2.5.0 New Features and Changes¶
pfSense software version 2.5.0 brings a major OS version upgrade, OpenSSL upgrades, PHP and Python upgrades, and numerous bug fixes.
Warning
The original plan was to include a RESTCONF API in pfSense version 2.5.0, which for security reasons would have required hardware AES-NI or equivalent support. Plans have since changed, and pfSense 2.5.0 does not contain the planned RESTCONF API, thus pfSense version 2.5.0 WILL NOT require AES-NI.
Tip
For those who have not yet updated to 2.4.4-p3 or 2.4.4, consult the previous release notes and blog posts for those releases to read all important information and warnings before proceeding.
Operating System / Architecture changes¶
Security / Errata¶
Deprecated the built-in relayd Load Balancer #9386
relayddoes not function with OpenSSL 1.1.xThe
relaydport is currently marked BROKEN for FreeBSD 12 and later, and has been this way since October – There is no apparent sign of work to make it compatible with OpenSSL 1.1.xThe HAProxy package may be used in its place; It is a much more robust and more feature-complete load balancer and reverse proxy
For more information on implementing HAProxy, see HAProxy package and the Hangout
Warning
See the FreeBSD 12.0 Release Notes for information on deprecated hardware drivers that may impact firewalls upgrading to pfSense version 2.5.0. Some of these were renamed or folded into other drivers, others have been removed, and more are slated for removal in FreeBSD 13 in the future.
Changed LDAP authentication to use
LDAP_OPT_X_TLS_*options instead of LDAP environment variables, which corrects a variety of LDAP-related login issues reported by users #9417
Known Issues¶
During development of pfSense version 2.5.0, there is a significant chance that packages will be unstable until closer to the release. Most of this is due to OpenSSL changes. This will stabilize as development progresses.