Menü Schließen

pfSense Update 2.3.2-p1

pfSense Logo

Die Entwickler der Open Source Firewall, pfSense, haben das Maintenance Release der Serie 2.3.x in Version 2.3.2-p1 veröffentllicht. Neben der Fehlerbehebung von 34 Bugs, bringt dieses Release auch 2 neue Features mit.

pfSense Update 2.3.2_1
pfSense Update 2.3.2_1

Neben den aktuellen Updates von OpenSSL in FreeBSD wurden auch einige verwendete Pakete wie:

  • PHP auf 5.6.26
  • libidn auf 1.33
  • curl auf 7.50.3
  • libxml2 auf 2.9.4


Das Update ist wie immer relativ einfach und über die Web-GUI durchführbar. Zum nachlesen lohnt ein Blick in den Upgrade Guide

pfSense Update 2.3.2_1
pfSense Update 2.3.2_1

Leider gibt es noch folgende Reg ressions / Probleme zwischen den Versionen 2.2.6 und dem 2.3 Release:

  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223

pfSense 2.3.2-p1 Bugfixes und Features

# Tracker Status Priorität Thema
6824 Bug Rejected Normal Tab diagnostics does not recognize disk volume
6813 Bug Resolved Urgent 2.3.3 built on Fri Sep 23 11:34:50 CDT 2016 – segfaulting processes result in non-functional system
6801 Bug Resolved Normal Rule separators are moving when multiple firewall rules are deleted together
6788 Bug Resolved Low [2.3.3] Services – NTP – Settings: Prefer/No Select checkboxes invisible when adding entries
6780 Bug Resolved Normal status_logs_settings.php / Remote syslog options need to catch up with changes in syslog config
6771 Bug Resolved Normal Configuration backup count is not respected
6762 Bug Resolved Normal Please match the requested format error in Chrome when editing certain form fields
6759 Bug Resolved Normal system_authservers.php – LDAP “Bind Credentials” password is not masked
6730 Bug Resolved Normal dnsmasq – Ignoring query from non-local network
6724 Bug Resolved Low VLAN interface displayed wrong through interface assignment
6723 Feature Resolved Low Make OpenVPN widget update dynamically
6720 Bug Resolved High DHCPD Options in “Sub-“Pools ignored, dhcpd.conf does not contain informations, dhcpd therefore not serving
6716 Bug Resolved Normal services_unbound_acls: Network “Delete” button is not hidden if only on network listed
6715 Bug Resolved Normal diag_traceroute.php suggestions
6713 Bug Resolved Normal diag_tables table or alias or database?
6710 Bug Resolved Normal diag_resetstate.php confirmation prompt even if checkboxes unchecked
6709 Bug Resolved Normal diag_resetstate select or all?
6708 Bug Resolved Normal diag_sockets wrong info
6706 Bug Resolved Normal diag_routes Use a regular expression description or use
6705 Bug Resolved Normal diag_routes “Rows to display” is off by one
6704 Bug Resolved Normal diag_edit.php Go to Line limits
6703 Feature Resolved Normal diag_edit.php suggestion
6701 Bug Resolved Normal diag_authentication.php related status link
6700 Bug Resolved Normal dhcp6 Related log entries
6676 Bug Resolved Normal Delete NAT rule with associated firewall rule does not update firewall separators position

pfSense Release Notes 2.3.2-p1:

2.3.2 Update 1 (Pending)

  • FreeBSD-SA-16:26.openssl – Multiple vulnerabilities in OpenSSL. The only significant impact on pfSense is OCSP for HAproxy and FreeRADIUS.
  • Several HyperV-related Errata in FreeBSD 10.3, FreeBSD-EN-16:10 through 16:16. See for details.
  • Several built-in packages and libraries have been updated, including:
    • PHP to 5.6.26
    • libidn to 1.33
    • curl to 7.50.3
    • libxml2 to 2.9.4
  • Added encoding to the ‘zone’ parameter on Captive Portal pages.
  • Added output encoding to diag_dns.php for results returned from DNS. #6737
  • Worked around a Chrome bug with regular expression parsing of escaped characters within character sets. Fixes “Please match the requested format” on recent Chrome versions. #6762
  • Fixed DHCPv6 server time format option #6640
  • Fixed /usr/bin/install missing from new installations. #6643
  • Increased filtering tail limit for logging so searching will locate sufficient entries. #6652
  • Cleaned up Installed Packages widget and HTML. #6601
  • Fixed widget settings corruption when creating new settings. #6669
  • Fixed various typos and wording errors.
  • Removed defunct links to the devwiki site. Everything is on now.
  • Added a field to CA/Cert pages for OU, which is required by some external CAs and users. #6672
  • Fixed a redundant HTTP “User-Agent” string in DynDNS updates.
  • Fixed the font for sortable tables.
  • Added a check to verify if an interface is active in a gateway group before updating dynamic DNS.
  • Fixed wording of the “Reject leases from” option for a DHCP interface (it can only take addresses, not subnets.) #6646
  • Fixed error reporting for SMTP settings test.
  • Fixed saving of country, provider, and plan values for PPP interfaces
  • Fixed checking of invalid “Go To Line” numbers on diag_edit.php. #6704
  • Fixed off-by-one error with “Rows to Display” on diag_routes.php. #6705
  • Fixed description of the filter box on diag_routes.php to reflect that all fields are searchable. #6706
  • Fixed description of the box for the file to edit on diag_edit.php. #6703
  • Fixed description of the main panel on diag_resetstate.php. #6709
  • Fixed warning dialog when a box is unchecked on diag_resetstate.php. #6710
  • Fixed log shortcut for DHCP6 areas. #6700
  • Fixed the network delete button showing when only one row was present on services_unbound_acls.php #6716
  • Fixed disappearing help text on repeatable rows when the last row is deleted. #6716
  • Fixed dynamic DNS domain for static map DHCP entries
  • Added control to set dashboard widget refresh period
  • Added “-C /dev/null” to the dnsmasq command line parameters to avoid it picking up an incorrect default configuration which would override our options. #6730
  • Added “-l” to traceroute6 to show both IP Addresses and Hostnames when resolving hops on diag_traceroute.php. #6715
  • Added note about max ttl/hop limit in source comment on diag_traceroute.php.
  • Clarified language on diag_tables.php. #6713
  • Cleaned up the text on diag_sockets.php. #6708
  • Fixed display of VLAN interface names during console assignment. #6724
  • Fixed domain-name-servers option showing twice in pools when set manually.
  • Fixed handling of DHCP options in pools other than the main range. #6720
  • Fixed missing hostnames in some cases with dhcpdv6. #6589
  • Improved pidfile handling for dhcpleases.
  • Added checks to prevent accessing an undefined offset in
  • Fixed the display of the alias popup and edit options on source and destination for both the address and port on outbound NAT.
  • Fixed handling of backup config count. #6771
  • Removed some dangling PPTP references that are no longer relevant.
  • Fixed up/caught up remote syslog areas. Added “routing”, “ntpd”, “ppp”, “resolver”, fixed “vpn” to include all VPN areas (IPsec, OpenVPN, L2TP, PPPoE Server). #6780
  • Fixed missing checkboxes in some cases when adding rows on services_ntpd.php. #6788
  • Revised service running/stopped icons.
  • Added a check to CRL management to remove certificates from the drop-down list that are already contained in the CRL being edited.
  • Fixed rule separators moving when multiple firewall rules are deleted at the same time. #6801

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert