Main conrainer

2.4 pre-alpha snapshots now available.

pfSense® software version 2.4 pre-alpha snapshots are now available.

pfSense 2.4 will use FreeBSD 11 as a base, and 11.0-RELEASE has not yet occurred.  There will be additional work to use 11.0-RELEASE as a base.

More work at “reduction of technical debt” is occurring in 2.4.  We have decided to not carry forward the kernel patches for Captive Portal.  Instead, it is being re-written to use stock IPFW.  That work is only about 75% complete.  MPD4 needs to be converted to MPD5.  Simultaneously to these, work is occurring to convert several subsystems (e.g. radius) to use the PEAR equivalents:

There appears to be a bug in pf (likely due to the interaction of one of our patches).  This only manifests under high usage.

New features and changes are listed here.

Full change list:
source and build tools
ports
FreeBSD source

Outstanding bugs/features/todo items:
Everything else

We advise that you do not use this on a production system yet. If you have the time and interest, we encourage you to try this on a scratch system or VM and provide feedback for any issues you find.

pfSense 2.3.2-RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3.2!

This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. The full list of changes is on the 2.3.2 New Features and Changes page.

This release includes fixes for 60 bugs, 8 features and 2 todo items completed.

If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

Upgrade Considerations

As always, you can upgrade from any prior version directly to 2.3.2. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.

For those upgrading from a 2.3 beta or RC version who have not yet upgraded to 2.3-RELEASE, please see this post.

Known Regressions

While, nearly all of the common regressions between 2.2.6 and 2.3-RELEASE have been fixed in subsequent releases, the following still exist:

  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223

Packages

Compared to pfSense 2.2.x, the list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.  pfSense 2.3.2 does bring back ntopng, and the vnstat (traffic totals) package is new.

pfSense software is Open Source

For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on Github. 2.3.2-RELEASE is built from the RELENG_2_3_2 branch of each repository.

Main repository – the web GUI, back end configuration code, and build tools.
FreeBSD source – the source code, with patches of the FreeBSD 10.3 base.
FreeBSD ports – the FreeBSD ports used.

Download

Downloads are available on the mirrors as usual.

Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.

Supporting the Project

Our efforts are made possible by the support our customers and the community. You can support our efforts via one or more of the following.

  • pfSense Store –  official hardware, apparel and pre-loaded USB sticks direct from the source.  Our pre-installed appliances are the fast, easy way to get up and running with a fully-optimized system. All are now shipping with 2.3 release installed.
  • Gold subscription – Immediate access to past hang out recordings as well as the latest version of the book after logging in to the members area.
  • Commercial Support – Purchasing support from us provides you with direct access to the pfSense team.
  • Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.

pfSense moves to Apache License

With the pending departure of Chris Buechler, we wanted to find a way to express to the community our continued commitment to keep pfSense® software open source.

As such, pfSense is moving to the Apache License 2.0  in order to align the goals of the project with other (unannounced) offerings from Netgate.  The Apache License 2.0 is a permissive license similar to the MIT License. The main conditions of this license require preservation of copyright and license notices.

Where the 2-Clause and 3-Clause BSD licenses provides no direct language around the areas of copyright, patents and trademarks, the Apache License does. The Apache License is very clear that individual contributors grant copyright license to anyone who receives the code, that their contribution is free from patent encumbrances (and if it is not, that they license that patent to anyone who receives the code,) and that use of Trademarks extends only as far as is necessary to use the product.  As a reminder, only genuine pfSense software can bear the registered trademark of pfSense. It also includes a patent termination clause, should a lawsuit arise.

The Apache License 2.0 is the third most popular license on github. Android, Apache, Chef, DockerOpenStackSalt Stack, and Swift use the Apache License 2.0.

Now pfSense does as well.

 

 

 

Moving Forward

Over the past few months, the Netgate® engineering team and our community contributors have delivered the software foundation for a new era of pfSense® technology.

In April we released version 2.3 of pfSense software which features a new, modern webGUI utilizing Bootstrap, as well as converting the underlying system to FreeBSD® pkg.  The pkg conversion enables us to update pieces of the system individually going forward, rather than the monolithic updates of the past.  The webGUI rewrite brings a new responsive look and feel to the pfSense project, which minimizes resizing or scrolling across a wide range of devices from desktop to mobile phones.

Since releasing pfSense 2.3 we have demonstrated both a dual Ethernet ARM device and the new dual Ethernet Minnowboard Turbot, running an experimental version of pfSense software version 2.4.  We have also shown technology demonstrations of kernel bypass networking via netmap-fwd, which can yield ten-fold improvements in packet processing.  Taken together, these results demonstrate the start of a new era for Netgate and pfSense.

As we enter this new era, Chris Buechler has informed us that he will be leaving the project to pursue a career outside of pfSense and Netgate. On behalf of the company and community, I thank Chris for his passion and dedication to the pfSense project. He worked hard to help build pfSense into an Open Source project that is recognized and respected worldwide as the best-in-class Open Source firewall and router based on FreeBSD.  We will not only miss the technical expertise Chris brought, but also his in-depth knowledge of the pfSense community and customer base. Please join me me in wishing Chris well in his future endeavors.  We will announce a new community manager in the next several weeks. With change, comes great opportunity.

As most of you know, pfSense serves a worldwide community of more than 350,000 users who are passionate about protecting their networks, large and small, using the most flexible, extendable and reliable Open Source firewall and router available.

What we have accomplished over the past few years bringing pfSense technology up to date with changes in FreeBSD, expanding availability into the cloud with Amazon® AWS, Microsoft® Azure and VMware® Certified images, while also making changes in how we think about security and networking is nothing short of amazing.  We know that we have more amazing in us and that Netgate and pfSense have a bright future ahead.  We are excited about our people, we are energized by our ability to change and grow, and we look forward to the success which lies ahead.  We look forward to your continued contributions, and continuing to participate with you in creating the best that pfSense can be.

Thank you for your continued effort working collaboratively in our passionate community of contributors, testers, and users. Together we will continue to advance the state of the art of the best Open Source network security software on the planet.

 Aloha Oe, Chris.

Jim and the Netgate Team

 

pfSense 2.3.1-RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3.1!

This is a maintenance release in the 2.3.x series, bringing a number of bug fixes, two security fixes in the GUI, as well as security fixes for OpenSSL, OpenVPN and FreeBSD atkbd and sendmsg. The full list of changes is on the 2.3.1 New Features and Changes page.

This release includes a total of 103 bug fixes. 79 regressions in 2.3 have been fixed, mostly minor issues in the new GUI. Several of these are significant issues, and have resolved nearly all the post-upgrade problems encountered in 2.3-RELEASE. 24 issues affecting 2.2.x and prior versions have also been fixed.

If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

Upgrade Considerations

As always, you can upgrade from any prior version directly to 2.3.1. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.

For those upgrading from a 2.3 beta or RC version who have not yet upgraded to 2.3-RELEASE, please see this post.

Known Regressions

While, nearly all of the common regressions in 2.3-RELEASE have been fixed in 2.3.1, the following still exist:

  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223

Packages

The list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.

pfSense software is Open Source

For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on Github. 2.3.1-RELEASE is built from the RELENG_2_3_1 branch of each repository.

Main repository – the web GUI, back end configuration code, and build tools.
FreeBSD source – the source code, with patches of the FreeBSD 10.3 base.
FreeBSD ports – the FreeBSD ports used.

Download

Downloads are available on the mirrors as usual.

Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.

Supporting the Project

Our efforts are made possible by the support our customers and the community. You can support our efforts via one or more of the following.

  • pfSense Store –  official hardware, apparel and pre-loaded USB sticks direct from the source.  Our pre-installed appliances are the fast, easy way to get up and running with a fully-optimized system. All are now shipping with 2.3 release installed.
  • Gold subscription – Immediate access to past hang out recordings as well as the latest version of the book after logging in to the members area.
  • Commercial Support – Purchasing support from us provides you with direct access to the pfSense team.
  • Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.

pfSense 2.3 Update 1 Available

Since the new pkg system enables us to update pieces of the system individually, rather than the monolithic updates of the past, we have released a patch that fixes the NTP CVEs covered by FreeBSD SA 16:16.ntp. Updating ntpd from 4.2.8p6 to 4.2.8p7 is the only change.

This update appears as 2.3_1, for update 1. This should not be confused with 2.3.1, which is a full maintenance release coming soon. 2.3_1 is only available for those already running 2.3 release.

Note for this update, your version number will remain the same afterwards, still showing as 2.3-RELEASE.

This update does not trigger a reboot. The NTP service needs to be manually restarted under Status>Services afterwards.

pfSense 2.3-RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3!

The most significant changes in this release are a rewrite of the webGUI utilizing Bootstrap, and the underlying system, including the base system and kernel, being converted entirely to FreeBSD pkg. The pkg conversion enables us to update pieces of the system individually going forward, rather than the monolithic updates of the past.  The webGUI rewrite brings a new responsive look and feel to pfSense requiring a minimum of resizing or scrolling on  a wide range of devices from desktop to mobile phones.

For the highlights, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

The full list of changes is on the 2.3 New Features and Changes page.

To get to a release, we’ve closed 760 total tickets.  While the majority of these were related to the Bootstrap conversion, 137 are fixed bugs impacting 2.2.6 and earlier releases.

Upgrade Considerations

As always, you can upgrade from any prior version directly to 2.3. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade.

For those upgrading from a 2.3 beta or RC version to final, please see this post.

Known Regressions

  • OpenVPN topology change – configuration upgrade code was intended to set upgraded OpenVPN servers to topology net30, rather than the new default of topology subnet. This is not working as intended in some cases, but has been fixed for 2.3.1. In the mean time, editing your OpenVPN server instance and setting the topology to “net30” there will accomplish the same thing and fix it.
  • IP aliases with CARP IP parent lose their parent interface association post-upgrade. Go to Firewall>Virtual IPs, edit the affected IP alias, pick the appropriate CARP IP parent, then save and apply changes. Make sure every virtual IP has something shown in the Interface column on firewall_virtual_ip.php.
  • IPsec IPComp does not work. This is disabled by default. Disable IPComp under VPN>IPsec, Advanced to work around if you’ve enabled IPComp. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.

Any significant regressions discovered post-release will be added to this post.

Clear Browser Cache

Due to the many changes in the web interface, clearing your browser cache or doing a forced reload (shift+refresh) is a good idea after upgrading. If you see any cosmetic problems in the web interface post-upgrade, a stale browser cache is the likely reason.

Packages

The list of available packages in pfSense 2.3 has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.

pfSense software is Open Source

For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on Github. 2.3-RELEASE is built from the RELENG_2_3_0 branch of each repository.

Main repository – the web GUI, back end configuration code, and build tools.
FreeBSD source – the source code, with patches of the FreeBSD 10.3 base.
FreeBSD ports – the FreeBSD ports used.

Download

Downloads are available on the mirrors as usual.

Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.

Supporting the Project

Our efforts are made possible by the support our customers and the community. You can support our efforts via one or more of the following.

  • pfSense Store –  official hardware, apparel and pre-loaded USB sticks direct from the source.  Our pre-installed appliances are the fast, easy way to get up and running with a fully-optimized system. All are now shipping with 2.3 release installed.
  • Gold subscription – Immediate access to past hang out recordings as well as the latest version of the book after logging in to the members area.
  • Commercial Support – Purchasing support from us provides you with direct access to the pfSense team.
  • Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.

 

2.3 Release Candidate now available!

We are proud to announce pfSense® software version 2.3 Release Candidate is now available!

The most significant changes in this release are a rewrite of the webGUI utilizing Bootstrap, and the underlying system being converted entirely to FreeBSD pkg (including the base system and kernel). The pkg conversion enables us to update pieces of the system individually going forward, rather than the monolithic updates of the past.

For the highlights, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

The full list of changes is on the 2.3 New Features and Changes page.

In the process of getting here, we’ve closed out 742 total tickets, with most of those being items related to the Bootstrap conversion. Of those, 136 bugs have been resolved that affect 2.2.x and prior versions.

Downloads

(RC downloads are no longer available)

You can upgrade straight to 2.3 from any previous release. Check the Upgrade Guide for details.

Feedback, Questions, Need Help?

Report your experiences or get help with problems on the 2.3 board of the forum.