pfSense 1.2.1-RC2 now available

November 21st, 2008 by Chris Buechler

pfSense 1.2.1-RC2 is now available for testing. This is the first official RC release of 1.2.1, and we believe it eliminates all regressions that have been found since the first 1.2.1 snapshots were made available 4 months ago. Plus it fixes several bugs in 1.2.

1.2.1-RC2 VMware Appliance is also available.

The changes from 1.2 release:

  • Numerous changes to accommodate differences in FreeBSD 7.0. Lesson learned here – we hoped 1.2.1 would be a fast release cycle, but it ended up being a significant amount of work because of the changes in FreeBSD from 6.2 to 7.0. It’s certainly for the better, as 7.0 brings improved performance, more and better hardware support, enhanced wireless capabilities, and more.
  • Multi-WAN bug fix – reply-to was not added to WAN rules, which caused difficulties under some specific circumstances with accessing services running on the firewall using OPT WAN interfaces.
  • Bridging bug fix – problem with the way firewall rules were being applied to bridging could lead to strange behavior in some bridging scenarios. Also, DHCP clients used to be automatically allowed through bridges. This is no longer the case, if you use a DHCP client behind a bridge, your firewall rules must allow the DHCP traffic.
  • Captive Portal bug fix – imported from m0n0wall, related to MAC authentication with RADIUS.
  • Keep state change – the newer pf version changed to defaulting to keep state, rules that required no state keeping (same interface firewall rule bypass) needed “no state” added.
  • NAT reflection bug fix – 20 second timeout was being incorrectly applied, affecting long-lived connections.
  • Mobile IPsec fixes
  • Some minor text clean up, typo fixes
  • Packages screen now has a “Package Info” column rather than the “maintainer” column which was of limited use. Links to information on the package are shown there, for packages that have links defined. Many have links already, and work is currently under way to add a link for every package and expand the information available on them. The Installed Packages tab also shows the Package Info links. When you access the package screens, it fetches the most recent package information from our servers, incluing the Package Info links. You will see more links come with time, without having to upgrade pfSense.
  • Significant speed up in boot process, especially when using CARP. There were some delays in the boot process that could be removed thanks to changes in FreeBSD 7.0, which has made booting quite a bit faster.
Complete change list is available here
You can find it on the mirrors – new installs and upgrades. Embedded users especially need to read the upgrade guide before proceeding with an upgrade.
Note on Release Signing
The key for signing releases and its backup were inadvertently destroyed. This means you’ll get a warning that the release is unsigned, unless you are updating from a recent 1.2.1 snapshot. You can either just click through that warning, or install the Pubkey package you will find under System -> Packages. If you wish to update the file manually from a secure source, you can overwrite /etc/pubkey.pem with this file.
Please help test
The development team has upgraded numerous critical production deployments to 1.2.1 and there are no remaining regressions from 1.2 that we are aware of. There have also been thousands of downloads since the beginning of the RC cycle, so it has been widely tested to date. We believe this release is very close to being final.

22 Responses to “pfSense 1.2.1-RC2 now available”

  1. Albert Green Says:

    I have to try it soon.

    Thank you!

  2. mc_leuz Says:

    Which FreeBSD 7 revision did you use for pfSense 1.2.1-RC2? (I know I can find ae(4) driver from rev 183567)

  3. Nikolay Denev Says:

    Upgraded without problems :)
    Everythings work as expected, thanks!

  4. Chris Buechler Says:

    mc_leuz: it will always be the latest RELENG_7_0 at the time of release.

  5. jim Says:

    I am running pfSense off a regular pc (333mHz Intel with Intel fxp nics) using a compactflash card in embedded more. This is the process I am using since this isn’t really covered in the upgrade guide. Please tell me if I am performing unnecessary steps. It’s worked flawlessly so far. I also back up my config file again right before the upgrade, just in case…

    1. run /etc/rc.conf_mount_rw
    2. edit /etc/platform and replace “embedded” with “pfSense”
    3. reboot the firewall.
    4. Upgrade via web interface
    5. Let the system auto reboot after upgrade
    6. edit /etc/platform and replace “pfSense” with “embedded”

    Thanks to everyone who works on pfSense. I’ve been running it now for a few months and really think it’s so much more convenient than the prior firewall I was running.

  6. jim Says:

    opps. I forgot my last step.

    7. reboot the firewall for embedded changes to take effect.

  7. Chris Buechler Says:

    jim: that’s an interesting way to upgrade. You should just use the console upgrade for embedded systems, using the embedded upgrade file (unless you actually are running a full install that you then switched to behave like embedded).

    If it works, it’s fine to continue upgrading that way.

  8. Scott Ullrich Says:

    Jim: thanks for that post, I found a bug where we where checking the wrong variable that looked for a firmware in progress. The card could go RO under certain circumstances.

  9. darklogic Says:

    After the update on 7 firewalls, I was not able to get the traffic graph to work. I am using IE7.

    Everything else seems to be working just fine.

  10. Dave Cabot Says:

    The full embedded image isn’t compressed and the embedded upgrade terminates with an error when I untar it.

  11. Chris Buechler Says:

    Dave: the embedded upgrade extracts fine. I think IE sometimes screws up tgz files by extracting them during download, don’t recall the specifics, but make sure you’re using Firefox.

  12. Dean Hamstead Says:

    FreeBSD 7.0-RELEASE lacks a lot of hardware, specifically the BCM5906M (which is on the board im trying to use!). Any chance of updating the base to RELENG_7 from RELENG_7_0

  13. jim Says:

    Chris, I am running a full install that I switch to act as if it’s an embedded install. Thanks for the confirmation of my method.

    Scott, next time I upgrade I’ll leave my system in RO mode and see what happens.

  14. Chris Buechler Says:

    Dean: 2.0 is on RELENG_7, we will not put out a stable release on an unstable FreeBSD branch, and we’re not changing the OS base on a release at RC phase. 1.2.1 will be 7.0.

    7.0 isn’t lacking “a lot” of hardware, there are just a few newer cards that have support in RELENG_7 and not 7.0.

  15. BJ Says:

    I tried installing the RC2 Live CD on a new AMD Geode LX-800 network appliance – The FX5420 from LinITX.com. Unfortunately the boot loader freezes at ‘loader.conf’.

    Sounds like a BSD 7.0 issue, because PFSense 1.2.0 Live CD loaded and installed just fine.

    Apologies that I do not have the time to experiment more, but will have another go at installation if there is a patch.

    Here is the spec’ of my platform:
    # AMD Geode LX-800 Low-power CPU
    # 256MB DDR SDRAM Installed
    # VGA
    # 4 10/100 LAN ports
    # 1 RS232 COM Port
    # 2 USB (V2.0)
    # 80Gb IDE HDD

  16. pfsense 1.2.1 Release Candidate 2 time! | javivf's blog Says:

    [...] meses y medio despues de la RC1 ya tenemos la RC2 como anuncian en su blog. La lista de cambios desde la version 1.2 es bastante importante y la podeis consultar desde [...]

  17. Chris Buechler Says:

    BJ: please post on the forum or mailing list. Scott has a FX5420 and his works fine.

  18. Wasca Says:

    Could some one point me to the instuctions for upgrading from 1.20 to 1.2.1RC2

    I have 1.20 installed on HDD for x86 system

  19. Wasca Says:

    Never mind, helps if you read the whole post DOH!

  20. Southman Says:

    Now that you have successfully migrated from FreeBSD 6.2 to 7.0 what kind of time frame are you looking at for your release cycle?

  21. Chris Buechler Says:

    Southman: Depends on what issues people find, if any. Thus far, there haven’t been any.
    see also:
    http://doc.pfsense.org/index.php/When_Will_A_Release_Occur

  22. pfSense Digest » Blog Archive » pfSense 1.2.1 released! Says:

    [...] interested in just the highlights (lot of minor trivial things in the full change list), see the RC2, RC3 and RC4 release blog [...]

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply