Netgate, the provider of pfSense Community Edition (CE) software, has announced the release of version 2.7.1. pfSense CE is an open-source project that has been supported by Netgate since 2008. The source code for the project is available on GitHub under the Apache 2.0 open-source license. pfSense CE can be used on common hardware to build routers and more.
One major change in this release is the upgrade of OpenSSL to version 3.0.12. This upgrade was necessary as OpenSSL 1.1.1 has reached its End of Life and will no longer receive security patches. With the upgrade to OpenSSL 3.0.12, older and weaker encryption and hash algorithms have been removed, and security certificates based on these algorithms have been deprecated. It is highly recommended to review the release notes and Netgate’s blog post on this topic before performing the upgrade.
Another notable feature in version 2.7.1 is the addition of Kea DHCP as an opt-in feature. While basic functionality is present, it is not yet feature-complete. Switching to the Kea DHCP server can be done through the web interface by navigating to System > Advanced and changing the server backend radio button in the DHCP Options section to “Kea DHCP”. It is important to note that switching to Kea DHCP may result in ignored hostnames for devices on the network that were assigned using static leases or rely on dynamic lease registration in DNS.
This release also includes improved support for SCTP (Stream Control Transmission Protocol) in PF for firewall rules, NAT, and logging. Rules can now act on SCTP packets by port number, whereas previously it was only possible to filter on source or destination address. Additionally, the IPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as part of the ongoing integration of the Kea DHCP server.
Other changes in version 2.7.1 include the upgrade of PHP to version 8.2.11 and the base operating system to a more recent point of FreeBSD 14-CURRENT. The release also addresses various bugs and issues.