pfSense Plus

Changes in this version of pfSense Plus software.

Aliases / Tables

• Added: Allow user-defined rules to utilize built-in system aliases #1979

Authentication

• Fixed: sshguard is not properly detecting GUI login failures #15687

• Fixed: GUI logout messages do not use the auth log facility #15719

Auto Configuration Backup

• Fixed: Special characters in the ACB configuration change description can cause PHP errors #15711

• Fixed: AutoConfigBackup tries to upload backups before the system has finished booting #15718

Backup / Restore

• Fixed: Factory resetting the configuration removes WireGuard #15511

• Fixed: Skip Packages option for Configuration Backups fails with large configurations #15624

CARP

• Fixed: HA node with CARP VIP in backup state is unable to ping the active node using that CARP VIP address #14026

Captive Portal

• Fixed: Captive Portal logo fails to load after authenticated redirect #15404

• Fixed: Captive Portal zones can fail to start due to ID conflict #15772

Certificates

• Fixed: CA certificates are not added to the Trust Store #15440

• Fixed: Certificate Manager GUI inconsistency in Revocation tab titles #15454

Configuration Backend

• Fixed: System proxy credentials with certain characters may fail to authenticate #15565

Console Menu

• Fixed: Declining to reset the admin account via the console menu still prompts to change the password #15751

DHCP (IPv4)

• Added: Settings tab for global Kea DHCP server options #5080

• Fixed: Kea fails to restart due to race between process termination and startup #14977

• Fixed: Kea will not start with identical MAC address filters on multiple interfaces #15130

• Fixed: Changes in Kea DHCP interface pools may invalidate lease database content #15328

• Fixed: Kea does not send configured TFTP server name #15518

• Added: Kea High Availability Support (IPv4 and IPv6) #15575

• Added: Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6) #15651

• Fixed: IPv4 DHCP client responses may be routed unexpectedly out unrelated WANs #15702

• Fixed: Hostnames for ISC DHCP leases are not removed from Unbound when switching to Kea #15750

• Added: Kea DHCP lease database RAM disk support (IPv4 and IPv6) #15828

DNS Forwarder

• Fixed: DNS Forwarder ignores “Use remote DNS Servers, ignore local DNS” setting #15434

• Changed: Update dnsmasq to version 2.90 #15465

DNS Resolver

• Fixed: Reduce disruptions when changing DNS records from DHCP leases in Unbound #5413

• Changed: Update Unbound to 1.22.0 #15483

• Fixed: Automatic EDNS value may be lower than expected #15704

• Fixed: Unbound configuration file contains Localhost address in forwarding mode with TLS enabled #15722

• Fixed: unbound-checkconf fails with python mode enabled #15723

Dashboard

• Added: Improve Thermal Sensors Dashboard widget readability #13520

• Fixed: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount #14933

• Fixed: Firewall Logs Dashboard widget update interval does not behave as expected #15373

• Added: Show current boot method in System Information Dashboard widget #15422

• Fixed: Incorrect icon on collapsed dashboard widgets #15439

• Fixed: Dashboard widgets refresh at unintended intervals #15725

• Changed: Improve Thermal Sensors Dashboard widget refresh code #15728

• Fixed: Session cookie warnings #15729

Diagnostics

• Fixed: Sanitize RFC 2136 Dynamic DNS update keys in status.php output #15490

• Fixed: File browser on diag_edit.php does not encode directory names before display #15525

• Fixed: State table entries printed on diag_dump_states.php may contain an unexpected interface #15657

Dynamic DNS

• Added: Enable @ support for Azure in Dynamic DNS #10000

• Added: Enable @ support for name.com in Dynamic DNS #14289

• Changed: Update Dynamic DNS API URL for porkbun.com #15779

• Fixed: Dynamic DNS attempts to resolve entries with disabled interfaces #15802

FreeBSD

• Fixed: Kernel panic in HA nodes when under high load #15413

Gateway Monitoring

• Fixed: Gateway monitoring includes disabled gateways #15635

Gateways

• Fixed: No default route after boot #15791

High Availability

• Fixed: Removing a route from the High Availability primary node does not remove the entry from the routing table on the secondary node #15795

IGMP Proxy

• Fixed: Kernel Panic when IGMPProxy gets CIDR Removed #15831

IPsec

• Fixed: Mobile IPsec does not automatically switch to failover gateway #15685

• Fixed: Mobile IPsec sends incorrect DNS attribute IDs #15755

IPv6 Router Advertisements (radvd/rtsold)

• Fixed: Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD #12581

Installer

• Fixed: Installing to ZFS mirror does not format or populate EFI partition on additional disks #15083

Interfaces

• Fixed: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity #14083

• Fixed: PHP error when applying interface settings if the /tmp/.interfaces.apply file is present but empty #15423

• Added: Use natural sorting when sorting interfaces #15437

• Fixed: OpenVPN QinQ interface creation fails #15692

• Fixed: Interface group members are not validated on load/save on interfaces_groups_edit.php, and are printed without encoding on interfaces_groups.php #15778

Logging

• Fixed: Restarting the logging daemon during rotation also restarts sshguard, leading to frequent log messages #12747

Multi-WAN

• Fixed: State Killing on Gateway Recovery fails for the default gateway group with the “Kill all” option selected #15694

NTPD

• Added: NTP authentication support #8794

OpenVPN

• Added: More GUI options for OpenVPN Client-Specific Overrides #12522

• Fixed: PHP error with OpenVPN server certificate verification if the certificate has multiple CN attributes #15133

Operating System

• Fixed: Kernel panic with pflow configured and active #15446

• Fixed: Proxy variables in crontab contents are improperly formatted #15502

• Fixed: resizewin occasionally gets fed a spurious line feed over certain serial console+client combinations #15777

PHP Interpreter

• Changed: Update PHP to 8.3.x #15053

• Fixed: Memory leak in pfSense module function pfSense_get_ifaddrs() #15471

Package System

• Fixed: Updates fail against an authenticated upstream proxy #15094

• Fixed: Package navigation menus can be duplicated when reinstalling the package #15700

Packet Capture

• Added: Allow filtering packet captures by system-defined protocols #15609

Routing

• Fixed: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0 interface #15430

• Fixed: IPsec VTI static routes may not be added after the system boots #15449

• Fixed: Saving an IPv6 gateway overrides the IPv4 gateway #15589

• Fixed: Routes with IPv6 Address as Next Hop for IPv4 Destination Causes Kernel Panic #15601

• Fixed: Static routes using null gateways are not installed #15669

Rules / NAT

• Fixed: Per-rule byte counter values lost across a filter reload #15516

• Fixed: Separator positions are incorrect when copying interface group rules #15537

• Added: GUI options to change default SCTP state timeouts #15661

• Fixed: Setting the Port Forward interface to an interface group selects an invalid destination #15671

S.M.A.R.T.

• Changed: Query for SMART data only on root disk devices #15586

SNMP

• Fixed: File descriptor leak in bsnmpd #15481

Services

• Fixed: NTP option “DNS Resolution” has no effect when using NTP pool hostnames #15552

UPnP/NAT-PMP

• Fixed: Port forward rules created by miniupnpd do not expire #15470

Upgrade

• Fixed: Upgrading an EFI system installed to ZFS mirror does not upgrade EFI loader on additional disks #15084

User Manager / Privileges

• Fixed: CLI password check exits with a write access error when checking is a read-only operation #15442

Virtual IP Addresses

• Fixed: Network and broadcast address input validation is incorrectly applied to IPv6 VIPs #15361

Web Interface

• Changed: Remove deprecated HTTP/1.0 Pragma header #15781

• Changed: Use minified nvd3 vendor files #15782