July 07, 2021

pfSense software version 2.5.2 is now available.

It is an update that includes new features, security fixes and stability fixes.

In this article, we take a look at the highlights of this update.

New features

There are no big new features for this version of pfSense.

We can however note the addition of support for the following Dynamic DNS providers: Mythic-Beasts, one.com, Yandex PDD, NIC.RU and Gandi LiveDNS IPv6.

Last but not least, the WireGuard package is reintroduced as an experimental package.
So use with caution.

Bugs / Improvements

Regarding routing, two important bugs have been fixed:

  • Fixed the huge bug that prevented implementing port forwarding on secondary WAN. This problem appeared with version 2.5.1.
  • Fixed a bug that prevented 1:1 NAT on IPsec VPN.

Many bugs related to the webGUI or PHP have also been fixed:

  • Dashboard / thermal sensor: the displayed values were empty or wrong for some devices.
  • IPsec Widget: only the first phase 2 was displayed in some cases on the dashboard.
  • Widget modification could cause PHP warnings.
  • The NTP Widget was displaying incorrect or inconsistent values.
  • webGUI / PHP code: fixed several display errors or PHP errors.
  • Fixed PHP errors that were displayed when the PHP_error.log file was too big.

Other main corrections include:

  • Captive portal: fixed a vulnerability of XSS type that allowed the execution of javascript code if it was included in the redirurl variable;
  • DNS Resolver (Unbound) : move back to Unbound 1.12.x due to instability on Unbound 1.13.x. This is temporary, future versions of pfSense will switch back to Unbound 1.13.x as soon as it has been stabilized;
  • AES-NI (cryptographic acceleration) : fixed a bug on SHA1 and SHA-256 support when AES-NI is used;
  • IPsec: fixed several bugs that appeared with pfSense 2.5.0 and were not fixed with version 2.5.1;
  • OpenVPN: fixed several small bugs and updated OpenVPN to version 2.5.2;
  • Network interfaces: fixed a bug that prevented changing the MTU if both IPv4 and IPv6 were active on the interface.

Finally, several improvements at the operating system level (FreeBSD) have been added:

  • Added the RTL8153 driver (which is a USB to Ethernet adapter) to the FreeBSD kernel;
  • Added support for the Xen console;
  • Added new network congestion control algorithms.

Upgrade process

This update is available for upgrade or new install.

If the update system does not offer an upgrade to 2.5.2, refresh the repository configuration by running the following commands from the console or shell:

pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

In any case, remember to make a backup before launching the upgrade, and follow our complete tutorial: [pfSense] Upgrading pfSense (how-to).

Finally, you can consult the complete list of changes by visiting the following page: 2.5.2 New Features and Changes.

Related topics

[pfSense] Upgrading pfSense (how-to)

All pfSense tutorials

Take a look at our firewalls
For pfSense or OPNsense
3 year warranty
Free delivery to USA, Canada, EU and UK


Leave a Reply