February 18, 2021
Edit: if you encounter problems with pfSense 2.5.0 take a look at our article: pfSense 2.5.0 bugs and fixes after upgrade
pfSense software version 2.5.0 and pfSense Plus software 21.02 are now available.
It is a major update that includes new features, security fixes and stability fixes.
In this article, we take a look at the highlights of this update.
The main new features are:
- Base OS upgraded from FreeBSD 11.3 to FreeBSD 12.2 (the latest stable release of FreeBSD);
- Wireguard implementation: Wireguard is an open-source VPN solution that is intended to be very simple to implement with strong performance;
- The built-in Load Balancer feature has been removed: it is recommended to migrate to the HAProxy package;
- Several packages have been removed: OpenBGPD, Quagga OSPF, routed, blinked and gwled.
- Backup management has been improved (more options are available, like backup DHCP leases, or MAC addresses used on the captive portal, …)
- OpenSSL has been upgraded to version 1.1.1;
- OpenVPN has been upgraded version 2.5.0;
- Other notable upgrades: PHP (to version 7.4) and Python (to version 3.7)
Bugs / Improvements
Several bugs have been fixed and improvements have been made:
- Alias: several bugs fixed (especially for aliases mixing IPv4 and IPv6 addresses).
- LDAP / Radius: several bugs fixed for LDAP / Radius authentication.
- Captive Portal: several minor bugs fixed on authentication management.
- Certificates: management, creation and renewal of certificates have been improved.
- DHCP service: various features added (one-click removal of all leases, DHCP options added for static entries, …).
- Gateway: the gateway management has been improved: it is now possible to obtain a gateway via DHCP that is outside of the interface subnet; and some minor bugs related to IPv6 have been fixed.
- IPsec: quite a few cosmetic or technical improvements: several minor bugs have been fixed and the IPsec VPN management is more readable.
- Notifications: notifications management has changed: sending notifications via Growl has been removed and sending notifications via Telegram has been added.
- OpenVPN: the default compression behavior has changed for security reasons: the data cipher negotiation (NCP – Negotiable Cryptographic Parameters) is now mandatory; and now by default, incoming packets will be decompressed, but outgoing packets will not be compressed (compression under OpenVPN has been deprecated for a very long time for security and performance reasons).
This update is available for upgrade or new install.
If the update system does not offer an upgrade to 2.5.0, refresh the repository configuration by running the following commands from the console or shell:
pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
In any case, remember to make a backup before launching the upgrade, and follow our complete tutorial: [pfSense] Updating your pfSense server.
Finally, you can consult the complete list of changes by visiting the following page: 21.02/2.5.0 New Features and Changes.