New pfSense Plus 25.03-BETA is here!

netblues

@ITSGS_ If there are mtu issues then nothing really works.
Same goes for disconnections.
In a ppp connection it always take two to tango
One is the isp bras and the other is the pppoe client.

Since the protocol is far too old to have issues, switching to the new, multi kernel optimized version, can't solve anything on the mtu or stability side too.

I don't say what you observed is untrue.
However doing a root cause analysis here seems impossible.

ITSGS_

@netblues All true what you said. I do not know the cause. I neither captured packages or did anything else. It's just "a guess". But the information that it works after switching to the BETA might help somebody searching for a "easy" solution.

Next time I won't be lazy and start a topic about it. :-)

Gertjan

The final Beta ? :

fingers crossed : the RC will be coming out soon now.

netblues

@Gertjan The final countdown (the song)
Upgraded (dirty) under kvm.
No issues

Gertjan

One minor thing that might need some looking after :
The 'console' boot sequence needs some polishing.

This :

Syncing OpenVPN settings...done.
ovpn0: changing name to 'ovpns1'
Configuring firewall......done.
Starting PFLOG...done.
Setting up gateway monitors...done.
Setting up static routes...igc0: link state changed to UP
2025-06-11T09:25:35.113521+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.linkup: Ignoring link event during boot sequence.
done.
Setting up DNSs...
arp: 192.168.1.20 moved from 28:70:4e:62:31:5d to 0c:ea:14:44:4a:38 on igc0
2025-06-11T09:25:35.415824+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.linkup: Ignoring link event during boot sequence.
2025-06-11T09:25:35.529452+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.newwanip: rc.newwanip: Info: starting on ovpns1.
2025-06-11T09:25:35.529968+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.newwanip: rc.newwanip: on (IP address: 192.168.3.1) (interface: VPNS[opt3]) (real interface: ovpns1).
2025-06-11T09:25:35.757933+02:00 pfSense.bhf.tld php-fpm 580 - - /rc.linkup: Ignoring link event during boot sequence.
2025-06-11T09:25:35.841945+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: rc.newwanipv6: Info: starting on ix3 due to RELEASE.
2025-06-11T09:25:35.843195+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: rc.newwanipv6: on (IP address: 2a01:cb19:dead:beef:92ec:77ff:fe29:392a) (interface: wan) (real interface: ix3).
2025-06-11T09:25:35.855015+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.newwanip: Removing static route for monitor2001:41d0:2:927b::3 and adding a new route through fe80::46d4:54ff:fe2a:3600%ix3
2025-06-11T09:25:35.872420+02:00 pfSense.bhf.tld php-fpm 20265 - - /rc.newwanip: Removing static route for monitor94.23.251.218 and adding a new route through 192.168.10.1
2025-06-11T09:25:35.907848+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: Removing static route for monitor2001:41d0:2:927b::3 and adding a new route through fe80::46d4:54ff:fe2a:3600%ix3
2025-06-11T09:25:35.930399+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: Removing static route for monitor94.23.251.218 and adding a new route through 192.168.10.1
Starting DNS Resolver...2025-06-11T09:25:36.991434+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: The command '/usr/local/bin/dpinger -S -r 0 -i WAN_DHCP6 -B 2a01:cb19:dead:beef:92ec:77ff:fe29:392a -p /var/run/dpinger_WAN_DHCP6~2a01:cb19                                                                                                              :dead:beef:92ec:77ff:fe29:392a~2001:41d0:2:927b::3.pid -u /var/run/dpinger_WAN_DHCP6~2a01:cb19:dead:beef:92ec:77ff:fe29:392a~2001:                                                                                                              41d0:2:927b::3.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 75  2001:41d0:2:927b::3 >/dev/null                                                                                                              ' returned exit code '1', the output was ''
2025-06-11T09:25:36.991546+02:00 pfSense.bhf.tld php-fpm 581 - - /rc.newwanipv6: Error starting gateway monitor for WAN_DHCP6
2025-06-11T09:25:37.732088+02:00 pfSense.bhf.tld php-fpm 82005 - - /rc.newwanipv6: rc.newwanipv6: Info: starting on ix3 due to REQUEST.
2025-06-11T09:25:37.734539+02:00 pfSense.bhf.tld php-fpm 82005 - - /rc.newwanipv6: rc.newwanipv6: on (IP address: 2a01:cb19:dead:beef:92ec:77ff:fe29:392a) (interface: wan) (real interface: ix3).
2025-06-11T09:25:37.769153+02:00 pfSense.bhf.tld php-fpm 82005 - - /rc.newwanipv6: Removing static route for monitor 2001:41d0:2:927b::3 and adding a new route through fe80::46d4:54ff:fe2a:3600%ix3
2025-06-11T09:25:37.786286+02:00 pfSense.bhf.tld php-fpm 82005 - - /rc.newwanipv6: Removing static route for monitor 94.23.251.218 and adding a new route through 192.168.10.1
done.
Synchronizing user settings...done.
Configuring CRON...done.
Starting NTP Server...done.
Starting webConfigurator...done.
Starting Kea DHCP service...done.
Starting Kea DHCPv6 service...done.

...

The output of "/rc.newwanipv6" and "/rc.newwanip" needs to go to the system log, not on the the console output during this booting phase.
All these lines are informative, there are no warnings or errors.

ITSGS_

Just upgraded from last BETA to the current one. No issues so far.

Gertjan

Another one :

Current Base System : 25.03.b.20250610.1659
The "Juin 10" version is now installed.
Using a 4100 MAX : all is well.

Mandatory packages :

Netgate_Firmware_Upgrade 	23.05.01 
Nexus 	25.03.b.20250610.1659 	
aws-wizard 	0.12 	
ipsec-profile-wizard 	1.2.4 
openvpn-client-export 	1.9.5 
openvpn-client-import 	1.2_3 
System_Patches	2.2.21_2 (why is this package 'optional' ?)

My packages : the classic GUI / quality of live stuff :
acme 	0.9_1 
Avahi 	2.2_7 
Backup 	0.6.3 
Cron 	0.3.8_6 
Filer 	0.60.6_9 
Notes 	0.2.9_5 
nut 	2.8.2_5 
Shellcmd 	1.0.5_4 

Not really needed : very light DNSBL setup / Python mode :
pfBlockerNG-devel 	3.2.7

Because I like to things the hard way (auth captive portal):
freeradius3 	0.15.14

This is a production device (company).

ITSGS_

Update from 25.03.b.20250606.1549 to 25.03.b.20250610.1659 on my SG4200 worked.

drewsaur

Still two open bugs in 25.03 and we are just a few days away from July. I have a funny feeling this will get merged and only become a 25.07 release...

https://redmine.pfsense.org/projects/pfsense/roadmap#pfsense-plus-25.03

https://redmine.pfsense.org/projects/pfsense/roadmap#pfsense-plus-25.07

Gcon

@drewsaur based on
@netblues said in New pfSense Plus 25.03-BETA is here!:

Additionally 25.03 is in sync (if not based) on 2.8ce (which has a release candidate too)

I am expecting 25.03 to be released, and not skipped/merged into a later release. I don't care for the "older" .3 number - it's just a number. No one really expected the final version to be released in March anyway. It would create a lot of issues to change that now, and solve nothing.

Many people bootstrap Plus off CE. Thus, it makes sense to keep the underlying OS versions of both in sync. At worst, Plus can be ahead of CE, but it should never be behind - at least not for long. By "underlying OS", I mean FreeBSD kernel, drivers, core libraries etc. It would be a horrible thing for a customer to have hardware supported by CE (and be running happily on that), then pay a license fee to "upgrade" to Plus, only to find upon upgrading, that everything breaks due to Plus being based on an older FreeBSD, and lacking driver/kernel support for the newer cutting-edge hardware.

Thus, the amount of time that CE is "ahead" of Plus should be kept to the absolute minimum. Since the latest CE has been out for about a month, the onus really is on Netgate now to get the latest Plus version out.

I will be upgrading one site to Plus from CE, where the customer is currently running on Plus (24.11). I am migrating this customer from vSphere to Proxmox, and will be making a lot of fundamental design choices around filesystems and VLANs. A fresh install (but restoring the existing firewall and NAT rules) is definitely the way to go. I plan on doing a fresh install of 2.8.CE first. Then after about a week or so with no deal-breaker issues, I'll get Netgate to migrate the existing Plus license to the new installation. That will be far safer than doing the install and license change all together in one weekend, then finding out on Monday that there are issues, but I can't spin up the old firewall VM as I've already migrated the license away. bow bowwww (game over you lose).

Ideally, I want to go from 2.8.CE to 25.03 (same underlying OS apparently), rather than than 2.8.CE -> 24.11 -> 25.03, given how close 25.03 must be.

Anyway, I really hope 25.03 is released very soon. I'm sweating on it, and each day since 2.8CE came out I'll have my morning coffee and check for it. I think I'll fall off my chair when I finally see it!

netblues

@Gcon Its higly unlikely for any merge to happen. plus 25.07 does not exist at the moment.
It will only be a rename of 25.03 to 25.07, nothing more than that, so expect no issues.

As for licensing and migrations, things are not as hard as you thing.
Even after migrating you can spin up a saved vm, it will work you can just can't install updates or packages (at least automatically) giving you plenty of options.

Gertjan

@Gcon said in New pfSense Plus 25.03-BETA is here!:

and lacking driver/kernel support for the newer cutting-edge hardware

pfSense is FreeBSD based. That's the cutting edge network firewall OS.
Cutting-edge hardware is more a Microsoft or Apple thing.
A firewall needs a proven (over time ... FreeBSD => long time ...) CPU, known to be good RAM, if possible no realtek NIC, but Intel NIC.
And that's it. No flashy ventilo light, no bleutooth doorbell. The less, the better. It's a security device, not a gaming rig.
If important hardware uses chip sets that are publicly detailed, some one could write an (open source) driver for it. So, for example, no broadcom hardware as most of their chips are closed source.
Knowing that broadcom makes most of the Wifi equipment, you'll understand why FreeBSD has 'bad' Wifi support.