2.2-ALPHA Snapshots Available
-
Outbound NAT - in 2.2 you can keep Automatic Outbound NAT and then add some extra manual rules, thus having a "hybrid" outbound NAT. That will help when adding new LAN-style interfaces, changing LAN-style subnet numbers… The automatic outbound NAT rules can regenerate themselves without the user having to think, and still have the option to have a couple of extra special rules.
This is a bit of code I am planning to test out and use. -
i going for use pfsense dialy , but i want update pfsense alls day …
but i get this error in update manager ...Copy the path from the first message on this thread exactly. You have the wrong URL.
-
I've also made a few changes/additions to OpenVPN, the server options and client-specific overrides.
Eventually we'll have a page with a list of changes like for other versions
-
-
@ermal:
php-fpm instead of php in general.
More optimal usage of fcgi in general to avoid careless forking around.
strongswan instead of ipsec-tools.
Apart that not many other changes apart improvements in general and getting to FreeBSD 10.
And for the first time in a very long time, pfSense will be somewhat in-sync with the mainline FreeBSD tree.
FreeBSD 10 also has a much-improved 'pf'.
The "not many other changes" was intentional. By limiting the scope we stayed out of the mess that bogged down the 2.1 release.
The method used: Set an achievable goal; Meet it. Repeat.
-
Any planned improvements regarding better AES-NI support and performance?
-
any idea if there will be ECMP support?
it could enable loadbalancing when dealing with dynamic routing protocols like ospf, bgp, rip.
might it even help to solve the issue's with loadbalancing certain services like squid? What are the devs thoughts about this?thanks
-
Any planned improvements regarding better AES-NI support and performance?
It's in development but is not likely to make 2.2. More news on that will come later.
-
any idea if there will be ECMP support?
it could enable loadbalancing when dealing with dynamic routing protocols like ospf, bgp, rip.
might it even help to solve the issue's with loadbalancing certain services like squid? What are the devs thoughts about this?It's on our radar but not terribly important for 2.2 (see above, re: narrow scope) but if we stick to the plan then 2.3 won't be far off and it may make it there.
-
THANK YOU for this.
IGB drivers seem to perform flawlessly with minimal tuning and various routing quirks have vanished.
-
Any planned improvements regarding better AES-NI support and performance?
It's in development but is not likely to make 2.2. More news on that will come later.
The issue isn't "AES-NI" support. The issue is that AES-GCM isn't implemented in FreeBSD.
We're fixing that, but as jimp said, it's unlikely to make 2.2.
-
Any planned improvements regarding better AES-NI support and performance?
"Support for AES-NI instruction and intrinsics has been added to gcc. The aesni module has been improved to use pipelining when possible. This results in a significant speed up for AES-XTS and AES-CBC decrypt. " according to: https://wiki.freebsd.org/WhatsNew/FreeBSD10#Kernel.2C_hardware_support_.26_other_low_level_improvements
-
@ermal:
strongswan instead of ipsec-tools.
Does that mean we'll get IKE v2? I'm getting a bit tired of connecting to ASAs and having their admins make comments about having to "downgrade" their equipment.
@gonzopancho:
The "not many other changes" was intentional. By limiting the scope we stayed out of the mess that bogged down the 2.1 release.
The method used: Set an achievable goal; Meet it. Repeat.
Rapid, iterative development. That's the way to go. Glad to hear this.
-
"Support for AES-NI instruction and intrinsics has been added to gcc. The aesni module has been improved to use pipelining when possible. This results in a significant speed up for AES-XTS and AES-CBC decrypt. " according to: https://wiki.freebsd.org/WhatsNew/FreeBSD10#Kernel.2C_hardware_support_.26_other_low_level_improvements
I assume that 2.2 is built with LLVM and not gcc. LLVM has had AESNI for a few years now.
-
I saw one of the first posts mentions that you wanted CARP tested.
I can install this on my home setup secondary router and enable CARP again, should you be able to sync between 2.2 and 2.1-RELEASE (i386)?
-
@ermal:
php-fpm instead of php in general.
This is a fairly big improvement for memory usage.
On a 256mb system (ie ALix2d3), it should be safe enough to turn opcode caching back on which provides a nice performance win.
-
Gitsync master? Or other??
:)
-
Gitsync master? Or other??
:)
Master, until it gets branched. Gitsync is only marginally useful these days though.
-
Thanks! 8)
Just trying to break things until someone goes over and kicks the snapshot server. ;D
-
unable to install package SQUID 2.7 and squidguard
ERROR: No digital signature! If you are SURE you trust this PBI, re-install with –no-checksig option.
