pfSense CE¶
Changes in this version of pfSense CE software.
Aliases / Tables¶
Fixed: Firewall rules fail to load when a URL table alias file does not exist #13068
Added: Type column on Alias lists #13245
Fixed: Static ARP entries are not configured at boot #14374
Fixed: Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist #14574
Authentication¶
Added: Option to invalidate GUI login session if the client address changes #14265
Backup / Restore¶
Changed: Increase timeout for password entry when restoring an encrypted configuration via ECL #14769
CARP¶
Captive Portal¶
Certificates¶
Fixed: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities #9889
Added: Improve System menu behavior for Certificate Manager privileges #14347
Fixed: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak #14678
DHCP (IPv4)¶
Added: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6 #6960
DNS Resolver¶
Dashboard¶
Diagnostics¶
Fixed:
diag_edit.php
warning is not cleared after picking non-directory to load #7589Changed: Combining Interface and Rule ID state table filter fields returns no results #14399
Fixed: Improve error handling in
status.php
#14513Added: Status output plugin hook for packages to include their own data #14777
Dynamic DNS¶
Added: Include hostname being updated in Dynamic DNS notifications #9504
Added: Dynamic DNS support for Porkbun #14402
Fixed: PHP error with One.com Dynamic DNS provider #14649
Fixed: List of Dynamic DNS types with split host+domain name is missing several providers #14783
Fixed: Correct name of Gandi LiveDNS #14784
Fixed: Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link #14829
Gateways¶
Fixed: Misleading error message when adding/editing static routes which use a gateway on a disabled interface #8846
Fixed: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups #14524
Fixed: A default route can remain after setting the default gateway to None #14717
Hardware / Drivers¶
IGMP Proxy¶
IPsec¶
Changed: Clarify that the IPsec keep alive check option ignores Child SA Start Action #12762
Fixed: PHP error in
status_ipsec.php
after removing active IPsec tunnel configuration #14525Fixed: Multi-WAN IPsec does not fail over when preferred WAN loses link #14626
Added: Show IPsec phase 1 authentication type in Mode column of tunnel list #14726
Fixed: IPsec rejects certificate without any SANs #14831
IPv6 Router Advertisements (radvd/rtsold)¶
Fixed: IPv6 neighbor discovery protocol (NDP) fails in some cases #13423
Interfaces¶
Fixed: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG #13218
Fixed: Cannot add a QinQ interface to a bridge #14377
Fixed:
find_interface_ipv6_ll()
can return a VIP instead of the interface address #14392Fixed: Interface value is not properly validated when submitted on
interfaces_gif_edit.php
andinterfaces_gre_edit.php
#14549Fixed: Primary interface address is incorrectly set to the last address on the interface #14623
Fixed: Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses #14756
Changed: Eliminate direct config access in
interfaces.php
#14790
Logging¶
Notifications¶
OpenVPN¶
Fixed: OpenVPN can select the wrong interface IP address when multiple addresses are present #14646
Changed: Prevent weak SHA1 certificates from being used with OpenVPN clients and servers #14677
Changed: Check for deprecated OpenVPN encryption and digest options on upgrade #14686
Changed: Update OpenVPN to 2.6.7 #14985
Operating System¶
PHP Interpreter¶
Added: Option to configure a custom value for the PHP memory limit #13377
PPP Interfaces¶
PPPoE Server¶
Fixed: PPPoE Server address input validation is incorrectly allowing IPv6 #13903
Packet Capture¶
Rules / NAT¶
Added: Support interface macros in Outbound NAT rules #3288
Fixed: Negating
<interface> net
when a VIP exists on the interface results in unintended behavior #6799Added: Option to wait for interface selection before displaying firewall rules #13124
Added: Support interface groups in firewall rule source/destination fields #14448
Fixed: “Convert interface definitions” option is not respected when bulk copying rules #14576
Fixed: Rule separators are ordered incorrectly after removing rules in certain positions #14619
Fixed: Rule separators are hidden when their index is greater than the number of rules #14621
Added: Extend support for SCTP in firewall and NAT rules #14640
Fixed: Separators get shifted when copying firewall rules between interfaces #14691
Fixed:
ctype_digit()
returns unexpected result for values <=255
which can break some validation functions/usages #14702
System Logs¶
Fixed:
status_logs_filter_dynamic.php
does not encode value ofinterfacefilter
in raw mode #14548
Traffic Graphs¶
Traffic Shaper (ALTQ)¶
Fixed: Kernel panic when using traffic shaping on a PPPoE interface #14497
Translations¶
Fixed: Some functions fail if the Language does not exactly match an available Locale #13776
UPnP/NAT-PMP¶
Fixed: Remove broken
stun.sipgate.net
from UPnP STUN server list #14673
Upgrade¶
Fixed: Update check in GUI does not always honor the configured proxy settings #14609
User Manager / Privileges¶
Fixed: Copy function for User Manager Groups does not work for first group in list #14695
Web Interface¶
Fixed: Refactor IPsec code using config access functions #13704
Fixed: PHP error in CSRF Magic from invalid time value #14394
Fixed: Breadcrumb path missing on
system_register.php
#14462Changed: Prevent weak SHA1 certificates from being used with GUI and Captive Portal #14672
Fixed:
status_carp.php
anddiag_dump_states.php
unresponsive with large state tables #14758Fixed: Logo text is partially rendered when using Compact-RED theme on CE #14807
Fixed: GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value #14820
Wireless¶
Fixed: PHP error in
handle_wireless_post()
when toggling some wireless interface options #14579