2.3.6 2.3.x maintenance release 100% 2 issues (1 closed — 1 open) Related issues Bug #8242: Unable to edit firewall rules Bug #8255: Login page color not honoured
2.4.4 2.4.x maintenance release 20% 102 issues (17 closed — 85 open) Related issues Bug #1819: DNS Forwarder Not Registering DHCP Server Specified Domain Name Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel Bug #6025: Load balancing fails when one gateway has a weight of 1 and another gateway has a weight >1 Bug #6028: no firewall rules loaded after reboot with invalid ruleset Bug #6030: Duplicated tracker IDs on block private networks rules Bug #6167: IPsec IPComp not working Bug #6186: race conditions in service startup Bug #6263: Encryption options for every P2 on a given P1 are written to each P2 individually inside ipsec.conf with multiple P2 entries + split conn entries Bug #6277: RRD graphs are not created correctly for interfaces using CODELQ Bug #6333: Bootup starts/restarts dpinger multiple times Bug #6477: Sample bounds can jump around for custom timer periods on Status > Monitoring Bug #6868: Interface MTU Setting not applied to all IPv6 routes Bug #7013: Changing group scope to remote does not remove it from group file Bug #7079: ClamAV C-ICAP causing Kernel Panic and System Crash Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement Bug #7143: filterdns is triggering every 16 seconds for hosts even when the DNS record has not changed Bug #7146: install_cron_job() causes inexplicable issues when saving package configuration Bug #7195: pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input Bug #7384: DHCPv6 doesn't merge IPv6 prefix with the input submitted in DNS servers field when using Track Interface IPv6 configuration parameter for the LAN interface. Bug #7389: Limiter does not work with transparent proxy Bug #7425: dhclient not sending option 77 Bug #7439: IKE_SA (IKEv2) does not rekey on break before make startegy, just issues IKE_DELETE and connection is closed Bug #7480: pkg framework - textarea on rowhelperfield errors Bug #7532: SG-1000 autonegotiation 10baseT speed and duplex Bug #7599: System->Update unavailable in WebGUI after connection failure during update Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation Bug #7605: State Killing on Gateway Success Bug #7634: When restoring from USB during install, if the config file contains RRD data, the final config.xml on the system will also contain all the RRD infomation Bug #7772: Regression of Bug #906 Bug #7774: No TCP Reply State Established on GRE in IPsec Transport Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic Bug #8001: Invalid FQDN in alias causes alias table to fail *silently* Bug #8048: DHCPv6 Configured for LAN without LAN interface Bug #8100: pfsync Initially Deletes States on Primary for Connections Established through Secondary Bug #8136: dpinger for WAN DHCPv6 gets fails to update gateway IP Bug #8192: dpinger - Change in ISP link-local IPv6 address drops connectivity Bug #8248: Pfsense hangs - non pingable when removing traffic shaper from interface(s) Bug #8263: Cannot create a nonlinear `Link Share` service curve because of: "the sum of the child bandwidth higher than parent" Bug #8273: IPv6 GRE tunnel over PPPoE fails on startup Bug #8381: Cert manager requires fields that aren't necessary Bug #8391: OpenVPN Wizard creates WAN rule with TCP4 instead of protocol TCP, it creates error when loading firewall rules Bug #8393: IPAlias VIPs on localhost are not applied at boot. Bug #8403: system_advanced_admin.php Uses Incorrect/Inconsistent $config sshdkeyonly References... Bug #8407: FRR BGP MD5 support is broken Bug #8408: invalid rule written due to ipv6 ipalias being present Bug #8409: pfsense alias complains about well known name for non well known port Bug #8410: unable to use registered services by name and unable to define aliases for registered services using their name Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size Bug #8419: webgui, when menubar is fixed to the top of the screen, the last items of long menus cannot be seen/used. Bug #8422: Switching VLAN mode removes the switch port settings from the config. Bug #8426: Mobile IPSec login not working after upgrade from 2.4.2p1 Bug #8437: invalid outbound nat rules written when using ipv6 rules on interfaces that also have ipv4 adresses.. Bug #8439: Trailing whitespace on username not respected in LDAP filter Bug #8441: Manually disconnecting a captive portal user leaves the IPFW table entry Bug #8443: DHCP relay not starting after ovpnc interface is unchecked - vm 2.4.3 Bug #8445: creating an alias named "log" breaks rule processing Bug #8447: Cannot change Gateway in Firewall > Rules Bug #8450: High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member Bug #8457: Packages do not remove on factory default Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA Bug #8472: IPsec with "Split connections" enabled (multiple P2's) - new added P2's are not coming up (between two pfsense's 2.4.3) Feature #1933: Support for interface groups in NAT screens Feature #3377: OAuth2 authentication in captive portal Feature #3473: Allow configuration of OpenVPN keepalive Feature #4405: Traffic shaping doesn't work when applied to a bridge interface Feature #6324: Improve IKEv2 multiple traffic selector per SA configuration GUI Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius) Feature #6775: Strongswan PKCS#11 Support Feature #7467: Add iPhone/Android/Generic USB tethering support Feature #7623: Allow L2TP user passwords to contain special characters Feature #7767: OCSP support for OpenVPN server Feature #7769: DynDNS: Azure integration, update record in Azure (Dynamic DNS Client) Feature #7882: Seperator feature in DHCP Static mapping for this feature Feature #8028: Unbound: Add advanced option for qname-minimization Feature #8030: Unbound: Add support for DNS over TLS to internal clients Feature #8052: Separate MTU interface values for IPv4 and IPv6 Feature #8101: Filter loop prevention Feature #8160: Accomodate both RADIUS and pool IP addresses in IPsec Feature #8187: Gateways, allow for configuring a gatewaygroup as the default gateway. #3781 Feature #8202: Captive portal: add support for setting traffic quotas Feature #8385: Utilize IP addresses from successfully authenticated OpenVPN endpoints to Update Firewall Rules Feature #8388: Add DNS over TLS for upstream forwarders to the DNS Resolver Feature #8402: SSH2 Enforced Key and Username+Password Authentication... Feature #8430: Add DNS Resolver status page Feature #8431: Add DNS over TLS checkbox for Domain Override entries Todo #6647: Enable CSP for GUI Todo #6998: Create a port for simplepie to keep it updated and use modular version Todo #7024: Replace copy of radius.inc by pear-Auth_RADIUS Todo #8350: Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate Todo #8394: status.php - Some package password fields are not redacted Todo #8411: dnsmasq configuration needs changes for 2.79 Todo #8423: Update SimplePie to 1.5.1 pfSense Packages - Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper pfSense Packages - Bug #7267: Status Traffic Totals - Stacked Bar - Scale not high enough pfSense Packages - Bug #8400: FreeRadius 3 EAP-TLS Missing O.U. Option pfSense Packages - Bug #8449: FRR 4.0 zebra daemon crashes
2.5.0 Future Release 0% 4 issues (0 closed — 4 open) Related issues Bug #7307: ZFS installer - shuts down instead of rebooting Feature #7016: system_information_widget.php - Indicate adaptive state timeout status when active Feature #7671: Gateway Monitoring Via Custom Script or Telnet. Todo #7091: Write upgrade code to rename igb devices to em
Future Items for an indeterminate later release 12% 121 issues (16 closed — 105 open) Related issues Bug #1605: DHCP Server should group known clients by interface Bug #1675: Captive portal logout problems with pop-up blockers. Bug #3445: Proxy URL behaviour for package list - trailing slash Bug #4154: RADIUS authentication not working over IPv6 Bug #4406: ALTQ problems with wireless cloned interfaces Bug #4716: "DNS Resolver" lacks SOA for ".local" domain setups Bug #5367: Safari repeatedly tries to reload dashboard Bug #5539: rc.firmware - cut does not cut it... Bug #5786: Check WebConfigurator port for conflicts Bug #5826: Auto-exclude LAN address feature only works for the LAN interface Bug #6696: Add configure link to Status > Queues error message if traffic shaping not configured Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients Bug #7222: Encryption No Longer Enforced for Email Notifications Bug #7288: The field 'Distinguished name Organization' contains invalid characters Bug #7841: CARP Sync Issue - when no internet on standby Bug #8013: IPsec MSS clamping value shared for IPv4 and IPv6 Feature #84: Nightly Filter Summary E-Mail Feature #96: Add "All local networks" to source and destination drop down boxen in firewall rules Feature #97: Captive Portal should sync its database to other members of clusters Feature #286: Backup/restore users individually Feature #290: Add Multi-WAN awareness to UPnP Feature #521: Group manager Assigned Permissions Feature #701: Interface groups with NAT Feature #746: Add interface group to source/dest drop downs Feature #773: CODE for remove unnecesary menu items for users with restrictions. Feature #790: Advanced options for dnsclient (resolv.conf) Feature #806: Add private networks to rules dropdown Feature #855: More flexible options for state killing based on WAN status Feature #885: Show gateway/group IPs on mouseover Feature #939: Ability to restore specific areas of configuration backup from full config backup Feature #946: Allow aliases to be used to define IPsec phase 2 networks Feature #997: Add per-user setting for activating menu Feature #1169: Add load balancer status in SNMP Feature #1205: VPN: User-based / Group-based firewall rules Feature #1268: Allow mass renewing of certs Feature #1831: Captive portal IPv6 support Feature #1979: Add some default read-only system aliases Feature #2024: RRD Graphs for packages Feature #2358: NAT64 Support Feature #2386: Bridge member that is not an assigned interface Feature #2424: Allow masking of pass-thru MACs Feature #2479: Allow reordering of the traffic graphs on the dashboard Feature #2593: sync NTPD, SNMP config between HA members Feature #2668: Allow Alias network names in OpenVPN local/remote/tunnel networks Feature #2676: Reply-to option in firewall rule Feature #2960: Add queue length adjustment capabilities to traffic shaper based on network size Feature #2965: Mac Firewalling Feature #3115: Traffic shaping for multi WAN Feature #3156: Grouping rules Feature #3178: IPSec dynamic hosts for IPv6 Feature #3185: Accommodate a DHCPv6 failover-like mechanism Feature #3244: Check that OpenVPN tunnel network does not overlap any other subnet Feature #3336: Setting per-pool timeout in load balancer Feature #3393: AS filtering support in aliases Feature #3474: Openvpn client-specific-overrides ip conflicts Feature #3559: add option for backup ddns ( dynamic dns ) in restore area Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network Feature #3696: Multiple items backup/restore Feature #3697: New backup/restore area: Certificates Feature #3882: Add OUI database to the base system, remove dependency on nmap Feature #4024: Add a reject rule to prevent traffic from "falling through" relayd and reaching the GUI accidentally Feature #4098: Add option to force a password change on login Feature #4194: Mass maintenance tools :-) Feature #4195: Aliases: sections Feature #4209: Releasing DHCP on WAN interface should send a release Feature #4234: allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth Feature #4259: Port forward NAT rules with "any" protocol Feature #4632: Support for Multipath TCP (MPTCP) Feature #4724: Captive Portal Status Add Client Hostname Feature #4789: user interface / text fields are too short to display long alias names Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic Feature #4881: allow dynamic IPs-nets for NPt Feature #5307: Add logarithmic scale option to RRD graphs Feature #5510: Need a simple way to enable/disable package-installed services Feature #5619: Curl with ARES support Feature #5735: Automaticaly add DHCP leases to alias list or make it readable in selected fields Feature #5835: Improve OpenVPN client gateway detection in edge cases where the remote does not send gateway information Feature #5851: Add copy action to OpenVPN client / server Feature #5919: Add a control to the web gui to allow the setting of leftsendcert in IPSec Feature #5922: SNMP - enable SNMP v3 functionality Feature #5950: DHCPv6 Server support for PD of PD-obtained networks Feature #6293: Include 'if_urndis.ko' kernel module for USB network tethering Feature #6392: Allow folding based on separators in firewall rules Feature #6457: Allow ability to configure AWS EC2 AMI via userdata Feature #6728: Route53 API mod and Geolocation Feature #6960: Consider replacing ISC DHCP server with KEA DHCP Feature #6961: IPv4/IPv6 Dual-Stack IPSEC mobile vpn Feature #6989: Add second IP to monitoring in "Gateway Monitoring" Feature #7077: Display negotiated cipher for NCP OpenVPN connections in Status->OpenVPN Feature #7078: Allow reordering of client specific overrides in OpenVPN Feature #7181: Add Top and Add Bottom on Seperator Feature #7182: Break up System Widget on the Dashboard Feature #7224: Abandon rate in favor of iftop Feature #7244: Publish pfsense as a Vagrant Basebox Feature #7260: Source OS / p0f Database Missing Modern Operating Systems Feature #7327: add working sftp support to sshd daemon Feature #7353: Openvpn Logins page Feature #7410: IPSEC multiple dynamic IP remote clients Feature #7416: Dhclient does not support supersede statement for option 54 Feature #7544: Graphing hits against firewall rules. Feature #7783: Support for hosting VMs on pfSense using bhyve Feature #7803: Include more OpenVPN Options in GUI Feature #7847: USB NIC not loading (TP-Link UE300 RTL8153) Feature #7852: Add views support to Unbound GUI Feature #7897: User Dashboard Feature #8084: ImplementaĆ§Ć£o do Login Social no Captive Portal Feature #8171: Close TCP connections if associated rule just has been disabled Feature #8284: Add duplicate option next to OpenVPN servers and clients Feature #8316: expiration date when creating new rules Feature #8346: Let pFSense act as an IPSec XAuth VPN Client Feature #8474: Easier Conversion to HA Pair from Existing Non-HA Firewall Todo #32: PPPoE Server users integration with user manager Todo #33: L2TP users integration with user manager Todo #204: All write_config() statements should include a reason of some sort Todo #1521: Investigate FreeBSD route metric support for future versions Todo #4123: Add support to multiple tables to expiretable Todo #5902: Use a common place for default values Todo #6645: More reliable update system Todo #6697: White squares around the numeric values in the Status / Queues page Todo #6727: Missing file apple-touch-icon-precomposed.png ?