pfSense 2.4.0-RC Now Available!

pfSense software version 2.4.0-RC is now available! This release candidate is representative of the final release, and barring any show-stopping problems, will be nearly identical to the final 2.4.0 release.

pfSense software version 2.4.0 is the culmination of many months of hard work by Netgate and community contributors, with over 260 items resolved or waiting on feedback!

The 2.4.0-RELEASE updates and installation images are available now for amd64 and the SG-1000 ARM platform.

Highlights

Version 2.4.0 includes a long list of significant changes in pfSense software and in the underlying operating system and dependencies. Changes for 2.4.0 include:

  • FreeBSD 11.0-RELEASE as the base Operating System
  • New pfSense installer based on bsdinstall, with support for ZFS, UEFI, and multiple types of partition layouts (e.g. GPT, BIOS)
  • Support for Netgate ARM devices such as the SG-1000 and SG-3100
  • OpenVPN 2.4.x support, which brings features like AES-GCM ciphers, speed improvements, Negotiable Crypto Parameters, TLS encryption, and dual stack/multihome
  • Translation of the GUI into multiple language support with 12 languages, and more on the way! For more information on contributing to the translation effort, read our previous blog post and visit the project on Zanata

  • WebGUI improvements, such as a new login page, improved GET/POST CSRF handling, significant improvements to the Dashboard, and AJAX handling
  • Certificate Management improvements including CSR signing and international character support
  • Updated 802.11 wireless stack
  • Captive Portal has been rewritten to work without multiple instances of ipfw

For more details, see the Release Notes and the previous Release Highlights post.

Important Information

A few noteworthy items about running or upgrading to 2.4:

  • 32-bit x86 and NanoBSD have been deprecated and are not supported on 2.4. Hardware capable of running 64-bit images should be reinstalled with a 64-bit version. NanoBSD installs on 64-bit hardware should be reinstalled as a full installation.

    • 32-bit x86 hardware can continue to run pfSense software version 2.3.x, which will receive security updates for at least a year after 2.4.0-RELEASE.
  • To use ZFS, a reinstall of the operating system is required. It is not possible to upgrade in-place from UFS to ZFS at this time.
  • Wireless interfaces must be created on the Wireless tab under Interfaces > Assignments before they are available for assignment
  • Firewalls which utilize 6RD for IPv6 WAN connectivity may require further testing to ensure traffic flow and monitoring are working properly, see #7272
  • Some hardware devices may not boot 2.4.0 installation images, for example, due to UEFI compatibility changes. These are primarily BIOS issues and not issues with the installer images. Upgrading in place from 2.3.x typically allows affected hardware to run version 2.4.
  • To upgrade Firewalls in place which are running pfSense software version 2.2.x or earlier, first upgrade the firewall to pfSense 2.3.4 and then perform an update to pfSense 2.4.0 afterward. Alternately, reinstall 2.4.0 directly and restore the configuration.

Upgrading to 2.4.0-RC

This is a pre-release image available by installing directly or by upgrading from development snapshots or current releases.

To control how a firewall obtains updates, visit System > Update on the Update Settings tab:

  • For users running 2.3.x-RELEASE:

    • Stable, which is the default behavior, will upgrade the firewall to 2.4.0-RELEASE when it is complete, but will not upgrade to 2.4.0-RC
    • Development Snapshots will upgrade the firewall to 2.3.5 development snapshots
    • Next major version will upgrade the firewall to 2.4.0-RC
  • For users tracking pfSense 2.4.0 snapshots:

    • Stable, which is the default behavior, will upgrade the firewall to 2.4.0-RC and eventually 2.4.0-RELEASE
    • Development Snapshots will cause the firewall to continue tracking snapshots, bypassing 2.4.0-RELEASE and continuing on to 2.4.1 development snapshots

Reporting Issues

This Release Candidate image is almost ready for a formal release, but still needs some testing from a wider audience. While all of us here have been running 2.4.0 for quite some time internally, feedback from users that employ a wide variety of configurations is invaluable.

Should any issue come up with the 2.4.0-RC images, please post about them on the 2.4 board of the forum, the mailing list, or on the /r/pfSense subreddit.

Thanks!

Coming Soon

The pfSense software version 2.4.0-RELEASE will be followed rapidly by a 2.4.1-RELEASE based on FreeBSD 11.1 once we have time to test it thoroughly. pfSense software version 2.4.0-RELEASE is based on FreeBSD 11.0, which will reach its End of Life in a few months. Rather than accumulate further delay, we felt it more appropriate to get 2.4.0 out to the world and have more time to properly evaluate the changes required to use a FreeBSD 11.1 base.

pfSense software is Open Source

For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on GitHub:

Download

Downloads are available on the mirrors as usual.

Downloads for New Installs and Upgrades to Existing Firewalls – note that it is typically easier to use the auto-update functionality, then there is no need to download anything manually. Check the Firmware Updates page for details.

Supporting the Project

Our efforts are made possible by the support of our customers and the community. You can support our efforts via one or more of the following.

  • Official appliances, apparel and pre-loaded USB sticks direct from the source. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
  • Gold subscription – Immediate access to past hang out recordings as well as the latest version of the book after logging in to the members’ area.
  • Commercial Support – Purchasing support from us provides you with direct access to Netgate Global Support.
  • Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.