Netgate Blog

pfSense 2.5.0 Development Snapshots Now Available

We are excited to announce public availability of development snapshots for pfSense® software version 2.5.0!

These images are now available to download from the snapshots server.

pfSense software version 2.5.0 is based on FreeBSD 12.0, which also brings in OpenSSL 1.1.1a. The new version of FreeBSD includes newer drivers, improvements to ARM support, pf, carp, UFS, ZFS, Amazon EC2, NTP, and numerous other bug fixes.

In addition to the FreeBSD version change, pfSense 2.5.0 has also been upgraded to PHP 7.3 and Python 3.6 to ensure continued upstream support. The older PHP 7.2 release is slated to leave active support status in November 2019 and Python 2.7 goes EOL in January 2020.

Deprecation of relayd Server Load Balancer

The switch to OpenSSL 1.1.x forced the deprecation of the bundled relayd server load balancing daemon. Users of this feature can migrate to the HAProxy package, which is more robust and offers many additional features.

All code for relayd has been removed from pfSense 2.5.0.

There is a Hangout available that covers both relayd and HAProxy which can assist with conversion.

As HAProxy is already available, users can convert to the HAProxy package now while they are on 2.4.4-p2 for a smoother upgrade experience later.

Netgate engineers can assist with converting from relayd to HAProxy as a Professional Services Engagement. Contact Netgate through that link for a conversion price quote.

This does not affect Multi-WAN load balancing, only the relayd server load balancer formerly available from Services > Load Balancer.

AES-NI Not Required

The original plan was to include a RESTCONF API in pfSense 2.5.0, which for security reasons would have required hardware AES-NI or equivalent support. Plans have since changed, and pfSense 2.5.0 does not contain the planned RESTCONF API, thus pfSense 2.5.0 will not require AES-NI.

More information about pfSense 2.5.0

We have begun writing documentation for the 2.5.0 release cycle, along with a number of warnings that must be read before proceeding with an upgrade.

Upgrading to 2.5.0-DEVELOPMENT Snapshots

We have been working hard to sand down the rough edges to ensure that upgrading to 2.5.0 snapshots will be a relatively smooth transition for users. Keep in mind, however, that these are development snapshots and not yet intended for use in production environments. Please test these snapshots in a lab first before using them in an environment that requires stability.

This upgrade is significant in size. It will take quite a while to download before it gets started, and expect the upgrade to take a minimum of 5 minutes after the first reboot. Slower disks or slower hardware will greatly lengthen that time. Monitor the progress of the upgrade from the console, and do not pull the plug on the firewall or manually reset it during the upgrade. Give it plenty of time to complete the entire process.

As with the upgrade to 2.4.4, due to the base OS and PHP upgrades, expect to see PHP and other errors on the console during the upgrade process. The vast majority of these errors are normal. Only errors which persist after being cleared post-upgrade should be a concern.

Before proceeding with the upgrade, read the 2.5.0 Upgrade Guide Notes

For users currently running pfSense 2.4.4-p2:

  • Navigate to System > Update
  • Select the Latest Development Snapshots branch

The update check will run again and will then offer a 2.5.0 snapshot.

For users currently running pfSense 2.4.5 snapshots:

Firewalls running 2.4.5 snapshots before they were retired must make manual changes to move to 2.5.0. As the change could be disruptive, this is intentional to avoid potential downtime and instability for users who might otherwise assume the new development snapshots to be as stable as the previous snapshots.

To move from 2.4.5 to 2.5.0 snapshots:

  • Navigate to System > Update
  • Ensure that the branch is set to Latest Development Snapshots
  • Run the following command from the shell:

    sed -i '' -e 's/11/12/g; s/armv6/armv7/g; s/hardfp/softfp/g' /usr/local/share/pfSense/pkg/repos/*devel*abi /usr/local/share/pfSense/pkg/repos/*devel*conf
    

Then check for updates again.

Upgrade Troubleshooting

See Upgrade Troubleshooting for the most up-to-date information on working around upgrade issues.

Reporting Issues

We do not recommend using these snapshots on production system yet. If you have the time and interest, we encourage you to try them in a lab, on a scratch system, or in a VM and provide feedback for any issues that arise during testing.

Before opening a new issue in Redmine, please post about it on the 2.5 Development Snapshots category on the forum or the /r/pfSense subreddit, and look to see if the issue is already reported in the 2.5.0 issues on Redmine

Thanks!