Downloads

Download PfSense 2.2.2

By admin
Spread the love

An update for version 2.2 of pfSense has been released. This package is based on the FreeBSD operating system and focuses on router and firewall tasks. It started in 2004 as a fork of m0n0wall due to differing views among the developers and over the years has grown into a router and firewall package that can be deployed in both small and very large environments. For more information, please refer to this page† The changelog for pfSense 2.2.2 looks like this:

Security/Errata Notices

  • FreeBSD-SA-15:09.ipv6: Denial of Service with IPv6 Router Advertisements. Where a system is using DHCPv6 WAN type, devices on the same broadcast domain as that WAN can send crafted packets causing the system to lose IPv6 Internet connectivity.
  • FreeBSD-SA-15:06.openssl: Multiple OpenSSL vulnerabilities. Most aren’t applicable, and worst impact is denial of service.

Rules / NAT

  • Added hidden config option to disable blocking of link-local IPv4 (169.254.0.0/16) for the rare instances where it’s required. Not recommended, violates RFC 3927
  • Fixed invalid ruleset generation when using port forwards with destination “any” on a DHCP client WAN-type interface, have pure NAT mode reflection enabled, and have the interface with link up but unable to reach a DHCP server for an extended period. #4564
  • Allow the use of version IPv4+IPv6 on firewall rules without restrictions on protocol. The former restrictions date back to earlier base software versions, and are no longer applicable.
  • Omit route-to from rules specifying a specific gateway when that gateway is forced down. #4566

IPsec

  • Enforce disabling or “prefer old SAs” option. When the GUI configuration checkbox was removed in 2.2.1, it fell through to the default of the underlying software in many cases, leaving the option enabled instead of disabled. Having this option enabled will cause connectivity problems after rekeying in many circumstances. Upgrading to 2.2.2 will fix this.
  • strongSwan upgraded to 5.3.0
  • Don’t apply mobile IPsec phase 2 PFS configuration to non-mobile IPsec. #4538
  • Correctly applying or uniqueid configuration. #4359
  • Bring back automatic exclusion of LAN subnet to LAN IP for scenarios where remote IPsec overlaps with local LAN subnet. #4504
  • Enable ike_name for daemon logging, adding connection identifiers to IPsec logs that can be correlated to output of ‘ipsec statusall’ (GUI log viewer integration to come).

DNS Forwarder/Resolver

  • Fix DNS registration or hostname “0” #4573
  • Domain overrides to multiple server IPs are possible in DNS Resolver. Add message noting this, and how to achieve it. #4350

wireless

  • Atheros wireless driver updated to latest from FreeBSD 11-CURRENT. Not many changes since 2.2.1-RELEASE. #4582
  • Wireless cards removed from ALTQ-capable interfaces (traffic shaper capability) since that isn’t supported at the moment. #4406
  • New option “auto” added for Standard. This omits configuring mode with ifconfig, which currently can trigger driver problems that don’t exist when not specified. Standard “auto” is preferred, and possibly required, for BSS and IBSS wireless modes with Atheros cards (at a minimum, potentially others).

IPv6

  • Make sure ‘DHCPv6 Prefix Delegation size’ is provided if ‘Send IPv6 prefix hint’ flag is checked to avoid generating invalid dhcp6c configuration file.
  • DHCPv6 Relay fixed. #4572
  • Allow “0” for id-assoc na ID, id-assoc pd ID, sla-id and sla-len DHCP6 configuration options. #4547
  • Fix the use of multiple prefixes in IPv6 router advertisements. #4468

Other

  • Clean up logic in OpenVPN resync code. Discussion here and additional change here
  • SSL certificate validation disabled for selfhost – their certificate chain had a problem that made OpenSSL fail verification, making the service non-functional. #4545 The provider fixed the issue after 2.2.2-RELEASE, so verification has been re-enabled for 2.2.3 and newer.
  • Fix error in traffic shaping wizard. #4529
  • Fix broken image path. #4530
  • A variety of minor text clean up in web interface.
  • Remove some code no longer used in a few places.
  • Clean up of code path when adding a new user. #4620
  • Make sure RRD backup is not restored when /var memory disk is not in use. #4531
  • PHP upgraded to 5.5.23

Version number 2.2.2
Release status Final
Operating systems BSD
Website pfSense Digest
Download
License type Conditions (GNU/BSD/etc.)
You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Rumor: EU starts investigation into Microsoft for including Teams with Office