1.2.3 RC1 now available!

April 22nd, 2009 by Chris Buechler

1.2.3-RC1 is now making its way to the mirrors. This is primarily a maintenance release on the 1.2.x series, bringing an updated FreeBSD 7.1 base, and a few bug fixes.

Change list

The primary changes are:

IPsec connection reloading improvements – When making changes to a single IPsec connection, or adding an IPsec connection, it no longer reloads all your IPsec connections. Only the changed connections are reloaded. That wasn’t a big deal in most environments, but in some it meant you couldn’t change anything in IPsec except during maintenance windows. This is being used in a critical production environment with 400 connections, and works well.

Dynamic site to site IPsec – because of the above change, it was trivial to add support for dynamic DNS hostnames in IPsec. While 1.2.x will not receive new features, this became an exception.

IPsec NAT-T support has also been added.

Sticky connections enable/disable – sticky connections were previously only changed status at boot time for the server load balancer.

Upgrade to FreeBSD 7.1 – The FreeBSD base version has changed from 7.0 to 7.1. This brings support for new hardware, and seems to fix a number of hardware regressions between 6.2 and 7.0. A number of users have reported that hardware that worked fine on 6.2 stopped working on 7.0. In every case we’re aware of, 7.1 fixed that problem.

Wireless code update – Sam Leffler, one of the primary developers of wireless on FreeBSD, was kind enough to point us to the latest wireless code back ported from FreeBSD 8.0 to 7.1. This is included in 1.2.3-RC1. There are companies shipping access points on this code base. Several users have reported considerable improvements in compatibility, stability and performance.

Dynamic interface bridging bug fix – the bridging bug fix in 1.2.2 introduced a problem with bridging any dynamic/non-Ethernet interface, such as VLANs, tun, tap, etc. which has been fixed.

Ability to delete DHCP leases – A delete button has been added to the DHCP leases page, and when adding a static mapping, the old lease is automatically deleted.

Polling fixed – polling was not being applied properly previously, and the supported interfaces list has been updated.

ipfw state table size – for those who use Captive Portal in large scale environments, ipfw’s state table size is now synced with pf’s state table size.

Server load balancing ICMP monitor fixed.

UDP state timeout increases – By default, pf does not increase UDP timeouts when set to “conservative”, only TCP. Some VoIP services will experience disconnects with the default UDP state timeouts, setting state type to “conservative” under System -> Advanced will now increase UDP timeouts as well to fix this.

Disable auto-added VPN rules option - added to System -> Advanced to prevent the addition of auto-added VPN rules for PPTP, IPsec, and OpenVPN tun/tap interfaces. Allows filtering of OpenVPN client-initiated traffic when tun/tap interfaces are assigned as an OPT.

Multiple servers per-domain in DNS forwarder overrides - previously the GUI limited you to one server per domain override in the DNS forwarder, you can now put in multiple entries for the same domain for redundancy.


New installs


Note: At the time of this post, most, but not all of the mirrors have the files. It may be close to 24 hours before they all have the files. If you find one that does not, choose a different one.

Upgrade Guide

42 Responses to “1.2.3 RC1 now available!”

  1. Alex Says:

    Nice !
    again, good work!

  2. dennis Says:

    Thank You!!

  3. issue2k Says:

    hm..LiveCD isn’t bootable (?)…checked md5 and burned multiple times now…iso dowsn’t work in virtualbox too…

  4. pfsense 1.2.3 Release Candidate 1 time! | javivf's blog Says:

    [...] de la explicacion completa en su blog y podeis bajaros las instalaciones limpias o los upgrades de los sitios de [...]

  5. GruensFroeschli Says:

    Filtering for openVPN !!!!

  6. sacabonos Says:

    Thanks for the effort guys, really appreciated.

  7. Pete Boyd Says:

    I’m looking forward to the improvements!

  8. Andu Says:

    Happy puppy here saying thank you for OpenVPN and IPsec improvments!

  9. Chris Buechler Says:

    issue2k: the iso was gzipped but didn’t have a gz extension, usually we extract them because gz’s can cause issues. I extracted it and the mirrors will sync, but if you just add a .gz extension to what you downloaded it will be fine.

  10. kenny Says:

    Looking through the different mirrors, i found that the 1.2.3 livecd listed with two different sizes, 46M and 55M
    the 46M one failed to mount, where as the 55M one mounts fine

  11. gladizxx Says:

    I have been using Pfsense 1.2.3 update from the beginning until the last 23 april 2009, (and I will continue to follow until the end). the result is really amazing once. Performance is very good and responsive and aggressive. CPU usage becomes more efisient. Personally I recommend use pfsense on your company.

    Gladizxx – Indonesia

  12. Chris Buechler Says:

    Kenny: read my post above. The smaller one is the gzipped one, the bigger one is the unzipped one. As all the mirrors sync (most of them are synced as of now) they’ll get the un-gzipped one. The smaller one is fine if you unzip it.

  13. Niko Says:

    Wireless AP users should be aware that the wlan-lan bridge isnt working.
    Altough the newsitem mention “great improvements” it is unusable at the moment

    Dont know where these users are that are mentioned but they are not atleast on the pfsense-forum.. :)

  14. ariel’s weblog » pfSense 1.2.3-RC1 Says:

    [...] http://blog.pfsense.org/?p=428 [...]

  15. Chris Buechler Says:

    Niko: Wireless bridging is working fine. I’m using it, and I know of many others who are as well.

  16. Dimitri Says:

    it is also possible to add multiple servers for domain overrides in 1.2.3, for a single domain, and they will be checked in the order in the list.

  17. RLems Says:

    Well, for the first time my wireless AP is working fine now with this latest v1.2.3 RC1 release. It was not working at all in v1.2.2 on my hardware config.

  18. Chris Buechler Says:

    Dimitri: Oh yeah, I overlooked that in the change log. Added to the post.

  19. Pe.justice Says:

    great works guys!

  20. Sammy Says:

    I have 1.2.2 config exported (not package settings). Can I install clean, then import those settings as before?

  21. Chris Buechler Says:

    Sammy: yes, but you don’t have to reinstall unless you want to get rid of the packages you had. See the upgrade guide linked in the post.

  22. Ataa Says:

    Tried it today, Still no support for Most Mini-ITX NICs (Realtek 8110SC / Realtek 8169SC / Jetway Expansion NICs)

  23. Chris Buechler Says:

    Ataa: those should all be supported. I’m using the Jetway expansion NICs and 8110SC with no problems. Post to the forum or mailing list with more info please.

  24. Ataa Says:

    @Chris :

    Already done so waiting for input.


  25. Varian Says:

    Where’s up upgrade for the embedded version?

  26. Chris Buechler Says:

    Varian: there isn’t an official RC1 update. you can find them on the snapshot server, but as always, it may not work on embedded.

  27. Gerardo Fernandez Says:

    Just downloaded the embedded version. Working perfect on ALIX 2D3.
    Thanks for your great hard work.


  28. Juli Cespedes Says:

    Tried it yesterday.

    We updated one of our firewalls, but one of its NICs is not properly recognised: Intel(R) PRO/!000 Network Connection Version – 6.7.3 with 4 interfaces.

    pfSense 1.2.2 recognises it correctly and 4 interfaces are assigned to it: em0 thru em3. In 1.2.3 only one of the 4 interfaces is recognised (em0), and thus it’s not very usable for our purposes…

    The other NIC (Broadcom NetXtreme Gigabit Ethernet Controller, ASIC rev. 0xa200, with two interfaces integrated in motherboard) works OK (assigned interfaces: bg0 & bg1).

  29. Thai Hung Says:

    NAT-T, one of features I want to use most. Thank you so much


  30. Scott Says:

    Does this version have the hyper-V kernel patch added to the FreeBSD kernel?

  31. Chris Buechler Says:

    Scott: no idea what you’re talking about. None of us use nor follow hyper-v. Got a URL?

  32. Philip Lynx Says:

    Will later releases support WWAN like HSDPA sticks/cards on usb/pcmia?
    Like for an mobile “WLAN Hotspot”or similar. That should be nice for “desert” ;) Vacancy or Conferences.

    Kind Regards

  33. Chris Buechler Says:

    Philip: in 2.0 yes.

  34. martin Says:

    Version 1.2.3-RC1
    built on Wed Apr 22 16:21:49 EDT 2009
    Platform embedded


    Version 1.2.3-RC1
    built on Tue May 12 12:55:34 EDT 2009
    Platform embedded

    I can’t find the sip proxy menu

  35. Ron Carter Says:

    This product is fantastic. This product just keeps getting better and better. I I have been using for all most 2 years. I just keeps getting better and better.

  36. Chris Buechler Says:

    martin: it’s there, but if you use an upgraded configuration, there is a problem in that it doesn’t insert the requisite configuration to make the menu appear. You can manually fix it by backing up the configuration, looking at the default configuration (in /conf.default/config.xml) to pull out the siproxd bits, and inserting them into your backup, then restoring. If done improperly, it will hose your system so you may just want to wait for a proper fix (or reconfigure after resetting to a default configuration, if you have a really simple setup).

    We’re working on a fix.

  37. Martin Says:

    @Chris Buechler: Read the Hyper-V-Comment of Scott:

    hyper-v + pfsense-problem: pfsense is running on hyper-v, BUT: shutdown/restart does not work due to kernel-patch-problem in die underlying OS. you have to start ms powershell and kill the process-id manually for a restart

    a small patch is available and seems to be easy to implement. would be VERY GREAT if you could implement this patch. i know, hyper-v is windows – but, why not satisfying those users too.

    url: http://forum.pfsense.org/index.php?topic=12157.0

  38. Chris Buechler Says:

    That Hyper-V patch isn’t correct. There was a more correct work around to hyper-v’s glitch added to FreeBSD that’s a considerably larger patch, not something we’re going to back port to 7.2. It should work properly with FreeBSD 8, which is what 2.0 will be based on.

  39. dave Says:

    Is there a release date set? A roadmap? Thanks.

  40. Chris Buechler Says:

    dave: there will be an update post here sometime this week.

  41. The_Glu Says:

    Any news ? Week is almost gone ;)

  42. Chris Buechler Says:

    The_Glu: http://blog.pfsense.org/?p=459

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply