Back to Blog

pfSense, Announcements, Development, Releases, Networking

Netgate Releases RC of pfSense Plus Software Version 23.09

Written by: Bill Rathbone

Date: October 27, 2023

Netgate Releases RC of pfSense Plus Software Version 23.09

Netgate® is pleased to announce the Release Candidate (RC) of pfSense® Plus software version 23.09. As we prepare for the final release, we invite you to try out the release candidate and share your feedback with us.

Major Changes and Features

The Release Candidate (RC) of pfSense Plus software version 23.09 is now available. We encourage you to review the Release Notes for more details. 

Open SSL upgraded to 3.0.12

The upgrade to OpenSSL 3.0.12 means that a number of older and weaker encryption and hash algorithms have been removed, and security certificates based on these older/weaker hashes have been deprecated. We HIGHLY recommend reviewing the release notes prior to any upgrade.

Encryption algorithms removed from OpenVPN include: ARIA, Blowfish (e.g. BF-CBC, which was formerly an OpenVPN default), CAST5, DES, DESX, IDEA, RC2, RC5, SEED, and SM4. Hash algorithms removed from OpenVPN include MD4, MDC2, SM3, and Whirlpool.

Kea DHCP added as an opt-in feature

The Kea DHCP server is available as an opt-in feature. Basic functionality is present in version 23.09, but it is not feature complete. Switching to the Kea DHCP server is done by:

  • Navigate to System > Advanced
  • Choose the Networking tab
  • Change the new Server Backend radio button in the DHCP Options section to "Kea DHCP"

Note: If you have assigned hostnames to devices on your network using static leases, or rely on dynamic lease registration in DNS, switching to Kea DHCP results in those hostnames being ignored. The static lease configuration is kept, so switching back to ISC DHCP will restore the functionality.

Improved support for SCTP

Support for SCTP has been improved in PF for firewall rules, NAT, and logging. Rules can now act on SCTP packets by port number. Previously it was only possible to filter on source or destination address.

IPv6 Router Configuration moved

IPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as a part of the ongoing Kea DHCP server integration.

Additional Changes

  • PHP upgraded to 8.2.11
  • The base operating system upgraded to a more recent point of FreeBSD 14-CURRENT
  • Certain parts of the base system are being migrated to packages. These should be transparent to users.
  • The release also addresses a number of bugs and other issues.

Call for Testing

Testing of this RC software release is essential. It is the most effective way to ensure that the software is robust and reliable for all users, given the diversity of their environments and configurations. By downloading and testing this beta release, and providing feedback on any issues, our users can play a vital role in improving the software for everyone.

Installing the Upgrade

Netgate has a detailed Upgrade Guide available in the pfSense documentation to help explain the process. Below are the high-level steps to perform the upgrade.

Users currently running pfSense Plus software

Upgrades from an earlier version of pfSense Plus software are usually made through the Web user interface. It’s always recommended to save a backup of the pfSense Plus configuration prior to any major change such as an upgrade. You can find Backup and Recovery instructions in the pfSense documentation.

  • Navigate to System > Update
  • Set Branch to “Next Stable Version (23.09-RC)”
  • Click Confirm to start the upgrade process

Troubleshooting the Upgrade

To mitigate the risk of disrupting your production environment, Netgate recommends testing the RC version in a lab, on a scratch system, or in a Virtual Machine, rather than on production systems. Please review the documentation on Troubleshooting Upgrades for the most up-to-date information on working around upgrade issues.

Where to report errors

We encourage you to test the things which are important or unique to your deployments. Please report any errors or concerns in the Plus 23.09 Development Snapshots category of the Netgate Forum. Depending on the issue, we may ask for more details, or for you to open a bug on redmine.pfsense.org.

Include as much information as possible in your reports, such as console error messages, full PHP errors, the system configuration file (sanitized, if necessary), information from the text dump, etc. A full text dump might contain sensitive information, so be sure to inspect it before posting.

Summary

We want to express sincere thanks to all users willing to test this RC release. Your community involvement is essential to making Netgate's pfSense Plus product a stronger solution for everyone.