This is a release we have been waiting on, for what seems like ages. We finally have a pfSense CE 2.7 release a bit over five quarters past the pfSense CE 2.6.0 release. With it, we get a few new features, but there is a lot of upgrading that went on under the hood that we can be excited about.
pfSense CE 2.7 Released with Intel i226 Support and Other Enhancements
Perhaps the most noticeable change for STH is that pfSense CE is moving back to FreeBSD main with FreeBSD 14. This brings a number of new driver updates including the Intel i226-V which is the updated 2.5GbE NIC from Intel compared with the Intel i225-V generation.
Here is the list of highlights from the pfSense CE 2.7.0 and pfSense Plus 23.05.1 Release Blog (lightly edited):
- Captive portal and limiters moved from ipfw to pf
- UPnP and multiple game systems
- New gateway state killing options
- Improved Firewall/NAT rule usability
- Upgraded OpenVPN 2.4.6
- Upgraded PHP 8.2.6
- Moved to track the ‘main’ branch of FreeBSD with FreeBSD 14
- Deprecated older IPsec transforms
- Added support for ChaCha20-Poly1305 to IPsec
- Addressed issues with unbound crashes
- Added new packet capture GUI
- Added UDP broadcast relay package
One of the coolest features is the new Packet Capture GUI. Here is what it looks like:
We also found things like the simplified Firewall NAT Port Forward user interface:
The power is still there, it is just a bit cleaner and can make that feature easier for folks to use.
Final Words
On the whole, Netgate, the company behind pfSense, has been pushing folks to pfSense Plus over the past few years in an effort to drive revenue. At the same time, pfSense CE is what gets folks onto the platform. This is very important since OPNsense has been slowly closing the gap with pfSense in terms of interest, partly driven by the adoption of new features. For those wondering, pfSense is still a much larger project, but we have seen interest in the projects dramatically shift on STH over the past 12-18 months.
For those using pfSense, we have already upgraded a number of platforms even back to the old Fanless Intel J4125 4x i225 we reviewed over a year ago and it still works, along with typical Intel embedded CPU lines. So far systems have been upgrading without issue.
Resources to Learn More and Download pfSense CE 2.7.0
If you want to see more about what is new, check out the release notes.
If you just want to get pfSense, you can either upgrade your current system (if it is configured properly pfSense CE 2.7.0 will show up with an update check) or you can just download it here.
I hope we see content on other firewall options too like Sophos, OpnSense, etc. pfSense while a great product I can’t support them as a company.
pfSense+ has been $0 for home use since they announced the split between the community edition and the business edition. I don’t see how a $0 product is driving more revenue.
Glad it’s out and available!
The problem, if I recall, is that in order to get that $0 price for pfSense Plus home license, you have to agee to give Netgate full remote unrestricted access to the device running it.
That’s why people stick with pfSense CE.
I moved to OPNsense. The only Problem I have with it that my internet porvider requires ipv6 change every 24hrs. And OPNsense is unable to renew that every time for unknown reason. So I lose the ipv6 connectivity from time to time which is sometimes annoying as things cache ipv6 resolved addresses and then things break.
“I moved to OPNsense. The only Problem I have with it is that [it doesn’t work].” is not the flex you think it is.
JHBoricua and rest of community here, where exactly is it mentioned that Netgate gets full remote access to your device if you upgrade to pfsense plus!??
https://www.netgate.com/company/legal/purchase/evaluation-early-access-and-beta-terms
7.2. Evaluator agrees to provide Netgate personnel full and free access to the Product, including remote access, subject to the Evaluator’s security regulations, for the purpose of observing the testing and performance of the Product.
As one can clearly see that is in a Paragraph about early access and beta versions. The whole stick is nonsense. Plus versions are completely the same across the board. There is no 0$ home user plus version with remote access enabled. Just FUD. Netgate has no and doesn’t want full remote access. You can happily sniff tcpdump traffic on WAN. If you WANT support you get it. But even then your config etc is stripped of passwords or other private content before you send it out to them to check on.
Don’t understand where that rumours always come from. If you don’t allow access on WAN nothing comes in. Easy as that.
Upgraded to CE 2.7 and applied System patches 2.2.5 on top
All running fine. Coming from edgerouter gear, I’m pleased that this solution exit.