pfSense

Good day
Since current version(5.9.14 / March 2024), there are already 1 major and 3 minor releases.
https://github.com/strongswan/strongswan/releases

There are plenty of improvements, bug fixes and new features.
Some of them:

- Add PQC key exchange method ML-KEM support (but only for OpenSSL 3.5.0+ or other crypto libs)

- Multiple Key Exchanges for IKEv2

- Handling of CHILD_SA rekey collisions has been improved

- IKE ports are now considered when matching connections

- IKE fragment sizes can be configured for each address family explicitly

- TUN devices can properly handle IPv6 addresses and routes via them are now correctly installed on FreeBSD

- When deciding whether to send a DPD, inbound traffic on Child SAs is now ignored unless UDP-encapsulation is used. Without UDP-encapsulation, the IKE and IPsec traffic is not directly related (other than via IPs). So firewalls might not keep the state for IKE/UDP traffic alive if constant IPsec traffic prevents DPDs from getting exchanged.

Also fix(in 6.0.3) vulnerability in eap-mschapv2 plugin (CVE-2025-62291), but impact varies by compile options:
https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-(cve-2025-62291).html