pfSense Plus

Changes in this version of pfSense Plus software.

Aliases / Tables

  • Added: System Aliases for various reserved networks #15776

  • Changed: Exclude the WireGuard and Tailscale interface group system aliases from rules #15848

Auto Configuration Backup

  • Fixed: Long configuration revision reasons can cause AutoConfigBackup upload to fail #12249

  • Fixed: AutoConfigBackup scheduled backups always upload even when the configuration has not changed #16010

  • Fixed: AutoConfigBackup remote revision timestamps may not be unique due to batch uploads #16011

  • Fixed: “Reset” button on AutoConfigBackup Restore tab does not submit the form #16012

  • Changed: AutoConfigBackup code cleanup and GUI refresh #16013

  • Added: Download function for AutoConfigBackup entries #16014

  • Added: Method to change the AutoConfigBackup device key #16015

Backup / Restore

  • Fixed: Reinstall Packages button reports another instance of pfSense-upgrade is running #15494

  • Fixed: Backup configuration cache is not cleaned automatically #15994

Captive Portal

  • Fixed: PHP error in Captive Portal with undefined zone interface list #15907

  • Fixed: Captive Portal does not function with MAC filtering disabled #15926

  • Fixed: Captive Portal service management via pfSsh.php svc fails when the zone name contains uppercase letters #16030

  • Fixed: Creating a Captive Portal zone with uppercase letters overwrites existing zones of the same name #16032

Certificates

  • Added: Certificate Authorities created in the GUI do not have the Basic Constraints extension marked critical #15818

  • Changed: Additional error handling for invalid certificate configuration #15975

Configuration Backend

  • Fixed: PHP error on save with very long configuration change descriptions #15911

DHCP (IPv4)

  • Added: Kea DHCP Custom Configuration Support (IPv4 and IPv6) #15321

  • Fixed: Kea fails to start if DHCP pool configuration contains default lease time or max lease time #15332

  • Added: Kea Static ARP Support (IPv4 only) #15654

  • Fixed: Kea can unintentionally attempt to spawn multiple processes and fail #16019

  • Fixed: Static lease DNS records are incorrectly removed when backing lease expires #16022

DHCP (IPv6)

  • Fixed: Old IPv6 addresses may continue to be used after DHCP or RA changes #12947

  • Added: Kea DHCPv6 Prefix Delegation Support (IPv6 Only) #15652

DNS Forwarder

  • Fixed: Unable to change DNS Forwarder domain overrides #15890

DNS Resolver

  • Fixed: DNS Resolver option for Query Name Minimization cannot be disabled #15925

Dashboard

  • Fixed: Clicking the picture widget image downloads the image with an invalid filename instead of showing it inline #15767

  • Changed: Improve the system load impact from Dashboard widgets #15969

Diagnostics

  • Fixed: Adding Wake-On-LAN entry from ARP table view can incorrectly include OEM text in MAC address field #15162

  • Fixed: PHP error from invalid IPv6 address on diagnostics_ping.php #16005

  • Fixed: The filtered states shown may include states for interfaces other than the selected interface #16043

  • Fixed: Cannot kill states using the post-NAT address #16047

Dynamic DNS

  • Added: Improve Dynamic DNS client IPv6 support #11177

  • Added: Per-instance options to control Dynamic DNS client Check IP Service behavior #14067

  • Fixed: Dynamic DNS uses the default gateway interface instead of the specified interface #14605

  • Added: Support LuaDNS provider #15089

  • Changed: Update Gandi LiveDNS service with API changes #15258

  • Fixed: RFC 2136 Dynamic DNS cannot update AAAA records over IPv6 #16028

  • Fixed: Dynamic DNS IP address may not be updated after changing the interface of a Dynamic DNS entry #16046

Gateway Monitoring

  • Fixed: The monitoring IP address for dynamic gateways may be unexpectedly routed via a different gateway #16069

Gateways

  • Changed: Clarify descriptions for gateway recovery options #15429

  • Fixed: Cannot set a new name when duplicating an existing gateway group #16036

IPsec

  • Fixed: Input validation for duplicate remote gateways does not work when using the duplicate P1 button #15598

  • Fixed: Firewall generates invalid rules for IPsec tunnels with descriptions containing special symbols #16095

  • Fixed: IPsec unnecessarily prompts to apply changes after input errors #16162

IPv6 Router Advertisements (radvd/rtsold)

  • Fixed: Incorrect warning from radvd about AdvRDNSSLifetime value #12938

  • Added: PREF64 support in Router Advertisements #15808

  • Fixed: Routing Advertisements daemon fails to start when configured with more than 3 RDNSS entries in a prefix #15876

Interfaces

  • Fixed: Config access error with null static routes #16104

  • Fixed: Config access error after changing an interface from DHCP to Static #16105

L2TP

  • Fixed: L2TP server settings are not saved correctly #15882

Logging

  • Added: Enhanced firewall log action information display #15415

  • Fixed: PHP error when saving System Log settings #15988

Multi-Instance Management

  • Fixed: MIM GUI is unable to write IPv6 aliases #15959

  • Fixed: Renaming an alias in MIM does not update firewall and NAT rules with the new alias name #15989

NTPD

  • Fixed: PHP error after saving NTP settings with an interface selected #16063

OpenVPN

  • Fixed: Configuration upgrade from before revision 19.1 removes OpenVPN settings #15895

Operating System

  • Fixed: pftop core dump with ICMP states #15595

  • Fixed: Azure: User credentials entered during new VM deployments are not applied to the system #15871

  • Fixed: Values obtained from sysctl are sometimes unexpectedly empty, leading to PHP and other math errors #14648

  • Fixed: Errors on the console when starting/stopping services #15912

  • Fixed: RAM disk configuration check fails at boot #16023

  • Fixed: RAM Disk cron jobs are not saved correctly #16059

  • Fixed: Panic accessing sysctl OID net.inet.ip.nhdispatch with an INVARIANTS kernel #16081

PHP Interpreter

  • Fixed: Cookie named id prevents some forms from being loaded or saved properly #11268

PPP Interfaces

  • Fixed: PPPoE WAN loses IPv4 addresses on IPV6CP LayerDown events #16103

  • Added: Support if_pppoe backend for PPPoE WAN interfaces #16134

Package System

  • Fixed: Deleting one pre-installed package may delete other pre-installed packages #15643

  • Fixed: The package post-install script does not run with a system upgrade on ZFS #16057

  • Changed: pkg no longer supports setting ALTABI manually at run-time #16060

Rules / NAT

  • Fixed: Separators for Ethernet rules span past the actions column #16079

  • Added: NAT64 support #2358

  • Fixed: SCTP states not purged causing subsequent SCTP INIT to be blocked #15924

  • Fixed: Incorrect rule may be opened for editing after rule order has changed #15935

  • Fixed: Tracking information for firewall rules is not shown when editing the rule #15936

  • Fixed: Warning message in logs when changing firewall rules after setting Require Firewall Interface #15961

  • Fixed: Deleting or adding a firewall rule may result in an unexpected rule order #16076

  • Fixed: Input validation prevents creating port forwards for the same port using a different address family #16130

System Logs

  • Added: Separate IDS/IPS and link-local firewall log entries from default block logging #16092

Traffic Shaper (ALTQ)

  • Fixed: Error when viewing ALTQ Traffic Shaper queue status #15885

Traffic Shaper (Limiters)

  • Fixed: Limiters saved while MIM is enabled disappear after reboot #16051

  • Fixed: Input validation error when applying limiter changes #13158

  • Fixed: Setting a limiter queue length greater than 100 prevents the limiter from loading #13662

  • Fixed: Cannot add limiters named new #13687

  • Fixed: PHP error when a queue is added with the same name as a limiter #15914

UPnP IGD & PCP

  • Changed: Update UPnP IGD & PCP GUI text #15864

  • Changed: Make the UPnP IGD & PCP STUN port optional #15865

Upgrade

  • Fixed: Upgrade available LED not set before branch is selected. #15880

  • Changed: Link to release information on the system update page #15953

  • Fixed: Boot loader is not upgraded on UFS installs #16064

User Manager / Privileges

  • Fixed: Users with Deny Config Write privilege can trigger some VLAN interface operations #15282

  • Fixed: Users with Deny Config Write privilege can trigger some QinQ interface operations #15318

  • Fixed: PHP error when a user is denied access to the dashboard #15873

  • Fixed: Users with Deny Config Write privilege can trigger logging operations #15874

  • Fixed: Users with Deny Config Write privilege can change their own password #15908

Web Interface

  • Added: Custom message text for the login screen #9293

  • Changed: Update nginx HTTP2 syntax #15863

  • Fixed: Incorrect color in button text within disabled rows #15977