Download pfSense CE 2.7.0

Version 2.7 of the Community Edition of pfSense has been released. This package is based on the FreeBSD operating system and focuses on router and firewall tasks. It is available in the free Community Edition and a Plus version, which was previously offered as a Factory Edition. It started in 2004 as a spin-off from m0n0wall due to different views among the developers and over the years has grown into a router and firewall package that can be deployed in both small and very large environments. For more information please refer to this page. Version 2.7.0 is a major release that includes the switch to FreeBSD 14. The most important changes made in this edition are listed below.

Changes to pfSense CE 2.7.0 software

The latest information about the changes and new features in pfSense CE software can be found in the Release Notes. It is a best practice to review the Release Notes prior to any upgrade. Some of the key changes in version 2.7.0 include:

• Captive portal and limiters moved from ipfw to pf: pf is the default packet filter in pfSense software. These changes leverage L2 features previously added to pf and upstreamed to FreeBSD, and improve performance and stability of the captive portal by eliminating the need for packets to traverse both pf and ipfw.
• UPnP and multiple game systems: A fix has been added to address an issue with UPnP and multiple game systems. This resolves the problems some game systems experienced connecting to the internet when UPnP was enabled and multiple consoles are in use.
• New gateway state killing options: These options give the user more flexibility in how the firewall decides to kill states automatically during failover events and also adds several new manual ways to selectively remove states.
• Improved Firewall/NAT rule usability: The Firewall/NAT rule interface has been improved to make it easier to create and manage rules. This includes new buttons to toggle multiple rules and copy rules to other interfaces.
• Upgraded OpenVPN: OpenVPN has been upgraded to version 2.6.4. This includes a number of security fixes and performance improvements.
• Upgraded PHP: PHP has been upgraded to version 8.2.6. This includes a number of security fixes and performance improvements. This change may cause problems in packages that have not yet upgraded their use of PHP libraries.
• Moved to track the ‘main’ branch of FreeBSD: pfSense CE has been moved to track the ‘main’ branch of FreeBSD. This means that pfSense CE will now benefit from security updates and bug fixes more quickly, without incurring additional technical debt to backport to older versions of FreeBSD.
• Deprecated older IPsec transforms: This means that they will no longer be supported in this or future versions of pfSense software. Please check the release notes to determine if you need to migrate your IPsec infrastructure to a supported transform before updating.
• Added support for ChaCha20-Poly1305 to IPsec: ChaCha20-Poly1305 is also used in WireGuard and OpenVPN w/DCO, and provides an additional secure AEAD transform for all three VPN systems.
• Addressed issues with unbound crashes: A number of issues with unbound crashes have been addressed. These include a fix for an issue that could cause unbound to crash when receiving certain DNS queries.
• Added new packet capture GUI: A new packet capture GUI has been added, enhancing the ability to capture and analyze network traffic.
• Added UDP broadcast relay package: A new UDP broadcast relay package has been added. This package can be used to relay UDP broadcast packets between networks.