A few weeks ago we highlighted that pfSense 2.4.4 Makes pfSense Gold Available to All. Indeed, with today’s launch of pfSense 2.4.4, the pfSense Gold subscription service features have largely been opened for free use by the community. Beyond these previously paid features, the new FreeBSD 11.2 underpinnings support Intel Atom C3000 hardware. The absence of full Intel Atom C3000 support thus far is almost astonishing since we had Denverton Day Official STH Intel Atom C3000 Launch Coverage over 13 months ago and we had benchmarked the Intel Atom C3338 about 19 months ago. There are a number of other changes for 2.4.4 under the hood as well.
pfSense 2.4.4 New Features
Here is an excerpt of new features for pfSense 2.4.4:
- OS Upgrade: Base Operating System upgraded to FreeBSD 11.2-RELEASE-p3. As a part of moving to FreeBSD 11.2, support is included for C3000-based hardware.
- PHP 7.2: PHP upgraded to version 7.2, which required numerous changes to syntax throughout the source code and packages.
- Routed IPsec (VTI): Routed IPsec is now possible using FreeBSD
if_ipsec(4)Virtual Tunnel Interfaces (VTI).
- IPsec Speed Improvements: The new Asynchronous Cryptography option under the IPsec Advanced Settings tab can dramatically improve IPsec performance on multi-core hardware.
- Default Gateway Group: The default gateway may now be configured using a Gateway Group setup for failover, which replaces Default Gateway Switching.
- Limiter AQM/Queue Schedulers: Limiters now include support for several Active Queue Management (AQM) methods and Queue Scheduler configurations such as FQ_CODEL.
- Certificate Subject Requirements: The Certificate Manager and OpenVPN wizard now only require the Common Name to be set, and all other fields are optional.
- DNS over TLS: The DNS Resolver now includes support for DNS over TLS as both a client and a server, including for domain overrides.
- Captive Portal Authentication: Captive Portal authentication is now integrated with the User Manager system. Captive Portal instances may now use RADIUS, LDAP, or Local Authentication like other integrated services.
- Captive Portal HTML Design and Usability: The default Captive Portal page has been redesigned. Controls have also been added which allow the logo and background images and Terms of Service text to be customized without editing and uploading custom HTML code.
- Integrated Switch Improvements: Netgate devices with integrated switches such as the SG-3100 and XG-7100 can now configure per-port speed and duplex settings, discrete port configuration interfaces can now be tied to switch ports for up/down status, and LAGG support is also now available (Load Balance mode only)
(Source: pfSense Blog)
Upgrading? Discuss with the STH Community
Share your experiences upgrading to pfSense 2.4.4 here. We have some readers at STH who have seen upgrade issues from previous versions. My personal 2.4.3_1 to 2.4.4 upgrade went on without a problem.
I upgraded two APUs yesterday, no issues at all.
Does this now support QuickAssist so that people who live in countries where 1GBit and 2GBit lines are standard can finally saturate their lines?
Can anyone recommend a solid and cheap Atom C3000 platform to run this?
Will this be the last update before the great changes in 2.5?
I thought there was already support for the C3000 series.
Great platform! For home users that don’t have the luxury of expensive hardware this is a great way to have enterprise features in an home environment.