New pfSense Plus 25.03-BETA is here!

netblues

@keyser If betas uncover issues, they need to be fixed, There isn't much value pushing out half baked code and then release fixes that need to be tested in production environments AGAIN.
Rebooting firewalls in production with new firmware is never for the faint at heart.

Additionally 25.03 is in sync (if not based) on 2.8ce (which has a release candidate too)
At least freebsd version is the same (and had the same issues too).

For what is worth, 25.07 might get skipped and go for an early November update, (25.03 stands for March 2025) but in essence this is rather irrelevant since its the features (and stability) that counts, not the versions.

SteveITS

@netblues said in New pfSense Plus 25.03-BETA is here!:

Additionally 25.03 is in sync (if not based) on 2.8ce (which has a release candidate too)

But 2.8 has been released, many many minutes ago! (/s)

My comment a couple years back was that using year.month notation would always imply a release date and thus “get Netgate into trouble” by setting expectations, three times per year. IOW, if it was named “25.A” we’d just be waiting.

Microsoft went through that with Windows 10 and eventually changed to two releases a year, then H1/H2 numbering, then just H2 with new features being added along the way.

netblues

@SteveITS Comparing Microsoft to Netgate has its own merits :)
Do you really think that expect from the ones that lurk in this forum, anyone has a clue what 25.03 really stands for?

In any case its nice to see 2.8ce released, and its rater safe to expect a plus rc really soon.

I guess all those comments regarding abandoned ce version are now irrelevant too.

netblues

@netblues said in New pfSense Plus 25.03-BETA is here!:

@SteveITS Comparing Microsoft to Netgate has its own merits :)
Do you really think that apart from the ones that lurk in this forum, anyone has a clue what 25.03 really stands for?

In any case its nice to see 2.8ce released, and its rater safe to expect a plus rc really soon.

I guess all those comments regarding abandoned ce version are now irrelevant too.

SteveITS

@netblues said in New pfSense Plus 25.03-BETA is here!:

all those comments regarding abandoned ce version are now irrelevant too.

Are you kidding?? There's no source code available for 2.9! :(

netblues

@SteveITS So does this make it an abandoned project?

Gertjan

@SteveITS

No source (code ?) for 2.9 ?

Took me one click to find this https://github.com/pfsense/pfsense :

and just for fun, see what marcos-ng wrote a couple of hours ago : it's a solution for the IGMP firewall log issue, see elsewhere on the forum.
So, that one didn't make it into 2.8.0 and will be part a future version, let's say "2.9.0".

I probably just listed the first official System path for 2.8.0
And because pfSense plus 25.0x will come out later on this solution will get included.

ITSGS_

I just updated my SG4200 to 25.03. BETA which worked flawlessly. I'm using ACME, DDNS, pfBlockerNG, OpenVPN, Unbound. Also switched to new PPoE method. It fixed the Ram Drive size and it seems that I no longer have problems connecting to MS Teams. In the past couple of months I had to update (change MTU or something else) my PPoE WAN Interface to be able to join MS Teams meetings. After 1-2 hours I had to reset the WAN Interface again to be able to join again. Up until today I was not able to figure out what it was, but it seems that it is fixed now.

netblues

@ITSGS_ Rest assured, your issues with teams and previous versions have nothing to do with pfsense per se or pppoe. Far too many users are doing exaclty the same, for years now.

These are provider things, that just happened to be fixed at the same time period.

ITSGS_

@netblues I'm not too sure about that. My neighbour is working at the same company and has the same internet provider but a different router. He had no issues. I just wanted to let the internet know in case someone has the same problem.

netblues

@ITSGS_ If there are mtu issues then nothing really works.
Same goes for disconnections.
In a ppp connection it always take two to tango
One is the isp bras and the other is the pppoe client.

Since the protocol is far too old to have issues, switching to the new, multi kernel optimized version, can't solve anything on the mtu or stability side too.

I don't say what you observed is untrue.
However doing a root cause analysis here seems impossible.

ITSGS_

@netblues All true what you said. I do not know the cause. I neither captured packages or did anything else. It's just "a guess". But the information that it works after switching to the BETA might help somebody searching for a "easy" solution.

Next time I won't be lazy and start a topic about it. :-)

Gertjan

The final Beta ? :

fingers crossed : the RC will be coming out soon now.

netblues

@Gertjan The final countdown (the song)
Upgraded (dirty) under kvm.
No issues

Gertjan

One minor thing that might need some looking after :
The 'console' boot sequence needs some polishing.

This :

Syncing OpenVPN settings...done.
ovpn0: changing name to 'ovpns1'
Configuring firewall......done.
Starting PFLOG...done.
Setting up gateway monitors...done.
Setting up static routes...igc0: link state changed to UP
2025-06-11T09:25:35.113521+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.linkup: Ignoring link event during boot sequence.
done.
Setting up DNSs...
arp: 192.168.1.20 moved from 28:70:4e:62:31:5d to 0c:ea:14:44:4a:38 on igc0
2025-06-11T09:25:35.415824+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.linkup: Ignoring link event during boot sequence.
2025-06-11T09:25:35.529452+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.newwanip: rc.newwanip: Info: starting on ovpns1.
2025-06-11T09:25:35.529968+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.newwanip: rc.newwanip: on (IP address: 192.168.3.1) (interface: VPNS[opt3]) (real interface: ovpns1).
2025-06-11T09:25:35.757933+02:00 pfSense.bhf.tld php-fpm 580 - - /rc.linkup: Ignoring link event during boot sequence.
2025-06-11T09:25:35.841945+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: rc.newwanipv6: Info: starting on ix3 due to RELEASE.
2025-06-11T09:25:35.843195+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: rc.newwanipv6: on (IP address: 2a01:cb19:dead:beef:92ec:77ff:fe29:392a) (interface: wan) (real interface: ix3).
2025-06-11T09:25:35.855015+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.newwanip: Removing static route for monitor2001:41d0:2:927b::3 and adding a new route through fe80::46d4:54ff:fe2a:3600%ix3
2025-06-11T09:25:35.872420+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.newwanip: Removing static route for monitor94.23.251.218 and adding a new route through 192.168.10.1
2025-06-11T09:25:35.907848+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: Removing static route for monitor2001:41d0:2:927b::3 and adding a new route through fe80::46d4:54ff:fe2a:3600%ix3
2025-06-11T09:25:35.930399+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: Removing static route for monitor94.23.251.218 and adding a new route through 192.168.10.1
Starting DNS Resolver...2025-06-11T09:25:36.991434+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: The command '/usr/local/bin/dpinger -S -r 0 -i WAN_DHCP6 -B 2a01:cb19:dead:beef:92ec:77ff:fe29:392a -p /var/run/dpinger_WAN_DHCP6~2a01:cb19                                                                                                              :dead:beef:92ec:77ff:fe29:392a~2001:41d0:2:927b::3.pid -u /var/run/dpinger_WAN_DHCP6~2a01:cb19:dead:beef:92ec:77ff:fe29:392a~2001:                                                                                                              41d0:2:927b::3.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 75  2001:41d0:2:927b::3 >/dev/null                                                                                                              ' returned exit code '1', the output was ''
2025-06-11T09:25:36.991546+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: Error starting gateway monitor for WAN_DHCP6
2025-06-11T09:25:37.732088+02:00 pfSense.bhf.tld php-fpm 82005 - - /rc.newwanipv6: rc.newwanipv6: Info: starting on ix3 due to REQUEST.
2025-06-11T09:25:37.734539+02:00 pfSense.bhf.tld php-fpm 82005 - - /rc.newwanipv6: rc.newwanipv6: on (IP address: 2a01:cb19:dead:beef:92ec:77ff:fe29:392a) (interface: wan) (real interface: ix3).
2025-06-11T09:25:37.769153+02:00 pfSense.bhf.tld php-fpm 82005 - - /rc.newwanipv6: Removing static route for monitor 2001:41d0:2:927b::3 and adding a new route through fe80::46d4:54ff:fe2a:3600%ix3
2025-06-11T09:25:37.786286+02:00 pfSense.bhf.tld php-fpm 82005 - - /rc.newwanipv6: Removing static route for monitor 94.23.251.218 and adding a new route through 192.168.10.1
done.
Synchronizing user settings...done.
Configuring CRON...done.
Starting NTP Server...done.
Starting webConfigurator...done.
Starting Kea DHCP service...done.
Starting Kea DHCPv6 service...done.

...

The output of "/rc.newwanipv6" and "/rc.newwanip" needs to go to the system log, not on the the console output during this booting phase.
All these lines are informative, there are no warnings or errors.

ITSGS_

Just upgraded from last BETA to the current one. No issues so far.

Gertjan

Another one :

Current Base System : 25.03.b.20250610.1659
The "Juin 10" version is now installed.
Using a 4100 MAX : all is well.

Mandatory packages :

Netgate_Firmware_Upgrade 	23.05.01 
Nexus 	25.03.b.20250610.1659 	
aws-wizard 	0.12 	
ipsec-profile-wizard 	1.2.4 
openvpn-client-export 	1.9.5 
openvpn-client-import 	1.2_3 
System_Patches	2.2.21_2 (why is this package 'optional' ?)

My packages : the classic GUI / quality of live stuff :
acme 	0.9_1 
Avahi 	2.2_7 
Backup 	0.6.3 
Cron 	0.3.8_6 
Filer 	0.60.6_9 
Notes 	0.2.9_5 
nut 	2.8.2_5 
Shellcmd 	1.0.5_4 

Not really needed : very light DNSBL setup / Python mode :
pfBlockerNG-devel 	3.2.7

Because I like to things the hard way (auth captive portal):
freeradius3 	0.15.14

This is a production device (company).

ITSGS_

Update from 25.03.b.20250606.1549 to 25.03.b.20250610.1659 on my SG4200 worked.

drewsaur

Still two open bugs in 25.03 and we are just a few days away from July. I have a funny feeling this will get merged and only become a 25.07 release...

https://redmine.pfsense.org/projects/pfsense/roadmap#pfsense-plus-25.03

https://redmine.pfsense.org/projects/pfsense/roadmap#pfsense-plus-25.07

Gcon

@drewsaur based on
@netblues said in New pfSense Plus 25.03-BETA is here!:

Additionally 25.03 is in sync (if not based) on 2.8ce (which has a release candidate too)

I am expecting 25.03 to be released, and not skipped/merged into a later release. I don't care for the "older" .3 number - it's just a number. No one really expected the final version to be released in March anyway. It would create a lot of issues to change that now, and solve nothing.

Many people bootstrap Plus off CE. Thus, it makes sense to keep the underlying OS versions of both in sync. At worst, Plus can be ahead of CE, but it should never be behind - at least not for long. By "underlying OS", I mean FreeBSD kernel, drivers, core libraries etc. It would be a horrible thing for a customer to have hardware supported by CE (and be running happily on that), then pay a license fee to "upgrade" to Plus, only to find upon upgrading, that everything breaks due to Plus being based on an older FreeBSD, and lacking driver/kernel support for the newer cutting-edge hardware.

Thus, the amount of time that CE is "ahead" of Plus should be kept to the absolute minimum. Since the latest CE has been out for about a month, the onus really is on Netgate now to get the latest Plus version out.

I will be upgrading one site to Plus from CE, where the customer is currently running on Plus (24.11). I am migrating this customer from vSphere to Proxmox, and will be making a lot of fundamental design choices around filesystems and VLANs. A fresh install (but restoring the existing firewall and NAT rules) is definitely the way to go. I plan on doing a fresh install of 2.8.CE first. Then after about a week or so with no deal-breaker issues, I'll get Netgate to migrate the existing Plus license to the new installation. That will be far safer than doing the install and license change all together in one weekend, then finding out on Monday that there are issues, but I can't spin up the old firewall VM as I've already migrated the license away. bow bowwww (game over you lose).

Ideally, I want to go from 2.8.CE to 25.03 (same underlying OS apparently), rather than than 2.8.CE -> 24.11 -> 25.03, given how close 25.03 must be.

Anyway, I really hope 25.03 is released very soon. I'm sweating on it, and each day since 2.8CE came out I'll have my morning coffee and check for it. I think I'll fall off my chair when I finally see it!