14 DAY TRIAL // Rubicon Communications' Jim Pingle announced the release of the pfSense 2.4.0 operating system, a major release that introduces support for new devices, new features, and numerous improvements.
Based on the latest FreeBSD 11.1 operating system, the pfSense 2.4 release comes with an all-new installer based on bsdinstall and featuring support for the ZFS file system, UEFI machines, as well as multiple types of partition layouts, including the widely used GPT and BIOS.
Being a massive update, pfSense 2.4 also adds support for Netgate ARM devices like SG-1000, translations for 13 new languages, and support for the OpenVPN 2.4 series, which feature TLS encryption, AES-GCM ciphers, Negotiable Crypto Parameters (NCP), and dual stack/multihome.
"pfSense software version 2.4.0 was a herculean effort! It is the culmination of 18 months of hard work by Netgate and community contributors, with over 290 items resolved," said Jim Pingle. "According to Git, 671 files were changed with a total 1651680 lines added, and 185727 lines deleted."
WebGUI, Certificate Management, and Captive Portal improvements
With the pfSense 2.4 update, the developers revamped the Captive Portal to work without multiple instances of the IPFW stateful firewall, added international character support and CSR signing to Certificate Management, and improved the handling of GET/POST CSRF, as well as of AJAX in the Dashboard and WebGUI.
A new login page is also available for the WebGUI in pfSense 2.4, which inherits many of the enhancements and new features of FreeBSD 11.1, including up-to-date 802.11 wireless stack and IPsec kernel implementation, support for Microsoft Hyper-V Generation 2 virtual machines, and Elastic Networking Adapter (ENA) support.
Of course, pfSense 2.4 also ships with numerous other security enhancements, such as support for address space guards to patch the infamous "Stack Clash" vulnerability, and a bunch of new or updated hardware drivers to support more devices. A complete changelog is available in the release notes.
32-bit and NanoBSD installation images are no longer supported
Starting with this release, pfSense no longer provides 32-bit (x86) or NanoBSD installation images. This means that you'll have to install pfSense 2.4 only on 64-bit capable computers. Existing NanoBSD installs on 64-bit hardware must be reinstalled as well, and 32-bit installations will continue to receive security update for one year.
If you want to install the pfSense 2.4 operating system on your infrastructure, first make sure you have 64-bit machines, and then you can download the installation image from our web portal or the official website. All users running pfSense 2.3.x on 32-bit machines must reinstall, the rest need only to update their 64-bit installations.