Netgate has announced the release of the latest version of pfSense, a compact distribution for creating inter-grid screens and network gateways. pfSense 2.7.0 is based on the FreeBSD code base and incorporates projects from the M0N0WALL project, as well as utilizing PF and Altq. The ISO-image for AMD64 is available for download, with a size of 472 Mb.
The distribution is managed through a user-friendly web interface, offering features such as Captive Portal, NAT, VPN (IPSEC, OpenVPN), and PPPOE for organizing user output in both wired and wireless networks. It also supports a range of options for limiting throughput, the number of simultaneous connections, traffic filtering, and fault-tolerant configurations based on Carp. Work statistics can be displayed in graphical or tabular form. In terms of authentication, it supports authorization of the local user base, as well as through Radius and LDAP.
Key changes in pfSense 2.7.0 include:
- The components of the base system have been updated to FreeBSD 14-Current, replacing the previously used FreeBSD 12. The transition to the Current branch offers the latest features and enhancements.
- Support for Chacha20-Poly1305 has been added to IPSEC, along with support for 3DES, BlowFish, Cast 128, and MD5 Hmac algorithms.
- The Captive Portal implementation and traffic limiters have been transferred to the use of the PF package filter instead of IPFW. This allows for the utilization of new PF capabilities, improving performance and stability.
- Issues with the internet connection of several game consoles using UPNP have been resolved.
- New options for automatic and manual reset of the state of the inter-grid screen have been added.
- The interface for setting up NAT and inter-grid screens has been enhanced for improved convenience, with the addition of buttons to change the condition of multiple rules at once and to copy rules to other interfaces.
- OpenVPN has been updated to version 2.6.4.
- PHP has been updated to version 8.2.6, replacing the previously used 7.4 branch.
- Issues with the emergency completion of the DNS server Unbound have been addressed.
- A new web interface has been introduced for controlling package capture and traffic analysis.
- Support for redirecting broadcast UDP packets between networks has been implemented.
For more information, please refer to the