• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HEADS UP: Snapshots moving to pfSense 2.5.0 on FreeBSD 12, expect initial instability

Messages from the pfSense Team
8
16
14.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jimp Rebel Alliance Developer Netgate
    last edited by Feb 13, 2019, 7:30 PM

    Currently if a firewall is tracking development snapshots it is running pfSense 2.4.5-DEVELOPMENT on FreeBSD 11.2-RELEASE-p8 and the snapshots have been reasonably stable, but that is about to change.

    pfSense 2.4.5 snapshots have been shut down so that we can prepare for the master branch to be switched over to pfSense 2.5.0 running on FreeBSD 12.x. The version bump to 2.5.0 was warranted due to the operating system moving to a new major version. Given the base OS change there is likely to be instability at this early stage as we find and fix things that are not working as we need them to be on FreeBSD 12.x. Undoubtedly there will be other OS and driver changes that we must account for, and that type of testing and debugging is the primary purpose of development snapshots.

    We are moving to FreeBSD 12.x for a variety of reasons. Primarily to keep current with FreeBSD releases, but also to pick up newer drivers, improvements to ARM support, pf, carp, UFS, ZFS, Amazon EC2, ntp, and more.

    We will be testing these snapshots internally first and then enabling them for public access when they are ready for wider testing.

    Once this changeover occurs, users on pfSense 2.4.5 snapshots will be offered an update to a 2.5.0 snapshot. Exercise caution before applying this update. Do not use these snapshots in production without testing in a lab setting first.

    The most significant impact for users that we can predict at this point will be packages. Several packages are failing to build on FreeBSD 12 due to changes in the base OpenSSL. Notably, squid and net-snmp do not build against the base OpenSSL, as well as relayd in the base system, among others. Some of these will temporarily be built against OpenSSL from ports until the other issues can be addressed.

    Additionally, the master branch of the git repository will now contain code for pfSense 2.5.0 / FreeBSD 12, so do not gitsync from a pfSense 2.4.5 snapshot. A full update to 2.5.0 is required.

    The original plan was to include a RESTCONF API in pfSense 2.5.0, which for security reasons would have required hardware AES-NI or equivalent support. Plans have since changed, and pfSense 2.5.0 does not contain the planned RESTCONF API, thus pfSense 2.5.0 will not require AES-NI.

    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

    Need help fast? Netgate Global Support!

    Do not Chat/PM for help!

    V 1 Reply Last reply Feb 18, 2019, 4:31 AM Reply Quote 5
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz Feb 13, 2019, 8:02 PM Feb 13, 2019, 8:02 PM

      So you mention openssl, so this brings in 1.1.1 and the ability to to do tls 1.3 I take it? To the gui and with ha proxy ssl offload I would hope.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      J 1 Reply Last reply Feb 13, 2019, 8:14 PM Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate @johnpoz
        last edited by Feb 13, 2019, 8:14 PM

        @johnpoz said in HEADS UP: Snapshots moving to pfSense 2.5.0 on FreeBSD 12, expect initial instability:

        So you mention openssl, so this brings in 1.1.1 and the ability to to do tls 1.3 I take it? To the gui and with ha proxy ssl offload I would hope.

        Yes, the base version of OpenSSL on FreeBSD 12.0-RELEASE is 1.1.1a at the moment, not sure if the one on snapshots will be that or slightly newer.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz Feb 13, 2019, 8:33 PM Feb 13, 2019, 8:31 PM

          Nice ! And ssh 7.8 sweet! Big jump from 7.5

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • S
            stephenkwabena
            last edited by Feb 16, 2019, 8:44 AM

            Thanks guys that now pfsense 2.5.0 will not required AES-NI processor. It was driving some us away from pfsense but now is not require, pfsense is the best... I love you guys for listening to us.

            W 1 Reply Last reply Feb 21, 2019, 4:04 PM Reply Quote 1
            • V
              vectr0n @jimp
              last edited by Feb 18, 2019, 4:31 AM

              The most significant impact for users that we can predict at this point will be packages. Several packages are failing to build on FreeBSD 12 due to changes in the base OpenSSL. Notably, squid and net-snmp do not build against the base OpenSSL, as well as relayd in the base system, among others. Some of these will temporarily be built against OpenSSL from ports until the other issues can be addressed.

              With regard to net-snmp as per this commit message it was fixed to build with the base openssl version.

              1 Reply Last reply Reply Quote 0
              • J
                jimp Rebel Alliance Developer Netgate
                last edited by Feb 18, 2019, 4:42 AM

                @vectr0n said in HEADS UP: Snapshots moving to pfSense 2.5.0 on FreeBSD 12, expect initial instability:

                With regard to net-snmp as per this commit message it was fixed to build with the base openssl version.

                It still fails with DTLS enabled, even with the current port. If that fixed it, it broke again in some other way.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • W
                  webdawg @stephenkwabena
                  last edited by Feb 21, 2019, 4:04 PM

                  @stephenkwabena said in HEADS UP: Snapshots moving to pfSense 2.5.0 on FreeBSD 12, expect initial instability:

                  Thanks guys that now pfsense 2.5.0 will not required AES-NI processor. It was driving some us away from pfsense but now is not require, pfsense is the best... I love you guys for listening to us.

                  I am still willing to bet that it will eventually require AES-NI.

                  https://www.netgate.com/blog/more-on-aes-ni.html

                  1 Reply Last reply Reply Quote 1
                  • J
                    jimp Rebel Alliance Developer Netgate
                    last edited by Feb 21, 2019, 4:46 PM

                    Eventually, yes, once we engineer and write the RESTCONF API. That isn't going to be in 2.5.0, however.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 1
                    • M
                      MarcoP
                      last edited by Feb 21, 2019, 4:52 PM

                      In System Update, should I leave it set to 2.4 snapshots or should I change it to 2.4 stable.

                      J 1 Reply Last reply Feb 21, 2019, 4:54 PM Reply Quote 0
                      • J
                        jimp Rebel Alliance Developer Netgate @MarcoP
                        last edited by Feb 21, 2019, 4:54 PM

                        @marcop said in HEADS UP: Snapshots moving to pfSense 2.5.0 on FreeBSD 12, expect initial instability:

                        In System Update, should I leave it set to 2.4 snapshots or should I change it to 2.4 stable.

                        Depends on what you want. If you don't want to be offered the 2.5.0 upgrade yet, set it to stable. If you want to pick up 2.5.0 snapshots when they are ready, then leave it set to snapshots.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        M 1 Reply Last reply Feb 21, 2019, 4:56 PM Reply Quote 0
                        • M
                          MarcoP @jimp
                          last edited by Feb 21, 2019, 4:56 PM

                          @jimp great thanks, 2.5.0 will be then

                          1 Reply Last reply Reply Quote 0
                          • B
                            behemyth
                            last edited by Feb 28, 2019, 8:11 PM

                            Out of sheer curiosity, do you guys have any idea of when the 2.5 images will be out for testing?

                            1 Reply Last reply Reply Quote 0
                            • J
                              jimp Rebel Alliance Developer Netgate
                              last edited by Feb 28, 2019, 8:18 PM

                              No ETA but it's getting closer. We have it upgrading and booting OK, but still a few more kinks to work out in our internal testing and then it should be ready for wider alpha testing.

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 2
                              • S
                                strangegopher
                                last edited by Mar 3, 2019, 7:16 AM

                                Can we expect new images by April?

                                J 1 Reply Last reply Mar 4, 2019, 1:44 PM Reply Quote 0
                                • J
                                  jimp Rebel Alliance Developer Netgate @strangegopher
                                  last edited by Mar 4, 2019, 1:44 PM

                                  @strangegopher said in HEADS UP: Snapshots moving to pfSense 2.5.0 on FreeBSD 12, expect initial instability:

                                  Can we expect new images by April?

                                  Almost certainly sooner than that, but we don't like to overpromise. They're getting closer.

                                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  1 Reply Last reply Reply Quote 4
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.