We are pleased to announce that the release candidate (RC) build for pfSense® Plus software version 23.05 is now available for testing. As we prepare for the final release, we invite you to try out the release candidate and share your feedback with us.
pfSense Plus software now includes support for cryptographic acceleration through the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB). This library is a highly-optimized software implementation of the core cryptographic processing for IPsec, WireGuard and OpenVPN. IIMB is used in both DPDK and FD.io VPP. Netgate has extended support to ARM64. More information about how the library works can be found in the Intel whitepaper “Fast Multi-buffer IPsec Implementations on Intel Architecture Processors.”
The pfSense Plus 23.05 release also introduces a new Packet Capture GUI with granular control features. This new feature makes it easier for users to perform packet captures and analyze network traffic. It simplifies the process of capturing packets by providing a user-friendly interface, enabling users to quickly set up and initiate packet captures without having to rely on command-line tools. Furthermore, the granular control options allow users to narrow down the scope of their captures and focus on specific traffic patterns or potential issues.
Another new feature available with this release is experimental Ethernet (Layer 2) filtering support. This feature is disabled by default but can be enabled under Advanced Firewall Settings by selecting "Enable Ethernet Filtering (Experimental)." Ethernet rules are evaluated before traditional (Layer 3) rules, such as Floating Rules, Interface Group Rules, and Interface Rules. It is important to note that no state is maintained, and the default behavior is to pass.
The latest release also includes support for the UDP Broadcast Relay package, which listens for UDP broadcast packets and retransmits them across multiple interfaces. This feature enables broadcast discovery protocols to cross separate networks, benefiting a wide range of applications and devices. These include soundbars, media streaming devices, and even LAN multiplayer gaming.
A bug in pfSense Plus 23.01 resulted in some automatic dynamic gateway names appearing in mixed case rather than all upper case, potentially causing connectivity issues until the default gateway or gateway group membership was updated. The issue affected users with mixed case interface descriptions, leading to discrepancies between old all-caps names and the new mixed case gateway names. This bug has been fixed in version 23.05, but users who manually changed gateway entries must correct them again after upgrading. To ensure a smooth transition, users should apply the fix using the system patches package and update gateway entries before upgrading to 23.05.
PHP has been updated to version 8.2.4 in pfSense Plus 23.05. This update ensures that the software remains up-to-date with the latest PHP improvements, providing better performance, security, and compatibility.
Last but not least, unicast CARP support is now available, paving the way for future enhancements in virtualization and cloud environments, including high availability in AWS and Azure. The development team is diligently working on this feature and looks forward to bringing more exciting updates to users in upcoming releases.
You can read the complete list of updates and their details in our Release Notes.
Rigorous testing is necessary to ensure a quality release of pfSense software. This is your opportunity to significantly contribute to this release. Doing so helps both you and the wider community. Duplicating every use case is impossible, so your unique environments and configurations will provide invaluable feedback that would be hard to reproduce in any other way.
A detailed upgrade guide is available in our documentation to help you through the process. Here are the general steps needed to perform the upgrade.
(Note: the Netgate SG-1000 will not be eligible to upgrade to pfSense Plus software version 23.05-RC. This is also true for all Intel 32-bit devices.)
Note: Updates to the code repositories require that devices running version 22.05 first upgrade to version 23.01, then upgrade to later releases like 23.05-RC
We encourage you to move from pfSense CE software to Netgate pfSense Plus software, which is still available at no charge. To do so:
We recommend testing the RC version in a lab, on a scratch system, or in a Virtual Machine, rather than on production systems. Please review Upgrade Troubleshooting for the most up-to-date information on working around upgrade issues.
Tips on Upgrading:
We urge you to test features that are essential or exclusive to your setup. Please report any errors or concerns in the Plus 23.05 Development Snapshots category of the Netgate Forum. Depending on the issue, we may request additional information, or for you to open a ticket on redmine.pfsense.org.
Include as much detail as possible in your reports, such as console error messages, full PHP errors, the system configuration file (sanitized, if necessary), information from the text dump, etc. Before sharing a full text dump, make sure it does not contain any sensitive data.
The pfSense Plus 23.05 Release Candidate is a significant milestone, bringing numerous enhancements to performance, security, and usability. We encourage you to try out the release candidate and share your feedback with us. Your input will help us make the final release even better.