We are happy to announce the release of pfSense® software version 2.3!
The most significant changes in this release are a rewrite of the webGUI utilizing Bootstrap, and the underlying system, including the base system and kernel, being converted entirely to FreeBSD pkg. The pkg conversion enables us to update pieces of the system individually going forward, rather than the monolithic updates of the past. The webGUI rewrite brings a new responsive look and feel to pfSense requiring a minimum of resizing or scrolling on a wide range of devices from desktop to mobile phones.
The full list of changes is on the 2.3 New Features and Changes page.
As always, you can upgrade from any prior version directly to 2.3. The Upgrade Guide covers everything you’ll need to know for upgrading in general. There are a few areas where additional caution should be exercised with this upgrade.
For those upgrading from a 2.3 beta or RC version to final, please see this post.
- OpenVPN topology change - configuration upgrade code was intended to set upgraded OpenVPN servers to topology net30, rather than the new default of topology subnet. This is not working as intended in some cases, but has been fixed for 2.3.1. In the mean time, editing your OpenVPN server instance and setting the topology to “net30” there will accomplish the same thing and fix it.
- IP aliases with CARP IP parent lose their parent interface association post-upgrade. Go to Firewall>Virtual IPs, edit the affected IP alias, pick the appropriate CARP IP parent, then save and apply changes. Make sure every virtual IP has something shown in the Interface column on firewall_virtual_ip.php.
- IPsec IPComp does not work. This is disabled by default. Disable IPComp under VPN>IPsec, Advanced to work around if you’ve enabled IPComp. Bug 6167
- IGMP Proxy does not work with VLAN interfaces. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
Any significant regressions discovered post-release will be added to this post.
Clear Browser Cache
Due to the many changes in the web interface, clearing your browser cache or doing a forced reload (shift+refresh) is a good idea after upgrading. If you see any cosmetic problems in the web interface post-upgrade, a stale browser cache is the likely reason.
The list of available packages in pfSense 2.3 has been significantly trimmed. We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.
pfSense software is Open Source
For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on GitHub:
- Main repository - the web GUI, back end configuration code, and build tools.
- FreeBSD source - the source code, with patches of the FreeBSD base.
- FreeBSD ports - the FreeBSD ports used.
Downloads are available on the mirrors as usual.
Downloads for New Installs and Upgrades to Existing Firewalls – note that it is typically easier to use the auto-update functionality, then there is no need to download anything manually. Check the Firmware Updates page for details.
Supporting the Project
Our efforts are made possible by the support of our customers and the community. You can support our efforts via one or more of the following.
- Official appliances direct from the source. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
- Gold subscription – Immediate access to past hang out recordings as well as the latest version of the book after logging in to the members’ area.
- Commercial Support – Purchasing support from us provides you with direct access to Netgate Global Support.
- Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.