2.5.0 Future Release 96% 563 issues (517 closed — 46 open) Related issues Bug #1353: Number of queues possible Bug #1375: Captive portal logs: mixed with logs from other sources (squid, php) Bug #1478: some characters in FW rule descriptions do not sync properly Bug #1605: DHCP Server should group known clients by interface Bug #1635: timeout setting on firewall rules does not work for UDP Bug #3039: New vouchers doesn't sync with CARP slave Bug #3128: Active voucher status not restored from backup Bug #3334: Status/Traffic Graph isn't IPv6 ready Bug #3381: LAN interface root Queue Bandwidth calculation is exactly double the total of the other child queues Bug #3488: Deleting an interface doesn't delete associated shaper queues Bug #3500: DHCP Leases List Not Showing Hostname in Some Cases Bug #3924: Renaming limiters removes them from firewall rules Bug #3956: Check for invalid CA on generating new certificate Bug #3965: dhcp6c started before bridge configured at boot, preventing interface tracking Bug #4510: Crash & reboot loop when configure PPPoE server on PPPoE client interface Bug #5258: Using pppoe WAN with ipv6 SLAAC, reply-to rules use the wrong interface address Bug #5308: Failed Namecheap DDNS updates don't cause an error in the GUI. Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA Bug #6025: Load balancing fails when one gateway has a weight of 1 and another gateway has a weight >1 Bug #6028: no firewall rules loaded after reboot with invalid ruleset Bug #6030: Duplicated tracker IDs on block private networks rules Bug #6277: RRD graphs are not created correctly for interfaces using CODELQ Bug #6503: rrd graph for ntp monitoring does not reflect freq when neg (-) value. Bug #6528: The captive portal cannot be used on interface lan since it is part of a bridge but works anyway Bug #6598: "PPPoE clients" placeholder in rules only includes first PPPoE server instance Bug #6868: Interface MTU Setting not applied to all IPv6 routes Bug #7132: PPPoE IP Alias Bug #7142: IPv6: Floating rules on 6rd enabled WAN interfaces doesn't get bound to wan_stf Bug #7163: IGMP Proxy does not valid inputs Bug #7198: nginx-error.log is not circular and can fill filesystem Bug #7255: Firewall alias FQDN field rejects IDNs (Internationalized domain names) Bug #7307: ZFS installer - shuts down instead of rebooting Bug #7378: pfctl: ix0: driver does not support altq Bug #7379: Virtual IPs/Proxy ARP: Not defined pid file on starting choparp. Bug #7380: WAN DHCP Gateway Outside of Subnet Causing Route Issues Bug #7384: DHCPv6 doesn't merge IPv6 prefix with the input submitted in DNS servers field when using Track Interface IPv6 configuration parameter for the LAN interface. Bug #7386: IPv6 not disabled in mpd.conf w/ IPv6 GUI option set to 'disabled' Bug #7389: Limiter does not work with transparent proxy Bug #7443: Issues Creating IPv6 Static Mappings Bug #7558: l2tp configure kills and sleeps even if first time Bug #7562: l2tp remoteip confusion Bug #7614: Port forwards where the destination is a network alias can create invalid refection rules if multiple subnets are in that alias. Bug #7742: 1:1 NAT for IPv6 applies wrong subnet mask to "Single Host" Bug #7778: DHCP relay not working correctly with bridges Bug #7912: LDAP Test Results modal doesn't comply with theming Bug #7915: CBQ Child queue set bandwidth does not apply correctly Bug #8015: IPsec VPN Not Reconnecting until complete reboot Bug #8136: dpinger for WAN DHCPv6 gets fails to update gateway IP Bug #8156: Prefix not being included in DNS entry registered by DHCP6 server Bug #8472: IPsec with "Split connections" enabled (multiple P2's) - new added P2's are not coming up (between two pfsense's 2.4.3) Bug #8522: SMTP test says success when actually fails Bug #8585: Logical interface MTU matches configuration of its physical port channel, not its own configuration Bug #8611: unable to receive IPv6 RA's on SG-1000, default route lost Bug #8616: When reconfiguring a captiveportal, connected users get disconnected and can't login back Bug #8807: HA sync : files voucher_{$cpzone}.cfg and voucher_{$cpzone}.public are not created on save in /var/save when enabling vouchers on master. Bug #8809: HA sync : changing a voucher roll on master does not reset active tickets on slave. Bug #8870: Webgui incorrectly reports "The system is on the latest version". Bug #8922: Static routes set by system.inc for DNS gateway bindings are not removed Bug #8981: Uncheck DHCP registration does not clear entries Bug #8990: Additional BOOTP/DHCP Options per host Bug #9023: is_fqdn() validation Bug #9058: crash in l2tp retransmit Bug #9072: RRD graph mouseover information shows up as Mb when unit size is set to MB Bug #9074: Alias URL lists only storing last-most list in config. Bug #9097: ECL can't locate config.xml unless device is MBR-partitioned Bug #9148: PPPoE over a VLAN fails to reconnect. Bug #9154: Editing a VLAN parent interface causes all VLANs to be reconfigured, which can lead to problems Bug #9187: Status->Interfaces doesn't show useful data for lagg Bug #9208: The wrong session timeout value can be used for some captive portal users Bug #9209: RADIUS: Set NAS Identifer to webConfigurator when logging in the UI Bug #9242: MBT-4220/2220 not recognized by pfsense correctly after UEFI upgraded to 1.00 Bug #9255: Potential performance issue when using multiple authentication servers in a zone Bug #9270: "Remove all states to and from the filtered address" does not remove all states Bug #9282: Add static mapping count to DHCP Server interface tabs Bug #9296: Rule / Alias FQDN-Resolution broken Bug #9303: HA sync : disabling captive portal HA sync does remove all zones on slave Bug #9311: Captive Portal continues to limit per-user bandwidth when not enabled Bug #9324: IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface Bug #9331: Parallel Rekey fails for multiple Child SAs Bug #9365: Use of "continue" in switch statements can be ambiguous Bug #9366: "Illegal string offset" PHP errors Bug #9382: SNMP Undefined symbol "pf_altq" Bug #9383: dhcpleases kqueue error Bug #9388: Update ntpd Bug #9400: PHP scandir() error at boot Bug #9401: 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit Bug #9405: IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support Bug #9408: OCSP stapling detection broken on 2.5.0 Bug #9410: Package install fails to run from GUI Bug #9411: Firewall log does not contain valid entries Bug #9413: VLAN driver missing ALTQ support Bug #9414: Hardware with Intel 82583V interface such as some Watchguard equipment fail to load interface Bug #9415: Firewall log is empty in the GUI Bug #9420: crypt_data() uses deprecated openssl syntax for passphrase Bug #9421: crypt_data() needs to support stronger key derivation Bug #9428: Unable to access "System: Authentication servers" if "WebCfg - System: User Password Manager" is set Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails Bug #9435: Dynamic DNS Update events do not occur after certain failover event cases Bug #9437: Captive Portal Bandwidth Limiter application issue (Credentials Vs. MacAddr Validation) Bug #9441: Setting Crypto HW breaks IPSec CBC Bug #9443: Captive Portal Vouchers feature is broken in 2.5.0 Bug #9449: Empty lines in various forms Bug #9450: Multiwan gateway group fail-over not working as expected (possible race condition) Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed. Bug #9460: OpenVPN local auth failing due to fcgicli output Bug #9467: vmx(4) interfaces do not have ALTQ support on pfSense 2.5, they had ALTQ support on 2.4 Bug #9472: Unable to select QinQ interfaces for PPP interface Bug #9476: pfSense 2.4.x sending ARP replies with non-CARP source MAC address Bug #9478: Unable to check for updates from the GUI when using a proxy with authentication Bug #9539: HA: admin user's authorized key(s) won't get synced Bug #9548: Do not use VLANMTU flag to decide if interface supports to run VLAN Bug #9560: SMART tests not working Bug #9564: Dynamic DNS Status - IPv4 format error for 'Cached IP' Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters Bug #9592: VTI interface down because interface number created is greater than ipsec32768 Bug #9596: DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode Bug #9600: Add athp to wireless device regex list Bug #9611: PHP error on fresh 2.5.0 install or after factory reset Bug #9622: Changing admins membership does not replicate correctly to HA slave Bug #9641: Dynamic DNS cannot update AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces Bug #9643: Limiters do not function properly on 2.5 snapshots Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto Bug #9647: hn0: driver does not support altq Bug #9649: IPv6 6RD Tunnel Bug #9660: Syslogd keeps using old IP address after interface IP address change Bug #9710: IPv6 RA: prefix option does not contain router address in spite of "R" flag being set Bug #9715: Call to undefined function sort_related_log_files Bug #9730: newsyslog cron job not present after every upgrade Bug #9744: fatal error if ECDH Curve not default Bug #9745: can't add ECDSA certificate key when signing CSR Bug #9758: dhcpleases does not handle spaces in DHCP lease hostnames Bug #9785: ACB permits manual backup attempt when disabled Bug #9790: firewall aliases table with fqdn stays in system after deleting Bug #9796: kernel panic after removing interfaces Bug #9802: status_logs_settings.php: "Reset log files" does not clear all log files Bug #9806: Undefined variables in filter.inc openvpn aliases section Bug #9830: NTP ACLs vs. NTP pools Bug #9855: CSRF error at login when clicking the 'sign in' button multiple times Bug #9872: Error during build when compiling a non pfSense software Bug #9879: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php Bug #9899: PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958 Bug #9907: Do not show incompatible ECDSA certs for DNS Resolver Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA Bug #9924: crl_contains_cert() does not correctly report revoked status for intermediate CAs Bug #9933: Captive Portal + Voucher not keeping auto-added "Pass-through MAC Auto Entry" Bug #9936: zombie alias check errors if no alises exist Bug #9979: status_ipsec.php missing information Bug #9983: Reauth vs Rekey UI and behavior for swanctl Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure Bug #10001: incorrect route deletion on 2.5 Bug #10149: system_gateways.php: PHP error on line 169 Bug #10151: vpn_ipsec_phase1.php: webgui bugs on latest 2.5 Bug #10155: sshguard is not compatible with RFC 5424 log format Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels Bug #10178: crypt.inc: crypt_data() legacy mode using wrong message digest Bug #10179: incorrect encrypted backup restore error handling Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.) Bug #10224: DHCP DDNS does not add zone entries for keys when using static host DDNS definitions Bug #10240: Incorrect interface assignment after switching from PPPoE Bug #10241: Updating Dynamic DNS provider Hover is not working Bug #10270: OMAPI / disableauthoritative / alwaysbroadcast not saved inside dhcpd.conf Bug #10276: NTP "No Select" does not work Bug #10284: Exporting p12 for CSR causes a crash report Bug #10295: Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6 Bug #10306: Incorrect IPsec service status Bug #10307: NTP status widget doesn't display stratum Bug #10314: Per-user IKEv2 settings are not functioning on 2.5.0 Bug #10327: Fix/Update GPS initialization commands for Garmin devices. Bug #10331: French language give a Warning: sprintf(): in system_advanced_admin.php Bug #10336: fatal error on firewall_aliases_edit.php Bug #10360: PHP error when renewing a CA used by services Bug #10362: Error renewing cert if SAN contains IP Address Bug #10363: Clarify behavior of OpenVPN server option for Duplicate Connections Bug #10365: LAGG member event causes filter to reload Bug #10375: Double zfs entry in loader.conf Bug #10383: Additional interfaces do not survive a reboot before the setup wizard has been run Bug #10386: A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'. Bug #10397: Changing default or static route gateway on 2.5.0 does not remove old route Bug #10406: Interfaces.php PPPoE selection display inappropriate "Toggle All" button when periodic reset set to "pre-set" Bug #10407: L2TP static route not re-added after connection down/up Bug #10409: OpenVPN client without userpass hangs system startup Bug #10433: addMask() js code resets netmask size to 128/32 Bug #10438: Prepare pfSense-upgrade to deal with pkg 1.13.x+ Bug #10471: Host Resources module is mandatory for PF SNMP module Bug #10481: Update doc links in WebGUI to reflect proper docs URLs Bug #10505: Mobile PSK users have wrong type in swanctl.conf secrets Bug #10517: Mobile PSK user mobile-userpool is ignored Bug #10518: Netmap appears broken in Snort and Suricata packages when Inline IPS Mode enabled Bug #10524: Bridge that includes a GIF interface does not come up at boot Bug #10529: IPsec Phase 1 options Reauth and Rekey do not allow valid "0" value Bug #10532: Mobile PSK users don't have 'mobile-userpool' section Bug #10537: wrong link on diag_dns.php Bug #10546: Gateways removed from routing groups based on low alert thresholds Bug #10551: gateway group not restoring the higher tier gateway Bug #10558: Multicast daemons work at boot, but fail if restarted Bug #10569: Sanitize ACME passwords Bug #10580: PHP error when restoring to 2.5.0 Bug #10585: auth.inc: Exception calling XMLRPC method restore_config_section #-1 : Authentication failed: Invalid username or password Bug #10589: interfaces_staticarp_configure() doesnt need to disable staticarp on boot Bug #10592: DigitalOcean DNS update adds new DNS record instead of update Bug #10594: add QLogic 10 Gigabit Ethernet driver (qlxgb) to the ALTQ-capable list Bug #10607: Remote syslog for "General Authentication Events" using wrong selectors Bug #10610: Package upgrade or reinstall hangs indefintely on the console Bug #10613: cleanup status_queues.php code Bug #10623: Wrong Route configured for GIF interface on VLAN on LAGG Bug #10625: PFTop filter hide Bug #10626: get_interface_list() shows _stf (6RD/6to4) interfaces as parent Bug #10632: Incorrect swanctl.conf syntax from Child SA Close Action Bug #10636: The firmware table is filled Bug #10650: OpenVPN TCP in 2.4.5-p1 not working Bug #10652: Duplicate upgrade_203_to_204() function in upgrade_config.inc Bug #10660: PHP errors in the traffic shaper wizard Bug #10661: pfSense configures fe80::1:1 on lan interface without track6 Bug #10667: Separator bars on Floating rules do not cover the full table width Bug #10668: curl -T "{file1,file2}" loops forever eating up the RAM Bug #10674: Port Forward Address Fields not becoming active in Safari Bug #10675: DHCPv6 config not all directives start on a new line as expected Bug #10677: pfSense 2.5 incorrect rtwn(4) wireless regexp Bug #10680: Improve interface caching when we have many interfaces Bug #10684: RFC 2136 incomplete options Bug #10694: Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation) Bug #10703: OpenVPN copy doesn't save auth_pass Bug #10705: Difficult to see multiple selection form-control Bug #10709: services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime Bug #10710: L2TP secret uses empty value Bug #10716: Policy routing rules are not written correctly for a down gateway Bug #10719: Gateway page displays mystery icons Bug #10720: Setup Wizard DNS Server validation JavaScript incorrectly claims IPv6 address is invalid Bug #10724: Allowed Hostnames adds/deletes only one A entry Bug #10730: Unable to use IDN symbols in DNS Resolver ACL Bug #10733: return_gateways_array() is called too many times Bug #10740: Console menu shows static subnet for dhcp connections. Bug #10742: unable to save DNS ACL in non-English interface Bug #10752: 1:1 NAT issue if Internal IP has VIPs Bug #10757: IPv6: NPt rules on 6rd enabled WAN interfaces don't get bound to wan_stf Bug #10759: HSFC traffic shaper error Bug #10766: Syntax error Bug #10773: if_em VLAN interfaces wont pass traffic after reboot Bug #10776: filterlog: Loopback source/destination sometimes reports 127.0.0.1 as 127.0.01 Bug #10780: net.inet.ip.dummynet.* values are ignored Bug #10781: Incorrect env variables if admin user logged in via ssh Bug #10793: SNMP: Netgate SG-3100 shows wrong speed Bug #10794: HAProxy Stats page credentials are not redacted in status.php Bug #10795: WebGUI "Dashboard -> Services Status" widget issue Bug #10797: status.php: Sanitize MaxMind GeoIP key Bug #10798: Unable to save CP zone named 'VIP' Bug #10803: Invalid rules generated from AVPair on OpenVPN Bug #10806: armada_thermal fails during device_attach Bug #10812: Traffic graph shows 2X the actual traffic on VLAN interfaces. Bug #10814: OpenVPN UDP multihome fails when connecting to an IP that is not logically closest. Bug #10827: Cannot add or delete separators when no rules are present Bug #10835: Verification on the interface group name length is not correct Bug #10836: TSO option does not fully toggle TSO on the interface Bug #10838: mask options didn't apply to the sched limiter Bug #10842: Not destroying VTI interfaces when booting before creating a new one Bug #10844: DHCPv6 service Dynamic DNS revisions made to fix Bug #10346 violates RFC/is too restrictive Bug #10846: Icon area within buttons are not clickable Bug #10847: Mobile user IPSec (PSK+Xauth) fails at user auth with PHP error Bug #10857: Captive Portal usedmacs DB is not copied to backup HA node Bug #10861: net.pf.request_maxcount value set in loader.conf not respected on latest snapshot Bug #10869: "Accounting updates" not working in PPPoE config page Bug #10882: DHCPv6 Static Mappings requires applying changes on DNS resolver setup Bug #10883: Parse error: syntax error alias-utils.inc Bug #10889: Hover text missing from Static Routes Page Bug #10891: Captive Portal related files are not deleted after deleting CP zone in WebGUI Bug #10892: Large number of VLAN/LANs make floating rules are to read Bug #10899: VXVLAN interfaces are not created correctly Bug #10906: can't download backup Crash report begins Bug #10919: Improve handling of OpenVPN data cipher negotiation options Bug #10923: Update ixl Driver on pfSense 2.5.0 to bring back Intel X710-T2L/T4L support that was present on version 2.4.5-P1. Bug #10925: PHP: Invalid argument supplied for foreach() in /etc/inc/util.inc on line 2640 Bug #10926: Secondary RADIUS Server is never used Bug #10942: LDAP Auth error after update 2.5.0.a.20200930.1303 Bug #10943: boot fail after upgrade to the latest snapshot 20201001.0050. if bios is set to efi Bug #10945: Alias popup not displaying contents Bug #10947: Virtual interface assignment can't be done in CLI interface assignment Bug #10948: Gateway group popover not populated on firewall_rules.php Bug #10949: PPPoE server can't be added Bug #10955: XMLRPC sync errors when failover peer IP is specified in DHCP server settings Bug #10956: Problems with laggs in recent snapshots Bug #10963: Thermal Sensors widget shows invalid sensors Bug #10965: rtsold not starting dhcp6c when managed bit is set Bug #10966: IPv6 - WAN does not renew address when upstream fails Bug #10968: Mixed & Upper case Alias table names broken. Bug #10977: Additional IPsec bypass rules input validation Bug #10978: rc.initial tries to execute rc.local.running even if it doesn't exist, and even if it is already running. Bug #10982: Primary/Secondary DNS Server field validation issue in Setup Wizard Bug #10986: dynamic interface address for 1:1 NAT works incorrectly in some dual-stack cases Bug #10998: traffic shaper php error Bug #11002: OpenVPN Clients registration does not clear DNS entries Bug #11005: IPv6 Prefix Delegation not requested if no interfaces set to track6 Bug #11006: L2TP Server and Client both use "l2tpX" for interface names Bug #11017: Incorrect synchronizetoip value causing XMLRPC errors Bug #11018: Hostname is ignored when DNS Lookup calculates response time Bug #11021: ral(4) driver kernel panics in arm64 Bug #11023: route_get('default', 'inet') always returns empty Bug #11024: Dynamic DNS update for HE.net Tunnelbroker always sets IP address of default WAN interface Bug #11025: traffic shaper PHP error Bug #11032: Setting Log compression to None disables all entries in log view Bug #11034: poesX interfaces is not created Bug #11035: PPPoE: can't remove hook Bug #11037: Change APIs for HE.net Tunnelbroker dynamic DNS update Bug #11050: "Backup extra data" does not behave properly Bug #11051: Unbound: custom TLS listen port ignored Bug #11053: PHP error on services_dhcp_relay.php Bug #11059: L2TP Server is restarted when administering users Bug #11061: CARP rules show up as "part" of the snort package in rules.debug Bug #11063: PHP error if SMTP notification fails Bug #11064: WARNING: write_config() was called without description Bug #11072: Setting "Inverse" to "Off" does not save in the Traffic Graphs Dashboard widget Bug #11073: Traffic monitor widget error Bug #11077: Kernel panic when deleting VLAN interfaces Bug #11078: IPsec PH2 incorrect proposals order Bug #11087: Unbound fails to start if it binds to down/nocarrier interface Bug #11100: dhcp6c never run rc.newwanipv6 Bug #11106: idn_to_ascii() with URL/URLTable aliases incorrect behavior Bug #11109: WebGUI RADIUS authentication doesn't work if WAN is down Bug #11122: Bridge STP priority/cost error Bug #11129: Unbound restarts on every openvpn client connection Bug #11134: VTI interfaces can be added to groups, but rules have no effect Bug #11142: rc.newwanip restarts VPN services when the IP matches Bug #11146: Domeneshop DDNS not updating cache IP Bug #11159: Allow wildcard dns record of type A in the DynDNS client for DNS provider Gandi Bug #11167: Insecure default values for user certificates created via User Manager Bug #11193: IPsec KeyID Not Working on Development Snapshots Bug #11196: IPsec DPD action incorrect on development snapshots Bug #11197: Clicking firewall states leads to php error Bug #11208: pkg_edit uses incorrect description for pkg_edit buttons Bug #11212: PHP error on Mobile IPsec input validating error Bug #11224: dhcpd.conf creation - zone declarations Bug #11237: Incorrect copyright year Bug #11249: openvpn peer to peer shared key deprecated warning Bug #11254: Some OpenVPN configuration files remain after deleting an instance Bug #11256: Cannot add alias with multiple URLs Bug #11265: Remove log spam due to bootstrap map file Bug #11267: PHP Error in FRR after WireGuard merge Bug #11272: OCSP settings only for TLS auth Bug #11275: Certificate import of a signed certificate signing request is not offered Bug #11279: Typo in WireGuard Configuration Bug #11282: php error on creating new PPPoE server instance Bug #11283: Incorrect WireGuard help page Bug #11286: Endpoint port is mandatory if Endpoint is defined Bug #11287: The Wireguard Peers list is not Dark theme compatible Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field Bug #11289: Wireguard: Automatic outbound NAT rules are applied to the WG interface Bug #11291: WireGuard MTU Can Flap between 1420 and 1500 Bug #11297: strongSwan doesn't support wildcard certificates Bug #11298: Gateway Group Offline Bug Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer. Bug #11303: Sticky connections units Bug #11304: DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address Bug #11307: PHP error when attempting to edit Wireguard peer after creation Bug #11311: Listen and peer port validation in wg.inc Bug #11312: Unable to edit or add WireGuard peers Bug #11314: PHP error in gwlb.inc (potential race) Feature #97: Captive Portal should sync its database to other members of clusters Feature #885: Show gateway/group IPs on mouseover Feature #1019: Lagg Failover Mode Master Interface Feature #1192: Certificate Manager - Ability to Encrypt Private Keys When Exporting Feature #1557: Add the Interface descriptions to the OS interface descriptions Feature #1984: Allow CP Voucher submission via URL so they can be distributed as QR code Feature #2146: Allow concurrent logins when using vouchers Feature #2424: Allow masking of pass-thru MACs Feature #2850: add units in ntp status page Feature #3031: Message is false after changing Hardware Checksum Offloading setting Feature #3229: make DynDNS status accessible to the colorblind Feature #3258: Allow multiple certificates to be revoked in a single step Feature #3329: Allow creating "not" rules for IPsec Phase 2 Feature #3559: add option for backup ddns ( dynamic dns ) in restore area Feature #3567: Option to disable NTP Feature #4038: Button to clear the arp cache Feature #4068: CAs present on CERT manager are not trusted from pfSense Feature #4405: Traffic shaping doesn't work when applied to a bridge interface Feature #4763: Restore from backup that contains only area Traffic Shaper doesn't restore Limiters Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1 Feature #5644: Captive Portal retain logins across reboot Feature #6324: Improve IKEv2 multiple traffic selector per SA configuration GUI Feature #6377: 6rd ipv6 tunnel: MTU settings not editable and not correlated to interface MTU (hardcoded to 1280) Feature #6775: Strongswan PKCS#11 Support Feature #6787: NTP GUI sync/poll interval Feature #6908: Alias copy, sort, search/replace functions Feature #7016: system_information_widget.php - Indicate adaptive state timeout status when active Feature #7095: Improve Remote Gateway field description for IPSec VPN Phase 1 Feature #7284: NTPd Autoset GPS device baud rate Feature #7304: DHCP: Enable OMAPI Config Feature #7332: Provide certificate expiry warning Feature #7362: Add the default values of the TCP and UDP Timeouts on the WebUI depending on the "Firewall Optimization Options" Feature #7406: Ability to clear all dhcp leases at once Feature #7467: Add iPhone/Android/Generic USB tethering support Feature #7705: Support dynamic interface address for 1:1 NAT Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port. Feature #7741: warn me when shooting myself in the foot with NPt Feature #7767: OCSP support for OpenVPN server Feature #7861: Make "Descriptive name" of certificates editable Feature #8160: Accomodate both RADIUS and pool IP addresses in IPsec Feature #8624: DNS Resolver Resolve IPv6 OpenVPN Client Addresses Feature #8645: Upload certificate file instead of pasting Feature #8698: LDAP authenticated users should be able to log in via ssh Feature #8786: Wireguard VPN Feature #8952: Dynamic DNS Copy Button Feature #9155: Add driver bnxt for Broadcom NetXtreme interfaces Feature #9206: OpenVPN+RADIUS+Cisco AVPair ACL Enhancements/BugFixes Feature #9260: ssh_tunnel_shell: Disable console message output Feature #9274: CP - trim() username post_value Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF) Feature #9426: Show PPP uptime on the Dashboard - Interfaces Widget Feature #9432: Block additional Captive Portal Logins Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers. Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+) Feature #9538: add support for athp(4) driver Feature #9639: Cloudflare DDNS "API Token" Feature #9642: Add DDNS support for dynv6.com Feature #9661: Increase the number of DHCP/DHCPv6 NTP server options to three (or more) Feature #9688: restartallwan - pfSsh.php script to restart all wan interfaces Feature #9702: OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology Feature #9706: Increased number of colors for login screen Feature #9716: Italian translation Feature #9726: Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them Feature #9754: Add separate authentication log Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI Feature #9788: Display number of connections in status_openvpn.php Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15 Feature #9834: system_certmanager.php: add ability to import certificate without private key Feature #9842: Add CA/certificate renewal function Feature #9843: allow to generate cert/csr with ECDSA key Feature #9862: Add support for waiting between ping-packages on diag_ping.php Feature #9869: Allow CRL entries to be made by serial number Feature #9878: IPsec PKCS#11 authentication Feature #9883: Allow CAs to use randomized serials when signing Feature #9884: Add support for OpenVPN --x509-username-field Feature #9896: Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx Feature #9909: Add option to (dis)allow unauthenticated LDAP binds Feature #9923: Add select_source compatible output to cert_build_list() Feature #9972: cert_build_list(): by default don't show certs without prv key Feature #10186: Ability to do inverse matching of tags in floating rules Feature #10214: Allow IPsec duplicate endpoints Feature #10222: Tune GRE MTU if GRE over IPsec is used Feature #10256: Add support for IPv6 to No-IP Dynamic DNS Feature #10273: OpenVPN compile with --enable-async-push Feature #10274: DNS64 support Feature #10301: Password confirmation when exporting encrypted backup file Feature #10318: Do not restart PPPoE server after adding/modifying users Feature #10322: Force ipv4/ipv6 DNS resolution for NTP servers Feature #10323: Allow limiting NTP pool server usage count Feature #10333: Increase the number of DHCP NTP server options to three for DHCP Static Mappings Feature #10340: IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases) Feature #10354: Telegram Notification Support Feature #10374: Add ARM32/64 network booting support to dhcpd Feature #10387: Reevaluate the GUI upgrade language presented to the user Feature #10388: Upgrade to Python 3.8 Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time Feature #10449: Aggressive NSEC option Feature #10454: OpenVPN+RADIUS+Cisco-AVPair IPv6 ACL Feature #10459: Improved DynDNS Logging Feature #10469: Same RADIUS Cisco-AVPair parser code for both OpenVPN/IPsec Feature #10495: Add support of Pushover API for notifications Feature #10504: Make LACP timeout PDU transmission speed configurable Feature #10538: DNS/Ping/Traceroute IDN support Feature #10545: RADIUS authenticated users should be able to log in via ssh Feature #10556: Change action on 'XML configuration file not found' error Feature #10583: status.php: Add L2TP VPN configuration Feature #10597: Setting host-uniq for PPPoE Feature #10603: Handle -c commands with arguments in rc.initial Feature #10617: freeDNS Dynamic DNS API v2 Support Feature #10635: status.php: Add DNS Resolver configuration Feature #10637: Turn of spell checking on package upgrade progress textarea Feature #10639: Add rtwn(4) wireless support Feature #10658: Allow to generate ECDSA certs on User Manager page Feature #10678: Allow to select 802.11n channel width (HT) Feature #10696: status.php: Add config history Feature #10698: Allow to select EoIP protocol Feature #10711: Allow to use OpenVPN TAP interfaces in DHCP Relay Feature #10723: Disable "Hardware Checksum Offloading" if VM is detected Feature #10727: Limiter bw type in Mbit/s Feature #10743: Traffic shaper wizard: Add Google Stadia port range Feature #10747: Captive Portal IDN hostname support Feature #10748: Add support for limiting IPsec VPN access per user group via RADIUS Feature #10762: add Broadcom NetXtreme to ALTQ-capable list Feature #10826: Support for Domeneshop DDNS Feature #10837: Update wizardapp.inc XBox and Wii ports Feature #10856: Backup/Restore Captive Portal usedmacs DB Feature #10868: Backup Captive Portal DB Feature #10870: Allow custom IPSEC NAT-T port Feature #10896: Multiple IPs for one DNS entry in unbound resolver override Feature #10910: Backup/restore DHCP v4/v6 leases Feature #10912: DNS Domain Overrides - more than one target IP Feature #10914: Skip extra data checkbox Feature #10931: system.php: Add option to omit DNS Servers from resolv.conf Feature #10934: Add ral(4) to arm64 Feature #10944: Sanitize secret2 Feature #10946: Sanitize WiFi 802.1x RADIUS shared secret Feature #10972: Add IPv6 DDNS support for easyDNS Feature #10975: Button to clear the NDP cache Feature #10984: Port Forward IPv6 Feature #10988: Queue bw type in Mbit/s Feature #10992: Cloudflare DDNS query Zone ID with token Feature #10999: Allow to register OpenVPN Remote Access (User Auth) client in DNS Resolver Feature #11029: Enable command history in the shell Feature #11041: Add hardware interface name to popup hint in Interfaces Dashboard widget Feature #11045: Improve link state visibility on Status > Interfaces Feature #11057: Add default route indicator to Gateways widget Feature #11068: Safari 14.0.1 on MacOS 11.0.1 (Big Sur) asked for the favicon apple-touch-icon-precompressed.png instead of apple-touch-icon.png Feature #11079: Include the updated Realtek driver pkg in the pfSense repo Feature #11171: Remove debug log entries present following "Block additional logins" feature request Feature #11207: Add watchfrr to routing log Feature #11277: Hide WireGuard interfaces from Interface Assignments pages Todo #204: All write_config() statements should include a reason of some sort Todo #6638: Update no-ip DDNS to new API Todo #8350: Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate Todo #8821: Remove Growl Notifications Todo #9052: Update Font-Awesome Todo #9356: Find optimal default for net.pf.request_maxcount Todo #9360: Switch to Python 3.x Todo #9367: Update SMART Page with new capabilities Todo #9386: Deprecate built-in relayd Load Balancer Todo #9417: Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options Todo #9603: Strongswan stroke is deprecated, move to swanctl/vici Todo #9607: Update web server TLS versions for 2.5.0 Todo #9711: Add GUI options to control log rotation Todo #9712: Add code for packages to set their own log rotation parameters Todo #9713: Review log rotation behavior Todo #9714: Add page to view "other" logs Todo #9734: Re-evaluate log size, line defaults, and limits Todo #9808: status_logs_settings.php: Add GUI option for syslog format Todo #9856: Add certificate detail infoblock to CA list Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI Todo #9903: Rename IPsec "RSA" options to more generic "Certificate" options Todo #9915: Convert OpenVPN to CAPath Todo #10135: help.php: Update links Todo #10353: Update pkg to 1.13.x Todo #10533: Change default domain for new installations from "localdomain" to "home.arpa" Todo #10659: PHP: Update to 7.4.x Todo #10676: JQuery 1.2 < 3.5.0 Multiple XSS From Nessus Todo #10704: Work around PHP issues with SSL LDAP and multiple authentication servers Todo #10997: Retire m0n0wall config support Todo #11020: Update OpenVPN to 2.5.0 Todo #11179: Update OpenSSL to 1.1.1i and to 1.0.2x to fix CVE-2020-1971 Todo #11219: Improve IPsec GUI options for P1/P2 reauth/rekey Todo #11278: Update dnsmasq to >=2.8.3 Todo #11309: DNS Resolver automatic ACL entries need refinement pfSense Packages - Bug #7293: dns/bind911 requires TCP_RFC7413 in kernel pfSense Packages - Bug #9135: Suricata in inline modus blocks some downloads pfSense Packages - Bug #9740: empty Status / Tinc VPN page on latest 2.5 pfSense Packages - Bug #10646: Reinstall package process stalls at pfBlockerNG when restoring a config pfSense Packages - Bug #11031: FRR: PHP error in frr_bgp.inc pfSense Packages - Bug #11135: HAproxy OCSP reponse crontab bug pfSense Packages - Bug #11205: DNSBL SafeSearch redirection doesn't work with DuckDuckGo pfSense Packages - Feature #10612: Add pfSense package for Zeek (formerly Bro) Network Security Monitor pfSense Packages - Todo #9787: Update Mail Reports to deal with clog deprecation pfSense Packages - Todo #11215: Update NtopNG to 4.2
2.5.next Less nebulous than "Future" 8% 51 issues (2 closed — 49 open) Related issues Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name Bug #4521: Issue with OpenVPN certificate depth validation and long certificate subjects Bug #5135: interface_has_gateway returns true for DHCP where it doesn't assign gateway Bug #6333: Bootup starts/restarts dpinger multiple times Bug #6507: GRE tunnel on dynamic IPv6 interface not brought up during boot Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded Bug #8100: pfsync Initially Deletes States on Primary for Connections Established through Secondary Bug #8192: dpinger - Change in ISP link-local IPv6 address drops connectivity Bug #8263: Cannot create a nonlinear `Link Share` service curve because of: "the sum of the child bandwidth higher than parent" Bug #8273: IPv6 GRE tunnel over PPPoE fails on startup Bug #8815: IPv4 addresses disappear from interfaces when link is lost Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through Bug #9136: IPv6 Tracking Interfaces Lose IPv6 Address in Certain Cases Bug #9349: IPSec service start/stop/restart fails after settings change Bug #9384: devd putting "$" before variable contents when using single quotes Bug #9887: Rule separator positions change when deleting multiple rules Bug #10366: Captive Portal Allowed MAC bandwidth Issue Bug #10513: State issues with policy routing and HA failover Bug #10530: Convert config version to be based on product version Bug #10690: Not possible to make UFS install on ZFS formatted drive Bug #10708: ZFS bootpool boot symlink issue Bug #10875: PPP periodic reset does not fully restore gateway group round-robin functionality Bug #11082: HA setup restarts all OpenVPN instances on the secondary after making any change on the primary Bug #11091: Disabled interface is UP on boot Bug #11104: OpenVPN won't start after addding many authentication sources Bug #11105: IPv6 RA RDNSS lifetime is too short (not compliant with RFC8106) Bug #11110: Backup file should be checked before restoring a specific area Bug #11141: OpenVPN Wizard doesn't show gateway groups Bug #11226: IPSec VTI P2 traffic selectors default to address when defined as a network. Bug #11229: Harmless error when enabling traffic shaper Bug #11285: Kernel crash on ALTQ-enabled wg interfaces Bug #11296: When WAN gateway is down, I can still access/ping stuff that is set "static route" thru the primary WAN Bug #11299: Remove unused L2TP VPN files Feature #855: More flexible options for state killing based on WAN status Feature #2358: NAT64 Support Feature #2386: Bridge member that is not an assigned interface Feature #4881: allow dynamic IPs-nets for NPt Feature #7842: Add DynamicDNS Provider - Mythic-Beasts Feature #8794: NTP authentiction Feature #10804: status_interfaces.php: Data for switch uplinks may be replaced by switch port data when media state monitoring is set Feature #10811: AutoConfigBackup should randomize scheduled backups. Feature #11103: radvd: use virtual link local IP as source address in HA setups Feature #11118: Backup and Restore SSH Host Key(s) Feature #11125: RTL8153 Support Needed Feature #11140: Allow to use OpenVPN provided DNS servers Feature #11211: Allow Setting RADIUS Timeout for EAP-RADIUS Feature #11228: Replace WebGUI HTTP links to HTTPS Feature #11294: Yandex PDD DynDNS support Feature #11302: WireGuard XMLRPC sync Todo #11280: Add WireGuard to ALTQ list
Future Items for an indeterminate later release 6% 119 issues (7 closed — 112 open) Related issues Bug #1675: Captive portal logout problems with pop-up blockers. Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa Bug #4154: RADIUS authentication not working over IPv6 Bug #4406: ALTQ problems with wireless cloned interfaces Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel Bug #4716: "DNS Resolver" lacks SOA for ".local" domain setups Bug #5367: Safari repeatedly tries to reload dashboard Bug #5786: Check WebConfigurator port for conflicts Bug #6167: IPsec IPComp not working Bug #6186: race conditions in service startup Bug #6696: Add configure link to Status > Queues error message if traffic shaping not configured Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement Bug #7195: pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input Bug #7222: Encryption No Longer Enforced for Email Notifications Bug #7288: The field 'Distinguished name Organization' contains invalid characters Bug #7841: CARP Sync Issue - when no internet on standby Bug #8013: IPsec MSS clamping value shared for IPv4 and IPv6 Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask Bug #8502: main (top) menu items do not drop down in some cases Bug #8576: pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address Bug #8614: Cannot remove Additional BOOTP/DHCP Options Bug #8818: Thermal Sensor Bug #8820: System/Advanced/Misc - "Do not kill connections when schedule expires" UN-checked still leaves existing connections open. Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan) Bug #9353: PHPSession errors from limited access to dashboard and widgets Bug #9755: package description wrong link https://www.freshports.org/security/openvpn-client-export Bug #10310: Systems with low RAM and several packages may temporarily fail to load large tables after an upgrade Bug #10352: RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters Bug #11093: ral(4) driver non-functional in arm64 Feature #84: Nightly Filter Summary E-Mail Feature #96: Add "All local networks" to source and destination drop down boxen in firewall rules Feature #286: Backup/restore users individually Feature #290: Add Multi-WAN awareness to UPnP Feature #521: Group manager Assigned Permissions Feature #701: Interface groups with NAT Feature #746: Add interface group to source/dest drop downs Feature #946: Allow aliases to be used to define IPsec phase 2 networks Feature #1257: Handle encypted CA/Certificate private keys Feature #1268: Allow mass renewing of certs Feature #1337: VLANs with different MAC address than parent interface Feature #1831: Captive portal IPv6 support Feature #1979: Add some default read-only system aliases Feature #2024: RRD Graphs for packages Feature #2479: Allow reordering of the traffic graphs on the dashboard Feature #2593: sync NTPD, SNMP config between HA members Feature #2668: Allow Alias network names in OpenVPN local/remote/tunnel networks Feature #2676: Reply-to option in firewall rule Feature #2965: Mac Firewalling Feature #3115: Traffic shaping for multi WAN Feature #3185: Accommodate a DHCPv6 failover-like mechanism Feature #3377: OAuth2 authentication in captive portal Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network Feature #3696: Multiple items backup/restore Feature #3697: New backup/restore area: Certificates Feature #3882: Add OUI database to the base system, remove dependency on nmap Feature #4098: Add option to force a password change on login Feature #4195: Aliases: sections Feature #4234: allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth Feature #4259: Port forward NAT rules with "any" protocol Feature #4632: Support for Multipath TCP (MPTCP) Feature #4724: Captive Portal Status Add Client Hostname Feature #4776: Add 802.1x dynamic vlan support Feature #5307: Add logarithmic scale option to RRD graphs Feature #5510: Need a simple way to enable/disable package-installed services Feature #5619: Curl with ARES support Feature #5735: Automaticaly add DHCP leases to alias list or make it readable in selected fields Feature #5835: Improve OpenVPN client gateway detection in edge cases where the remote does not send gateway information Feature #5950: DHCPv6 Server support for PD of PD-obtained networks Feature #6457: Allow ability to configure AWS EC2 AMI via userdata Feature #6728: Route53 API mod and Geolocation Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius) Feature #6960: Consider replacing ISC DHCP server with KEA DHCP Feature #7077: Display negotiated cipher for NCP OpenVPN connections in Status->OpenVPN Feature #7078: Allow reordering of client specific overrides in OpenVPN Feature #7181: Add Top and Add Bottom on Seperator Feature #7182: Break up System Widget on the Dashboard Feature #7244: Publish pfsense as a Vagrant Basebox Feature #7260: Source OS / p0f Database Missing Modern Operating Systems Feature #7416: Dhclient does not support supersede statement for option 54 Feature #7783: Support for hosting VMs on pfSense using bhyve Feature #7847: USB NIC not loading (TP-Link UE300 RTL8153) Feature #7852: Add views support to Unbound GUI Feature #8316: expiration date when creating new rules Feature #8346: Let pFSense act as an IPSec XAuth VPN Client Feature #8474: Easier Conversion to HA Pair from Existing Non-HA Firewall Feature #8694: Client CA Auth for PFSense WebGui Feature #8712: QOS on ipsec links Feature #8775: Use SRV record for LDAP Authentication Feature #8861: Show more detail on status_interfaces.php Feature #8879: DHCP options ADD force options Feature #9297: Log and Graph Temperatures Feature #9536: Support dynamic prefix in DHCPv6 Server Feature #9544: Enable RADIX_MPATH Feature #9574: Show changelog at package upgrade Feature #9680: Seperate DHCP Server and relay per interface Feature #9717: Search box for pfsense ? Feature #9718: Make diag_states_summary table sortable Feature #9942: Give pfSense the possibility to change the keyboard Layout for console users Feature #10204: Possible clarification of Track IPv6 Interface Subnet ID Feature #10223: Add the ability to create additional loopback interfaces Feature #10250: DHCP lease view by interface Feature #10467: Email alert functionality for system health Feature #10987: Add support for secure boot Feature #11056: Add option to disable flow-control on interfaces in GUI Feature #11164: Prevent setting a load-balance gateway group as default. Feature #11270: Consider integrating Nebula mesh VPN Todo #32: PPPoE Server users integration with user manager Todo #33: L2TP users integration with user manager Todo #1521: Investigate FreeBSD route metric support for future versions Todo #5902: Use a common place for default values Todo #6647: Enable Additional Security Headers Todo #6697: White squares around the numeric values in the Status / Queues page Todo #6727: Missing file apple-touch-icon-precomposed.png ?
pfSense Packages - Future Scheduled for an unspecified future version, typically not the next one 0% 3 issues (0 closed — 3 open) Related issues pfSense Packages - Bug #7267: Status Traffic Totals - Stacked Bar - Scale not high enough pfSense Packages - Bug #10791: Valid (vlan)interfaces do not get vif reporting "Invalid phyint address" pfSense Packages - Feature #11178: Filer do not ask what to do with previous filename