With millions of deployments across homes, small businesses, enterprises, service providers, and governments, pfSense® Plus software is the world’s leading firewall, router, and VPN solution for network edge and cloud secure networking.
Netgate has released a BETA of pfSense® Plus software version 24.11. An associated Release Candidate (RC) is targeted for later this autumn.
Call for Testing
Testing this beta software release is essential. Given the diversity of users' environments and configurations, it is the most effective way to ensure that the software is robust and reliable for everyone. By testing this beta release and providing feedback on any issues, our users can play a vital role in improving the software for everyone.
Release Notes
Release Notes for pfSense Plus 24.11-BETA are available for review. This release brings several major features that our users have been requesting, along with over 70 other improvements and bug fixes.
Kea DHCP Enhancements
Support for High Availability
The Internet Systems Consortium (ISC) distributes two full-featured, open-source, standards-based DHCP servers: Kea DHCP and ISC DHCP. ISC announced the End of Life (EOL) of the ISC DHCP server, and ended maintenance on it at the end of 2022.
With ISC DHCP reaching EOL, it is imperative that Kea DHCP reaches feature parity. Continued improvements in the Kea DHCP service provides greater capabilities and significant improvements over the previous release, including:
- High Availability: Kea now supports High Availability for IPv4 and IPv6
- Simplified High Availability Setup: Kea DHCP uses a single, global High Availability configuration, which is easier to set up and manage than ISC DHCP's per-interface configuration.
- More Reliable Failover: Kea operates in "hot standby" mode, providing more reliable failover, especially when booting a secondary node.
- Improved Security: Can synchronize lease data over the SYNC interface for security and ease of use, and can optionally encrypt the sync data for added protection.
Kea DHCP DNS Resolution
The Kea DHCP daemon now integrates with the Unbound DNS Resolver to provide automatic DNS registration. This means:
- DNS Registration of DHCP Clients: DNS records are updated dynamically on-the-fly, they do not require a resolver restart and are not disruptive. This works for IPv4 and IPv6.
- Improved Update Detection: With Kea, pfSense Plus software uses an extension that allows Kea itself to trigger DNS changes for lease events. With ISC DHCP, pfSense software used a dedicated daemon that monitored DHCP leases externally and triggered DNS updates based on that detection. This daemon was running and consuming resources as long as the feature was enabled, and it was not always reliable.
- No Service Interruptions: The older method of updating ISC DHCP resulted in an interruption of DNS service any time a DNS record changed. This was especially problematic on busy networks or environments where the DNS resolver did not restart quickly. The new method of updating DNS records in the resolver utilizes features of Unbound which allow for seamless updates, without the need to restart the Unbound service.
Learn More About Kea DHCP Enhancements
Multi-instance Management Early Look
This early look offers a glimpse into the future of multi-instance management for pfSense Plus.
The early look includes a web GUI and a set of APIs for monitoring and managing multiple pfSense Plus instances. While the set of API endpoints is incomplete, the available endpoints are functional and ready for testing.
Interested users can explore this new capability in their test environments. We welcome feedback from early adopters to help shape the future development of multi-instance management.
System Aliases in Custom Rules
Users can now use built-in system aliases (like bogons, vpn_networks, etc)) in custom firewall rules. This improves rule management efficiency and standardization.
NTP Authentication
This release implements NTP client authentication support, enabling secure time synchronization across networks.
Installing the Upgrade
Netgate has a detailed Upgrade Guide available in the pfSense documentation to help explain the process. Please note that this is a beta release intended for testing purposes. Beta upgrades should only be installed in test environments by users comfortable with beta testing and potential issues. Below are the high-level steps to perform the upgrade.
Users currently running pfSense Plus software
Upgrades from an earlier version of pfSense Plus software are usually made through the user interface. Before any major change, such as an upgrade, it’s always recommended to save a backup of the pfSense Plus configuration. You can find Backup and Recovery instructions in the pfSense documentation.
- Navigate to System > Update
- Set Branch to “Next Stable Version (24.11-BETA)”
- Click Confirm to start the upgrade process
Users currently running pfSense Community Edition (CE) software
We encourage you to migrate from pfSense CE software to pfSense Plus software. Doing so will ensure you have access to all of the benefits of pfSense Plus software. You can find details on how to get pfSense Plus software here.
Troubleshooting the Upgrade
To mitigate the risk of disrupting your production environment, Netgate recommends testing the BETA version in a lab, on a scratch system, or in a Virtual Machine, rather than on production systems. Please review the documentation on Troubleshooting Upgrades for the most up-to-date information on working around upgrade issues.
Where to report issues
We encourage you to test the things that are important or unique to your deployments. Please report any errors or concerns in the Plus 24.11 Development Snapshots category of the Netgate Forum. Depending on the issue, we may ask for more details or for you to open a bug on redmine.pfsense.org.
Summary
We want to express our sincere thanks to all users willing to test this BETA release. Your community involvement is essential to making Netgate's pfSense Plus product a stronger solution for everyone.
A more detailed roundup of the update will be included with its full launch.
from Blog https://bit.ly/48wyUIC
via IFTTT
No comments:
Post a Comment