If it feels like eons have passed since the last major pfSense release, in an IT sense, that is close to being accurate. The last “dot” release of pfSense, the popular firewall appliance platform, occurred with the pfSense 2.4.5 release in March 2020. The previous “4” digit incremented with the pfSense 2.4 release in October 2017. Now, in February 2021, we have pfSense 2.5 which is perhaps the biggest upgrade in years.
pfSense 2.5 Release
We previewed the release a bit in pfSense adding WireGuard VPN and pfSense Plus. With this edition, the project will be more formally segmented into the open-source pfSense and the higher-end pfSense Plus. You can read more about that change in the link above. There are a number of big changes in this version, and some of it comes from the basic underpinnings. While pfSense 2.4.5 was based on FreeBSD 11.3, pfSense 2.5 is based on FreeBSD 12.2. We also get a host of changes to basic components such as an OpenSSL upgrade.
One of the headline features is the ability to add a kernel-based WireGuard tunnel in pfSense. This is available in the UI, however, there is not a lot of contextual information other than the basics of features. The setup is functional, but not as nice as the OpenVPN wizard.
One other interesting feature is that logs in pfSense are changing. Specifically, pfSense is moving to a log rotation solution. There is even a page for controlling those settings. For those of us who enjoy looking at just how many clients are scanning, this is a nice feature. Here is just a look at a recent basic firewall that was setup. You can see just how many entries are created in two minutes using the default firewall rules.
Since this is a release that is 1-3.5 years in the making, there are a lot of changes noted in the Release Notes that you may want to look for. One that we were a bit bummed that did not make it into the RC snapshot we tried is that we checked if pfSense on Proxmox VE has gotten any easier. It still blocked LAN traffic by default with virtio NICs (E1000 works.) We were a bit hopeful with some of the defaults for the checksum offload changing, but this apparently did not make it. It is too bad this does not work out-of-the-box as it is a great way to learn pfSense and not having that out-of-box experience will turn away some users.
If you are feeling adventurous, you can always check out the release today. We know some of our users will choose to hold-off waiting for others to upgrade first. Still, If you want to be on FreeBSD 12 with the newer features, then you will want to be on the new version sooner rather than later.
We just hope pfSense 2.5.1 is not around a year away. We understand that pfSense does just about everything one would need for a huge portion of the firewall/router market. At the same time, it feels like development largely stalled just because of the gap between major releases.
As always, a friendly reminder to make a backup before upgrading your existing systems.