1.2.3-RC3 now available!

After several months since the last official 1.2.3-RC release, because of some tough issues in the underlying software that are now resolved, 1.2.3-RC3 is now available.

The final release will be coming very soon, please help test.

The major changes since 1.2.3-RC1:

  • NAT-T support has been removed. Adding it brought out bugs in the underlying ipsec-tools, causing problems in some circumstances with renegotiation and completely breaking DPD. These issues are fixed in the CVS version of ipsec-tools, but it’s still considered alpha, and we found different problems when attempting to use it instead. NAT-T will be back in the 2.0 release, where it’s not as much of a pain since NAT-T is now in stock FreeBSD 8.
  • Outbound load balancer replaced – The underlying software that does the monitoring and ruleset reloads for outbound multi-WAN load balancing has been replaced. This does not change anything from the user’s perspective, as only back end code changed. This fixed WAN flapping that was experienced by a small number of users.
  • Captive portal locking replaced – the locking used by the captive portal has never been great (same as used in m0n0wall, where a replacement is also under consideration), and in some circumstances in high load environments (hundreds or thousands of users) it could wreak havoc on the portal. This has been replaced with a better locking mechanism that has resolved these issues.
  • Embedded switched to nanobsd – this is explained more here.
  • DNS Forwarder now queries all configured DNS servers simultaneously, using the one that responds the fastest. In some circumstances this will improve DNS performance considerably.
  • Atheros driver reverted to the one in FreeBSD 7.1 + patches from Sam Leffler, as existed in 1.2.3-RC1. The FreeBSD 7.2 driver exhibited numerous regressions that are no longer an issue, but reverting removed support for cards newly supported in FreeBSD 7.2.

Those are the major changes in this version that impact many users. A number of other minor edge case bugs were fixed, things that nearly all of you have never seen and won’t ever run into. If you’d like the full details on all the changes on the 1.2.x branch, see the git commit logs.


New installs


Share this Post:

27 Responses to “1.2.3-RC3 now available!”

  1. Jay Says:

    I am looking forward to the final release, although I have not had problems with RC1 I will be upgrading. Thanks again for this awsome peice of software!

  2. James Says:

    Nice! I just wanted to re-flash my snapshot because the auto-update does not work. Awesome! Now I can also insert my WLAN card into my Alix because it will arrive this weekend. Sweet 😉

  3. Chris Buechler Says:

    James: auto-update doesn’t work with nanobsd, it wasn’t removed until more recently though so that wasn’t obvious. The manual update or console update are the only supported update methods for nanobsd, both work fine.

  4. Ataa Says:

    Thanks guys, Just updated mine.
    – It seems the Multi-wan performance is improved, at least on my hardware.
    – I like the new DNS forwarder feature.
    – Booting/Re-booting time has increased.

  5. Jonathan van Zuijlekom Says:

    Why is my Atheros 5416 not recognized any more.

    In the 1.2.3RC3 build from 22-sept-2009 I get:
    ath0: mem 0x40000000-0x4000ffff irq 18 at device 9.0 on pci2

    With the final RC3 I get:
    pci2: at device 9.0 (no driver attached)

  6. gugaBSD » pfSense lança a versão 1.2.3-RC3 Says:

    […] maiores informações sobre o lançamento desta versão, veja o post no blog do pfSense. Categories: mundo BSD Tags: firewall, lançamento, pfsense […]

  7. Greg Porter Says:

    Great news. I have been using 1.2.3 RC# for awhile and I am really impressed. I didn’t see the md5 file for pfSense-Full-Update-1.2.3-RC3.tgz on the mirrors. Is this info available else where?

  8. Belthazar Says:

    Hi Chris

    Where do we submit information on possible bugs found in the packages?


  9. Chris Buechler Says:

    Jonathan: We had to revert the Atheros driver to what we were using in FreeBSD 7.1 based versions because of regressions in the FreeBSD 7.2 driver. By doing so, we lost support for some card models (not many). Better a driver that works than one that’s flaky but supports a couple more cards.

    Greg: md5’s are out there now.

    Belthazar: Post to the 1.2.3 board on the forum.

  10. RisingHawk Says:

    Owwww… IPSec NAT-T feature is a must for us, specially in Spain, where every ISP blocks their routers to avoid asigning static public IP’s to the WAN interface of pfsense. We are willing to see 2.0 version someday, may be Jan 2010?. Thank you very much for such an amazing product!

  11. Chris Buechler Says:

    RisingHawk: Don’t use IPsec. OpenVPN is a much better option in that scenario regardless of NAT-T.

  12. Michael Says:

    Hi Chris,
    Is there somewhere a list of supported atheros cards/chipsets with the current atheros driver?

  13. Chris Buechler Says:

    Michael: the FreeBSD 7.1 hardware compatibility list should be what it supports.

  14. Smakodak Says:

    When trying to write pfSense-1.2.3-RC3-4g-nanobsd.img.gz to 4gb cf, I get the following message: That disk is larger than 2 GB (safety overwrite check). Please choose another one.

  15. Chris Buechler Says:

    Smakodak: You have to use -u with physdiskwrite when writing devices larger than 2 GB.

    physdiskwrite -u filename.img.gz

  16. Smakodak Says:

    Thank you Chris. That did it.

  17. Luiz Gustavo Says:

    For portuguese users, i made a screencast with installation of the new version pfSense 1.2.3-RC3


  18. pfsense 1.2.3 Release Candidate 3 time! | javivf's blog Says:

    […] de la explicacion completa en su blog y podeis bajaros las instalaciones limpias o los upgrades de los sitios de siempre. Comentarios […]

  19. bk Says:

    Is there any kind of release notes document that tells us what has changed from RC1 to RC2 to RC3?

  20. Chris Buechler Says:

    bk: there was no RC2 official release (we just used it as a tag on snapshots for a while). The changes from RC1 to RC3 are in this post.

  21. Ap.Muthu Says:

    When we try to AutoUpdate from v1.2.3 RC1, we get v1.2.2!.

    System -> Firmware -> Auto Update Check:

    New version: 1.2.2
    Current version: 1.2.3-RC1
    Update source: http://updates.pfSense.com/_updaters

    How do we upgrade from v1.2.3 RC1 to v1.2.3 RC3 from the GUI?

  22. Chris Buechler Says:

    Ap.Muthu: Read the upgrade guide linked in the post. Auto-update only allows the most recent final release.

  23. dex Says:

    Forgot the part where users with Atheros cards will not longer be able use use them as support has been REMOVED. I upgraded to find this out and the solution given to me was to re-install a OLDER pfSense. Wow, just wow.

  24. Chris Buechler Says:

    dex: You have no idea what you’re talking about. Support hasn’t been removed. Read the post again. Our choices were either a flaky driver that supports a couple more cards, or a driver that works but is older. We don’t develop the drivers, and don’t have the resources to do so, we have to take what FreeBSD has to offer. Hopefully things are better in FreeBSD 8.

  25. anon Says:

    hey, dex, you aren’t paying a dime, so go to forums and freebsd site, and find out for yourself, this is a robust solution for $0 US…(i’m using 1.2.2 on production, full vpn IPsec & OpenVPN, load balancing 2 WAN 8mbps fiber & 4mbps WiMAX, 75 corp. users, and 139 guests, everything on an athlon x2 5200+, 1GB RAM, 80GB HD, 2 3com 905 nics recycled plus integrated NIC;
    think again when you try to complain, if you want to choke someone neck go elsewhere… there’s no warranties here, read the license!

  26. Defcon Says:

    I must say great job. We have been using 1.2.3-RC1 on 3 servers with each on more than 200 users at one go and no problem EXCEPT the captive portal locking mechanism. We had to create a cron to delete the lock file every 2 mins but once all users are logged in, it settles down. In what way has the locking mechanism changed between 1.2.3-RC1 and 1.2.3-RC3?

  27. Chris Buechler Says:

    Defcon: it was replaced to fix exactly the scenario you’re describing that you could hit in some scenarios. Upgrade, then remove that cron job or it will cause problems.

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply