List of 2.0 New Features and Changes

Haven’t had a post up here in a while, but for anyone who watches our git repository, you know development never ceases. Vast amounts of work have gone into 2.0 this year, and it really shows. We’re deploying it in production, though generally recommend you don’t yet.

A work in progress list of 2.0 new features and changes is available. I think that has most of the changes, but it’s definitely missing some. If you notice anything that was missed, please leave a comment. We’ll be adding to it as we review the list more in the coming days.

It’ll be released sometime this year.

Share this Post:

130 Responses to “List of 2.0 New Features and Changes”

  1. Marcel Manzardo Says:

    Great product but we have one major feature missing. Support for Xen Server.
    Will there be a Xen Server appliance or a way to install the Xen Server Tools?
    Without Xen Tools there is no LiveMotion possible which limits pfSense significantly.
    Any comments would be greatly appreciated.

    Marcello

  2. Chris Buechler Says:

    Marcel: That’s dependent on FreeBSD and its Xen support, there is always ongoing work there but I don’t know where things stand at the moment. We use entirely VMware, mostly ESX, for testing, development, build servers, and some hosting. Don’t really work with Xen much, and we don’t have any Xen servers. That could be changed if you’re willing to put money towards it, email me if so (cmb at pfsense dot org).

  3. mynullvoid Says:

    My pfsense is acting as a gateway, but I also have another gateway if the destination IP matches some IP I stated. The problem I got is that that another gateway requires traffic to pass a proxy server:port, can the version 2 do it?

  4. Chris Buechler Says:

    mynullvoid: ask on the 2.0 board on the forum

  5. kanicus Says:

    First of all, thanks for this great software, I bought the book by amazon and it was a very interesting tool. I think that a really nice tool for Pfsense 2.0 could be the possibility to mark or tag some traffic as prioritary, like VoIP, to process first on ISP routers and avoid jitter and delay problems on VoIP links that goes into the OpenVPN tunnels. Typically VoIP traffic is not ciphered and security is not waranteed, recently lot of people started to use OpenVPN tunnels to transport VoIP links with more secutity, but then, all traffic priority tagging is lost(not really lost, is inside the tunnel and lose his effect), We would need to be able to raise priority of all UDP on 1194 for example (all voip dedicated tunnel), with lot of hardware delay higher than 100-110 is enought to dont understand anything, we need to be able to lower delay with proper voip tagging.

    thanks !

  6. Reza Says:

    Will there be any support for T1 cards? I would like to be able to terminate a T1 connection directly into a pfSense machine versus having to add something like an Adtran in front of pfSense.

    Thanks for all the hard work guys, you’ve made a wonderful product thus far.

  7. Chris Buechler Says:

    Reza: no plans at this time. If we had someone to provide funding for the hardware and time needed to add such support it could happen.

  8. Haralambos Prodromidis Says:

    DOES ANYONE KNOW, when PfSense 2.0 is about to be released for production use?

    Thank you in advance for any reply… ANYONE

  9. Chris Buechler Says:

    Haralambos: Read the post, that’s the most anyone knows.

  10. Joseph Brower Says:

    Chris: What hardware would you need to be able to begin work on T1 stuff?

  11. Chris Buechler Says:

    Joseph: we’d need T1 cards that are supported in FreeBSD. If any are, I’m not sure offhand. Plus, as importantly or more so, we need the money to cover the time. It’s really not a project we can take on right now, we’re focused on finishing 2.0 and that won’t be included. Definitely something we’d like to revisit in the future though.

  12. joseph brower Says:

    keep me posted chris. after this release it might be nice to get it on the roadmap.

  13. Gage Says:

    I’d like to add these feature for easy setup and able to increase speed on dual wan. Example, If you have two same 50/10 to become 100/20 in dual wan with bonding connections or load balancer.

  14. Chris Buechler Says:

    Gage: in most scenarios that’s impossible because of how networking functions. Outside of tunneling all your Internet traffic out a datacenter with much more bandwidth, though that’s very expensive and makes latency much worse which will reduce performance of some things, or another option is bonding with your ISP via BGP or MLPPP, which isn’t an option for most people. Aside from those two scenarios it’s impossible to get the combined throughput of two Internet connections on a single TCP/UDP/any other protocol connection (use a download manager that opens multiple connections and you get the total throughput of them all).

  15. Apostolos Hadjicharalambous Says:

    It would be nice if you could add multiple sources, destinations or services in the same rule.

  16. Chris Buechler Says:

    Apostolos: you already can, that’s what aliases are for

  17. itwerx Says:

    @Marcel – easy to migrate pfSense VMs “live”, just set up a secondary in parallel on the next VM host and sync them via CARP. Then when you kill the first VM the other will take over automatically/transparently.

    @Chris/Reza – we might have some spare T1 cards

    @Hans – all Linksys devices, (including the low-end Cisco rebranded ones), are prone to overheating and random drop-outs. (Just try a better card! :)

    @Nazir – pfSense is Cisco-compatible in SNMP. Just use a Cisco MIB in your monitoring system and you’ll get more than enough info for typical alerting purposes.

  18. bsdwiz Says:

    One thing that I think is keeping this out of reach for large enterprises is that pfsense does not have a centralized management interface. In an enterprise like the company I work for where we have 80+ firewalls it’s just a management nightmare to touch all firewalls to admin them. So we use checkpoint… Other than that this is (by far in my opinion) the best OpenSource firewall project out there, and what better underlying OS then FreeBSD? Keep up the good work and looking forward to the 2.0 Release.

    Thanks for pfsense!

  19. Capone Says:

    Hey Guys! Amazing product!!

    I would like to add to the wishlist!

    1. Better SATA to CF support. Had loads of trouble with SATA to CF…but fine with IDE to CF. Even with Pfsense 2.0 beta.

    2. Need the embedded version to support standard VGA/keyboard output… like the Hacom Pfsense version.

    Thanks guys! Looking forward to pfsense 2.0!

  20. Chris Buechler Says:

    Capone: for #1 you need to try that with FreeBSD 8.1 and report any problems to the appropriate FreeBSD list, we don’t have any control over that nor do we develop anything related to that.

    bsdwiz: that’s sort of like saying FreeBSD can’t be used in large enterprises because it doesn’t have a centralized management interface. It does, it’s a matter of choosing something and using it. Though there would definitely be some custom programming involved regardless of your choice (but people do have large deployments with custom centralized management). We’ll have some news on that topic in the next year or so.

  21. Evert Westman Says:

    I have set up 4 pfsense system and everything running fine, for two of the system i have prepared indenticaly standby pfsense in case of failure.
    Never used for two year….

    Is it possible in 2.0 to import a local user database with prepared user password.

  22. Peter Wu Says:

    Thanks Chris, a really powerful product that we like. Great job!

    Our Pfsense firwall works very well here. And we do like your integrated Packages, like Squid, too.

    Now we’re wondering whether it’s fine to integrate the WANProxy into Pfsense as a Package? WANProxy runs well on FreeBSD platform so we believe that it should be OK to make smooth integration. It will be very helpful to accelerate certain applications via WAN transmission.
    WANProxy’s URL: http://wanproxy.org/

    Thank you, Chris!

  23. Chris Buechler Says:

    Peter: sure, you can add that as a package.

  24. Peter Wu Says:

    Thank you Chris for the comments!

    But will it be possible to integrate the said WANProxy as a package in 2.0? If so, many people can enjoy this useful function.

    Thank you!

  25. Chris Buechler Says:

    Peter: if you want to create a package, you’re certainly welcome to submit one and we’ll get it committed. If you want us to, if you’re willing to pay for it we can definitely make that happen, just email me (cmb at pfsense dot org) to discuss further. Otherwise, we have no plans of adding that in the near future.

  26. James Reid Says:

    Hi Chris,

    Can we have another status update on how far down the track 2.0 has reached? Is it likely that it will still be released “this year”? Can you give us a little insight into what’s happening other than “lot’s of testing”?

    Is there anything that those of us who are more end users of pfsense can do to help?

    I’m trying to pitch this more in a “please can you help us appreciate what’s happening” context!

    Thanks.
    James.

  27. Chris Buechler Says:

    You can see what’s still remaining at redmine.pfsense.org. We expect RC1 soon.

  28. Michael Says:

    Can we use the Load Balancing / Wan Failover with SQUID? I hope will be possible now.

  29. pong Says:

    same question

    Can we use the Load Balancing / Wan Failover with SQUID? I hope will be possible now.

  30. Chris Buechler Says:

    pong: yes

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply