Difference between revisions of "2.4.3 New Features and Changes"

From pfSense Documentation
Jump to: navigation, search
Line 2: Line 2:
=Security / Errata=
=Security / Errata=
* [https://security.freebsd.org/advisories/FreeBSD-SA-18:01.ipsec.asc FreeBSD-SA-18:01.ipsec]
* Kernel PTI mitigations for Meltdown
* Kernel PTI mitigations for Meltdown
* Added validation for RRD parameters to ensure passed filenames are valid [https://redmine.pfsense.org/issues/8269 #8269]
* Added validation for RRD parameters to ensure passed filenames are valid [https://redmine.pfsense.org/issues/8269 #8269]

Revision as of 14:28, 7 March 2018

Security / Errata

  • Changed sshd to use delayed compression #8245
  • Increased PHP-FPM resources on systems with over 1GB RAM to improve performance #8125
  • Imported a netstat fix for ARM platforms to improve performance and reduce CPU usage, especially on the Dashboard #8237
  • Fixed a memory leak in the pfSense_getall_interface_addresses() function in the pfSense PHP module #8249

Traffic Shaping / Limiters

  • Fixed hangs due to Limiters and pfsync in HA #4310
  • Added the Chelsio cxl driver to the list of ALTQ capable interfaces #7607
  • Fixed an issue with limiters that had fractional bandwidth values #8091
  • Changed status_queues.php to provide 'realtime' statistics #8185


  • Changed IPsec Phase 1 to allow selecting both IPv4 and IPv6 so the local side can allow inbound connections to either address family #6886
  • Changed IPsec Phase 1 to allow configuration of multiple IKE encryption algorithms, key lengths, hashes, and DH groups #8186
  • Fixed a problem when IPsec bypasslan was enabled while the LAN interface is disabled or doesn't have an IP address #8239
  • Added IPv6 LAN Network to the IPsec LAN bypass list #8321


  • Fixed an error message encountered by a few users when manually killing OpenVPN connections #8266
  • Added an OpenVPN tap bridge configuration option to push the bridged interface address to clients as a route-gateway for routes/redirects #8267
  • Added an option to the DNS Resolver which allows registering the CN of OpenVPN clients as hostnames #6847
  • Added an option to OpenVPN clients and servers to suppress creation of IPv4 or IPv6 gateway addresses for an interface #6848
  • Fixed issues with OpenVPN when using a /31 IPv4 Tunnel Network #8261
  • Updated the OpenVPN wizard with the current UDP and TCP protocol selections #8298
  • Added the interface for a VPN to the OpenVPN client and server list screens


  • Changed SMTP notifications handling so they are batched, to avoid sending multiple e-mail messages in a short amount of time #4031
  • Added a notification when the firewall boot sequence is complete #7643


  • Fixed issues with the IPsec dashboard widget causes GUI failure #6318
  • Changed the Dynamic DNS Widget so it shows the description of custom entries to identify them #7843
  • Fixed a reference to deprecated updateGatewayDisplays() function in the Gateways dashboard widget #8303
  • Added a setting to the temperature widget to display readings in Fahrenheit 8205


  • Added an option to the DHCP Server Dynamic DNS configuration to set the server key algorithm #6621
  • Added DDNS Client Updates option to DHCPv4 #7131
  • Fixed handling of the DHCPv6 DDNS reverse zone key #6319
  • Fixed DHCPv4 static mappings so that multiple MAC for same DHCP address or hostname are allowed #8220
  • Fixed a potential issue in detecting primary/secondary node in a failover configuration
  • Improved DHCP relay destination interface discovery
  • Fixed DHCPv6 lease display for entries that were not parsed properly from the lease database #7413

Dynamic DNS

  • Added an option for RFC 2136 Dynamic DNS server key algorithm #8244
  • Added an option for RFC 2136 source address used to send updates #8278
  • Fixed issues with Dynamic DNS updates using a gateway group when the primary route is down #8333
  • Added GoDaddy Dynamic DNS provider

Interfaces / VIPs

  • Fixed issues on assign_interfaces.php with large numbers of interfaces #6400
  • Fixed handling of CARP VIPs on disabled interfaces at boot time #6677
  • Fixed issues with radvd being enabled on a disconnected interface #6974
  • Fixed issues with rtsold on VLAN interfaces #7412
  • Fixed issues with dhcp6c lock files after unclean shutdown when using "Do not wait for an RA" on IPv6 WAN interface #8106
  • Added a feature to allow pppoe on a CARP VIP so it will only be active on whichever node is master #8184
  • Fixed an error when editing PPP interfaces on a system with no VIPs #8322
  • Added VLAN priority tagging for DHCPv6 client requests #8200
  • Added support for configuring the DUID type for an IPv6 interfaces #8191
  • Allow custom INIT string for PPP modem SIM Pin and APN settings
  • Added an indicator for disabled interfaces on status_interfaces.php
  • Fixed an issue with the PPP linkup and linkdown scripts and cellular modems
  • Fixed the NID generation utility to work with systems having more than 16 hardware interfaces #8319


  • Fixed reinstall process for missing packages #8183

Captive Portal

  • Fixed Pass-through MAC automatic additions so it does not add duplicate entries #8226
  • Fixed a missing global definition in Captive Portal pass-through MAC removal #8238
  • Fixed Captive Portal voucher sync errors when vouchers are expired or disconnected while the secondary node is master #8317
  • Fixed Captive Portal voucher synchronization between HA nodes #7972


  • Fixed automatic SAN handling when the CN of a certificate contains a space #8252
  • Fixed input validation for Certificate SAN values to disallow IP addresses for FQDN/Hostname entries #8275


  • Fixed handling of the Router Lifetime value on services_router_advertisements.php so it allows a value of 0 #7502
  • Added ospf6d to the routing log
  • Allow recursive aliases to be used with static routes


  • Fixed various pf "busy" errors when the ruleset is reloaded
  • Fixed issues with editing firewall rules in non-English languages that contain single quotes in translated strings #8219
  • Added an option to disable drag-and-drop of firewall and NAT rules
  • Added a check to prevent 1:1 NAT rules with missing information from being added to the ruleset
  • Added firewall rule tracking ID to rule list (in counter tooltip) and firewall rule edit page #8348
  • Fixed cases where automatic or scripted rules were not getting tracking IDs #8353


  • Fixed issues with XMLRPC user account synchronization causing GUI inaccessibility on secondary HA nodes #7469
  • Fixed an issue where a user with no privileges could not logout #8297
  • Increased maximum username length from 16 to 32 characters to catch up to the current allowed length in FreeBSD
  • Fixed required field markings on LDAP authentication server configuration fields #8337
  • Fixed display of the LDAP host when testing the GUI authentication source #8338


  • Fixed NTP Status server time for zones with minute offsets (fractions of an hour) #8129
  • Added support for custom shutdown scripts in /usr/local/etc/rc.d #8182
  • Fixed a references to an undefined function while restoring a config.xml file from an older version #8231
  • Added support to diag_packet_capture.php to capture traffic on the loopback interface #8257
  • Fixed an issue with the RAM disk warning pop-up appearing when no changes were made #8268
  • Fixed an issue with the address familiy selection for remote syslog servers using IPv6 #8323
  • Silenced warnings from sysctl that otherwise went to stderr
  • Added a disk size check to ZFS to prevent it from being used on disk which are too small to contain the OS and swap space #7308