pfSense 2.4.1-Release is out with bug fixes including a WPA2 KRACK fix

PfSense 2.4.1 Dashboard
PfSense 2.4.1 Dashboard

We recently had an article on the pfSense 2.4-Release Milestone for the Popular Firewall Platform. It was no secret that Netgate, the company behind pfSense, was working on 2.4.1 already when 2.4.0 was first released. The new pfSense 2.4.1-Release is primarily posited as a maintenance release but is important. For example, in this release, the WPA2 KRACK fix has been implemented for pfSense. We have also heard reports that those running pfSense in a VMware ESXi VM are seeing much better compatibility with version 2.4.1.

pfSense 2.4.1-Release Notes

Here is a summary of the release notes via pfSense’s official blog post.

pfSense software version 2.4.1 has a brief, but important, list of changes which include:

  • Fixes for the set of WPA2 Key Reinstallation Attack issues commonly known as KRACK
  • Fixed a VT console race condition panic at boot on VMware platforms (especially ESXi 6.5.0U1) 
  • Fixed a bsnmpd problem that causes it to use excess CPU and RAM with the hostres module in cases where drives support removable media but have no media inserted 
  • Fixed an upgrade problem due to FreeBSD 11 removing legacy ada aliases, which caused some older installs to fail when mounting root post-upgrade
  • Fixed setting VLAN Priority in VLAN interface configuration
  • Changed the boot-time fsck process the ensure the disk is mounted read-only before running fsck in preen mode
  • Changed the VLAN interface names to use the ‘dotted’ format now utilized by FreeBSD, which is shorter and helps to keep the interface name smaller than the limit (16) This fixes the 4 digit VLAN issues when the NIC name is 6 bytes long. This change was made not only to fix the name length issue, but also to reduce the differences between how FreeBSD uses VLANs and how they are used by pfSense interface functions.

You can see more detail on the changes via the offficial Release Notes.


  1. I did not have a problem using either auto or manual method for configuring LAN on em3 (my hardware options being em1-em3) using 2.3.X but do now with 2.4.1. The configuring of WAN on em0 being issue free. When running function 13 “update from console” wish the pfsense server would give the user the option to remain at 2.3.x if a routine upgrading of the router package (minor) also implies altering the software version to the next release (major). The software package and without prior notice, being automatically elevated to 2.4.1 and not what I would have elected to perform if given the user control to remain at 2.3.x. The KRACK problem not a real concern since I do not utilize WIFI. I not aware that there would be no chances offered to option out of a 2.4.1 version upgrade. I realizing the pfsense version had updated from the new font.

  2. It turns out that ver. 2.4.1, unlike 2.3.x will not automatically [a function] configure LAN ports that skip non assigned ports (x). Hence, such WAN (W)/LAN (L) arrangement as W,x,x,L, W,x,L,x, and W,x,L,L will not auto configure. The arrangements that do work with the auto configure function are W,L,x,x, W,L,L,x and W,L,L,L. I would like to have returned the diverse LAN port auto configure options available on 2.3.x.

    In addition, I have noticed that Ver. 2.4.1, unlike 2.3.x, when rebooting pfSense from a hard drive, does not provide the user a simple UI option of booting from a bootable USB stick if installed, should one wish to revert to an older version. Ver 2.3.x, during reboot, would provide when a USB stick was inserted, the user the option of booting directly into pfSense or from the USB stick thus not needing to stop the boot process.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.