pfSense 2.2.1 RELEASE Now Available

The developers of pfSense have made available version 2.2.1 RELEASE.

Original post: https://blog.pfsense.org/?p=1661

pfSensepfSense® software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes.

Security Fixes

A note on the OpenSSL “FREAK” vulnerability:

  • Does not affect the web server configuration on the firewall as it does not have export ciphers enabled.
  • pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability.
  • If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected. Consult the package documentation or forum for details.

[Read more…]

pfSense 2.2-RELEASE Now Available

The developers of pfSense have released the long awaited 2.2!

pfsense-logo-150x150I’m happy to announce the release of pfSense® software version 2.2! This release brings improvements in performance and hardware support from the FreeBSD 10.1 base, as well as enhancements we’ve added such as AES-GCM with AES-NI acceleration, among a number of other new features and bug fixes. Jim Thompson posted an overview of the significant changes previously.

In the process of reaching release, we’ve closed out 392 total tickets (this number includes 55 features or tasks), fixed 135 bugs affecting 2.1.5 and prior versions, fixed another 202 bugs introduced in 2.2 by advancing the base OS version from FreeBSD 8.3 to 10.1, changing IPsec keying daemons from racoon to strongSwan, upgrading the PHP backend to version 5.5 and switching it from FastCGI to PHP-FPM, and adding the Unbound DNS Resolver, and many smaller changes.

Downloads for New Installs

Downloads to Upgrade Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.

Official announcement: https://blog.pfsense.org/?p=1546

Deciso Launches OPNsense, a New Open Source Firewall Initiative

Deciso has just launched their own fork of pfSense, an open source firewall, which is also based on FreeBSD.

http://opnsense.org/wp-content/themes/OPNsense/assets/img/opnsense.pngOPNsense combines the best of open source and closed source firewalls. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources combined with a simple BSD license. This makes OPNsense the platform of choice for users, developers and commercial partners.

Companies that want to use OPNsense to create a branded version, extend its features, or even create a fork and build upon the same codebase are allowed to do so under the 2-clause BSD license.

The large feature set OPNsense includes several high-end features like load balancing, high availability and captive portal. The modern and easy-to-use Bootstrap based user interface makes configuring and managing the firewall a comfortable task for administrators. And maybe the best part; All sources and build tools are freely available without special clauses and without licensing costs.

Read the full announcement here: http://www.adnkronos.com/immediapress/pr-newswire/2015/01/02/deciso-launches-opnsense-new-open-source-firewall-initiative_Ta6bj627D7Uu6GGtUwSO7I.html?refresh_ce

Official OPNsense website: http://www.opnsense.org

You should be running a pfSense firewall

Paul Venezia, InfoWorld.com, wrote this article about the “fast and feature rich, free and open source” firewall, pfSense, and why it may be the best one.

pfsenseThose of us who work in the depths of high technology are not immune to the age-old adage of the shoemaker’s children having no shoes. We probably have the most technologically advanced homes of anyone we know, but we also tend to leave various items alone if they’re not causing problems. After all, that’s what we deal with at work. Who needs to saddle themselves with network upgrade projects at home when nothing’s broken?

That’s how your home winds up with a circa 2001 “small”-form-factor Dell GX110 as a firewall, running an oldish version of IPCop, booting from a CompactFlash card, dutifully whirring away for 12 years. I finally decided to put it out to pasture a few weeks ago.

Read the full article here: http://www.infoworld.com/article/2861574/network-security/you-should-be-running-pfsense-firewall.html

pfSense 2.2 enters BETA

pfsenseThe developers of pfSense have released the BETA version for 2.2.

The 2.2 release has now reached the beta milestone. This means the release is feature complete, a comprehensive list of new features and changes can be found here, and should stay relatively stable throughout the remainder of the development process. That’s not to say it’s production ready though, our developers are using it in production and have been for months, but unless you have a solid understanding of the underlying system and can manually verify the configuration, 2.2 is not yet for you (young padawan).

If you have a non-critical environment where you can try it out, you can find the latest build on the snapshot server. Please report your experiences on the 2.2 board on the forum. Note that snapshots have the risk of changes being made in the source very frequently, and you may get a snapshot from a point in time that caught part but not all of certain changes.

Check out the official announcement here: https://blog.pfsense.org/?p=1449

Download the BETA version here: http://snapshots.pfsense.org/

pfSense 2.1.5-RELEASE now available

pfsenseThe developers of pfSense have released version 2.1.5. Some of the changes include DHCPD configuration, CARP+IP alias VIP functionality, Firewall Logs Widget, and many more.

The 2.1.5 release follows shortly after 2.1.4 and is primarily a security release.

Security Fixes

To see a full list of the changes, check out the following post: https://blog.pfsense.org/?p=1401

Download the release/update here: https://www.pfsense.org/download/

pfSense 2.1.4-RELEASE now available

pfsenseThe developers of pfSense have just made available version 2.1.4. This released comprises of security fixes as well as several minor fixes.

Packages also had their own independent fixes and need updating. During the firmware update process the packages will be reinstalled properly. Otherwise, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.

Head on over to the download page to get the ISO/upgrade file: https://www.pfsense.org/download/

Check out the official post here: https://blog.pfsense.org/?p=1377

pfSense 2.1.3 is released

pfsenseThe developers of pfSense have just released version 2.1.3. This version addresses security fixes seen in pfSense-SA-14_05.tcp and pfSense-SA-14_06.openssl. Other fixes include optimizations in the tools repository, and minor changes in OpenVPN, Correct Captive Portal, and DynDNS.

The pfSense® project is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

To read the full release notes, head on over to the official pfSense digest page: https://blog.pfsense.org/?p=1272

pfSense 2.1.2 release & updates

pfSense has released version 2.1.2 which addresses the known Heartbleed OpenSSL bug, as well as some minor fixes.

Download the latest release here: https://www.pfsense.org/download/index.html

In other news, pfSense has released information regarding m3.medium and m3.large Amazon EC3 instances:

The Netgate pfSense® marketplace AMI can run on the new m3.medium and m3.large instance types with significantly lower AWS usage charges than on the previously available m3.xlarge instance type.

The existing user guide now has a section that mentions “Protecting a private network in VPC”, or you can just read the new section on using VPC with pfSense.

For more blog notes check out the original posts here: https://blog.pfsense.org/?p=1253 and https://blog.pfsense.org/?p=1232