pfSense 2.4.1-RELEASE Now Available

We are excited to announce the release of pfSense® software version 2.4.1, now available for new installations and upgrades!

pfSense software version 2.4.1 is a maintenance release bringing security patches and stability fixes for issues discovered in pfSense 2.4.0-RELEASE.

pfSense 2.4.1-RELEASE updates and installation images are available now!

Security advisories from upstream projects announced after pfSense 2.4.0-RELEASE made this additional release necessary, soon after 2.4.0, to keep firewalls safe and secure. We used this opportunity to also include some platform fixes for new hardware we are offering and to deliver important stability fixes for issues that some users encountered with pfSense 2.4.0-RELEASE. Even with the rapid turnaround, we feel the set of changes merits a version number bump rather than a patch release.

Highlights

In case you missed the pfSense 2.4.0 release changes, see the 2.4.0 Release Notes and the previous 2.4.0 Release Highlights post.

pfSense software version 2.4.1 has a brief, but important, list of changes which include:

  • Fixes for the set of WPA2 Key Reinstallation Attack issues commonly known as KRACK
  • Fixed a VT console race condition panic at boot on VMware platforms (especially ESXi 6.5.0U1) #7925
  • Fixed a bsnmpd problem that causes it to use excess CPU and RAM with the hostres module in cases where drives support removable media but have no media inserted #6882
  • Fixed an upgrade problem due to FreeBSD 11 removing legacy ada aliases, which caused some older installs to fail when mounting root post-upgrade #7937
  • Changed the boot-time fsck process the ensure the disk is mounted read-only before running fsck in preen mode
  • Changed the VLAN interface names to use the ‘dotted’ format now utilized by FreeBSD, which is shorter and helps to keep the interface name smaller than the limit (16) This fixes the 4 digit VLAN issues when the NIC name is 6 bytes long. This change was made not only to fix the name length issue, but also to reduce the differences between how FreeBSD uses VLANs and how they are used by pfSense interface functions.

    • These VLAN changes prevent PPP sessions from working on VLAN parent interfaces, see #7981
  • Fixed setting VLAN Priority in VLAN interface configuration #7748

To see the rest of the changes, and find more detail, see the Release Notes.

Known Issues

  • PPP sessions on VLAN parent interfaces will not work on 2.4.1, see #7981. This has been fixed on 2.4.2 which is due out shortly.

Important Information about Upgrading and Installing pfSense software version 2.4.0 and later

If you have not yet upgraded to pfSense version 2.4.0, read the information in the 2.4.0 Release Announcement before updating for important information that may impact the ability of a firewall to upgrade to pfSense version 2.4.x.

Reporting Issues

This release is ready for a production use. Should any issues come up with pfSense 2.4.1-RELEASE, please post about them on the the forum, the mailing list, or on the /r/pfSense subreddit.

Thanks!

pfSense software is Open Source

For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on GitHub:

Download

Downloads are available on the mirrors as usual.

Downloads for New Installs and Upgrades to Existing Firewalls – note that it is typically easier to use the auto-update functionality, then there is no need to download anything manually. Check the Firmware Updates page for details.

Supporting the Project

Our efforts are made possible by the support of our customers and the community. You can support our efforts via one or more of the following.

  • Official appliances, apparel and pre-loaded USB sticks direct from the source. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
  • Gold subscription – Immediate access to past hang out recordings as well as the latest version of the book after logging in to the members’ area.
  • Commercial Support – Purchasing support from us provides you with direct access to Netgate Global Support.
  • Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.