1.2.3 RC1 now available!
1.2.3-RC1 is now making its way to the mirrors. This is primarily a maintenance release on the 1.2.x series, bringing an updated FreeBSD 7.1 base, and a few bug fixes.
Change list
The primary changes are:
IPsec connection reloading improvements – When making changes to a single IPsec connection, or adding an IPsec connection, it no longer reloads all your IPsec connections. Only the changed connections are reloaded. That wasn’t a big deal in most environments, but in some it meant you couldn’t change anything in IPsec except during maintenance windows. This is being used in a critical production environment with 400 connections, and works well.
Dynamic site to site IPsec – because of the above change, it was trivial to add support for dynamic DNS hostnames in IPsec. While 1.2.x will not receive new features, this became an exception.
IPsec NAT-T support has also been added.
Sticky connections enable/disable – sticky connections were previously only changed status at boot time for the server load balancer.
Upgrade to FreeBSD 7.1 – The FreeBSD base version has changed from 7.0 to 7.1. This brings support for new hardware, and seems to fix a number of hardware regressions between 6.2 and 7.0. A number of users have reported that hardware that worked fine on 6.2 stopped working on 7.0. In every case we’re aware of, 7.1 fixed that problem.
Wireless code update – Sam Leffler, one of the primary developers of wireless on FreeBSD, was kind enough to point us to the latest wireless code back ported from FreeBSD 8.0 to 7.1. This is included in 1.2.3-RC1. There are companies shipping access points on this code base. Several users have reported considerable improvements in compatibility, stability and performance.
Dynamic interface bridging bug fix – the bridging bug fix in 1.2.2 introduced a problem with bridging any dynamic/non-Ethernet interface, such as VLANs, tun, tap, etc. which has been fixed.
Ability to delete DHCP leases – A delete button has been added to the DHCP leases page, and when adding a static mapping, the old lease is automatically deleted.
Polling fixed – polling was not being applied properly previously, and the supported interfaces list has been updated.
ipfw state table size – for those who use Captive Portal in large scale environments, ipfw’s state table size is now synced with pf’s state table size.
Server load balancing ICMP monitor fixed.
UDP state timeout increases – By default, pf does not increase UDP timeouts when set to “conservative”, only TCP. Some VoIP services will experience disconnects with the default UDP state timeouts, setting state type to “conservative” under System -> Advanced will now increase UDP timeouts as well to fix this.
Disable auto-added VPN rules option - added to System -> Advanced to prevent the addition of auto-added VPN rules for PPTP, IPsec, and OpenVPN tun/tap interfaces. Allows filtering of OpenVPN client-initiated traffic when tun/tap interfaces are assigned as an OPT.
Multiple servers per-domain in DNS forwarder overrides - previously the GUI limited you to one server per domain override in the DNS forwarder, you can now put in multiple entries for the same domain for redundancy.
Download
Note: At the time of this post, most, but not all of the mirrors have the files. It may be close to 24 hours before they all have the files. If you find one that does not, choose a different one.
Tags: 1.2.3
April 22nd, 2009 at 10:48 pm
Nice !
again, good work!
April 23rd, 2009 at 12:39 am
Thank You!!
April 23rd, 2009 at 2:16 am
hm..LiveCD isn’t bootable (?)…checked md5 and burned multiple times now…iso dowsn’t work in virtualbox too…
April 23rd, 2009 at 2:49 am
[...] de la explicacion completa en su blog y podeis bajaros las instalaciones limpias o los upgrades de los sitios de [...]
April 23rd, 2009 at 2:58 am
Filtering for openVPN !!!!
*yay*
April 23rd, 2009 at 4:14 am
Thanks for the effort guys, really appreciated.
April 23rd, 2009 at 6:29 am
I’m looking forward to the improvements!
April 23rd, 2009 at 8:31 am
Happy puppy here saying thank you for OpenVPN and IPsec improvments!
April 23rd, 2009 at 10:13 am
issue2k: the iso was gzipped but didn’t have a gz extension, usually we extract them because gz’s can cause issues. I extracted it and the mirrors will sync, but if you just add a .gz extension to what you downloaded it will be fine.
April 23rd, 2009 at 10:21 am
Looking through the different mirrors, i found that the 1.2.3 livecd listed with two different sizes, 46M and 55M
the 46M one failed to mount, where as the 55M one mounts fine
April 23rd, 2009 at 11:12 am
I have been using Pfsense 1.2.3 update from the beginning until the last 23 april 2009, (and I will continue to follow until the end). the result is really amazing once. Performance is very good and responsive and aggressive. CPU usage becomes more efisient. Personally I recommend use pfsense on your company.
Gladizxx – Indonesia
April 23rd, 2009 at 12:02 pm
Kenny: read my post above. The smaller one is the gzipped one, the bigger one is the unzipped one. As all the mirrors sync (most of them are synced as of now) they’ll get the un-gzipped one. The smaller one is fine if you unzip it.
April 23rd, 2009 at 12:35 pm
Wireless AP users should be aware that the wlan-lan bridge isnt working.
Altough the newsitem mention “great improvements” it is unusable at the moment
Dont know where these users are that are mentioned but they are not atleast on the pfsense-forum..
April 23rd, 2009 at 1:01 pm
[...] http://blog.pfsense.org/?p=428 [...]
April 23rd, 2009 at 1:31 pm
Niko: Wireless bridging is working fine. I’m using it, and I know of many others who are as well.
April 23rd, 2009 at 3:08 pm
it is also possible to add multiple servers for domain overrides in 1.2.3, for a single domain, and they will be checked in the order in the list.
April 23rd, 2009 at 5:02 pm
Well, for the first time my wireless AP is working fine now with this latest v1.2.3 RC1 release. It was not working at all in v1.2.2 on my hardware config.
April 23rd, 2009 at 5:55 pm
Dimitri: Oh yeah, I overlooked that in the change log. Added to the post.
April 24th, 2009 at 3:00 am
great works guys!
April 24th, 2009 at 3:25 pm
I have 1.2.2 config exported (not package settings). Can I install clean, then import those settings as before?
April 24th, 2009 at 3:58 pm
Sammy: yes, but you don’t have to reinstall unless you want to get rid of the packages you had. See the upgrade guide linked in the post.
April 27th, 2009 at 6:37 am
Tried it today, Still no support for Most Mini-ITX NICs (Realtek 8110SC / Realtek 8169SC / Jetway Expansion NICs)
April 27th, 2009 at 9:18 pm
Ataa: those should all be supported. I’m using the Jetway expansion NICs and 8110SC with no problems. Post to the forum or mailing list with more info please.
April 28th, 2009 at 12:46 am
@Chris :
Already done so waiting for input.
Regards
April 28th, 2009 at 1:16 pm
Where’s up upgrade for the embedded version?
April 28th, 2009 at 3:12 pm
Varian: there isn’t an official RC1 update. you can find them on the snapshot server, but as always, it may not work on embedded.
http://snapshots.pfsense.org/FreeBSD7/RELENG_1_2/
April 28th, 2009 at 10:55 pm
Just downloaded the embedded version. Working perfect on ALIX 2D3.
Thanks for your great hard work.
Regards
April 29th, 2009 at 9:47 am
Tried it yesterday.
We updated one of our firewalls, but one of its NICs is not properly recognised: Intel(R) PRO/!000 Network Connection Version – 6.7.3 with 4 interfaces.
pfSense 1.2.2 recognises it correctly and 4 interfaces are assigned to it: em0 thru em3. In 1.2.3 only one of the 4 interfaces is recognised (em0), and thus it’s not very usable for our purposes…
The other NIC (Broadcom NetXtreme Gigabit Ethernet Controller, ASIC rev. 0xa200, with two interfaces integrated in motherboard) works OK (assigned interfaces: bg0 & bg1).
May 5th, 2009 at 4:27 am
NAT-T, one of features I want to use most. Thank you so much
Regards
May 26th, 2009 at 2:41 pm
Does this version have the hyper-V kernel patch added to the FreeBSD kernel?
May 26th, 2009 at 2:45 pm
Scott: no idea what you’re talking about. None of us use nor follow hyper-v. Got a URL?
May 27th, 2009 at 3:07 am
Will later releases support WWAN like HSDPA sticks/cards on usb/pcmia?
Vacancy or Conferences.
Like for an mobile “WLAN Hotspot”or similar. That should be nice for “desert”
Kind Regards
Flinx
May 27th, 2009 at 4:42 pm
Philip: in 2.0 yes.
June 3rd, 2009 at 7:45 pm
Version 1.2.3-RC1
built on Wed Apr 22 16:21:49 EDT 2009
Platform embedded
AND
Version 1.2.3-RC1
built on Tue May 12 12:55:34 EDT 2009
Platform embedded
I can’t find the sip proxy menu
June 6th, 2009 at 2:43 pm
This product is fantastic. This product just keeps getting better and better. I I have been using for all most 2 years. I just keeps getting better and better.
June 15th, 2009 at 3:25 am
martin: it’s there, but if you use an upgraded configuration, there is a problem in that it doesn’t insert the requisite configuration to make the menu appear. You can manually fix it by backing up the configuration, looking at the default configuration (in /conf.default/config.xml) to pull out the siproxd bits, and inserting them into your backup, then restoring. If done improperly, it will hose your system so you may just want to wait for a proper fix (or reconfigure after resetting to a default configuration, if you have a really simple setup).
We’re working on a fix.
June 15th, 2009 at 5:39 am
@Chris Buechler: Read the Hyper-V-Comment of Scott:
hyper-v + pfsense-problem: pfsense is running on hyper-v, BUT: shutdown/restart does not work due to kernel-patch-problem in die underlying OS. you have to start ms powershell and kill the process-id manually for a restart
a small patch is available and seems to be easy to implement. would be VERY GREAT if you could implement this patch. i know, hyper-v is windows – but, why not satisfying those users too.
url: http://forum.pfsense.org/index.php?topic=12157.0
June 15th, 2009 at 8:45 pm
That Hyper-V patch isn’t correct. There was a more correct work around to hyper-v’s glitch added to FreeBSD that’s a considerably larger patch, not something we’re going to back port to 7.2. It should work properly with FreeBSD 8, which is what 2.0 will be based on.
June 17th, 2009 at 9:37 am
Is there a release date set? A roadmap? Thanks.
June 17th, 2009 at 1:44 pm
dave: there will be an update post here sometime this week.
June 21st, 2009 at 9:02 am
Any news ? Week is almost gone
June 21st, 2009 at 4:36 pm
The_Glu: http://blog.pfsense.org/?p=459