We are pleased to announce that the release candidate (RC) build for pfSense® Plus software version 23.01 is now available for testing.
In September, we discussed some major features and changes we have incorporated into pfSense Plus 23.01 software, such as moving to PHP 8.1 and FreeBSD main. The snapshots became available on pfSense Plus software shortly after, and the BETA version was released in December. Since then, many bugs and other issues have been corrected.
Major Changes and Features
PHP 8.1 and FreeBSD main
As mentioned, we have moved the version of PHP used by pfSense Plus software to PHP 8.1 and changed the base operating system version of FreeBSD used by pfSense Plus software from 12-STABLE to the current development “top of tree” version, also known as “main,” or “HEAD,” and, at the time of writing, “14-CURRENT”.
IPsec Algorithms
The new version of FreeBSD transforms these outdated IPsec algorithms:
- 3DES ciphers
- Blowfish ciphers
- CAST 128 ciphers
- MD5 HMAC Authentication
For a smooth transition, reconfigure tunnels with better encryption and test them prior to upgrading. On upgrade, IPsec tunnels will be updated to remove any deprecated algorithms from their configuration.
Tunnels without valid encryption or authentication settings will be shut down, and the upgrade process will notify the user of any changes. This only affects IPsec and not other uses of these algorithms. For example, BGP can still use TCP-MD5 authentication.
Unbound
Another improvement coming with pfSense Plus is that a long-standing, difficult-to-reproduce crash in Unbound during reloading has been addressed. The fix will be included in the 23.01 release, making it safe to enable DHCP registration alongside Unbound Python mode in pfBlockerNG.
Other pfSense Plus Software Updates
In addition to the above changes, over 100 other updates have been included in this release across these functional areas, and more:
- Automatic Configuration Backup
- Captive Portal
- DNS Forwarder
- DNS Resolver
- Dynamic DNS
- FreeBSD
- IPsec
- OpenVPN
You can read the complete list of updates and their details in our Release Notes.
Call for Testing
Rigorous testing is necessary to ensure a quality release of pfSense software. This is your opportunity to significantly contribute to this release. Doing so helps both you and the wider community. Duplicating every use case is impossible, so your unique environments and configurations will provide invaluable feedback that would be hard to reproduce in any other way.
How to Upgrade
A detailed upgrade guide is available in our documentation to help you through the process. Here are the general steps needed to perform the upgrade.
Users Currently Running pfSense Plus 22.05:
- Backup your configuration
- Navigate to System > Update
- Choose the Latest Development Snapshots branch
The update check will run again and then offer a 23.01 RC version of the software.
Note: the Netgate SG-1000 will not be eligible to upgrade to pfSense Plus software version 23.01. This is also true for all Intel 32-bit devices.
Users Currently Running pfSense Community Edition:
We encourage you to move from pfSense CE software to Netgate pfSense Plus software, which is still available at no charge. To do so:
- Migrate to pfSense Plus 22.01
- Follow the upgrade path to 23.01-RC
Depending on your system, you may need to upgrade to pfSense Plus 22.05 before you have access to the pfSense Plus 23.01 RC build.
How to Troubleshoot Upgrades
We recommend testing the RC version in a lab, on a scratch system, or in a Virtual Machine, rather than on production systems. Please review Upgrade Troubleshooting for the most up-to-date information on working around upgrade issues.
Tips on Upgrading:
- Create a backup before you upgrade, or a snapshot if it is a VM.
- Do not update packages before upgrading. Remove all packages or update packages after the upgrade.
- The upgrade will generally take 10 to 30 minutes. Maintain power to your appliance while it is in progress.
- Track the progress of the upgrade from your firewall console.
- Remember that these are release candidate snapshots, not the finished product. There may still be changes before release if RC testing uncovers significant issues.
Where to Report Errors
We urge you to test features that are essential or exclusive to your setup. Please report any errors or concerns in the Plus 23.01 Development Snapshots category of the Netgate Forum. Depending on the issue, we may request additional information, or for you to open a ticket on redmine.pfsense.org.
Include as much detail as possible in your reports, such as console error messages, full PHP errors, the system configuration file (sanitized, if necessary), information from the text dump, etc. Before sharing a full text dump, make sure it does not contain any sensitive data.
Summary
We are quickly approaching the newest release of pfSense Plus software. Thanks to everyone able and willing to provide feedback and make the pfSense Plus product, and the pfSense Project a stronger solution for everyone!