The announcement for the 1.2.3 snapshots advised caution because of some changes going in, and unknowns with the switch to FreeBSD 7.1. It has been well tested at this point, and I wouldn’t hesitate to use it in production if it contains something you need or a developer suggests using it. A timeline on a final release isn’t available at this time though.

The primary changes are:

IPsec connection reloading improvements – When making changes to a single IPsec connection, or adding an IPsec connection, it no longer reloads all your IPsec connections. Only the changed connections are reloaded. That wasn’t a big deal in most environments, but in some it means you can’t change anything in IPsec except during maintenance windows. This is being used in a critical production environment with 400 connections, and works well.

Dynamic site to site IPsec – because of the above change, it was trivial to add support for dynamic DNS hostnames in IPsec. While 1.2.x will not receive new features, this became an exception.

IPsec NAT-T support has also been added.

Upgrade to FreeBSD 7.1 – We never know what we might run into when changing FreeBSD versions. Sometimes a version change requires numerous changes in our code base, as going from 6.x to 7.0 did. Going from 7.0 to 7.1 hasn’t required many changes at all though. This was the primary reason for caution, and it has proven to be a non-issue. It also has proven to fix many hardware regressions between 6.2 and 7.0. A number of users have reported that hardware that worked fine on 6.2 stopped working on 7.0. In every case I’m aware of, 7.1 fixed that problem.

Wireless code update – Sam Leffler, one of the primary developers of wireless on FreeBSD, was kind enough to point us to the latest wireless code back ported from FreeBSD 8.0 to 7.1. There are companies shipping access points on this code base. Our 1.2.3 snapshots include this code, and several users have reported considerable improvements in compatibility, stability and performance.

Dynamic interface bridging bug fix – the bridging bug fix in 1.2.2 introduced a problem with bridging any dynamic/non-Ethernet interface, such as VLANs, tun, tap, etc. which has been fixed.

Download

Revision 3′s Hak5 recently featured pfSense.   Check it out!!