pfSense® Plus software version 23.05-RELEASE is now available. This is a regularly scheduled release of pfSense Plus software including new features, additional hardware support, and bug fixes. The release contains significant enhancements, such as:
Visit our release notes for the full list of improvements and our upgrade guide to get started with best practices for upgrading.
pfSense Plus software now includes support for cryptographic acceleration through the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB). This library is a highly-optimized software implementation of the core cryptographic processing for IPsec, WireGuard, and OpenVPN. IIMB is used in both DPDK and FD.io VPP. More information about how the library works can be found in the Intel whitepaper “Fast Multi-buffer IPsec Implementations on Intel Architecture Processors.” Netgate has also added enhancements that will boost ARM64 performance with ARM SIMD extensions and SHA and AES instructions.
The pfSense Plus 23.05 release also introduces a new Packet Capture GUI with granular control features. This new feature makes it easier for users to perform packet captures and analyze network traffic. It simplifies the process of capturing packets by providing a user-friendly interface, enabling users to quickly set up and initiate packet captures without having to rely on command-line tools. Furthermore, the granular control options allow users to narrow down the scope of their captures and focus on specific traffic patterns or potential issues.
Another new feature available with this release is experimental Ethernet (Layer 2) filtering support. This feature is disabled by default but can be enabled under Advanced Firewall Settings by selecting "Enable Ethernet Filtering (Experimental)." Ethernet rules are evaluated before traditional (Layer 3) rules, such as Floating Rules, Interface Group Rules, and Interface Rules. It is important to note that no state is maintained, and the default behavior is to pass.
The latest release also includes support for the UDP Broadcast Relay package, which listens for UDP broadcast packets and retransmits them across multiple interfaces. This feature enables broadcast discovery protocols to cross separate networks, benefiting a wide range of applications and devices. These include soundbars, media streaming devices, and even LAN multiplayer gaming.
A bug in pfSense Plus 23.01 resulted in some automatic dynamic gateway names appearing in mixed case rather than all upper case, potentially causing connectivity issues until the default gateway or gateway group membership was updated. The issue affected users with mixed case interface descriptions, leading to discrepancies between old all-caps names and the new mixed case gateway names. This bug has been fixed in version 23.05, but users who manually changed gateway entries must correct them again after upgrading.
PHP has been updated to version 8.2.4 in pfSense Plus 23.05. This update ensures that the software remains up-to-date with the latest PHP improvements, providing better performance, security, and compatibility.
Unicast CARP support is now available, paving the way for future enhancements in virtualization and cloud environments, including high availability in AWS and Azure. Netgate Development is diligently working on this feature and looks forward to bringing more exciting updates to users in upcoming releases.
As of this release, several new and recent features combined enable using the GUI alone to configure a setup compatible with the AT&T Residential Fiber Network. The same setup should work for any similar ISPs which require special handling such as Priority Code Point tagging on VLAN 0 and 802.1X authentication passthrough to a modem. Previous versions of pfSense Plus software required additional scripts (e.g. "pfatt") and/or manual changes outside the GUI.
There is a new configuration recipe which covers using these features in the GUI to configure this use case: https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html.
You can read the complete list of updates and their details in our Release Notes.
A detailed upgrade guide is available in our documentation to help you through the process. Here are the general steps needed to perform the upgrade.
(Note: the Netgate SG-1000 will not be eligible to upgrade to pfSense Plus software version 23.05-RC. This is also true for all Intel 32-bit devices.)
Devices running pfSense Plus software version 23.01 can upgrade directly to
version 23.05 by following these steps:
Updates to the code repositories require that devices running version 22.05 first upgrade to version 23.01-RELEASE, then upgrade to 23.05-RELEASE, by following these steps:
For cloud platforms where pfSense Plus is available (AWS and Azure), pfSense Plus software version 23.05-RELEASE will be available as soon as the publishing process for each platform completes.
We encourage you to move from pfSense CE software to Netgate pfSense Plus software, which is still available at no charge.
Once you have completed this, and your activation token has been registered, follow these steps:
This pfSense Plus software release is ready for use in production environments. Should any issues arise, please post to our forum or contact Netgate Technical Assistance Center (TAC) for paid support. Thank you!
pfSense Plus software is derived from FreeBSD and pfSense CE software with additional proprietary changes. The source code for the upstream projects is freely and publicly available from the same repositories as pfSense CE software:
To install or reinstall a release version of pfSense Plus software, contact Netgate TAC to obtain the installation media and include the Netgate Device ID of the hardware.
Using the automatic update process is typically easier than reinstalling to upgrade. See the Upgrade Guide page for details.
Our efforts are made possible by the support of our customers and the community. You may support this work through one or more of the following: