2.9.0 open pfSense CE software release 63% 92 issues (30 closed — 62 open) Related issues Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors Actions Bug #14741: PHP error in DNS Forwarder host overrides when the language is set to French Actions Bug #14921: External Config Locator does not trigger a pkg sync except on first boot Actions Bug #15116: Kea not working with UEFI HTTPBoot URL configured Actions Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner Actions Bug #15637: Kea DHCP service control inconsistencies Actions Bug #15757: Incorrect dashboard column spacing when using five columns Actions Bug #15770: Limiter Limits Whole Gateway instead of Single IP Actions Bug #15809: UFS upgrades do not create new log files Actions Bug #16141: RRD data fails to restore via the ECL Actions Bug #16142: XMLRPC requests fail due to incorrect request path Actions Bug #16153: ECL can modify a discovered config file Actions Bug #16191: Early DNS registration can add invalid addreses Actions Bug #16194: IPv6 ICMP firewall log entries marked with protocol "Options" instead of ICMPv6 Actions Bug #16197: underscore (_) is not permitted in Identifier (Pre-Shared key) Actions Bug #16216: [BUG?] New PPPoE module (if_pppoe) causes high "Errors Out" on WAN (Vivo Fibra) Actions Bug #16248: QLink/Marvell 41000 NIC bug Actions Bug #16264: Ethernet rules generated by Captive portal can block ARP Actions Bug #16266: Thermal Sensors Widget Thresholds not Evaluated Actions Bug #16272: Input validation text for deleting a VIP within a CARP IP's subnet may reference incorrect VIP Actions Bug #16290: Diagnostics -> Authentication crashes if Shared Secret is not correct Actions Bug #16339: Captive Portal ``backwardsyncpassword`` value not sanitized in status output Actions Bug #16341: Error notification and log message ``"Updating repositories metadata" returned error code 1`` at boot Actions Bug #16351: Automatic IPv6 gateways for OpenVPN servers are created with the wrong gateway address Actions Bug #16428: OpenVPN does not add "Inter-client communication" to configuration for Peer-to-Peer SSL/TLS servers Actions Bug #16472: Cannot set RADVD router lifetime to 0 Actions Bug #16475: Filter rule evaluation continues after matching a ``match quick`` rule Actions Bug #16487: VIPs on PPPoE interfaces with ``if_pppoe`` can prevent the PPP session from terminating Actions Bug #16495: Displayed gateway order is incorrect after a new order is saved Actions Bug #16505: Korean locale configuration name is incorrect Actions Feature #12495: Preserve other record types when updating IPv4 or IPv6 using deSEC DDNS Actions Feature #13293: Option to set auth-gen-token in OpenVPN GUI Actions Feature #13340: Option to change QinQ ethertype to Service VLAN Tag Actions Feature #14208: Automatic Split-DNS for 1:1 NAT Actions Feature #14437: Add DynDNS Provider - Hetzner Actions Feature #15323: Display server description when WOL is sent using mac url or power-on button Actions Feature #15544: Add hostname to Slack notifications Actions Feature #15636: High Availability Status Changes Actions Feature #15659: Kea option for ``reservations-out-of-pool`` and associated input validation (IPv4 and IPv6) Actions Feature #15922: Allow using dhcp mappings in host aliases for any service Actions Feature #15934: Kea Lease Reclamation and Affinity Options (IPv4 and IPv6) Actions Feature #15952: Support Message-Authenticator in the PHP RADIUS client Actions Feature #16068: Allow disabling logging of packets blocked due to unmatched IP options Actions Feature #16159: Provide periodic connection reset for if_pppoe Actions Feature #16166: Option to deactivate ALTQ for VTNET interfaces Actions Feature #16189: Better Logging for LDAP Connection Errors Actions Feature #16215: Allow matching on IP Options with firewall match rules Actions Feature #16241: Block non-global NAT64 addresses by default Actions Feature #16253: Fix configuration artifacts on upgrade Actions Feature #16308: Avoid traffic stalls on unneeded rule reloads Actions Feature #16325: Add support for labels in configuration rules Actions Feature #16423: Enable Post Quantum Crypto Support in SSH Server Actions Feature #16502: Support state killing on gateway recovery for policy-routed traffic from the firewall itself Actions Feature #16517: Introduce `endpoint-independent` "full-cone" NAT Actions Todo #6727: Apple TouchID/FaceID probes for site icon files that do not exist Actions Todo #15408: Reduce inconsistencies between Configuration History with/without ZFS Boot Environments Actions Todo #16128: Sanitize pppoe configuration parameters Actions Todo #16291: Relocate Kea control socket and lease database Actions Todo #16307: Refactor pf configuration generation Actions Todo #16322: dpinger can use a CARP VIP as the source IP address Actions Todo #16388: Upgrade to Kea 3.0.1 Actions Todo #16432: Allow assigning bridge members which have an IP address Actions Todo #16468: Kea configuration parameter ``client-class`` is deprecated Actions Todo #16469: Improve file handling of the config cache Actions Todo #16509: Update strongSwan Actions pfSense Packages - Bug #15274: HAProxy Configuration Changes Require pfSense Reboot to Take Effect Actions pfSense Packages - Bug #15909: Prevent tailscale interface from being assignable Actions pfSense Packages - Bug #15916: pfBlockerNG dnsbl daemon not able to start in CARP mode Actions pfSense Packages - Bug #16211: Python errors in Cellular Actions pfSense Packages - Bug #16220: Wireguard widget default refresh interval is invalid Actions pfSense Packages - Bug #16225: Telegraf service does not restart after change of settings Actions pfSense Packages - Bug #16348: HAProxy configuration references non-existent certificate files Actions pfSense Packages - Bug #16399: Update mDNS-Bridge to 2.2 Actions pfSense Packages - Bug #16410: Arpwatch incorrect subject line Actions pfSense Packages - Feature #16070: Add ANDwatch package Actions pfSense Packages - Todo #16231: Update packages to use the XMLRPC plugins for HA Actions
pfSense Plus - 25.11 open Release targeted for November 2025 30% 20 issues (3 closed — 17 open) Related issues pfSense Plus - Bug #14772: PFsense Plus doesn't work with AWS new Instance Metadata Service (IMDSv2) Actions pfSense Plus - Bug #14894: Password protected console login prompt does not render properly on 4100/6100/8200 serial console Actions pfSense Plus - Bug #15499: Manually verifying the boot environment makes config changes Actions pfSense Plus - Bug #15533: Boot verification script over matches Actions pfSense Plus - Bug #15613: rc.savecore errors prevent boot in ZFS Actions pfSense Plus - Bug #16176: Config restored during install can be overwitten by hardware specific default values Actions pfSense Plus - Bug #16323: Serial/Console Baud Rate Cannot Be Changed Actions pfSense Plus - Bug #16375: Boot Environment page fails to load if ``pfsense:version`` ZFS property contains newlines Actions pfSense Plus - Bug #16392: Admin group membership is lost on secondary after changes to user Actions pfSense Plus - Bug #16491: FreeRADIUS Accounts with "%" Character in the Password String Fail Authentication Actions pfSense Plus - Feature #11732: Add VXLAN Support to pfSense Plus Actions pfSense Plus - Feature #14297: Add Option for Vendor Class ID in DHCP Client Actions pfSense Plus - Feature #15380: During upgrade Process GUI timeouts still occur Actions pfSense Plus - Todo #15372: Adjust LED patterns for Boot Environments 2.0 Actions
CE-Next open The next release of pfSense software (CE) 13% 92 issues (6 closed — 86 open) Related issues Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa Actions Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound Actions Bug #6333: Bootup starts/restarts dpinger multiple times Actions Bug #7389: Limiter does not work with transparent proxy Actions Bug #8013: IPsec MSS clamping value shared for IPv4 and IPv6 Actions Bug #8100: pfsync deletes states on primary for connections established through secondary Actions Bug #8192: dpinger - Change in ISP link-local IPv6 address drops connectivity Actions Bug #8263: Cannot create a nonlinear `Link Share` service curve because of: "the sum of the child bandwidth higher than parent" Actions Bug #8273: IPv6 GRE tunnel over PPPoE fails on startup Actions Bug #8611: unable to receive IPv6 RA's on SG-1000, default route lost Actions Bug #8815: IP addresses are removed from interfaces when link is lost and either IPv4 or IPv6 is dynamic Actions Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through Actions Bug #9136: IPv6 Tracking Interfaces Lose IPv6 Address in Certain Cases Actions Bug #9349: IPSec service start/stop/restart fails after settings change Actions Bug #9384: devd putting "$" before variable contents when using single quotes Actions Bug #10513: State issues with policy routing and HA failover Actions Bug #10530: Convert config version to be based on product version Actions Bug #10690: Not possible to make UFS install on ZFS formatted drive Actions Bug #10708: ZFS bootpool boot symlink issue Actions Bug #10875: PPP periodic reset does not fully restore gateway group round-robin functionality Actions Bug #10892: Large number of VLAN/LANs make floating rules are to read Actions Bug #11110: Backup file should be checked before restoring a specific area Actions Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down Actions Bug #11335: Spoofing the MAC on a LAGG interface does not work for some NIC types. Actions Bug #11429: System Log / Settings form activates "Reset Log Files" button on enter Actions Bug #11430: PHP console spam after Assigning Interfaces Actions Bug #11503: Using multiple authentication backends on an OpenVPN server fails Actions Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1 Actions Bug #12095: Memory leak in pcscd Actions Bug #12335: IPsec DNS inefficiency Actions Bug #12357: Captive Portal popup Logout button loads full login page in popup when clicked Actions Bug #12715: Long system startup time when LDAP is configured and unavailable during startup. Actions Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php Actions Bug #13217: dhclient using default pid file location which does not exist Actions Bug #13273: dhclient can use conflicting recorded leases Actions Bug #13329: Traffic shaping Wizard sets invalid values for qVoip queue Actions Bug #13450: L2TP Clients system alias is not populated Actions Bug #13480: GIFs are not automatically started when parent interface doesn't have an address at boot Actions Bug #13483: dhcp6c shouldn't be killed and restarted on interface reconfigurations Actions Bug #13487: GUI IPV6-WAN-status stays "Offline, Packetloss" after a short communication hick up Actions Bug #13499: Namecheap service type is missing help text for the password field Actions Bug #13680: Package install scripts run after PHP upgrade produce errors Actions Bug #13734: PPP interfaces with a QinQ parent can't initialize the PPPoE node for link Actions Bug #13792: Filterdns assumes sets of resolved addresses for each hostname are nonintersecting Actions Bug #13793: filterdns does not reconcile modelled tables with the current state of filter tables Actions Bug #13937: New OpenVPN entries are not immediately reflected in RRD graphs Actions Bug #13961: Virtual IP address input validation does not check for overlap with DHCP address ranges Actions Bug #14244: ``get_interface_list()`` in ``util.inc`` does not always match the expected device in ``dmesg``. Actions Bug #14262: IPv6 firewall log entries do not wrap and force the table width past the width of the page Actions Bug #14350: Captive portal text messages are not translated Actions Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp`` Actions Bug #14983: Upgrade can fail when unexpected EFI partitions are present. Actions Bug #15081: Upgrade fails due to undersized EFI filesystem Actions Bug #15448: ``miniupnpd`` lacks IGDv2 support Actions Bug #15518: Kea does not send configured TFTP server name Actions Bug #15847: Kea DHCP lease utilization stats incorrect for delegated prefix pools Actions Bug #15902: After an IPv6 prefix and IP change on the WAN interface the KEA DHCP service crashes and cannot be restarted Actions Feature #2386: Bridge member that is not an assigned interface Actions Feature #4405: Traffic shaping doesn't work when applied to a bridge interface Actions Feature #11440: Expand collapsed sections by clicking anywhere on header Actions Feature #11589: Fix iftop experimental traffic fetcher, unify and improve output style Actions Feature #12077: Allow stick-connections per gateway group Actions Feature #12121: Wider "local network(s)" fields in OpenVPN server configuration Actions Feature #12494: DynDNS: make simultaneous update of IP and LegacyIP possible Actions Feature #12553: Auto Config Backup: Allow selecting multiple backups for deletion Actions Feature #13244: Add help text under Timezone settings in the GUI Actions Feature #13351: Improve Indicated Memory Usage in the Dashboard Actions Feature #13362: Update dynamic gateway consumers when their interface is renamed Actions Feature #13710: Support UTF-8 CA/Certificate subject components Actions Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more Actions Feature #13844: Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled Actions Feature #14122: Allow selecting the repo branch on config restore Actions Feature #14166: Use netstat output for interface packet counters Actions Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes Actions Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces Actions Feature #14762: Support X25519 and X448 public key algorithms in certificates Actions Feature #15090: Improve feedback from config recovery during install Actions Feature #15647: Include ability to generate Configuration file and QR Code for wireguard configuration Actions Feature #15648: Include ability to gen private/public key in UI for easier WireGuard client provisioning Actions Feature #15745: Add User Manager Setting to control Remote Authentication fallback behavior Actions Todo #12367: ZFS: Do not show memstick disk on target list Actions Todo #13508: Uncouple RAM Disk size from available kernel memory Actions Todo #13644: Enable ALTQ support in cxgbe(4) Actions Todo #14264: Consider lowering default session timeout from current default of four hours (240m) Actions Todo #14352: Virtual IP address configuration input fields are handled inconsistently between VIP types Actions Todo #14359: Reorganize Advanced Options Actions Todo #15780: Speed up MBUF Usage command in system information widget Actions Todo #16471: Upgrade PHP to 8.4 Actions Todo #16515: Set appropriate log levels for PHP and ``/usr/bin/logger`` logs Actions
Future open Items for an indeterminate later release 3% 114 issues (5 closed — 109 open) Related issues Bug #1675: Captive portal logout problems with pop-up blockers. Actions Bug #4406: ALTQ problems with wireless cloned interfaces Actions Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel Actions Bug #5367: Safari repeatedly tries to reload dashboard Actions Bug #5786: Check WebConfigurator port for conflicts Actions Bug #6167: IPsec IPComp not working Actions Bug #6186: race conditions in service startup Actions Bug #6696: Add configure link to Status > Queues error message if traffic shaping not configured Actions Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield Actions Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement Actions Bug #7195: pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input Actions Bug #7222: Encryption No Longer Enforced for Email Notifications Actions Bug #7288: The field 'Distinguished name Organization' contains invalid characters Actions Bug #8502: main (top) menu items do not drop down in some cases Actions Bug #8614: Cannot remove Additional BOOTP/DHCP Options Actions Bug #8820: System/Advanced/Misc - "Do not kill connections when schedule expires" UN-checked still leaves existing connections open. Actions Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan) Actions Bug #9353: PHPSession errors from limited access to dashboard and widgets Actions Bug #9755: package description wrong link https://www.freshports.org/security/openvpn-client-export Actions Bug #10310: Systems with low RAM and several packages may temporarily fail to load large tables after an upgrade Actions Bug #10352: RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters Actions Bug #11093: ral(4) driver non-functional in arm64 Actions Bug #11352: CTF types > 2^15 in the pfSense kernel config results in DTrace failing Actions Bug #11473: System Activity shows invalid data on SG-3100 Actions Bug #12013: Reading log data is inefficient in certain cases Actions Bug #15228: User manger fails to display certificate option for a new user in case of input error Actions Bug #15708: The filterdns service won't start Actions Feature #84: Nightly Filter Summary E-Mail Actions Feature #96: Add "All local networks" to source and destination drop down boxen in firewall rules Actions Feature #286: Backup/restore users individually Actions Feature #290: Add Multi-WAN awareness to UPnP Actions Feature #521: Group manager Assigned Permissions Actions Feature #701: Interface groups with NAT Actions Feature #946: Allow aliases to be used to define IPsec phase 2 networks Actions Feature #1257: Handle encypted CA/Certificate private keys Actions Feature #1268: Allow mass renewing of certs Actions Feature #1337: VLANs with different MAC address than parent interface Actions Feature #1831: Captive portal IPv6 support Actions Feature #2024: RRD Graphs for packages Actions Feature #2479: Allow reordering of the traffic graphs on the dashboard Actions Feature #2593: sync NTPD, SNMP config between HA members Actions Feature #2676: Reply-to option in firewall rule Actions Feature #2965: Mac Firewalling Actions Feature #3115: Traffic shaping for multi WAN Actions Feature #3185: Accommodate a DHCPv6 failover-like mechanism Actions Feature #3377: OAuth2 authentication in captive portal Actions Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network Actions Feature #3696: Multiple items backup/restore Actions Feature #3697: New backup/restore area: Certificates Actions Feature #3882: Add OUI database to the base system, remove dependency on nmap Actions Feature #4098: Add option to force a password change on login Actions Feature #4195: Aliases: sections Actions Feature #4234: allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth Actions Feature #4632: Support for Multipath TCP (MPTCP) Actions Feature #4724: Captive Portal Status Add Client Hostname Actions Feature #4776: Add 802.1x dynamic vlan support Actions Feature #5307: Add logarithmic scale option to RRD graphs Actions Feature #5510: Need a simple way to enable/disable package-installed services Actions Feature #5619: Curl with ARES support Actions Feature #5735: Automaticaly add DHCP leases to alias list or make it readable in selected fields Actions Feature #5835: Improve OpenVPN client gateway detection in edge cases where the remote does not send gateway information Actions Feature #5950: DHCPv6 Server support for PD of PD-obtained networks Actions Feature #6457: Allow ability to configure AWS EC2 AMI via userdata Actions Feature #6728: Route53 API mod and Geolocation Actions Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius) Actions Feature #7078: Allow reordering of client specific overrides in OpenVPN Actions Feature #7181: Add Top and Add Bottom on Seperator Actions Feature #7182: Break up System Widget on the Dashboard Actions Feature #7244: Publish pfsense as a Vagrant Basebox Actions Feature #7260: Source OS / p0f Database Missing Modern Operating Systems Actions Feature #7783: Support for hosting VMs on pfSense using bhyve Actions Feature #7847: USB NIC not loading (TP-Link UE300 RTL8153) Actions Feature #7852: Add views support to Unbound GUI Actions Feature #8316: expiration date when creating new rules Actions Feature #8474: Easier Conversion to HA Pair from Existing Non-HA Firewall Actions Feature #8694: Client CA Auth for PFSense WebGui Actions Feature #8712: QOS on ipsec links Actions Feature #8775: Use SRV record for LDAP Authentication Actions Feature #8879: DHCP options ADD force options Actions Feature #9536: Support dynamic prefix in DHCPv6 Server Actions Feature #9574: Show changelog at package upgrade Actions Feature #9680: Seperate DHCP Server and relay per interface Actions Feature #9717: Search box for pfsense ? Actions Feature #9718: Make diag_states_summary table sortable Actions Feature #9942: Give pfSense the possibility to change the keyboard Layout for console users Actions Feature #10204: Possible clarification of Track IPv6 Interface Subnet ID Actions Feature #10223: Add the ability to create additional loopback interfaces Actions Feature #10250: DHCP lease view by interface Actions Feature #10404: Consider using chrony for NTP services Actions Feature #10467: Email alert functionality for system health Actions Feature #10987: Add support for secure boot Actions Feature #11056: Add option to disable flow-control on interfaces in GUI Actions Feature #11270: Consider integrating Nebula mesh VPN Actions Feature #11302: WireGuard XMLRPC sync Actions Feature #11324: Separate syslog "Remote log servers" Parameters Actions Feature #11498: WireGuard does not pass multicast traffic to peer Actions Feature #11588: Automatically suggest next IP address in Wireguard interface subnet when creating a peer Actions Feature #11604: WireGuard Dynamic Listen Port Randomization Actions Feature #11921: Feature Request: Compile unbound with EDNS Client Subnet (ECS) module (--enable-subnet) Actions Feature #12521: Add the BBR2, QUIC, RACK Congestion Control (CC) protocols Actions Feature #12564: add column to show that an Alias is in use by or not Actions Feature #12863: dynamically tune sha512crypt rounds Actions Feature #13805: A way to reliably determine if system is the primary or secondary in CARP Actions Feature #14666: Option to add automatic pass rules for IGMP Proxy which allow IP options Actions Feature #15078: Display all available updates on the dashboard Actions Todo #32: PPPoE Server users integration with user manager Actions Todo #33: L2TP users integration with user manager Actions Todo #5902: Use a common place for default values Actions Todo #6647: Enable Additional Security Headers Actions Todo #6697: White squares around the numeric values in the Status / Queues page Actions Todo #11280: Add WireGuard to ALTQ list Actions Todo #12025: Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address Actions
pfSense Packages - Future open Scheduled for an unspecified future version, typically not the next one 37% 8 issues (3 closed — 5 open) Related issues pfSense Packages - Bug #7267: Status Traffic Totals - Stacked Bar - Scale not high enough Actions pfSense Packages - Bug #10791: Valid (vlan)interfaces do not get vif reporting "Invalid phyint address" Actions pfSense Packages - Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events Actions pfSense Packages - Feature #11178: Filer do not ask what to do with previous filename Actions pfSense Packages - Feature #11798: HA Sync for FRR config Actions pfSense Packages - Feature #12358: IP List Copy/Import/Export Actions pfSense Packages - Feature #12909: Convert Suricata GeoIP Lookup feature on ALERTS tab to use local GeoIP2 database Actions pfSense Packages - Feature #13284: Option to define "Issuer" in OPT configuration. Actions
pfSense Plus - Plus-Next open The next release of pfSense Plus software 25% 4 issues (1 closed — 3 open) Related issues Todo #1521: Multipath Routing GUI Support Actions pfSense Plus - Bug #12759: Proprietary packages link to non-existant or non-public github pages Actions