Back to Blog

pfSense, Announcements, Development, Releases, Networking

pfSense Plus Software Version 23.05 Release Candidate Now Available

pfSense Plus Software Version 23.05 Release Candidate Now Available

We are pleased to announce that the release candidate (RC) build for pfSense® Plus software version 23.05 is now available for testing. As we prepare for the final release, we invite you to try out the release candidate and share your feedback with us. 

Major Changes and Features

Support for IIMB Cryptographic Acceleration

pfSense Plus software now includes support for cryptographic acceleration through the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB). This library is a highly-optimized software implementation of the core cryptographic processing for IPsec, WireGuard and OpenVPN. IIMB is used in both DPDK and FD.io VPP. Netgate has extended support to ARM64. More information about how the library works can be found in the Intel whitepaper “Fast Multi-buffer IPsec Implementations on Intel Architecture Processors.”

A New Packet Capture GUI

The pfSense Plus 23.05 release also introduces a new Packet Capture GUI with granular control features. This new feature makes it easier for users to perform packet captures and analyze network traffic. It simplifies the process of capturing packets by providing a user-friendly interface, enabling users to quickly set up and initiate packet captures without having to rely on command-line tools. Furthermore, the granular control options allow users to narrow down the scope of their captures and focus on specific traffic patterns or potential issues.

Experimental Ethernet (Layer 2) Filtering Support

Another new feature available with this release is experimental Ethernet (Layer 2) filtering support. This feature is disabled by default but can be enabled under Advanced Firewall Settings by selecting "Enable Ethernet Filtering (Experimental)." Ethernet rules are evaluated before traditional (Layer 3) rules, such as Floating Rules, Interface Group Rules, and Interface Rules. It is important to note that no state is maintained, and the default behavior is to pass.

UDP Broadcast Relay Package

The latest release also includes support for the UDP Broadcast Relay package, which listens for UDP broadcast packets and retransmits them across multiple interfaces. This feature enables broadcast discovery protocols to cross separate networks, benefiting a wide range of applications and devices. These include soundbars, media streaming devices, and even LAN multiplayer gaming.

Fixed Automatic Dynamic Gateway Names

A bug in pfSense Plus 23.01 resulted in some automatic dynamic gateway names appearing in mixed case rather than all upper case, potentially causing connectivity issues until the default gateway or gateway group membership was updated. The issue affected users with mixed case interface descriptions, leading to discrepancies between old all-caps names and the new mixed case gateway names. This bug has been fixed in version 23.05, but users who manually changed gateway entries must correct them again after upgrading. To ensure a smooth transition, users should apply the fix using the system patches package and update gateway entries before upgrading to 23.05. 

PHP Updated to Version 8.2.4

PHP has been updated to version 8.2.4 in pfSense Plus 23.05. This update ensures that the software remains up-to-date with the latest PHP improvements, providing better performance, security, and compatibility.

Unicast CARP Support

Last but not least, unicast CARP support is now available, paving the way for future enhancements in virtualization and cloud environments, including high availability in AWS and Azure. The development team is diligently working on this feature and looks forward to bringing more exciting updates to users in upcoming releases.

Other Improvements

  1. Alias improvements include fixes for PF reserved keywords, bulk import errors, and sorting issues.
  2. Captive Portal bug fixes address PHP errors when the usedmacs list is empty.
  3. Certificate changes include fixing PHP errors, blank SAN fields, and adding the ability to edit Certificate Revocation List properties.
  4. DHCP (IPv4) improvements fix issues with static mappings, failover firewall rules, and PHP errors.
  5. DNS Resolver fixes include generating automatic ACLs for IPv6 when Network Interfaces is set to "All".
  6. Dashboard updates address widget errors, uptime display issues, and add support for Intel PCH temperature values.
  7. Interface improvements include adding Priority Code Point (PCP) and Promiscuous Mode options, as well as fixing PHP errors.
  8. Logging changes provide options to control the log level of authentication messages.
  9. OpenVPN updates address SSL/TLS client failures, crashes with low fragment size, and improve the OpenVPN Wizard.
  10. Traffic Shaper improvements include fixing issues with dropped traffic when routed to a GIF gateway.

You can read the complete list of updates and their details in our Release Notes.

Call for Testing

Rigorous testing is necessary to ensure a quality release of pfSense software. This is your opportunity to significantly contribute to this release.  Doing so helps both you and the wider community. Duplicating every use case is impossible, so your unique environments and configurations will provide invaluable feedback that would be hard to reproduce in any other way.

How to Upgrade

A detailed upgrade guide is available in our documentation to help you through the process. Here are the general steps needed to perform the upgrade. 

(Note: the Netgate SG-1000 will not be eligible to upgrade to pfSense Plus software version 23.05-RC. This is also true for all Intel 32-bit devices.)

Users Currently Running pfSense Plus 23.01:

  • Backup your configuration
  • Navigate to System > Update
  • Choose the Latest Development Snapshots branch
  • Select and install 23.05-RC

Users Currently Running pfSense Plus 22.05:

Note: Updates to the code repositories require that devices running version 22.05 first upgrade to version 23.01, then upgrade to later releases like 23.05-RC

  • Backup your configuration
  • Upgrade from 22.05 to 23.01
    • Navigate to System > Update
    • Select and install 23.01-RELEASE
  • Upgrade from 23.01 to 23.05-RC
    • Navigate to System > Update
    • Choose the Latest Development Snapshots branch
    • Select and install 23.05-RC

Users Currently Running pfSense Community Edition:

We encourage you to move from pfSense CE software to Netgate pfSense Plus software, which is still available at no charge. To do so:

  • Migrate to pfSense Plus 23.01
  • 23.05-RC will be available to upgrade to from the “System -> Update” page

How to Troubleshoot Upgrades

We recommend testing the RC version in a lab, on a scratch system, or in a Virtual Machine, rather than on production systems. Please review Upgrade Troubleshooting for the most up-to-date information on working around upgrade issues.

Tips on Upgrading:

  • Create a backup before you upgrade, or a snapshot if it is a VM.
  • Do not update packages before upgrading. Remove all packages or update packages after the upgrade.
  • The upgrade will generally take 10 to 30 minutes. Maintain power to your appliance while it is in progress.
  • Track the progress of the upgrade from your firewall console.
  • Remember that these are release candidate snapshots, not the finished product. There may still be changes before release if RC testing uncovers significant issues. 

Where to Report Errors

We urge you to test features that are essential or exclusive to your setup. Please report any errors or concerns in the Plus 23.05 Development Snapshots category of the Netgate Forum. Depending on the issue, we may request additional information, or for you to open a ticket on redmine.pfsense.org.

Include as much detail as possible in your reports, such as console error messages, full PHP errors, the system configuration file (sanitized, if necessary), information from the text dump, etc. Before sharing a full text dump, make sure it does not contain any sensitive data.

Summary

The pfSense Plus 23.05 Release Candidate is a significant milestone, bringing numerous enhancements to performance, security, and usability. We encourage you to try out the release candidate and share your feedback with us. Your input will help us make the final release even better.