This is a regularly scheduled release of pfSense® Plus and pfSense CE software including new features, additional hardware support, and bug fixes.
pfSense Plus software version 22.01-RELEASE is now available. See our upgrade guide to get started with best practices information.
As well, pfSense Community Edition (CE) software version 2.6.0 is available on pfSense.org.
Customers running pfSense Plus software, or the Factory Edition of pfSense software version 2.4.5-p1 and older, can upgrade in-place automatically to pfSense Plus software version 22.01, as with any other previous upgrade.
pfSense Plus 22.01 and pfSense CE 2.6 software both include the following changes (unless otherwise noted):
- Numerous changes to IPsec for stability and performance
- Read the IPsec section of the Release Notes carefully
- IPsec VTI interface names have changed in this release. Configurations will be updated automatically where possible to use the new names. If any third party software configurations or other manual changes referenced the old IPsec VTI interface names directly (e.g. “ipsecNNNN”), they must be updated to the new format.
- IPsec status page and widget are significantly faster, show more complete information, and have additional useful functionality
- See the Release Notes and Development Notes for additional details
- ZFS is now the default filesystem for installations where possible
- New ZFS status dashboard widget (pfSense Plus only)
- New Disks widget to replace the disk usage list in the System Information widget
- This widget is automatically added and enabled if the firewall configuration contains the System Information widget with disk usage section active
- AutoConfigBackup no longer makes pages wait to load during the backup process
- The default password hash format in the User Manager has been changed from bcrypt to SHA-512
- Improvements to the Captive Portal logout page and process
- RAM disks have been converted to tmpfs
Please note, as stated here in March 2019, AES-NI is not required to run pfSense software version 2.5.0; this also applies to pfSense Plus software version 22.01 and pfSense CE software version 2.6.0.
IMPORTANT: Proceed with caution when upgrading pfSense Plus software while COVID-19 travel restrictions are in effect.
During this time of travel limitations, remote upgrades of pfSense Plus software should be carefully considered, and avoided where possible. Travel restrictions may complicate any repair of any issue, including hardware-related issues that render the system unreachable. Should these issues require onsite physical access to remedy, repair of the issue may not be possible while travel restrictions related to COVID-19 are in effect.
All components of the base system and packages will be reinstalled by the upgrade process. This must be done to ensure that the firewall contains a consistent set of packages from the same build environment, even if their versions did not change. This process will increase the time required for the upgrade to complete.
Warnings and error messages are likely to occur while the upgrade is in process. In particular, errors from PHP and package updates may be observed on the console and in logs. In nearly all cases these errors are a harmless side effect of the inconsistent state of the system during the upgrade from changes in the operating system, libraries, and PHP versions. Once the upgrade completes, the system will be in a consistent state again. Only errors which persist after the upgrade are significant.
Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.
Once the firewall detects that an upgrade is available, do not update packages before initiating the upgrade! Either remove all packages, or do not update packages before running the upgrade.
The upgrade will take several minutes to complete. Exact time will vary based on download speed, hardware speed, and other factors such as installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading, it could take 10-20 minutes or more for the upgrade process to complete. The firewall may reboot several times during the process. Monitor the upgrade from the firewall console for the most accurate status view.
If the update check fails, or the update does not complete, run pkg install -y pfSense-upgrade to ensure that pfSense-upgrade is present.
Consult the Upgrade Guide for additional information about performing upgrades to pfSense Plus software.
Reinstalling for ZFS Features
Just as a reminder to the above, ZFS is the default file system going forward. We encourage each user to consider if ZFS is right file system for your needs.
Upgrading To The New Release
Updating from an earlier release to this release is possible via the usual methods:
From the GUI:
- Navigate to System > Update
- Set Branch to Next stable version
- Click Confirm to start the upgrade process
From the console or ssh:
Select option 13 OR select option 8 and run
See Upgrade Troubleshooting for the most up-to-date information on working around upgrade issues.
If the update system does not offer an upgrade to the current release, or the upgrade will not proceed, take the following steps:
- Navigate to System > Updates
- Set Branch to Next stable version
- Refresh the repository configuration and upgrade script by running the following commands from the console or shell:
pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
This pfSense Plus software release is ready for production use. As well, this pfSense CE release is ready for community us. Should any issues arise, please file a support ticket or post to our forum.
Obtaining pfSense Software Source Code
pfSense Plus software is derived from FreeBSD and pfSense CE software with additional proprietary changes. The source code for the upstream projects is freely and publicly available from the same repositories as pfSense CE software:
- Main pfSense CE software repository - the web GUI, back end configuration code, and build tools.
- FreeBSD source - the operating system source code, with patches against the FreeBSD base.
- FreeBSD ports - the FreeBSD ports used.
To install or reinstall pfSense Plus software, contact Netgate TAC to obtain the installation media and include the Netgate Device ID of the hardware.
Using the automatic update process is typically easier than reinstalling to upgrade. See the Upgrade Guide page for details.
Supporting the Project
Our efforts are made possible by the support of our customers and the community. You may support this work through one or more of the following:
- Purchase an official appliance direct from Netgate. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
- Purchase TAC support which provides you with direct access to Netgate Global Support.
- Purchase a professional services arrangement which provides to our most senior engineers for more complex projects outside the scope of TAC support.