Tuesday, May 23, 2023

pfSense Plus Software Version 23.05-RELEASE is Now Available for Upgrades

pfSense® Plus software version 23.05-RELEASE is now available. This is a regularly scheduled release of pfSense Plus software including new features, additional hardware support, and bug fixes. The release contains significant enhancements, such as:

  • Support for IIMB Cryptographic Acceleration
  • A New Packet Capture GUI
  • Experimental Ethernet (Layer 2) Filtering Support
  • Fixed Automatic Dynamic Gateway Names
  • UDP Broadcast Relay Package
  • Unicast CARP Support
  • GUI support for AT&T Residential Fiber Network style WANs
  • WireGuard installed by default (This does not affect upgrades or factory reset configurations, only fresh installations.)

Visit our release notes for the full list of improvements and our upgrade guide to get started with best practices for upgrading.

Major Changes and Features

Support for IIMB Cryptographic Acceleration

pfSense Plus software now includes support for cryptographic acceleration through the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB). This library is a highly-optimized software implementation of the core cryptographic processing for IPsec, WireGuard, and OpenVPN. IIMB is used in both DPDK and FD.io VPP. Netgate has extended support to ARM64. More information about how the library works can be found in the Intel whitepaper “Fast Multi-buffer IPsec Implementations on Intel Architecture Processors.” Netgate has also added enhancements that will boost ARM64 performance with ARM SIMD extensions and SHA and AES instructions.

A New Packet Capture GUI

The pfSense Plus 23.05 release also introduces a new Packet Capture GUI with granular control features. This new feature makes it easier for users to perform packet captures and analyze network traffic. It simplifies the process of capturing packets by providing a user-friendly interface, enabling users to quickly set up and initiate packet captures without having to rely on command-line tools. Furthermore, the granular control options allow users to narrow down the scope of their captures and focus on specific traffic patterns or potential issues.

Experimental Ethernet (Layer 2) Filtering Support

Another new feature available with this release is experimental Ethernet (Layer 2) filtering support. This feature is disabled by default but can be enabled under Advanced Firewall Settings by selecting "Enable Ethernet Filtering (Experimental)." Ethernet rules are evaluated before traditional (Layer 3) rules, such as Floating Rules, Interface Group Rules, and Interface Rules. It is important to note that no state is maintained, and the default behavior is to pass.

UDP Broadcast Relay Package

The latest release also includes support for the UDP Broadcast Relay package, which listens for UDP broadcast packets and retransmits them across multiple interfaces. This feature enables broadcast discovery protocols to cross separate networks, benefiting a wide range of applications and devices. These include soundbars, media streaming devices, and even LAN multiplayer gaming. 

Fixed Automatic Dynamic Gateway Names

A bug in pfSense Plus 23.01 resulted in some automatic dynamic gateway names appearing in mixed case rather than all upper case, potentially causing connectivity issues until the default gateway or gateway group membership was updated. The issue affected users with mixed case interface descriptions, leading to discrepancies between old all-caps names and the new mixed case gateway names. This bug has been fixed in version 23.05, but users who manually changed gateway entries must correct them again after upgrading.

PHP Updated to Version 8.2.4

PHP has been updated to version 8.2.4 in pfSense Plus 23.05. This update ensures that the software remains up-to-date with the latest PHP improvements, providing better performance, security, and compatibility.

Unicast CARP Support

Unicast CARP support is now available, paving the way for future enhancements in virtualization and cloud environments, including high availability in AWS and Azure. Netgate Development is diligently working on this feature and looks forward to bringing more exciting updates to users in upcoming releases.

GUI Support for AT&T Residential Fiber Network Style WANs

As of this release, several new and recent features combined enable using the GUI alone to configure a setup compatible with the AT&T Residential Fiber Network. The same setup should work for any similar ISPs which require special handling such as Priority Code Point tagging on VLAN 0 and 802.1X authentication passthrough to a modem. Previous versions of pfSense Plus software required additional scripts (e.g. "pfatt") and/or manual changes outside the GUI.

There is a new configuration recipe which covers using these features in the GUI to configure this use case: https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html.

Other Improvements

  1. Alias improvements include fixes for PF reserved keywords, bulk import errors, and sorting issues.
  2. Captive Portal bug fixes address PHP errors when the usedmacs list is empty.
  3. Certificate changes include fixing PHP errors, blank SAN fields, and adding the ability to edit Certificate Revocation List properties.
  4. DHCP (IPv4) improvements fix issues with static mappings, failover firewall rules, and PHP errors.
  5. DNS Resolver fixes include generating automatic ACLs for IPv6 when Network Interfaces is set to "All".
  6. Dashboard updates address widget errors, uptime display issues, and add support for Intel PCH temperature values.
  7. Interface improvements include adding Priority Code Point (PCP) and Promiscuous Mode options, as well as fixing PHP errors.
  8. Logging changes provide options to control the log level of authentication messages.
  9. OpenVPN updates address SSL/TLS client failures, crashes with low fragment size, and improve the OpenVPN Wizard.
  10. Traffic Shaper improvements include fixing issues with dropped traffic when routed to a GIF gateway.

You can read the complete list of updates and their details in our Release Notes.

How to Upgrade

A detailed upgrade guide is available in our documentation to help you through the process. Here are the general steps needed to perform the upgrade.

(Note: the Netgate SG-1000 will not be eligible to upgrade to pfSense Plus software version 23.05-RC. This is also true for all Intel 32-bit devices.)

Users Currently Running pfSense Plus 23.01:

Devices running pfSense Plus software version 23.01 can upgrade directly to
version 23.05 by following these steps:

  • Backup your configuration
  • Upgrade from 23.01-RELEASE to 23.05-RELEASE
    • Navigate to System > Update
    • Choose the Latest Development Snapshots branch
    • Select and install 23.05-RELEASE (a page refresh may be needed)

Users Currently Running pfSense Plus 22.05:

Updates to the code repositories require that devices running version 22.05 first upgrade to version 23.01-RELEASE, then upgrade to 23.05-RELEASE, by following these steps:

  • Backup your configuration
  • Upgrade from 22.05 to 23.01-RELEASE
    • Navigate to System > Update
    • Choose the Previous Stable Release branch
    • Select and install 23.01-RELEASE
  • Upgrade from 23.01 to 23.05-RELEASE
    • Navigate to System > Update
    • Choose the Latest Development Snapshots branch
    • Select and install 23.05-RELEASE (a page refresh may be needed)

Users Currently Running pfSense Plus on the Cloud:

For cloud platforms where pfSense Plus is available (AWS and Azure), pfSense Plus software version 23.05-RELEASE will be available as soon as the publishing process for each platform completes.

Users Currently Running pfSense Community Edition:

We encourage you to move from pfSense CE software to Netgate pfSense Plus software, which is still available at no charge.

Once you have completed this, and your activation token has been registered, follow these steps:

  • Navigate to System > Update
  • Choose the Plus Upgrade branch
  • Select and install 23.05-RELEASE

Tips on Upgrading

  • Create a backup before you upgrade, or a snapshot if it is a VM.
  • Do not update packages before upgrading. Remove all packages or update packages after the upgrade.
  • The upgrade will generally take 10 to 30 minutes. Maintain power to your appliance while it is in progress.
  • Track the progress of the upgrade from your firewall console.

Reporting Issues

This pfSense Plus software release is ready for use in production environments. Should any issues arise, please post to our forum or contact Netgate Technical Assistance Center (TAC) for paid support. Thank you!

Obtaining pfSense Software Source Code

pfSense Plus software is derived from FreeBSD and pfSense CE software with additional proprietary changes. The source code for the upstream projects is freely and publicly available from the same repositories as pfSense CE software:

Download

To install or reinstall a release version of pfSense Plus software, contact Netgate TAC to obtain the installation media and include the Netgate Device ID of the hardware.  

Using the automatic update process is typically easier than reinstalling to upgrade. See the Upgrade Guide page for details.

Supporting the Project

Our efforts are made possible by the support of our customers and the community. You may support this work through one or more of the following:

  • Purchase an official appliance directly from Netgate or from our worldwide reseller partner network. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
  • Purchase TAC support which provides you with direct access to Netgate Global Support
  • Purchase Professional Services, which provides access to our most senior engineers for more complex projects outside the scope of TAC support.


from Blog https://bit.ly/3Ovmcly
via IFTTT

No comments:

Post a Comment