1.2.3-RC3 now available!
After several months since the last official 1.2.3-RC release, because of some tough issues in the underlying software that are now resolved, 1.2.3-RC3 is now available.
The final release will be coming very soon, please help test.
The major changes since 1.2.3-RC1:
- NAT-T support has been removed. Adding it brought out bugs in the underlying ipsec-tools, causing problems in some circumstances with renegotiation and completely breaking DPD. These issues are fixed in the CVS version of ipsec-tools, but it’s still considered alpha, and we found different problems when attempting to use it instead. NAT-T will be back in the 2.0 release, where it’s not as much of a pain since NAT-T is now in stock FreeBSD 8.
- Outbound load balancer replaced – The underlying software that does the monitoring and ruleset reloads for outbound multi-WAN load balancing has been replaced. This does not change anything from the user’s perspective, as only back end code changed. This fixed WAN flapping that was experienced by a small number of users.
- Captive portal locking replaced – the locking used by the captive portal has never been great (same as used in m0n0wall, where a replacement is also under consideration), and in some circumstances in high load environments (hundreds or thousands of users) it could wreak havoc on the portal. This has been replaced with a better locking mechanism that has resolved these issues.
- Embedded switched to nanobsd – this is explained more here.
- DNS Forwarder now queries all configured DNS servers simultaneously, using the one that responds the fastest. In some circumstances this will improve DNS performance considerably.
- Atheros driver reverted to the one in FreeBSD 7.1 + patches from Sam Leffler, as existed in 1.2.3-RC1. The FreeBSD 7.2 driver exhibited numerous regressions that are no longer an issue, but reverting removed support for cards newly supported in FreeBSD 7.2.
Those are the major changes in this version that impact many users. A number of other minor edge case bugs were fixed, things that nearly all of you have never seen and won’t ever run into. If you’d like the full details on all the changes on the 1.2.x branch, see the git commit logs.
Downloads
Tags: 1.2.3
October 8th, 2009 at 11:00 pm
I am looking forward to the final release, although I have not had problems with RC1 I will be upgrading. Thanks again for this awsome peice of software!
October 9th, 2009 at 1:29 am
Nice! I just wanted to re-flash my snapshot because the auto-update does not work. Awesome! Now I can also insert my WLAN card into my Alix because it will arrive this weekend. Sweet
October 9th, 2009 at 1:35 am
James: auto-update doesn’t work with nanobsd, it wasn’t removed until more recently though so that wasn’t obvious. The manual update or console update are the only supported update methods for nanobsd, both work fine.
October 9th, 2009 at 3:40 am
Thanks guys, Just updated mine.
- It seems the Multi-wan performance is improved, at least on my hardware.
- I like the new DNS forwarder feature.
- Booting/Re-booting time has increased.
October 9th, 2009 at 4:37 am
Why is my Atheros 5416 not recognized any more.
In the 1.2.3RC3 build from 22-sept-2009 I get:
ath0: mem 0×40000000-0×4000ffff irq 18 at device 9.0 on pci2
With the final RC3 I get:
pci2: at device 9.0 (no driver attached)
October 9th, 2009 at 9:00 am
[...] maiores informações sobre o lançamento desta versão, veja o post no blog do pfSense. Categories: mundo BSD Tags: firewall, lançamento, pfsense [...]
October 9th, 2009 at 12:48 pm
Great news. I have been using 1.2.3 RC# for awhile and I am really impressed. I didn’t see the md5 file for pfSense-Full-Update-1.2.3-RC3.tgz on the mirrors. Is this info available else where?
October 9th, 2009 at 10:30 pm
Hi Chris
Where do we submit information on possible bugs found in the packages?
Regards.
October 9th, 2009 at 11:08 pm
Jonathan: We had to revert the Atheros driver to what we were using in FreeBSD 7.1 based versions because of regressions in the FreeBSD 7.2 driver. By doing so, we lost support for some card models (not many). Better a driver that works than one that’s flaky but supports a couple more cards.
Greg: md5’s are out there now.
Belthazar: Post to the 1.2.3 board on the forum.
http://forum.pfsense.org/index.php/board,50.0.html
October 10th, 2009 at 5:59 am
Owwww… IPSec NAT-T feature is a must for us, specially in Spain, where every ISP blocks their routers to avoid asigning static public IP’s to the WAN interface of pfsense. We are willing to see 2.0 version someday, may be Jan 2010?. Thank you very much for such an amazing product!
October 10th, 2009 at 9:57 am
RisingHawk: Don’t use IPsec. OpenVPN is a much better option in that scenario regardless of NAT-T.
October 11th, 2009 at 12:40 pm
Hi Chris,
Is there somewhere a list of supported atheros cards/chipsets with the current atheros driver?
October 11th, 2009 at 2:51 pm
Michael: the FreeBSD 7.1 hardware compatibility list should be what it supports.
October 13th, 2009 at 3:04 am
When trying to write pfSense-1.2.3-RC3-4g-nanobsd.img.gz to 4gb cf, I get the following message: That disk is larger than 2 GB (safety overwrite check). Please choose another one.
October 13th, 2009 at 3:15 am
Smakodak: You have to use -u with physdiskwrite when writing devices larger than 2 GB.
physdiskwrite -u filename.img.gz
October 13th, 2009 at 3:54 am
Thank you Chris. That did it.
October 13th, 2009 at 8:41 am
For portuguese users, i made a screencast with installation of the new version pfSense 1.2.3-RC3
http://www.luizgustavo.pro.br/blog/2009/10/13/screencast-instalacao-do-pfsense/
October 17th, 2009 at 12:44 pm
[...] de la explicacion completa en su blog y podeis bajaros las instalaciones limpias o los upgrades de los sitios de siempre. Comentarios [...]
October 18th, 2009 at 1:13 pm
Is there any kind of release notes document that tells us what has changed from RC1 to RC2 to RC3?
October 18th, 2009 at 4:59 pm
bk: there was no RC2 official release (we just used it as a tag on snapshots for a while). The changes from RC1 to RC3 are in this post.
October 21st, 2009 at 12:27 pm
When we try to AutoUpdate from v1.2.3 RC1, we get v1.2.2!.
System -> Firmware -> Auto Update Check:
New version: 1.2.2
Current version: 1.2.3-RC1
Update source: http://updates.pfSense.com/_updaters
How do we upgrade from v1.2.3 RC1 to v1.2.3 RC3 from the GUI?
October 21st, 2009 at 12:33 pm
Ap.Muthu: Read the upgrade guide linked in the post. Auto-update only allows the most recent final release.
October 24th, 2009 at 9:50 pm
Forgot the part where users with Atheros cards will not longer be able use use them as support has been REMOVED. I upgraded to find this out and the solution given to me was to re-install a OLDER pfSense. Wow, just wow.
October 24th, 2009 at 10:42 pm
dex: You have no idea what you’re talking about. Support hasn’t been removed. Read the post again. Our choices were either a flaky driver that supports a couple more cards, or a driver that works but is older. We don’t develop the drivers, and don’t have the resources to do so, we have to take what FreeBSD has to offer. Hopefully things are better in FreeBSD 8.
October 25th, 2009 at 5:36 pm
hey, dex, you aren’t paying a dime, so go to forums and freebsd site, and find out for yourself, this is a robust solution for $0 US…(i’m using 1.2.2 on production, full vpn IPsec & OpenVPN, load balancing 2 WAN 8mbps fiber & 4mbps WiMAX, 75 corp. users, and 139 guests, everything on an athlon x2 5200+, 1GB RAM, 80GB HD, 2 3com 905 nics recycled plus integrated NIC;
think again when you try to complain, if you want to choke someone neck go elsewhere… there’s no warranties here, read the license!
October 29th, 2009 at 8:18 am
I must say great job. We have been using 1.2.3-RC1 on 3 servers with each on more than 200 users at one go and no problem EXCEPT the captive portal locking mechanism. We had to create a cron to delete the lock file every 2 mins but once all users are logged in, it settles down. In what way has the locking mechanism changed between 1.2.3-RC1 and 1.2.3-RC3?
October 29th, 2009 at 2:17 pm
Defcon: it was replaced to fix exactly the scenario you’re describing that you could hit in some scenarios. Upgrade, then remove that cron job or it will cause problems.