We recently had an article on the pfSense 2.4-Release Milestone for the Popular Firewall Platform. It was no secret that Netgate, the company behind pfSense, was working on 2.4.1 already when 2.4.0 was first released. The new pfSense 2.4.1-Release is primarily posited as a maintenance release but is important. For example, in this release, the WPA2 KRACK fix has been implemented for pfSense. We have also heard reports that those running pfSense in a VMware ESXi VM are seeing much better compatibility with version 2.4.1.
pfSense 2.4.1-Release Notes
Here is a summary of the release notes via pfSense’s official blog post.
pfSense software version 2.4.1 has a brief, but important, list of changes which include:
- Fixes for the set of WPA2 Key Reinstallation Attack issues commonly known as KRACK
- Fixed a VT console race condition panic at boot on VMware platforms (especially ESXi 6.5.0U1)
- Fixed a bsnmpd problem that causes it to use excess CPU and RAM with the hostres module in cases where drives support removable media but have no media inserted
- Fixed an upgrade problem due to FreeBSD 11 removing legacy ada aliases, which caused some older installs to fail when mounting root post-upgrade
- Fixed setting VLAN Priority in VLAN interface configuration
- Changed the boot-time fsck process the ensure the disk is mounted read-only before running fsck in preen mode
- Changed the VLAN interface names to use the ‘dotted’ format now utilized by FreeBSD, which is shorter and helps to keep the interface name smaller than the limit (16) This fixes the 4 digit VLAN issues when the NIC name is 6 bytes long. This change was made not only to fix the name length issue, but also to reduce the differences between how FreeBSD uses VLANs and how they are used by pfSense interface functions.
You can see more detail on the changes via the offficial Release Notes.