Back to Blog

pfSense, Announcements, Development, Releases, Networking

pfSense CE 2.7.0 Software and pfSense Plus 23.05.1 Software Now Available for Upgrades

Written by: Bill Rathbone

Date: June 29, 2023

pfSense CE 2.7.0 Software and pfSense Plus 23.05.1 Software Now Available for Upgrades

We are happy to announce that pfSense® CE version 2.7.0 and pfSense Plus version 23.05.1 software are now available.

Overview

pfSense Community Edition (CE) software is an open-source project, and Netgate® has been providing stewardship and resources for it since 2008. As steward, we are responsible for maintaining a stable and secure software base which enables pfSense users to confidently address their secure edge requirements with firewall, VPN, and routing features. We accomplish this by paying highly skilled people - hardware and software engineers, test engineers, SREs - to work on the project full-time. We support the pfSense CE project by contributing releases, snapshots, and updates of pfSense CE software, as well as making other code contributions, FreeBSD-related updates, and more. The pfSense CE project source code is available on GitHub, distributed under the Apache 2.0 open source license.

pfSense Plus software is a Netgate product, separate and distinct from pfSense CE software. This separation enables us to develop enhanced capabilities that serve our customers without disrupting the codebase that community members rely upon today. pfSense Plus software is offered at no charge on Netgate appliances, and is available through the AWS and Azure Cloud Service Provider (CSP) marketplaces.

Changes to pfSense CE 2.7.0 software

The latest information about the changes and new features in pfSense CE software can be found in the Release Notes. It is a best practice to review the Release Notes prior to any upgrade. Some of the key changes in version 2.7.0 include:

  • Captive portal and limiters moved from ipfw to pf: pf is the default packet filter in pfSense software. These changes leverage L2 features previously added to pf and upstreamed to FreeBSD, and improve performance and stability of the captive portal by eliminating the need for packets to traverse both pf and ipfw.
  • UPnP and multiple game systems: A fix has been added to address an issue with UPnP and multiple game systems. This resolves the problems some game systems experienced connecting to the internet when UPnP was enabled and multiple consoles are in use.
  • New gateway state killing options: These options give the user more flexibility in how the firewall decides to kill states automatically during failover events and also adds several new manual ways to selectively remove states.
  • Improved Firewall/NAT rule usability: The Firewall/NAT rule interface has been improved to make it easier to create and manage rules. This includes new buttons to toggle multiple rules and copy rules to other interfaces.
  • Upgraded OpenVPN: OpenVPN has been upgraded to version 2.6.4. This includes a number of security fixes and performance improvements.
  • Upgraded PHP: PHP has been upgraded to version 8.2.6. This includes a number of security fixes and performance improvements. This change may cause problems in packages that have not yet upgraded their use of PHP libraries.
  • Moved to track the 'main' branch of FreeBSD: pfSense CE has been moved to track the 'main' branch of FreeBSD. This means that pfSense CE will now benefit from security updates and bug fixes more quickly, without incurring additional technical debt to backport to older versions of FreeBSD.
  • Deprecated older IPsec transforms: This means that they will no longer be supported in this or future versions of pfSense software. Please check the release notes to determine if you need to migrate your IPsec infrastructure to a supported transform before updating.
  • Added support for ChaCha20-Poly1305 to IPsec: ChaCha20-Poly1305 is also used in WireGuard and OpenVPN w/DCO, and provides an additional secure AEAD transform for all three VPN systems.
  • Addressed issues with unbound crashes: A number of issues with unbound crashes have been addressed. These include a fix for an issue that could cause unbound to crash when receiving certain DNS queries.
  • Added new packet capture GUI: A new packet capture GUI has been added, enhancing the ability to capture and analyze network traffic.
  • Added UDP broadcast relay package: A new UDP broadcast relay package has been added. This package can be used to relay UDP broadcast packets between networks.

Upgrading pfSense CE software

It’s always recommended to save a backup of the firewall configuration prior to any major change such as an upgrade. 

We also recommend you uninstall all packages before starting this upgrade. Due to major changes in PHP and base OS versions, there is a higher than usual chance that packages will interfere with the upgrade process. Removing packages gives an upgrade the best possible chance of going smoothly.

Upgrades from an earlier version of pfSense CE software to version 2.7.0 are made through the web interface:

  • Navigate to System > Update
  • Set Branch to “Current Stable Version (2.7.0 RELEASE)”
  • Click Confirm to start the upgrade process

Installing pfSense CE software

New installations of pfSense CE version 2.7.0 will need to download and install from an image. The installation process is described in the Installing and Upgrading Guide.

Changes to pfSense Plus 23.05.1 software

For the latest information about the changes and new features in pfSense Plus software, it is best to review the Release Notes prior to any upgrade. Release version 23.05.1 incorporates several bug fixes and stability enhancements.

Upgrading pfSense Plus software

It’s always recommended to save a backup of the firewall configuration prior to any major change such as an upgrade. 

Upgrades from versions 23.01 and 23.05 of pfSense Plus to version 23.05.1 are made through the web interface:

  • Navigate to System > Update
  • Set Branch to “Current Stable Version (23.05.1 RELEASE)”
  • Click Confirm to start the upgrade process

Upgrades from version 22.05 of pfSense Plus must first upgrade to version 23.01 by following these steps:

  • Navigate to System > Update
  • Set Branch to “Previous Stable Release (23.01 RELEASE)”
  • Click Confirm to start the upgrade process
  • Once this upgrade is complete follow the steps above to upgrade from version 23.01 to version 23.05.1

Reporting Issues

Both of these are fully-tested software releases. Should any issues arise, please post to the Netgate Forum or contact Netgate Technical Assistance Center (TAC) for paid support. Thank you!

Supporting the Project

Our efforts are made possible by the support of our customers and the community, and for that we express our sincere thanks. This involvement makes the pfSense project a stronger solution for everyone.

When you purchase Netgate hardware, TAC, or AWS/Azure cloud instances, you directly sustain the engineering teams responsible for maintaining high quality pfSense software. 

You may support this work through one or more of the following:

  • Purchase an official appliance directly from Netgate or from our worldwide reseller partner network. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
  • Purchase TAC support which provides you with direct access to Netgate Global Support.
  • Purchase Professional Services, which provides access to our most senior engineers for more complex projects outside the scope of TAC support.
  • Use a genuine pfSense instance to connect and protect your cloud workloads on AWS and Azure.

We are stronger together. Thank you for your support.