Today the team behind the freely available pfSense firewall/ routing software project announced availability of the pfSense 2.2 Release Candidate. pfSense 2.2 is an enormous upgrade, significantly more than a simple 0.1 increment over pfsense 2.1 would suggest.
The biggest change with pfSense 2.2 is that pfSense 2.2 is based off of FreeBSD 10.1-RELEASE. That meant that the pfsense team did quite a bit of work modernizing the project. Here are some of the biggest changes:
- Upgrade to FreeBSD 10.1 from the previous 2.1 version based off of FreeBSD 8.3
- IPsec stack to include AES-GCM, and IKEv2
- Change to php-fpm
- BIND changed to Unbound
The bottom line here is that there is an absolutely massive upgrade in driver support as well as other key features (e.g. mutli-threaded pf support, better crypto acceleration and etc.)
With the upgrade to FreeBSD 10.1 underpinnings, there are a number of features that one gets, most notably improved virtualization drivers. pfSense with the 2.2-release will become one of the top virtualized router/ firewall solutions around. The Intel Atom C2550 (quad core) has been running pfSense 2.2 since the ALPHA release under Hyper-V. In a home use scenario, very little CPU is used so the majority of the CPU time can be allocated to other endeavors. VMware ESXi has been an option for pfSense for some time now, however Microsoft’s competitor is attractive in a home enviornment because it has more lax hardware requirements and it is easily managed using Windows clients. In fact, since Windows 8, Hyper-V is functionality many Windows desktops can run natively.
Virtualizing pfSense 2.2 with Hyper-V has become very convenient. For example, during the BETA phase we submitted a few bug reports, and encountered issues with the optional BandwidthD package. We simply made a checkpoint of the Hyper-V VM before every upgrade point and rolling-back to a previous version took under 60 seconds, even with the Atom processor.
pfSense 2.2 Hardware Planning
If you are building a new machine, pfSense 2.2 works extremely well with the Avoton/ Rangeley platforms which have been featured on STH multiple times. The Avoton and Rangeley platforms are much faster than most installations will require so one does have additional compute power to use if they wish. The pfSense team has been working to get more of the hardware acceleration elements from the Rangeley platforms (e.g. C2758, C2558 and etc.) working with pfSense which will improve performance even more. FreeBSD 10.1 does improve driver support for various network interface cards significantly. If one is willing to run a virtualized installation, then moving beyond a simple 2GB or 4GB of RAM makes a lot of sense. We have tested 2.2-Beta even using inexpensive Mellanox ConnectX-3 EN dual 10Gb Ethernet cards in Hyper-V and results are fairly good.
Check out the forums for more ideas on pfSense 2.2 builds. There are many members eagerly awaiting the pfSense 2.2 release date.
How to get pfSense 2.2-RC
To get the newest release candidate there are a few options. First, one can easily head here and get the latest new and upgrade files. Existing BETA users can simply use the WebGUI’s upgrade feature to update to the latest version.