2.5.0 Future Release 41% 184 issues (19 closed — 165 open) Related issues Bug #1819: DNS Forwarder Not Registering DHCP Server Specified Domain Name Bug #3500: DHCP Leases List Not Showing Hostname in Some Cases Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel Bug #6025: Load balancing fails when one gateway has a weight of 1 and another gateway has a weight >1 Bug #6028: no firewall rules loaded after reboot with invalid ruleset Bug #6030: Duplicated tracker IDs on block private networks rules Bug #6167: IPsec IPComp not working Bug #6186: race conditions in service startup Bug #6263: Encryption options for every P2 on a given P1 are written to each P2 individually inside ipsec.conf with multiple P2 entries + split conn entries Bug #6277: RRD graphs are not created correctly for interfaces using CODELQ Bug #6333: Bootup starts/restarts dpinger multiple times Bug #6868: Interface MTU Setting not applied to all IPv6 routes Bug #7146: install_cron_job() causes inexplicable issues when saving package configuration Bug #7307: ZFS installer - shuts down instead of rebooting Bug #7384: DHCPv6 doesn't merge IPv6 prefix with the input submitted in DNS servers field when using Track Interface IPv6 configuration parameter for the LAN interface. Bug #7389: Limiter does not work with transparent proxy Bug #7772: Regression of Bug #906 Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded Bug #8100: pfsync Initially Deletes States on Primary for Connections Established through Secondary Bug #8136: dpinger for WAN DHCPv6 gets fails to update gateway IP Bug #8192: dpinger - Change in ISP link-local IPv6 address drops connectivity Bug #8248: Pfsense hangs - non pingable when removing traffic shaper from interface(s) Bug #8263: Cannot create a nonlinear `Link Share` service curve because of: "the sum of the child bandwidth higher than parent" Bug #8273: IPv6 GRE tunnel over PPPoE fails on startup Bug #8443: DHCP relay not starting after ovpnc interface is unchecked - vm 2.4.3 Bug #8472: IPsec with "Split connections" enabled (multiple P2's) - new added P2's are not coming up (between two pfsense's 2.4.3) Bug #8531: URL Table aliases don't support FQDNs or names that return >1 IP Bug #8611: unable to receive IPv6 RA's on SG-1000, default route lost Bug #8815: IPv4 addresses disappear from interfaces when link is lost Bug #8870: Webgui incorrectly reports "The system is on the latest version". Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through Bug #9023: is_fqdn() validation Bug #9053: Dynamic DNS will not allow Route 53 wildcard record Bug #9058: crash in l2tp retransmit Bug #9074: Alias URL lists only storing last-most list in config. Bug #9136: IPv6 Tracking Interfaces Lose IPv6 Address in Certain Cases Bug #9148: PPPoE over a VLAN fails to reconnect. Bug #9154: Editing a VLAN parent interface causes all VLANs to be reconfigured, which can lead to problems Bug #9208: The wrong session timeout value can be used for some captive portal users Bug #9209: RADIUS: Set NAS Identifer to webConfigurator when logging in the UI Bug #9218: SNMP sysDescr does not display hostname and patch version Bug #9225: Gateway group routing not updated on OpenVPN client reconnect Bug #9248: Dynamic dns updates on azure ipv6 service is not working properly Bug #9255: Potential performance issue when using multiple authentication servers in a zone Bug #9259: User with "Deny Config Write" privilege is not fully prevented from creating accounts Bug #9267: dhclient does not handle protocol timeouts or script failures correctly Bug #9270: "Remove all states to and from the filtered address" does not remove all states Bug #9271: Azure DDNS whitespace cleanup Bug #9292: Default route as indicated by "(Default)" does not match the actual default route on the OS. Bug #9296: Rule / Alias FQDN-Resolution broken Bug #9320: Outbound NAT and multiple IPSEC IPs for mobile warriors Bug #9331: Parallel Rekey fails for multiple Child SAs Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan) Bug #9349: IPSec service start/stop/restart fails after settings change Bug #9352: Duplicate default views in Status Monitoring that can't be removed. Bug #9353: PHPSession errors from limited access to dashboard and widgets Bug #9361: Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS Bug #9365: Use of "continue" in switch statements can be ambiguous Bug #9366: "Illegal string offset" PHP errors Bug #9382: SNMP Undefined symbol "pf_altq" Bug #9383: dhcpleases kqueue error Bug #9384: check_reload_status linkup log message has a "$" before the interface name Bug #9385: OpenVPN logs a "Device busy" error when opening tap interfaces, but continues to function Bug #9400: PHP scandir() error at boot Bug #9407: Update jQuery to current version (3.3.1 or later) Bug #9408: OCSP stapling detection broken on 2.5.0 Bug #9410: Package install fails to run from GUI Bug #9411: Firewall log does not contain valid entries Bug #9413: VLAN driver missing ALTQ support Bug #9414: Hardware with Intel 82583V interface such as some Watchguard equipment fail to load interface Bug #9415: Firewall log is empty in the GUI Bug #9420: crypt_data() uses deprecated openssl syntax for passphrase Bug #9421: crypt_data() needs to support stronger key derivation Bug #9428: Unable to access "System: Authentication servers" if "WebCfg - System: User Password Manager" is set Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails Bug #9441: Setting Crypto HW breaks IPSec CBC Bug #9443: Captive Portal Vouchers feature is broken in 2.5.0 Bug #9447: Configuring LAGG at XG-7100 Switch Ports Broken Bug #9449: Empty lines in various forms Bug #9450: Multiwan gateway group fail-over not working as expected (possible race condition) Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed. Bug #9460: OpenVPN local auth failing due to fcgicli output Bug #9466: DHCP (IPv4) relay mistakenly listening on upstream interface Bug #9467: vmx(4) interfaces do not have ALTQ support on pfSense 2.5, they had ALTQ support on 2.4 Bug #9468: Removing the last limiter does not sync to secondary via XMLRPC Bug #9469: Removing the last ATLQ traffic shaper queue does not sync to secondary via XMLRPC Bug #9476: pfSense 2.4.x sending ARP replies with non-CARP source MAC address Bug #9478: Unable to check for updates from the GUI when using a proxy with authentication Bug #9488: No console when booting CE Memstick UEFI. Bug #9522: Diagnostics > System Activity shows only the header Bug #9540: PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View Bug #9541: Non-admin user with admin rights is given the wrong URL for the user manager Bug #9543: diag_dns.php: Reverse lookup of IPv6 fails with "Host must be a valid hostname or IP address." Bug #9548: Do not use VLANMTU flag to decide if interface supports to run VLAN Bug #9550: New privilege matching method does not allow menu or tab links to anchors (#foo) Bug #9558: GPS NTP source PHP errors Bug #9560: SMART tests not working Bug #9561: PPPoe 6RD broken in 2.5 Bug #9564: Dynamic DNS Status - IPv4 format error for 'Cached IP' Bug #9569: Fix serial console terminal size issues Bug #9580: Dynamic DNS DNSimple client errors Bug #9582: PHP error setting up VLANs from the console Bug #9586: Unbound Access List /31 UI Issue Bug #9595: OpenVPN does not resync when running on a gateway group Bug #9600: Add athp to wireless device regex list Bug #9611: PHP error on fresh 2.5.0 install or after factory reset Bug #9630: cannot config WAN down que (Codel limiters) in floating rule without blocking incoming traffic. Feature #855: More flexible options for state killing based on WAN status Feature #1337: VLANs with different MAC address than parent interface Feature #3377: OAuth2 authentication in captive portal Feature #3473: Allow configuration of OpenVPN keepalive Feature #3792: Group name size limit too restrictive on Active Directory Users Feature #4405: Traffic shaping doesn't work when applied to a bridge interface Feature #5644: Captive Portal retain logins across reboot Feature #6324: Improve IKEv2 multiple traffic selector per SA configuration GUI Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius) Feature #6775: Strongswan PKCS#11 Support Feature #7016: system_information_widget.php - Indicate adaptive state timeout status when active Feature #7467: Add iPhone/Android/Generic USB tethering support Feature #7671: Gateway Monitoring Via Custom Script or Telnet. Feature #7767: OCSP support for OpenVPN server Feature #8160: Accomodate both RADIUS and pool IP addresses in IPsec Feature #8861: Show more detail on status_interfaces.php Feature #9111: Add IPsec VTI interface MTU support Feature #9206: OpenVPN+RADIUS+Cisco AVPair ACL Enhancements/BugFixes Feature #9217: Squid LDAP Authentication - spaces in ldif values Feature #9238: Add support for Zerotier Feature #9260: ssh_tunnel_shell: Disable console message output Feature #9268: Add Linode Dynamic DNS support Feature #9272: Allow multiple IP in ListenIP for Zabbix Agent Feature #9274: CP - trim() username post_value Feature #9280: Add AAAA record type support for DynDNS with Digital Ocean Feature #9285: Add an option to disable the ping-check in dhcpd Feature #9297: Log and Graph Temperatures Feature #9323: Option to hide 'Kernel PTI' from sysinfo widget Feature #9412: Add sorting and search/filtering to CA/Certificates Feature #9426: Show PPP uptime on the Dashboard - Interfaces Widget Feature #9439: Poll Interval For GPS and PPS Feature #9452: Add Gandi LiveDNS DynDNS client. Feature #9496: Include the athp(4) driver. Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers. Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+) Feature #9532: GUI indication and options for MDS mitigation Feature #9538: add support for athp(4) driver Feature #9544: Enable RADIX_MPATH Feature #9620: User privilege to manage integrated switch Todo #8350: Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate Todo #8821: Remove Growl Notifications Todo #8886: Update downloads page once hybrid iso/img installers are implemented Todo #9158: add squid proxy 4 Todo #9245: Update copyright notices to 2019 Todo #9356: Find optimal default for net.pf.request_maxcount Todo #9360: Switch to Python 3.x Todo #9367: Update SMART Page with new capabilities Todo #9386: Deprecate built-in relayd Load Balancer Todo #9417: Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options Todo #9482: Remove zabbix 3.2 and 3.4 from pfSense Todo #9607: Update web server TLS versions for 2.5.0 pfSense Packages - Bug #7161: pfSense-pkg-bind9 changelog pointing to non-existent location pfSense Packages - Bug #7267: Status Traffic Totals - Stacked Bar - Scale not high enough pfSense Packages - Bug #9135: Suricata in inline modus blocks some downloads pfSense Packages - Bug #9220: STunnel: Tunnel list does not show certificate pfSense Packages - Bug #9286: squidGuard - Unable to change IP for sgerror.php URL in configuration pfSense Packages - Bug #9497: AWS VPN Wizard: WebGUI times out. pfSense Packages - Bug #9557: FRR Upgrades pfSense Packages - Bug #9571: FRR processes continue to restart after being disabled until reboot pfSense Packages - Feature #8985: Suricata: allow configuration for external/internal additional storage pfSense Packages - Feature #9265: Add options to configure TIMEOUTclose and debug on stunnel package pfSense Packages - Feature #9387: Update telegraf to 1.9.3 from ports pfSense Packages - Feature #9399: pkg support for SSH + sudo authentication via LDAP pfSense Packages - Feature #9521: Upgrade to HAProxy 1.9 pfSense Packages - Feature #9545: Enable MULTIPATH in FRR
Future Items for an indeterminate later release 13% 148 issues (20 closed — 128 open) Related issues Bug #1605: DHCP Server should group known clients by interface Bug #1675: Captive portal logout problems with pop-up blockers. Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa Bug #3445: Proxy URL behaviour for package list - trailing slash Bug #4154: RADIUS authentication not working over IPv6 Bug #4406: ALTQ problems with wireless cloned interfaces Bug #4716: "DNS Resolver" lacks SOA for ".local" domain setups Bug #5367: Safari repeatedly tries to reload dashboard Bug #5539: rc.firmware - cut does not cut it... Bug #5786: Check WebConfigurator port for conflicts Bug #5826: Auto-exclude LAN address feature only works for the LAN interface Bug #6696: Add configure link to Status > Queues error message if traffic shaping not configured Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement Bug #7195: pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input Bug #7222: Encryption No Longer Enforced for Email Notifications Bug #7288: The field 'Distinguished name Organization' contains invalid characters Bug #7841: CARP Sync Issue - when no internet on standby Bug #8013: IPsec MSS clamping value shared for IPv4 and IPv6 Bug #8502: main (top) menu items do not drop down in some cases Bug #8576: pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address Bug #8614: Cannot remove Additional BOOTP/DHCP Options Bug #8818: Thermal Sensor Bug #8820: System/Advanced/Misc - "Do not kill connections when schedule expires" UN-checked still leaves existing connections open. Bug #8847: IPsec status Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected. Bug #9282: suggestion for DHCP Server Bug #9534: Captive Portal users can't disconnect after reboot ? Feature #84: Nightly Filter Summary E-Mail Feature #96: Add "All local networks" to source and destination drop down boxen in firewall rules Feature #97: Captive Portal should sync its database to other members of clusters Feature #286: Backup/restore users individually Feature #290: Add Multi-WAN awareness to UPnP Feature #521: Group manager Assigned Permissions Feature #701: Interface groups with NAT Feature #746: Add interface group to source/dest drop downs Feature #773: CODE for remove unnecesary menu items for users with restrictions. Feature #790: Advanced options for dnsclient (resolv.conf) Feature #806: Add private networks to rules dropdown Feature #885: Show gateway/group IPs on mouseover Feature #939: Ability to restore specific areas of configuration backup from full config backup Feature #946: Allow aliases to be used to define IPsec phase 2 networks Feature #997: Add per-user setting for activating menu Feature #1169: Add load balancer status in SNMP Feature #1205: VPN: User-based / Group-based firewall rules Feature #1268: Allow mass renewing of certs Feature #1831: Captive portal IPv6 support Feature #1979: Add some default read-only system aliases Feature #2024: RRD Graphs for packages Feature #2358: NAT64 Support Feature #2386: Bridge member that is not an assigned interface Feature #2424: Allow masking of pass-thru MACs Feature #2479: Allow reordering of the traffic graphs on the dashboard Feature #2593: sync NTPD, SNMP config between HA members Feature #2668: Allow Alias network names in OpenVPN local/remote/tunnel networks Feature #2676: Reply-to option in firewall rule Feature #2960: Add queue length adjustment capabilities to traffic shaper based on network size Feature #2965: Mac Firewalling Feature #3115: Traffic shaping for multi WAN Feature #3156: Grouping rules Feature #3178: IPSec dynamic hosts for IPv6 Feature #3185: Accommodate a DHCPv6 failover-like mechanism Feature #3244: Check that OpenVPN tunnel network does not overlap any other subnet Feature #3336: Setting per-pool timeout in load balancer Feature #3393: AS filtering support in aliases Feature #3474: Openvpn client-specific-overrides ip conflicts Feature #3559: add option for backup ddns ( dynamic dns ) in restore area Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network Feature #3696: Multiple items backup/restore Feature #3697: New backup/restore area: Certificates Feature #3882: Add OUI database to the base system, remove dependency on nmap Feature #4024: Add a reject rule to prevent traffic from "falling through" relayd and reaching the GUI accidentally Feature #4098: Add option to force a password change on login Feature #4194: Mass maintenance tools :-) Feature #4195: Aliases: sections Feature #4209: Releasing DHCP on WAN interface should send a release Feature #4234: allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth Feature #4259: Port forward NAT rules with "any" protocol Feature #4632: Support for Multipath TCP (MPTCP) Feature #4724: Captive Portal Status Add Client Hostname Feature #4789: user interface / text fields are too short to display long alias names Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic Feature #4881: allow dynamic IPs-nets for NPt Feature #5307: Add logarithmic scale option to RRD graphs Feature #5510: Need a simple way to enable/disable package-installed services Feature #5619: Curl with ARES support Feature #5735: Automaticaly add DHCP leases to alias list or make it readable in selected fields Feature #5835: Improve OpenVPN client gateway detection in edge cases where the remote does not send gateway information Feature #5851: Add copy action to OpenVPN client / server Feature #5919: Add a control to the web gui to allow the setting of leftsendcert in IPSec Feature #5922: SNMP - enable SNMP v3 functionality Feature #5950: DHCPv6 Server support for PD of PD-obtained networks Feature #6293: Include 'if_urndis.ko' kernel module for USB network tethering Feature #6392: Allow folding based on separators in firewall rules Feature #6457: Allow ability to configure AWS EC2 AMI via userdata Feature #6728: Route53 API mod and Geolocation Feature #6960: Consider replacing ISC DHCP server with KEA DHCP Feature #6961: IPv4/IPv6 Dual-Stack IPSEC mobile vpn Feature #6989: Add second IP to monitoring in "Gateway Monitoring" Feature #7077: Display negotiated cipher for NCP OpenVPN connections in Status->OpenVPN Feature #7078: Allow reordering of client specific overrides in OpenVPN Feature #7181: Add Top and Add Bottom on Seperator Feature #7182: Break up System Widget on the Dashboard Feature #7224: Abandon rate in favor of iftop Feature #7244: Publish pfsense as a Vagrant Basebox Feature #7260: Source OS / p0f Database Missing Modern Operating Systems Feature #7327: add working sftp support to sshd daemon Feature #7353: Openvpn Logins page Feature #7410: IPSEC multiple dynamic IP remote clients Feature #7416: Dhclient does not support supersede statement for option 54 Feature #7544: Graphing hits against firewall rules. Feature #7783: Support for hosting VMs on pfSense using bhyve Feature #7803: Include more OpenVPN Options in GUI Feature #7847: USB NIC not loading (TP-Link UE300 RTL8153) Feature #7852: Add views support to Unbound GUI Feature #7882: Seperator feature in DHCP Static mapping for this feature Feature #7897: User Dashboard Feature #8084: ImplementaĆ§Ć£o do Login Social no Captive Portal Feature #8171: Close TCP connections if associated rule just has been disabled Feature #8284: Add duplicate option next to OpenVPN servers and clients Feature #8316: expiration date when creating new rules Feature #8346: Let pFSense act as an IPSec XAuth VPN Client Feature #8474: Easier Conversion to HA Pair from Existing Non-HA Firewall Feature #8511: Dynamic DNS: Cloudflare Add TTL option Feature #8712: QOS on ipsec links Feature #8775: Use SRV record for LDAP Authentication Feature #8841: Floating rules : add interface column Feature #8849: DHCP Custom configuration Feature #8879: DHCP options ADD force options Feature #8946: Add field to show IA_PD to DHCP6 Server page Feature #9044: Add SoftEther Feature #9536: Support dynamic prefix in DHCPv6 Server Feature #9574: Show changelog at package upgrade Todo #32: PPPoE Server users integration with user manager Todo #33: L2TP users integration with user manager Todo #204: All write_config() statements should include a reason of some sort Todo #1521: Investigate FreeBSD route metric support for future versions Todo #4123: Add support to multiple tables to expiretable Todo #5902: Use a common place for default values Todo #6645: More reliable update system Todo #6647: Enable Additional Security Headers Todo #6697: White squares around the numeric values in the Status / Queues page Todo #6727: Missing file apple-touch-icon-precomposed.png ?