pfSense CE¶
Changes in this version of pfSense CE software.
Aliases / Tables¶
Fixed: Firewall rules fail to load when a URL table alias file does not exist #13068
Added: Type column on Alias lists #13245
Fixed: Static ARP entries are not configured at boot #14374
Fixed: Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist #14574
Backup / Restore¶
Changed: Increase timeout for password entry when restoring an encrypted configuration via ECL #14769
CARP¶
Captive Portal¶
Certificates¶
Fixed: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities #9889
Added: Improve System menu behavior for Certificate Manager privileges #14347
Fixed: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak #14678
DNS Resolver¶
Dashboard¶
Diagnostics¶
Fixed:
diag_edit.php
warning is not cleared after picking non-directory to load #7589Changed: Combining Interface and Rule ID state table filter fields returns no results #14399
Fixed: Improve error handling in
status.php
#14513Added: Status output plugin hook for packages to include their own data #14777
Dynamic DNS¶
Added: Include hostname being updated in Dynamic DNS notifications #9504
Added: Dynamic DNS support for Porkbun #14402
Fixed: PHP error with One.com Dynamic DNS provider #14649
Fixed: List of Dynamic DNS types with split host+domain name is missing several providers #14783
Fixed: Correct name of Gandi LiveDNS #14784
Fixed: Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link #14829
Gateways¶
Fixed: Misleading error message when adding/editing static routes which use a gateway on a disabled interface #8846
Fixed: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups #14524
Fixed: A default route can remain after setting the default gateway to None #14717
Hardware / Drivers¶
IGMP Proxy¶
IPsec¶
Changed: Clarify that the IPsec keep alive check option ignores Child SA Start Action #12762
Fixed: PHP error in
status_ipsec.php
after removing active IPsec tunnel configuration #14525Fixed: Multi-WAN IPsec does not fail over when preferred WAN loses link #14626
Added: Show IPsec phase 1 authentication type in Mode column of tunnel list #14726
Fixed: IPsec rejects certificate without any SANs #14831
IPv6 Router Advertisements (radvd/rtsold)¶
Fixed: IPv6 neighbor discovery protocol (NDP) fails in some cases #13423
Interfaces¶
Fixed: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG #13218
Fixed: Cannot add a QinQ interface to a bridge #14377
Fixed:
find_interface_ipv6_ll()
can return a VIP instead of the interface address #14392Fixed: Interface value is not properly validated when submitted on
interfaces_gif_edit.php
andinterfaces_gre_edit.php
#14549Fixed: Primary interface address is incorrectly set to the last address on the interface #14623
Fixed: Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses #14756
Changed: Eliminate direct config access in
interfaces.php
#14790
Logging¶
Notifications¶
OpenVPN¶
Fixed: OpenVPN can select the wrong interface IP address when multiple addresses are present #14646
Changed: Prevent weak SHA1 certificates from being used with OpenVPN clients and servers #14677
Changed: Check for deprecated OpenVPN encryption and digest options on upgrade #14686
Changed: Update OpenVPN to 2.6.7 #14985
Operating System¶
PPP Interfaces¶
Packet Capture¶
Rules / NAT¶
Added: Support interface macros in Outbound NAT rules #3288
Fixed: Negating
<interface> net
when a VIP exists on the interface results in unintended behavior #6799Added: Option to wait for interface selection before displaying firewall rules #13124
Added: Support interface groups in firewall rule source/destination fields #14448
Fixed: “Convert interface definitions” option is not respected when bulk copying rules #14576
Fixed: Rule separators are ordered incorrectly after removing rules in certain positions #14619
Fixed: Rule separators are hidden when their index is greater than the number of rules #14621
Added: Extend support for SCTP in firewall and NAT rules #14640
Fixed: Separators get shifted when copying firewall rules between interfaces #14691
Fixed:
ctype_digit()
returns unexpected result for values <=255
which can break some validation functions/usages #14702
System Logs¶
Fixed:
status_logs_filter_dynamic.php
does not encode value ofinterfacefilter
in raw mode #14548
Traffic Graphs¶
Translations¶
Fixed: Some functions fail if the Language does not exactly match an available Locale #13776
User Manager / Privileges¶
Fixed: Copy function for User Manager Groups does not work for first group in list #14695
Web Interface¶
Fixed: Refactor IPsec code using config access functions #13704
Fixed: PHP error in CSRF Magic from invalid time value #14394
Fixed: Breadcrumb path missing on
system_register.php
#14462Changed: Prevent weak SHA1 certificates from being used with GUI and Captive Portal #14672
Fixed:
status_carp.php
anddiag_dump_states.php
unresponsive with large state tables #14758Fixed: Logo text is partially rendered when using Compact-RED theme on CE #14807
Fixed: GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value #14820