1.2.3 release status update
The announcement for the 1.2.3 snapshots advised caution because of some changes going in, and unknowns with the switch to FreeBSD 7.1. It has been well tested at this point, and I wouldn’t hesitate to use it in production if it contains something you need or a developer suggests using it. A timeline on a final release isn’t available at this time though.
The primary changes are:
IPsec connection reloading improvements – When making changes to a single IPsec connection, or adding an IPsec connection, it no longer reloads all your IPsec connections. Only the changed connections are reloaded. That wasn’t a big deal in most environments, but in some it means you can’t change anything in IPsec except during maintenance windows. This is being used in a critical production environment with 400 connections, and works well.
Dynamic site to site IPsec – because of the above change, it was trivial to add support for dynamic DNS hostnames in IPsec. While 1.2.x will not receive new features, this became an exception.
IPsec NAT-T support has also been added.
Upgrade to FreeBSD 7.1 – We never know what we might run into when changing FreeBSD versions. Sometimes a version change requires numerous changes in our code base, as going from 6.x to 7.0 did. Going from 7.0 to 7.1 hasn’t required many changes at all though. This was the primary reason for caution, and it has proven to be a non-issue. It also has proven to fix many hardware regressions between 6.2 and 7.0. A number of users have reported that hardware that worked fine on 6.2 stopped working on 7.0. In every case I’m aware of, 7.1 fixed that problem.
Wireless code update – Sam Leffler, one of the primary developers of wireless on FreeBSD, was kind enough to point us to the latest wireless code back ported from FreeBSD 8.0 to 7.1. There are companies shipping access points on this code base. Our 1.2.3 snapshots include this code, and several users have reported considerable improvements in compatibility, stability and performance.
Dynamic interface bridging bug fix – the bridging bug fix in 1.2.2 introduced a problem with bridging any dynamic/non-Ethernet interface, such as VLANs, tun, tap, etc. which has been fixed.
Tags: 1.2.3
February 10th, 2009 at 10:14 pm
Awesome. Thanks to all contributorsm, the pfSense team and Sam Leffler for their hard work on this release!
February 10th, 2009 at 10:50 pm
NAT-T…seriously??!? Yes, finally! Been waiting on this for a LONG time. Thanks!
February 10th, 2009 at 11:42 pm
It’s always nice to get to a FBSD *.1 version. Great work, truly amazing product, will wait anxiously for the 1.2.3.
February 11th, 2009 at 3:46 am
Wow. That is quite a list of fixes! The VLAN fix is HUUUGE!
Thanks for all the great work!
February 11th, 2009 at 4:09 am
You guys are superb.
February 11th, 2009 at 8:29 am
* IPsec NAT-T
* Dynamic site to site IPsec
Holy crap….these are the only two things that were missing that I needed. No new features my ass…. thank you!!
February 11th, 2009 at 9:08 am
The code for NAT-T support was already there, it was just hidden from the GUI and the kernel patch wasn’t included previously.
February 11th, 2009 at 4:23 pm
pfSense ist getting better and better. I love it.
I can’t wait to switch my “dynamic openvpn site to site” setup to “dynamic site to site IPsec”.
Thank you to the pfSense team and all the developers.
February 12th, 2009 at 10:05 am
We have used pfsense for a few years, and it keep growing.
Really happy to know that “dynamic site to site IPsec” is finally supported ^^
PFSense really great~
I guess another most wanted feature / fix is the FTP issue under multi-wan
February 12th, 2009 at 11:03 am
Nice Pfsense Devs,
One question… when role-based webGUI access will available to use?
February 12th, 2009 at 11:28 am
PfUser: in 2.0, like all new features (dynamic site to site and NAT-T were exceptions because the code was already there for both, they just needed a minor change and exposing to the GUI).
February 13th, 2009 at 6:50 am
Awsome.
The fact that not all the tunnels reset when changing one is very cool an d important. Large IPSEC concentrator will be easier to manage.
Nat-T…nice!
I’ll be testing it as soon as I can.
Thx
February 13th, 2009 at 2:53 pm
Must be blind… cannot find the NAT-T Setting…
February 13th, 2009 at 4:00 pm
where is the 1.2.3 file to download ?
February 13th, 2009 at 4:04 pm
philrou: Added the link to this post.
Beat: haven’t checked an actual snapshot, will at some point.
February 14th, 2009 at 10:35 am
Re: NAT-T
Is there a reason not to enable it all the time? If it doesn’t need to be used, it won’t be. ‘Not sure why we need a GUI checkbox at all.
February 14th, 2009 at 2:41 pm
Really great,
We are willing to migrate all our Cisco firewalls to pfSense as well as use it in all new deployments, I am really impressed with all new features, our company is almost completely relying on this great piece of software.
I hope to see pfSense better and better.
Regards
February 14th, 2009 at 3:12 pm
Beat: the checkbox is definitely there in snapshots.
Robert: right, it won’t be used if it isn’t supported but is enabled, but still something we want to let people control. Some may never want to use it even if it is available, and with all the various deployments out there, we don’t want to turn on something that wasn’t previously turned on, there’s a chance that will break things for some people.
February 15th, 2009 at 5:34 pm
Just wanted to thank y’all for fixing the VPN/ipsec issues. I had been havving issues with connecting my pfsense to tz190 sonicwalls with enhanced os (customer boxes). After the 1.2.3 update the VPNs came up instantly no problem. Thanks again.
Mr. Johnathan Bravo
–ohhh mama!!!—
February 16th, 2009 at 5:26 pm
JBravo,
I agree. This sole feature allows me to start replacing Sonicwalls in my environment. I’ve been waiting for what seems like years.
And for home use, the addition of UPnP and (easy) static DHCP mapping makes pfSense even more desirable than a Cisco ASA5505 in many ways.
February 16th, 2009 at 5:50 pm
seriously after I try pfsense version 1.2.3 was more aggressive. uga update its running very well. Exactly the same as FreeBSD 7.1 which I use now.
From the GUI display almost no change dibandingakan stable version 1.2.2 .. However, the performance of version 1.2.3 systemnya more stable.
Load Balance, traffic sharper, multi wan (pppoe & static). running normally. Internet connection for the client is more stable.
What can I give advice. try pfsense version 1.2.3 and feel the difference ..
February 17th, 2009 at 6:47 am
Is everything OK with the build server? No new snapshots since the 11th of Feb.
Waiting with anticipation!
Thanks for the great work.
Duncan
February 17th, 2009 at 10:34 am
Duncan: there haven’t been any changes since the 11th. When there are, they’ll be updated again.
February 17th, 2009 at 6:29 pm
I haven’t used a snapshot of pfSense before. Is it possible to upgrade from snap to snap as new ones are released, and then later to the final 1.2.3, or would a system require a reinstall to update?
February 17th, 2009 at 7:03 pm
Jason: you can upgrade just like any release.
February 18th, 2009 at 12:33 pm
@Chris: Cool, thanks.
February 18th, 2009 at 4:08 pm
I’m downloading now, any chance glxsb.ko is available? Its the Geode security block driver which I believe is included in 7.1 CVS. It has been backported to 6 as well.
February 18th, 2009 at 9:35 pm
In case its not in CVS:
http://user.lamaiziere.net/patrick/glxsb-220608.tar.gz
February 18th, 2009 at 10:23 pm
Albert: we forgot that was in 7.1, thanks for the reminder. It was just added to the kernel config, will be in snapshots starting 02/19.
try it out and let us know how it goes.
February 20th, 2009 at 8:59 am
Where can I find the change logs for 1.2.3 and 2.0?
February 20th, 2009 at 1:06 pm
Martin:
1.2.x here: https://rcs.pfsense.org/projects/pfsense/repos/mainline/logs/RELENG_1_2
2.0 here: https://rcs.pfsense.org/projects/pfsense/repos/mainline/logs/master
February 20th, 2009 at 6:25 pm
Thanks!
March 4th, 2009 at 5:02 am
I guys
any news when the 1.2.3 will released as stable?
March 4th, 2009 at 1:05 pm
tohil: No idea, we’re mostly working on getting ready for the Hackathon next week and will be working almost entirely on 2.0 then. I suspect since everything on 1.2.3 is working fine, and we haven’t seen any regressions, we’ll make it a RC by the end of the month.
March 6th, 2009 at 4:23 am
Does it capable of a squid proxy multi-wan load balancing and failover? Actually this is my very big problem that’s why I am hesitant to use pfsense on our organization. Please have this fix pfsense developer. I’ll be much proud if you done so. I am looking forward to use pfsense as our firewall,webfilter etc. Just waiting from your feedback. Thanks
March 6th, 2009 at 5:57 pm
Arayzf: No, there is no policy routing from localhost until 2.0 at earliest. Put squid on your internal network instead.
Should you be interested in funding that development, it can be guaranteed for 2.0. Just email me.
March 8th, 2009 at 1:42 am
Hmm, not sure what I did wrong, but I just did an upgrade from 1.2.-RC1 (Nov 08?) of embedded on an Alix box using pfSense-Embedded-Update-1.2.3-20090307-1252.tgz and now it won’t talk to me anymore (yeah, I did it remotely like you’re not supposed to do).
Guess I’ll find out on Monday what its dumping on the terminal port. Fortunately its not a critical box
March 8th, 2009 at 1:51 am
I wouldn’t recommend upgrading embedded at all at this point.
There will be a new embedded coming in the next couple months, utilizing nanobsd (a standard FreeBSD build process). At that point, a re-flash to the new embedded will be required, but from there it will always reliably upgrade.
March 8th, 2009 at 8:13 am
Chris, is this new build part of the 2.0 track only? Or will there be a 1.2x refresh?
March 8th, 2009 at 12:21 pm
Robert: It’ll be available with a 1.2.x base too, that will actually be where I start.
I’m not yet sure if 1.2.3 final release embedded will be this way, or if it’ll be right after that.
I’ll have a blog post dedicated to this sometime in April as work gets under way.
April 1st, 2009 at 3:12 am
Hi,
Do you have any news on the advancement of the 1.2.3 release?
Thanks for this wonderful tool.
April 1st, 2009 at 9:40 am
We bumped the version to RC1 a couple days ago and will have a RC1 release sometime this week.
April 16th, 2009 at 5:06 pm
RC1? Is it soup yet?
April 16th, 2009 at 5:43 pm
1.2.3 is stable, but we’re focused on moving 2.0 to FreeBSD 8 at the moment so it will probably be another few days before 1.2.3 RC1.
April 20th, 2009 at 6:18 pm
Hello, any update on 1.2.3 release?
April 20th, 2009 at 7:46 pm
Jason: there’s one right there above your post.
April 22nd, 2009 at 12:27 pm
Hmm I am sitting here in front of freshly installed snapshot from yesterday (21) and it shows as 1.2.3 RC1
April 22nd, 2009 at 12:33 pm
Michael: yup.
The official signed RC1 release is being built as I’m typing this, it’ll be out this evening.
September 22nd, 2009 at 11:53 am
please can you update the download link?