2.3.4_2 2.3.4 maintenance release 29% 7 issues (1 closed — 6 open) Related issues Bug #7599: System->Update unavailable in WebGUI after connection failure during update Bug #7733: User Manager deletes non-selected users Bug #7771: domain missing in reverse lookup of host overrides Bug #7789: GIF interface page does not validate IPv6 addresses Bug #7847: USB NIC not loading (TP-Link UE300 RTL8153) pfSense Packages - Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working pfSense Packages - Bug #7613: quagga not starting after upgrade - initial boot
2.3.5 2.3.x maintenance release 0% 2 issues (0 closed — 2 open) Related issues Bug #7634: When restoring from USB during install, if the config file contains RRD data, the final config.xml on the system will also contain all the RRD infomation Feature #7643: Send notification when boot completed
2.4.0 Release featuring FreeBSD 11, SG-1000 ARM support, a new installer, and more 96% 290 issues (276 closed — 14 open) Related issues Bug #1685: Web configurator silently fails when "Private key does not match the certificate public key" Bug #3027: input_errors2Ajax function Bug #3710: Adding static DHCP leases doesn't cause BIND zones to update Bug #4287: Wrong display for ppp in Interfaces page Bug #4326: Limiters on firewall rules where NAT applies drop all traffic Bug #4689: Panic/Crash "sbflush_internal: cc 4294967166 || mb 0 || mbcnt 0" Bug #4723: Can't forward UDP fragmented packets with scrubbing enabled. Bug #4766: "URL Table (IPs)" and "URL (IPs)" do not work when text file is hosted on a fresh install of pfSense Bug #5976: Load cryptodev as a kernel module Bug #5993: dhcp6c not started until an RA received Bug #6016: ovpn-linkup not populating IPv6 gateways Bug #6094: VIP Other subnet does not expand into NAT entries Bug #6099: igmpproxy does not recognize upstream interface Bug #6132: race condition in OpenVPN startup Bug #6138: Long hostnames overlap the "time" title in the Monitoring graphs Bug #6257: Kernel panic with ALTQ Bug #6298: OpenVPN IPv4/6 Local network(s) initial display state Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall Bug #6363: AutoConfigBackup Restore Actions column missing due to long XMLRPC sync merge strings in the configuration description Bug #6367: Long delays with LDAP enabled w/local users during boot at "Synchronizing user settings..." Bug #6393: SMART service handling is incomplete/missing Bug #6495: No default route on PPPoE after reconnect or IP change in some cases Bug #6549: fstab is missing post-install Bug #6628: extensions.ini can end up missing required items Bug #6630: Set Defaults for Graphs - Traffic/WAN + Packets/WAN doesn't work Bug #6658: DHCP Relay not working on 2.3.2 Bug #6663: IPv6 OpenVPN client is down after reboot Bug #6664: It's impossible to use HE.NET tunnel iface as a parent for OpenVPN instances Bug #6688: Special characters in a password cause problems Bug #6717: Status / DHCPv6 Leases Issues Bug #6769: Crash PacketFilter in bridge mode Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method Bug #6778: CloudFlare Dynamic DNS fails when domain name uses a Second Level TLD Bug #6781: OpenBSD description links are broken in Traffic Shaper Bug #6782: pkg update can trigger multiple updates per second Bug #6820: Configure WAN Interface Boot Delay Bug #6821: Static ARP attribute not applied when saving a DHCP static mapping Bug #6828: Patch for "route change" is not present on 2.4 builds using FreeBSD 11 Bug #6835: firewall_nat_out_edit.php Translation section hidden Bug #6836: Wrong queue length on "/status_queues.php" page under heavy traffic Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway Bug #6862: mode 0444 for /var/etc/cert.crt leads to nginx crit error: 13: Permission denied Bug #6874: Dynamic DNS w/ DNSimple Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set Bug #6879: GUI doesn't show rebooting notification after upgrading Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases Bug #6890: PPP service name error Bug #6892: CARP VIPs Deleted entering CARP Maintenance Mode Bug #6901: services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed Bug #6905: XMLRPC Loop detection broken, secondary refuses to accept sync data Bug #6906: Issues with /tmp and /var in RAM on 2.4 Bug #6911: no network on hyperv-v 2012 R1 Bug #6913: install on Hyper-v R2 Bug #6919: Filter logs are broken, log has incomplete/invalid data Bug #6920: Upgrading to 2.4 with a stale package .inc file can prevent the system from fully booting after upgrade Bug #6925: System Update Failed Bug #6929: Choosing ZFS during install results in a system that cannot mount root Bug #6934: /usr/bin/install missing from new 2.4 installations Bug #6937: Inbound traffic on enc0 is not creating a state with mobile IPsec Bug #6943: Textdumps are not working on 2.4 (No DDB) Bug #6947: Deleting an external CA wipes certificates in use Bug #6949: username/password not used by proxy support Bug #6952: Generating user certs from imported CA fails silently when no starting serial# is set Bug #6953: on mismatching private key for CA, "edit user" silently creates user cert using different CA Bug #6958: services_dhcp_relay.php: Needs to be converted to more recent rowhelper standard Bug #6959: Remove or rename "LiveCD" option in the 2.4 installer Bug #6962: GUI allows selecting missing diffe-helman Paremeters for OpenVPN Bug #6967: DH Groups 22, 23, 24 missing from Phase 2 selection GUI Bug #6969: Insufficient error checking on static ARP entries Bug #6985: NPt rules are causing a filter error on 2.4 Bug #6986: reply-to is not functioning on pfSense 2.4 Bug #6991: IPv6 traffic hitting a rule with policy routing and NPt fails/disappears Bug #7001: Certificate manager requiring private key when importing CA certificate authority Bug #7003: autoboot_delay on 2.4.0 Bug #7008: OpenVPN sever unable to authenticate users on 2.4 Bug #7025: wizard.php?xml=setup_wizard.xml - Setup wizard is flagging valid LAN IP addresses as invalid Bug #7026: filter_logs.inc: parse_firewall_log_line(): Filter logs do not display Bug #7038: SG-1000 Quagga zebra service fails to start with signal 6 abort Bug #7042: DHCP client configures wrong address in some circumstances (setfirst support missing from ifconfig) Bug #7050: Limiter with PFsense 2.4 transparent proxy Bug #7059: firewall_rules_edit.php - strlen error when there are input errors Bug #7062: OpenVPN 2.4 treats "udp" and "tcp" as dual stack now, move old preference to udp4/tcp4 Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release Bug #7066: vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3 Bug #7068: Prevent GCM encryption from being selected for Shared Key modes in OpenVPN Bug #7073: OpenVPN 2.4: client-cert-not-required is deprecated, replace with "verify-client-cert none" Bug #7074: Due to OpenVPN protocol selection changes, automatic port number guessing/adjustment is not working Bug #7075: firewall states show negative value for total bytes processed Bug #7080: pkg_edit.php - rowhelper fielddescr disappears when last row is deleted Bug #7081: Search Domains not populating from RA using SLAAC Bug #7086: stale zfs file systems Bug #7088: DHCP does not accept input into MAC Control Fields. Bug #7102: This firewall does not have any interfaces assigned that are capable of using ALTQ traffic shaping for igb interface Bug #7105: ICMP type selection is assuming IPv6 when it should assume IPv4 Bug #7116: a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue Bug #7118: ICMP rule with ICMP type "any" fails to load Bug #7119: Changing LAGG attributes results in a panic/crash Bug #7121: freshclam.conf advanced editing, configuring value of "Checks" has no effect on crontab entry Bug #7123: Kernel panic when setting TCP MD5 Password in OpenBGP Bug #7124: Kernel panic when configuring 6to4 on a interface Bug #7128: system_advanced_network.php - fugly IPv6 over IPv4 input field alignment Bug #7133: services_router_advertisements.php: Interface drop-down is not showing the user-configured interface name Bug #7145: rc.newwanipv6 running in all cases, even for a renew Bug #7147: pfsense-utils.inc - is_ipaddr_configured() does not work properly with some IPv6 formats Bug #7149: igb driver queue related crashes Bug #7150: shell option before 1st reboot/wizard - can't login Bug #7151: Interface Group Name hint is misleading Bug #7155: services_dhcp_relay.php: Section hide/show gets out of synch with enable checkbox Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode Bug #7167: Error creating higher VLAN ID on SG-1000 Bug #7171: system_advanced_firewall.php: setHelpText is changing the field label also. Bug #7176: IPv6 Monitor IP does not seem to propagate Bug #7185: DHCP6c SIGTERM, SIGKILL Bug #7194: CARP/IP Aliases under same subnet not synced correctly Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack: Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon Bug #7219: vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3 Bug #7231: Web UI does not properly remove priq shaping rules when deleting an interface which causes subsequent rule failures without warning in the UI Bug #7232: haproxy_pool_edit.php -- sprintf() too few arguments Bug #7254: Selection from long tab list that uses dropdown does not POST correctly Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta Bug #7268: System Info Widget "All" button does not work with "Disable the automatic dashboard auto-update check" Bug #7270: interfaces_vlan.php: Can't delete VLAN Bug #7272: 6rd not functioning on 2.4.0-BETA Bug #7273: diag_confbak.php: If a user enters 0 for the number of backups to keep, PHP errors occur Bug #7274: status_ipsec.php: connect/ikedisconnect/childdisconnect actions still use GET, not POST Bug #7276: 2.3.3 upgrade does not upgrade Bug #7291: save and force update on rfc 2136 Bug #7295: RFC2136 not updating at boot time Bug #7297: system_certmanager.php: Following a link from a user to add a certificate does not present the "Choose an existing certificate" option Bug #7309: ZFS - Can't find zroot, error 5 Bug #7316: Fail Boostrap format port in Bug #7323: More user friendly defaults for firewall logs view Bug #7324: DHCPv6 Dynamic DNS hostname Bug #7334: SG-1000 Update failure Bug #7336: syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy) Bug #7394: firewall_aliases_edit.php: Renaming an alias after input errors fails to update references Bug #7401: custom_php_deinstall_command isn't being run during pkg post-deinstall because info.xml has already been removed by that step. Bug #7415: favicon is not correctly implemented Bug #7422: Typo in OpenVPN NCP description Bug #7446: RFC2136 Dynamic DNS needs local directive so updates are sourced correctly Bug #7448: XMLRPC Sync failure notice is ugly/long exception from cURL rather than our usual custom message Bug #7451: vpn_openvpn_client.php - Fields not hidden/processed correctly in chrome Bug #7452: Adding a gateway from interfaces.php does not work Bug #7485: scrub does not properly re-fragment unusual but valid IPv6 fragments, results in overlapping fragments Bug #7499: ipsec.widget.php: Tunnel Status incorrect Bug #7500: Upgrade From 2.3.3_p1 to 2.4 Fails (libssl.so.8 not found) Bug #7501: Interfaces statistics widget GUI + JSON (2 issues) Bug #7504: Info blocks do not work inside a table Bug #7518: Not all language choices show selected text Bug #7559: l2tp wins unused code Bug #7561: l2tp turn off local user database Bug #7564: l2tp broken logging shortut Bug #7565: openvpn and port 0 Bug #7567: unused openvpn address pool setting? Bug #7568: unused openvpn client_mgmt_port ? Bug #7569: openvpn wizard reused settings cause wrong defaults Bug #7572: openvpn client resolv-retry infinite issues Bug #7575: openvpn client and --route-up Bug #7579: pftop size sort is same as none Bug #7580: pftop impossible options in web gui Bug #7581: etc/pfSense.obsoletedfiles wrong path for diag_system_pftop.php Bug #7584: privileges abuse with page-diagnostics-dns Bug #7585: system_usermanager.php showcert does nothing Bug #7588: missing label for form in services_dyndns_edit Bug #7591: services_captiveportal.php suggest default auth_method, and old links Bug #7592: SG-1000: Unbound not always restarting properly after changes in /etc/hosts Bug #7625: When creating IPv6 firewall rule for single host, netmask improperly displays Bug #7637: Any operation of the suricata package will cause the system to crash Bug #7645: SG-1000 VLAN interfaces do not work without promisc mode Bug #7662: Missing close span in login page 2.4.0-BETA Bug #7677: Cert manager not creating server cert Bug #7685: OpenVPN Auth Digest Algorithm list contains entries that are functionally identical and thus redundant Bug #7719: Dynamic DNS updates not working on interface failover Bug #7728: 1:1 NAT: Destination IP Alias not displayed as web link Bug #7744: VLAN Priority options cause pf syntax error Bug #7750: unbound refuses ipv6 queries after reboot Bug #7751: Duplicated traffic graphs Bug #7763: IX driver - fails to recognize media type with SFP after link drop Bug #7770: php suhosin mdule error in crash report every boot on latest 2.4 snapshot Bug #7777: IPsec P2 - Tunnel IPv4 edition form changes remote network mask to /32 Bug #7784: IPsec widget breaks dashboard loading Bug #7785: jQuery syntax error: unterminated regular expression literal Bug #7790: dpinger / code using it, falsely defines a down gateway as up after dpinger gets restarted. Bug #7804: System info widget CPU usage not updating in IE. Needs Math.trunc() polyfill. Bug #7805: dashboard System Information - inconsistent date formats Bug #7809: Wireless interfaces are not upgraded properly for 2.4.0 Bug #7811: Installed pacakges dashboard widget breaks if no packages are installed Bug #7813: Missing download statistics on captive portal with MAC filtering enabled Bug #7819: php-fpm crashing Bug #7827: Clicking "Cancel" while deleting a firewall state will still delete it Bug #7830: LDAP authentication fails using SSL with intermediate certificates Bug #7833: ipfw will not limit download speed - captiveportal Bug #7834: Disabling captiveportal will not flush the ipfw pipes Bug #7853: Signed CSRs always use SHA1, which is weak Bug #7854: OpenVPN Remote Access Server Setup Wizard - Regex too strict Bug #7864: OpenVPN (tun/tap) is not showing Bug #7869: Hyper-v vm traffic shaper error: hn0: driver does not support altq Bug #7877: Crash when enabling traffic shaper on more than 1 port Bug #7878: GUI lag in Edit Phase 1 ipsec Bug #7879: traffic shaper crashes with hfsc_dequeue Feature #809: Config sync username change Feature #2766: status_openvpn.php needs IPv6 support Feature #3971: IPv6 - Preserve the DUID used for WAN DHCP-PD in the configuration file Feature #4044: Add UEFI support Feature #4083: Replace GET by POST Feature #5897: Make Alias url table persistent after reboot without internet Feature #5985: ntp pool command Feature #6045: Updates that do not require a reboot should run reroot Feature #6373: RFC2136 DDNS could be more configurable to improve security Feature #6374: Provide sample server-side logic to report peer's IP address for use with DDNS Feature #6639: Utilize nextboot to control the behavior of the next firewall reboot Feature #6743: Packet Capture - Filter MAC Feature #6746: Option to select dark or misc background for Traffic Graphs when a dark theme is selected. Feature #6793: Add pound package to the pfSense repository Feature #6822: diag_arp.php: Teach the ARP Table display to also display the status Feature #6832: [PATCH] Add the USB ID for the Sierra MC7430 Feature #7007: Change default IPsec/strongswan log levels Feature #7061: OpenVPN 2.4 supports pushing IPv6, allow the GUI to define IPv6 OpenVPN DNS servers to push to clients. Feature #7063: Add OpenVPN 2.4 ECDH options Feature #7064: Add LZO4 options for OpenVPN 2.4 Feature #7071: Add TLS Encryption (--tls-crypt) as an optional TLS Key usage type for OpenVPN 2.4 Feature #7072: vpn_openvpn_server.php / vpn_openvpn_client.php : Add controls to OpenVPN for Negotiable Crypto Parameters Feature #7097: Authentication cache for LDAP and RADIUS Feature #7098: RAM Disk Management Feature #7111: Add protocol selection to radius server configuration Feature #7122: Add filters to various dashboard widgets Feature #7193: NTP process PGRMF Feature #7196: setHelp method should use more conventiol argument syntax Feature #7199: SG-1000 cpsw nics don't support ALTQ Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism Feature #7383: system_certmanager.php?act=new: Add new select option to sign a CSR Feature #7505: system_certmanager.php: Certificate list should show SANs, KU, and EKU for certificates Feature #7527: Sign CSRs - subjectAlternateNames Feature #7529: CPU Type Feature #7548: Add absolute offset stat to NTP monitoring display Feature #7549: Enable Python support in Unbound Feature #7593: Enable FreeBSD 11 pvclock module in 2.4 builds Feature #7598: Static IPv6 using IPv4 PPPoE as parent interface Feature #7633: option to rearrange gateways under routing Feature #7666: Adding SAN DNS:username to User Certificates that are created via User Manager the same way as it is done via Cert. Manager Todo #3734: Remove PHP static pear modules from repo and use ports Todo #4706: MPD needs to be upgraded to version 5 even for the various other tunnels Todo #5368: Review /etc/ttys for serial console Todo #5538: remove symlinks from /etc/ to /var/etc/ Todo #6188: re-enable LUA in nginx Todo #6606: Adapt captive portal to work without multi-instance ipfw Todo #6755: Remove GLXSB references from 2.4 Todo #6767: Change logout from GET to POST request Todo #6853: Convert nanobsd installation to full install during upgrade Todo #6885: Add vectorized logo in web interface Todo #6894: Improvements and fixes on 2.4 installer Todo #7021: system_advanced_network.php Deprecate/remove Device Polling on 2.4 Todo #7032: Make a lack of ALTQ-capable interfaces more obvious to the user Todo #7047: Update status.php with new info helpful to support staff Todo #7054: Update OpenVPN to 2.4.0 Todo #7084: Intel IEEE 802.11ac wireless network driver Todo #7160: Mark Required Fields on GUI Pages Todo #7331: Check OpenVPN server/client option visibility changes per mode Todo #7507: Investigate and potentially add options for fast-io and sndbuf/rcvbuf tweaks to OpenVPN Todo #7540: Fix ca/cert input validation to allow currently blocked characters Todo #7545: OpenVPN 2.4.2 Todo #7546: d3pie version update Todo #7560: vpn_l2tp.php dns checks Todo #7573: openvpn tunnel networks and "second network address will be assigned" Todo #7577: growl and notification suggestions Todo #7586: system_usermanager_addprivs show user name Todo #7587: sort system_groupmanager_addprivs privileges Todo #7689: bsdinstall does not automatically copy config.xml from USB drive like the previous installer Todo #7708: bsdinstall does not have a "Recover config.xml" option like the previous installer pfSense Packages - Bug #6419: RRD_Summary reports incorrect bandwidth statistics. pfSense Packages - Bug #6527: Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception pfSense Packages - Bug #6592: squid does NOT use EDH and EECDH cipher suites because "tls-dh" is not configured and so these ciphers are silently dropped - see squid documentation pfSense Packages - Bug #6878: how to use snort, squid and squid_guard with a ram disk pfSense Packages - Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth pfSense Packages - Bug #6950: Auto Config Backup always reports success pfSense Packages - Bug #6983: pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved pfSense Packages - Bug #6999: ntopng missing preferences menu pfSense Packages - Bug #7009: syslog_ng Log Viewer page didn't get converted to the new 2.3 bootstrap pfSense Packages - Bug #7017: Squid NT Domain authentication is broken pfSense Packages - Bug #7130: Lightsquid 3.0.4_2 HTTP 500 pfSense Packages - Bug #7192: ACME package cannot update more than one nsupdate type domain pfSense Packages - Bug #7197: Freeradius ldap authentication failed after update 1.7.5 to 1.7.6 pfSense Packages - Bug #7498: Deprecated option included in OpenVPN client export pfSense Packages - Bug #7555: Snort settings show translation metadata when creating a new interface that is not yet defined pfSense Packages - Bug #7766: ACME Package on 2.4 requires pecl-ssh2, which is not in base any longer pfSense Packages - Feature #6593: squid: allow user to configure DH key size, SINGLE_DH_USE, NO-SSLv3, Cipher-Suites - performance improvement hint pfSense Packages - Feature #6859: have an includedir by default (sudo package) pfSense Packages - Feature #6951: Disable Auto Config Backup without uninstalling
2.4.1 2.4.x maintenance release 5% 88 issues (2 closed — 86 open) Related issues Bug #1819: DNS Forwarder Not Registering DHCP Server Specified Domain Name Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa Bug #3932: Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP Bug #4031: Notifications mail bomb in some gateway failure circumstances Bug #4310: Limiters + HA results in hangs on secondary Bug #6025: Load balancing fails when one gateway has a weight of 1 and another gateway has a weight >1 Bug #6028: no firewall rules loaded after reboot with invalid ruleset Bug #6030: Duplicated tracker IDs on block private networks rules Bug #6031: Anti-Lockoug Rule Not Effective Against Canned Interface Block Rules Bug #6167: IPsec IPComp not working Bug #6186: race conditions in service startup Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available" Bug #6263: Encryption options for every P2 on a given P1 are written to each P2 individually inside ipsec.conf with multiple P2 entries + split conn entries Bug #6277: RRD graphs are not created correctly for interfaces using CODELQ Bug #6318: IPsec dashboard widget causes GUI failure Bug #6333: Bootup starts/restarts dpinger multiple times Bug #6335: Status > IPsec shows both connected and disconnected with Split Connections enabled Bug #6400: assign_interfaces.php issues with large numbers of interfaces Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx Bug #6420: Monitoring graphs last sample being zero Bug #6459: AWS EC2 Instance should skip interface config in setup wizard Bug #6477: Sample bounds can jump around for custom timer periods on Status > Monitoring Bug #6578: Filter reload hangs with IPsec hostnames that don't resolve configured Bug #6677: CARP VIPs are configured on disabled interfaces at boot time Bug #6748: rrd_fetch_json.php returns html when user is unauthorized (causes "Error: SyntaxError: Unexpected token <") Bug #6848: Do not create an IPv4/6 gateway for an interface without according IPv4/6 address Bug #6860: Monitoring (RRD) graphs return "unknown" step value Bug #6868: Interface MTU Setting not applied to all IPv6 routes Bug #6882: bsnmpd uses all available CPU with hostres module active in some cases Bug #6954: New installer has no "Quick/Easy" installation option Bug #6974: radvd enabled on a disconnected interface kills RA completely on all interfaces Bug #7013: Changing group scope to remote does not remove it from group file Bug #7015: IPsec not working behind NAT Bug #7079: ClamAV C-ICAP causing Kernel Panic and System Crash Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield Bug #7131: DHCP v4&v6 DDNS missing options Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement Bug #7143: filterdns is triggering every 16 seconds for hosts even when the DNS record has not changed Bug #7146: install_cron_job() causes inexplicable issues when saving package configuration Bug #7153: pkg-utils.inc - register_all_installed_packages() does not handle packages that are missing XML Bug #7195: pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input Bug #7213: Hyper-V install, no disk found Bug #7384: DHCPv6 doesn't merge IPv6 prefix with the input submitted in DNS servers field when using Track Interface IPv6 configuration parameter for the LAN interface. Bug #7389: Limiter does not work with transparent proxy Bug #7412: rtsold will not run on VLAN interfaces Bug #7413: status_dhcpv6_leases.php: Some DHCPv6 leases are not displayed in the GUI Bug #7425: dhclient not sending option 77 Bug #7439: IKE_SA (IKEv2) does not rekey on break before make startegy, just issues IKE_DELETE and connection is closed Bug #7469: local_sync_accounts() slowness can trigger GUI/XMLRPC failures with many accounts Bug #7474: Problems adding gateway from interface edit Bug #7532: SG-1000 autonegotiation 10baseT speed and duplex Bug #7605: State Killing on Gateway Success Bug #7629: FreeBSD PR affecting pfsense Bug #7710: IGMP Proxy Bug #7714: NTP Widget Time Display Bug #7774: No TCP Reply State Established on GRE in IPsec Transport Bug #7786: traffic shaping queue on WAN wont allow total of all child to be 100% Bug #7795: NTP status widget: d.getSeconds is not a function Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded Bug #7807: sg-1000 random reboot when traffic shaping enabled Bug #7810: openssl/openvpn need to have loaded booth AESNI and cryptodev to accelerate AES operations , but gui alows you load only one at once Bug #7856: IPsec status does not show all connected mobile clients Bug #7865: User groups -> Assigned Privileges doesn't work Bug #7868: bsmtpd hostres feature should not be active when running on esx/proxmox/virtualbox Feature #3377: OAuth2 authentication in captive portal Feature #3473: Allow configuration of OpenVPN keepalive Feature #4405: Traffic shaping doesn't work when applied to a bridge interface Feature #6324: Improve IKEv2 multiple traffic selector per SA configuration GUI Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius) Feature #6775: Strongswan PKCS#11 Support Feature #7467: Add iPhone/Android/Generic USB tethering support Feature #7506: Use "auth-retry nointeract" to prevent OpenVPN clients from exiting or attempting to prompt for passwords Feature #7623: Allow L2TP user passwords to contain special characters Feature #7814: Unbound serve-expired please add to GU as tickbox Feature #7823: Pull request: Add support for dynamic DNS provider ClouDNS Feature #7882: Seperator feature in DHCP Static mapping for this feature Todo #6647: Enable CSP for GUI Todo #6998: Create a port for simplepie to keep it updated and use modular version Todo #7024: Replace copy of radius.inc by pear-Auth_RADIUS Todo #7762: Add uid check to pfSense-upgrade and exit unless it is run as uid=0 pfSense Packages - Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper pfSense Packages - Bug #7267: Status Traffic Totals - Stacked Bar - Scale not high enough pfSense Packages - Bug #7426: UDP packet drops pfSense Packages - Bug #7480: pkg framework - textarea on rowhelperfield erros pfSense Packages - Bug #7481: pkg-framework - rowhelper ignores <advancedfield/> pfSense Packages - Bug #7871: Add squid validation for selected CA when MITM is enabled
2.5.0 Future Release 0% 3 issues (0 closed — 3 open) Related issues Feature #7016: system_information_widget.php - Indicate adaptive state timeout status when active Feature #7671: Gateway Monitoring Via Custom Script or Telnet. Todo #7091: Write upgrade code to rename igb devices to em
Future Items for an indeterminate later release 11% 112 issues (14 closed — 98 open) Related issues Bug #1605: DHCP Server should group known clients by interface Bug #1675: Captive portal logout problems with pop-up blockers. Bug #3445: Proxy URL behaviour for package list - trailing slash Bug #4154: RADIUS authentication not working over IPv6 Bug #4406: ALTQ problems with wireless cloned interfaces Bug #4716: "DNS Resolver" lacks SOA for ".local" domain setups Bug #5367: Safari repeatedly tries to reload dashboard Bug #5539: rc.firmware - cut does not cut it... Bug #5786: Check WebConfigurator port for conflicts Bug #5826: Auto-exclude LAN address feature only works for the LAN interface Bug #6696: Add configure link to Status > Queues error message if traffic shaping not configured Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients Bug #7222: Encryption No Longer Enforced for Email Notifications Bug #7288: The field 'Distinguished name Organization' contains invalid characters Bug #7841: CARP Sync Issue - when no internet on standby Feature #84: Nightly Filter Summary E-Mail Feature #96: Add "All local networks" to source and destination drop down boxen in firewall rules Feature #97: Captive Portal should sync its database to other members of clusters Feature #286: Backup/restore users individually Feature #290: Add Multi-WAN awareness to UPnP Feature #521: Group manager Assigned Permissions Feature #701: Interface groups with NAT Feature #746: Add interface group to source/dest drop downs Feature #773: CODE for remove unnecesary menu items for users with restrictions. Feature #790: Advanced options for dnsclient (resolv.conf) Feature #806: Add private networks to rules dropdown Feature #855: More flexible options for state killing based on WAN status Feature #885: Show gateway/group IPs on mouseover Feature #939: Ability to restore specific areas of configuration backup from full config backup Feature #946: Allow aliases to be used to define IPsec phase 2 networks Feature #997: Add per-user setting for activating menu Feature #1169: Add load balancer status in SNMP Feature #1205: VPN: User-based / Group-based firewall rules Feature #1268: Allow mass renewing of certs Feature #1831: Captive portal IPv6 support Feature #1979: Add some default read-only system aliases Feature #2024: RRD Graphs for packages Feature #2358: NAT64 Support Feature #2386: Bridge member that is not an assigned interface Feature #2424: Allow masking of pass-thru MACs Feature #2479: Allow reordering of the traffic graphs on the dashboard Feature #2593: sync NTPD, SNMP config between HA members Feature #2668: Allow Alias network names in OpenVPN local/remote/tunnel networks Feature #2676: Reply-to option in firewall rule Feature #2960: Add queue length adjustment capabilities to traffic shaper based on network size Feature #2965: Mac Firewalling Feature #3115: Traffic shaping for multi WAN Feature #3156: Grouping rules Feature #3178: IPSec dynamic hosts for IPv6 Feature #3185: Accommodate a DHCPv6 failover-like mechanism Feature #3244: Check that OpenVPN tunnel network does not overlap any other subnet Feature #3336: Setting per-pool timeout in load balancer Feature #3393: AS filtering support in aliases Feature #3474: Openvpn client-specific-overrides ip conflicts Feature #3559: add option for backup ddns ( dynamic dns ) in restore area Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network Feature #3696: Multiple items backup/restore Feature #3697: New backup/restore area: Certificates Feature #3882: Add OUI database to the base system, remove dependency on nmap Feature #4024: Add a reject rule to prevent traffic from "falling through" relayd and reaching the GUI accidentally Feature #4098: Add option to force a password change on login Feature #4194: Mass maintenance tools :-) Feature #4195: Aliases: sections Feature #4209: Releasing DHCP on WAN interface should send a release Feature #4234: allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth Feature #4259: Port forward NAT rules with "any" protocol Feature #4632: Support for Multipath TCP (MPTCP) Feature #4724: Captive Portal Status Add Client Hostname Feature #4789: user interface / text fields are too short to display long alias names Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic Feature #4881: allow dynamic IPs-nets for NPt Feature #5307: Add logarithmic scale option to RRD graphs Feature #5510: Need a simple way to enable/disable package-installed services Feature #5619: Curl with ARES support Feature #5735: Automaticaly add DHCP leases to alias list or make it readable in selected fields Feature #5835: Improve OpenVPN client gateway detection in edge cases where the remote does not send gateway information Feature #5851: Add copy action to OpenVPN client / server Feature #5919: Add a control to the web gui to allow the setting of leftsendcert in IPSec Feature #5922: SNMP - enable SNMP v3 functionality Feature #5950: DHCPv6 Server support for PD of PD-obtained networks Feature #6293: Include 'if_urndis.ko' kernel module for USB network tethering Feature #6392: Allow folding based on separators in firewall rules Feature #6457: Allow ability to configure AWS EC2 AMI via userdata Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs Feature #6728: Route53 API mod and Geolocation Feature #6960: Consider replacing ISC DHCP server with KEA DHCP Feature #6961: IPv4/IPv6 Dual-Stack IPSEC mobile vpn Feature #6989: Add second IP to monitoring in "Gateway Monitoring" Feature #7077: Display negotiated cipher for NCP OpenVPN connections in Status->OpenVPN Feature #7078: Allow reordering of client specific overrides in OpenVPN Feature #7181: Add Top and Add Bottom on Seperator Feature #7182: Break up System Widget on the Dashboard Feature #7224: Abandon rate in favor of iftop Feature #7244: Publish pfsense as a Vagrant Basebox Feature #7260: Source OS / p0f Database Missing Modern Operating Systems Feature #7327: add working sftp support to sshd daemon Feature #7353: Openvpn Logins page Feature #7410: IPSEC multiple dynamic IP remote clients Feature #7416: Dhclient does not support supersede statement for option 54 Feature #7544: Graphing hits against firewall rules. Feature #7783: Support for hosting VMs on pfSense using bhyve Feature #7803: Include more OpenVPN Options in GUI Feature #7852: Add views support to Unbound GUI Todo #32: PPPoE Server users integration with user manager Todo #33: L2TP users integration with user manager Todo #204: All write_config() statements should include a reason of some sort Todo #1521: Investigate FreeBSD route metric support for future versions Todo #4123: Add support to multiple tables to expiretable Todo #5902: Use a common place for default values Todo #6645: More reliable update system Todo #6697: White squares around the numeric values in the Status / Queues page Todo #6727: Missing file apple-touch-icon-precomposed.png ?