Versie 2.7.1 van pfSense Community Edition is uitgekomen. Dit pakket is gebaseerd op het besturingssysteem FreeBSD en richt zich op router- en firewalltaken. Het is verkrijgbaar in de gratis Community Edition en een Plus-uitvoering, die voorheen als Factory Edition werd aangeboden. Het is in 2004 begonnen als een afsplitsing van m0n0wall vanwege verschillende visies bij de ontwikkelaars en in de loop van de jaren uitgegroeid tot een router- en firewallpakket dat in zowel kleine als zeer grote omgevingen kan worden ingezet. Voor meer informatie verwijzen we naar deze pagina. In versie 2.7.0 is onder meer de overstap naar FreeBSD 14 gemaakt. De releasenotes voor deze uitgave zijn hieronder voor je op een rijtje gezet.
Major Changes and Features
OpenSSL upgraded to 3.0.12This change was essential because OpenSSL 1.1.1 has reached End of Life (EOL) and will no longer receive security patches for vulnerabilities. The upgrade to OpenSSL 3.0.12 means that a number of older and weaker encryption and hash algorithms have been removed, and security certificates based on these older/weaker hashes have been deprecated. We HIGHLY recommend reviewing the release notes, and our blog on this topic, prior to any upgrade. Encryption algorithms removed from OpenVPN include ARIA, Blowfish (e.g. BF-CBC, which was formerly an OpenVPN default), CAST5, DES, DESX, IDEA, RC2, RC5, SEED, and SM4. Hash algorithms removed from OpenVPN include MD4, MDC2, SM3, and Whirlpool.
Kea DHCP added as an opt-in featureThe Kea DHCP server is available as an opt-in feature. Basic functionality is present in version 2.7.1, but it is not feature-complete. You can find our blog on the topic here. Switching to the Kea DHCP server is done by:
- Navigate to System > Advanced
- Choose the Networking tab
- Change the new Server Backend radio button in the DHCP Options section to "Kea DHCP"
- Click on the “Save” button at the bottom of the page
Note: If you have assigned hostnames to devices on your network using static leases, or rely on dynamic lease registration in DNS, switching to Kea DHCP results in those hostnames being ignored. The static lease configuration is kept, so switching back to ISC DHCP will restore the functionality.
Improved support for SCTPSupport for SCTP has been improved in PF for firewall rules, NAT, and logging. Rules can now act on SCTP packets by port number. Previously it was only possible to filter on source or destination address.
IPv6 Router Configuration movedIPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as a part of the ongoing Kea DHCP server integration.
Additional ChangesInstalling the Upgrade
- PHP upgraded to 8.2.11
- The base operating system upgraded to a more recent point of FreeBSD 14-CURRENT
- The release also addresses a number of bugs and other issues.
Netgate has a detailed Upgrade Guide available in the pfSense documentation to help explain the process. Upgrades from an earlier version of pfSense CE software are usually made through the web interface. It’s always recommended to save a backup of the pfSense CE configuration prior to any major change such as an upgrade. You can find Backup and Recovery instructions in the pfSense documentation. You launch the upgrade by following these steps:
- Navigate to System > Update
- Set Branch to “Latest Stable Version (2.7.1)”
- Click Confirm to start the upgrade process
:strip_exif()/i/2007381076.png?f=thumbmedium)
/u/49557/crop5d44021e4193d_cropped.png?f=community){kind=small}
:strip_exif()/u/10111/crop67d5f1a9809eb_cropped.gif?f=community){kind=small}