25.03 New Features and Changes¶
This is a regularly scheduled software release including new features and bug fixes.
General¶
Older devices with ISA-based serial console ports may not fully detect their console due to changes in how FreeBSD probes serial ports. pfSense plus software attempts to detect known affected models of hardware from Netgate. Other devices may require manual intervention.
See ISA Serial Console not Fully Functional for details and a workaround.
This version of pfSense Plus software includes a new kernel-based PPPoE backend,
if_pppoe
. This will replace the current MPD-based implementation. This new backend is more efficient and enables much faster speeds over PPPoE interfaces.This new PPPoE backend is not active by default in this version, but can be enabled with the global option under System > Advanced on the Networking tab. This backend will be enabled by default on future versions of pfSense Plus software.
The
if_pppoe
backend does not support all advanced features of the MPD implementation. For example, it does not support MLPPP.This release includes support for DHCPv6 Prefix Delegation in the Kea DHCP daemon.
Warning
Prefix Delegation settings in Kea use a different format than the ISC DHCPv6 daemon, so Kea cannot use existing settings for Prefix Delegation. Settings for Prefix Delegation must be re-created manually when switching from ISC DHCPv6 to Kea DHCPv6. For details, see DHCPv6 Prefix Delegation.
Users of the Gandi Dynamic DNS service must change their current API token to a Personal Access Token (PAT) as Gandi now requires this authentication method for Dynamic DNS updates. For uninterrupted Dynamic DNS service, create a new PAT and save that PAT value in Gandi Dynamic DNS entries before upgrading to this release.
pfSense Plus¶
Changes in this version of pfSense Plus software.
Aliases / Tables¶
Auto Configuration Backup¶
Fixed: Long configuration revision reasons can cause AutoConfigBackup upload to fail #12249
Fixed: AutoConfigBackup scheduled backups always upload even when the configuration has not changed #16010
Fixed: AutoConfigBackup remote revision timestamps may not be unique due to batch uploads #16011
Fixed: “Reset” button on AutoConfigBackup Restore tab does not submit the form #16012
Changed: AutoConfigBackup code cleanup and GUI refresh #16013
Added: Download function for AutoConfigBackup entries #16014
Added: Method to change the AutoConfigBackup device key #16015
Backup / Restore¶
Captive Portal¶
Fixed: PHP error in Captive Portal with undefined zone interface list #15907
Fixed: Captive Portal does not function with MAC filtering disabled #15926
Fixed: Captive Portal service management via
pfSsh.php svc
fails when the zone name contains uppercase letters #16030Fixed: Creating a Captive Portal zone with uppercase letters overwrites existing zones of the same name #16032
Certificates¶
Configuration Backend¶
Fixed: PHP error on save with very long configuration change descriptions #15911
DHCP (IPv4)¶
Added: Kea DHCP Custom Configuration Support (IPv4 and IPv6) #15321
Fixed: Kea fails to start if DHCP pool configuration contains default lease time or max lease time #15332
Added: Kea Static ARP Support (IPv4 only) #15654
Fixed: Kea can unintentionally attempt to spawn multiple processes and fail #16019
Fixed: Static lease DNS records are incorrectly removed when backing lease expires #16022
DHCP (IPv6)¶
DNS Forwarder¶
Fixed: Unable to change DNS Forwarder domain overrides #15890
DNS Resolver¶
Fixed: DNS Resolver option for Query Name Minimization cannot be disabled #15925
Dashboard¶
Diagnostics¶
Fixed: Adding Wake-On-LAN entry from ARP table view can incorrectly include OEM text in MAC address field #15162
Fixed: PHP error from invalid IPv6 address on
diagnostics_ping.php
#16005Fixed: The filtered states shown may include states for interfaces other than the selected interface #16043
Fixed: Cannot kill states using the post-NAT address #16047
Dynamic DNS¶
Added: Improve Dynamic DNS client IPv6 support #11177
Added: Per-instance options to control Dynamic DNS client Check IP Service behavior #14067
Fixed: Dynamic DNS uses the default gateway interface instead of the specified interface #14605
Changed: Update Gandi LiveDNS service with API changes #15258
Fixed: RFC 2136 Dynamic DNS cannot update AAAA records over IPv6 #16028
Fixed: Dynamic DNS IP address may not be updated after changing the interface of a Dynamic DNS entry #16046
Gateway Monitoring¶
Fixed: The monitoring IP address for dynamic gateways may be unexpectedly routed via a different gateway #16069
Gateways¶
IPsec¶
IPv6 Router Advertisements (radvd/rtsold)¶
Interfaces¶
L2TP¶
Fixed: L2TP server settings are not saved correctly #15882
Logging¶
Multi-Instance Management¶
NTPD¶
Fixed: PHP error after saving NTP settings with an interface selected #16063
OpenVPN¶
Fixed: Configuration upgrade from before revision 19.1 removes OpenVPN settings #15895
Operating System¶
Fixed:
pftop
core dump with ICMP states #15595Fixed: Azure: User credentials entered during new VM deployments are not applied to the system #15871
Fixed: Values obtained from
sysctl
are sometimes unexpectedly empty, leading to PHP and other math errors #14648Fixed: Errors on the console when starting/stopping services #15912
Fixed: RAM disk configuration check fails at boot #16023
Fixed: RAM Disk cron jobs are not saved correctly #16059
Fixed: Panic accessing
sysctl
OIDnet.inet.ip.nhdispatch
with an INVARIANTS kernel #16081
PHP Interpreter¶
Fixed: Cookie named
id
prevents some forms from being loaded or saved properly #11268
PPP Interfaces¶
Package System¶
Rules / NAT¶
Fixed: Separators for Ethernet rules span past the actions column #16079
Added: NAT64 support #2358
Fixed: SCTP states not purged causing subsequent SCTP INIT to be blocked #15924
Fixed: Incorrect rule may be opened for editing after rule order has changed #15935
Fixed: Tracking information for firewall rules is not shown when editing the rule #15936
Fixed: Warning message in logs when changing firewall rules after setting Require Firewall Interface #15961
Fixed: Deleting or adding a firewall rule may result in an unexpected rule order #16076
Fixed: Input validation prevents creating port forwards for the same port using a different address family #16130
System Logs¶
Added: Separate IDS/IPS and link-local firewall log entries from default block logging #16092
Traffic Shaper (ALTQ)¶
Fixed: Error when viewing ALTQ Traffic Shaper queue status #15885
Traffic Shaper (Limiters)¶
Fixed: Limiters saved while MIM is enabled disappear after reboot #16051
Fixed: Input validation error when applying limiter changes #13158
Fixed: Setting a limiter queue length greater than 100 prevents the limiter from loading #13662
Fixed: Cannot add limiters named
new
#13687Fixed: PHP error when a queue is added with the same name as a limiter #15914
UPnP IGD & PCP¶
Upgrade¶
User Manager / Privileges¶
Fixed: Users with Deny Config Write privilege can trigger some VLAN interface operations #15282
Fixed: Users with Deny Config Write privilege can trigger some QinQ interface operations #15318
Fixed: PHP error when a user is denied access to the dashboard #15873
Fixed: Users with Deny Config Write privilege can trigger logging operations #15874
Fixed: Users with Deny Config Write privilege can change their own password #15908