Back to Blog

pfSense, Releases

Call for Testing: pfSense® Community Edition 2.8 Beta

Call for Testing: pfSense® Community Edition 2.8 Beta

Netgate is pleased to announce the release of the Beta of pfSense Community Edition version 2.8.  

Now it’s your turn to help us test this latest iteration of our popular open-source firewall and routing software. This beta release brings a host of new features, enhancements, and fixes, and your feedback is crucial to ensuring a rock-solid final release.

Upgrade Notes

Warning:

Due to major changes in PHP and base OS versions, there is a higher than usual chance that packages will interfere with the upgrade process.

To give an upgrade the best possible chance of going smoothly, uninstall all packages before starting the upgrade.

Before upgrading, pay particular attention to the Pre-Upgrade Tasks section of the Upgrade Guide. The most crucial points are noted in this section, but the best practice is to follow all of the precautions noted in the Upgrade Guide.

Legacy Serial Consoles

After upgrading, older devices with ISA-based serial console ports may not fully detect their console due to changes in how FreeBSD probes serial ports. Devices may require manual intervention.

Low Memory Hardware

Hardware with 1 GiB or less available memory may have issues upgrading depending on which features, services, or packages are running.

For the best chance of success in these cases, temporarily disable any non-critical services before starting the upgrade. Rebooting before attempting the upgrade can also be beneficial.

Release Information

This pfSense CE 2.8 Beta builds on the robust foundation of its predecessors, introducing improvements designed to enhance performance, security, and usability. While the full changelog is still being finalized, here are some highlights you can explore in this beta:

  • PHP has been upgraded from 8.2.x to 8.3.x
  • The base operating system has been upgraded to FreeBSD 15-CURRENT
  • This version of pfSense CE software includes a new kernel-based PPPoE backend, ``if_pppoe``. This will replace the current MPD-based implementation.
    • This new backend is more efficient and enables much faster speeds over PPPoE interfaces.
    • This new PPPoE backend is not active by default in this version, but can be enabled with the global option under System > Advanced on the Networking tab <if_pppoe_option>`.
    • This backend will be enabled by default on future versions of pfSense software.
    • The ``if_pppoe`` backend does not support all advanced features of the MPD implementation. For example, it does not support MLPPP.
  • The default State Policy has been changed from Floating to Interface Bound for increased security. However, Interface Bound states may have issues in certain cases with IPsec VTI, Multi-WAN policy routing, as well as with High Availability state synchronization on non-identical hardware. Workarounds are in place to fall back to Floating states in certain cases, such as IPsec/VTI. The default policy can be toggled back to Floating using the State Policy option under System > Advanced on the Firewall & NAT tab. There is also an option to override this behavior on a per-rule basis in the advanced options when editing a firewall rule.
  • This release includes support for enhanced gateway recovery "fail back" by optionally clearing states from lower tier gateways when a more preferred gateway recovers.
  • This version requires an updated boot loader, which is automatically handled by the upgrade process for nearly all cases. However, there may be some edge cases where the automatic update does not update the loader currently used by the device. For example, if there are multiple unmirrored disks and the BIOS/EFI Firmware is not booting from the disk containing the updated loader, but an older unrelated installation on a separate disk. One particular case where this can happen is when there is a previous installation to MMC which has been followed by an installation to an add-on SSD without clearing the MMC contents.
  • This release includes support for High Availability in the Kea DHCP daemon. This implementation has several advantages over the older ISC DHCP implementation, including:
    • Supports HA for DHCPv4 and DHCPv6.
    • Simplified HA setup, all in one place on each node for each type.
    • Works in hot standby mode, which is more reliable.
    • Can synchronize lease data over the SYNC interface for security and ease of use, and can optionally encrypt the sync data for added protection.
  • This release includes support for DNS Registration of DHCP client hostnames from the Kea DHCP daemon to the Unbound DNS Resolver
    • DNS records are updated dynamically on-the-fly, they do not require a resolver restart and are not disruptive.
    • Supports DNS Registration for DHCPv4 and DHCPv6
    • DNS Registration can be configured on a per-interface or global manner, with the ability to enable or disable specific interfaces as needed.
    • DNS records are not limited to the system domain name. DNS Registration honors the domain name on the DHCP settings for each interface and on static mappings.
    • DNS records are accurate/updated on both high availability peers
    • Static mappings can be registered when Kea starts (similar to ISC) or when a static mapping client obtains a lease.

The pfSense CE project thrives thanks to its active and engaged community. Beta testing is a critical phase where we rely on users like you to put the software through its paces. Whether you’re running a small home lab, a business network, or a complex multi-site deployment, your testing helps us identify bugs, validate new features, and ensure compatibility across diverse setups.

Here’s how you can contribute:

  • Test New Features: Experiment with the latest additions and let us know how they work for you.
  • Stress the System: Push pfSense CE 2.8 Beta to its limits—high traffic, VPNs, custom rules, you name it.
  • Report Bugs: Found something off? Submit detailed bug reports to help us squash those issues.
  • Share Feedback: Tell us what you love, what you don’t, and what you’d like to see in the final release.

A Word of Caution

As with any beta software, pfSense CE 2.8 Beta is not yet production-ready. Expect some rough edges—that’s where you come in! Please avoid deploying it in critical environments until the stable release is available.

The pfSense CE 2.8 Beta is a milestone in our ongoing mission to deliver a powerful, flexible, and free networking solution to users worldwide. Your participation in this testing phase directly influences the quality of the final product. Whether you’re a seasoned pfSense veteran or a curious newcomer, we’d love to have you on board.

Let’s make pfSense CE 2.8 the best release yet. Install it, test it, and let us know what you think.

Happy testing,  

The pfSense Team at Netgate