2.5.0 New Features and Changes¶
pfSense software version 2.5.0 brings a major OS version upgrade, OpenSSL upgrades, PHP and Python upgrades, and numerous bug fixes.
The original plan was to include a RESTCONF API in pfSense version 2.5.0, which for security reasons would have required hardware AES-NI or equivalent support. Plans have since changed, and pfSense 2.5.0 does not contain the planned RESTCONF API, thus pfSense version 2.5.0 WILL NOT require AES-NI.
Operating System / Architecture changes¶
Security / Errata¶
Deprecated the built-in relayd Load Balancer #9386
relayddoes not function with OpenSSL 1.1.x
relaydport is currently marked BROKEN for FreeBSD 12 and later, and has been this way since October – There is no apparent sign of work to make it compatible with OpenSSL 1.1.x
The HAProxy package may be used in its place; It is a much more robust and more feature-complete load balancer and reverse proxy
See the FreeBSD 12.0 Release Notes for information on deprecated hardware drivers that may impact firewalls upgrading to pfSense version 2.5.0. Some of these were renamed or folded into other drivers, others have been removed, and more are slated for removal in FreeBSD 13 in the future.
Changed LDAP authentication to use
LDAP_OPT_X_TLS_*options instead of LDAP environment variables, which corrects a variety of LDAP-related login issues reported by users #9417
During development of pfSense version 2.5.0, there is a significant chance that packages will be unstable until closer to the release. Most of this is due to OpenSSL changes. This will stabilize as development progresses.