Today pfsense 2.2 was finally released. Suffice to say we are excited. We have been testing pfsense 2.2 in the lab for over 6 months ever since the alpha build was available in 2014. pfsense 2.2 is a game changer, especially for those looking for a quick and easy to configure virtualized router and firewall.
Here is a bit more of our coverage on the pfsense 2.2 development:
- pfsense 2.2 enters beta
- pfsense 2.2 enters release candidate stage
Over the coming few weeks we will show a few guides on using pfsense 2.2 now that it is finally released. We have not only been running the software for months, but we have been running it virtualized on a Hyper-V 2012 R2 hypervisor. The hardware in the test system is a Supermiccro A1SAi-2550F which has a quad core Avoton processor. Our original configuration had only 4GB of RAM. Even with 4 Avoton cores and 4GB of RAM with a Microsoft hypervisor, we still had plenty of compute left over on the home network for other tasks.
The machine now has 32GB of RAM and handles not just router/ firewall duty (there are over 200 physical/ virtual machines on the lab network) but also a Ubuntu MAAS server and a small backup server.
One of the best features of virtualizing your router/ NAS is the ability to checkpoint and revert to previous checkpoints easily. For us, we kept many checkpoints over the life of the testing cycle, especially before each major upgrade:
When things went poorly due to a poor configuration choice, a bad package install/ upgrade or other issue, reverting to the previous checkpoint took a matter of seconds.
Here is a quick recap from our previous article:
Key Changes in pfsense 2.2
The biggest change with pfSense 2.2 is that pfSense 2.2 is based off of FreeBSD 10.1-RELEASE. That meant that the pfsense team did quite a bit of work modernizing the project. Here are some of the key changes:
- Upgrade to FreeBSD 10.1 from the previous 2.1 version based off of FreeBSD 8.3
- IPsec stack to include AES-GCM, and IKEv2
- Change to php-fpm
- BIND changed to Unbound
The bottom line here is that there is an absolutely massive upgrade in driver support as well as other key features (e.g. mutli-threaded pf support, better crypto acceleration and etc.)
Security fixes
pfsense 2.2 has been in RC status for some time now. One reason for this is a number of low-impact security fixes which have been incorporated and tested. These include:
- openssl update for FreeBSD-SA-15:01.openssl
- Multiple XSS vulnerabilities in web interface. pfSense-SA-15_01
- OpenVPN update for CVE-2014-8104
- NTP update FreeBSD-SA-14:31.ntp – though these circumstances don’t seem to impact pfSense.
Suffice to say, we are extremely excited and will have more soon. For now, check out the pfsense page to get your copy.
