pfSense 1.2.1-RC2 now available

pfSense 1.2.1-RC2 is now available for testing. This is the first official RC release of 1.2.1, and we believe it eliminates all regressions that have been found since the first 1.2.1 snapshots were made available 4 months ago. Plus it fixes several bugs in 1.2.

1.2.1-RC2 VMware Appliance is also available.

The changes from 1.2 release:

  • Numerous changes to accommodate differences in FreeBSD 7.0. Lesson learned here - we hoped 1.2.1 would be a fast release cycle, but it ended up being a significant amount of work because of the changes in FreeBSD from 6.2 to 7.0. It’s certainly for the better, as 7.0 brings improved performance, more and better hardware support, enhanced wireless capabilities, and more.
  • Multi-WAN bug fix - reply-to was not added to WAN rules, which caused difficulties under some specific circumstances with accessing services running on the firewall using OPT WAN interfaces.
  • Bridging bug fix - problem with the way firewall rules were being applied to bridging could lead to strange behavior in some bridging scenarios. Also, DHCP clients used to be automatically allowed through bridges. This is no longer the case, if you use a DHCP client behind a bridge, your firewall rules must allow the DHCP traffic.
  • Captive Portal bug fix - imported from m0n0wall, related to MAC authentication with RADIUS.
  • Keep state change - the newer pf version changed to defaulting to keep state, rules that required no state keeping (same interface firewall rule bypass) needed “no state” added.
  • NAT reflection bug fix - 20 second timeout was being incorrectly applied, affecting long-lived connections.
  • Mobile IPsec fixes
  • Some minor text clean up, typo fixes
  • Packages screen now has a “Package Info” column rather than the “maintainer” column which was of limited use. Links to information on the package are shown there, for packages that have links defined. Many have links already, and work is currently under way to add a link for every package and expand the information available on them. The Installed Packages tab also shows the Package Info links. When you access the package screens, it fetches the most recent package information from our servers, incluing the Package Info links. You will see more links come with time, without having to upgrade pfSense.
  • Significant speed up in boot process, especially when using CARP. There were some delays in the boot process that could be removed thanks to changes in FreeBSD 7.0, which has made booting quite a bit faster.

You can find it on the mirrors - new installs and upgrades. Embedded users especially need to read the upgrade guide before proceeding with an upgrade.

Note on Release Signing

The key for signing releases and its backup were inadvertently destroyed. This means you’ll get a warning that the release is unsigned, unless you are updating from a recent 1.2.1 snapshot. You can either just click through that warning, or install the Pubkey package you will find under System -> Packages. If you wish to update the file manually from a secure source, you can overwrite /etc/pubkey.pem.

Please help test

The development team has upgraded numerous critical production deployments to 1.2.1 and there are no remaining regressions from 1.2 that we are aware of. There have also been thousands of downloads since the beginning of the RC cycle, so it has been widely tested to date. We believe this release is very close to being final.