May 2023 Release: pfsense plus 23.05 New Features, Updates and Changes

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
foreign [Music] systems and pfSense plus 2305 was released on May 23rd of 2023. today is May 26th now they have a few changes that they made that will be covering and I'll talk about some of the UI changes but one of the first things I'll mention is one the upgrade has gone completely smooth I waited a few days to see what problems other people may have run into or any challenges I may have but of course I was running the beta and I just migrated some of our production systems right on over to the full release and that went really smooth of note you may have to click the pull down and click it back to the old version new version if you're running the beta it's kind of a weird little dance I did but that's all I had to do was solve it when it wouldn't see the new release from the beta but that's a pretty minor and easy thing to do I have tested the wire guard site to sites Norton cerakata and different machines don't run them at the same time at proxy and top NG openvpn openvpn with free radius as an authentication and all those seem to be working quite well there were a few issues on the date of release that seemed to take maybe 12 hours to get get fixed there were a couple packages that wouldn't start specifically with syslog NG but if you're watching this video today that problem was resolved already and that has been marked as closed so they've been really quick to fix everything also worth noting if you have the patch system loaded I've talked about this before it's a really cool package that will apply any hot fixes and there's no hot fixes as of the release of this video for 2305 but when you have the patch service loaded and you upgrade from the old version to 2305 it'll automatically walk out any patches that are not necessary and as I stated right now there are none necessary as a recording of this video so there's nothing you have to do in terms of that now let's jump over to the details to talk about what's new in this release there's a couple interesting things that I want to First go over the list and then we'll talk about some of the UI elements and how they relate and change this because they did a facelift on a couple things that I want to talk about and I'll leave a link to this blog post but quickly to go over it we have cryptographic acceleration changes so they've added more support for more acceleration specifically with the Intel qat the new packet capture GUI is really nice the experimental ethernet layer 2 filtering is something I want to experiment with I haven't really done any testing with it but I'll show you what the UI looks like for that they fixed a problem with the dynamic Gateway names the udb broadcast relay package on the other hand this is something that's going to be I'll have to find the time to go in depth on we'll just say that because there's videos I did in the past with the of eye package but the challenge is when you have different subnetching you have things that are expecting UDP broadcast it's not necessarily as easy as you think it's usually restrictive is the way you opt business firewalls but a lot of Home users using this are going to say hey I would like these devices on this subnet to be able to talk with restricted rules and relay this broadcast traffic back and forth for UDP broadcast and that's what this new plugin does is help facilitate that it's going to be something I can show you how the package loads it's going to take a little time to work out all the details there's probably going to be videos on different devices and how to get them to broadcast because it's not just click the button and turn it on it's about mapping the ports to make this work we now have unicast carp support and ATT residential fiber Network style wins this is an interesting feature that I've never really run into but I see a lot of discussion on it's because I just don't have any clients that are using ATT residential fiber for their Wan but there are third-party packages if I understood correctly a lot of people load to get this working and now they're building this right into PF sense to make this easier it's the way the authentication works and now also wireguard is installed by default it's still a package this is not effective upgrades or factory reset configurations only fresh installations they're just putting it in by default and I think that's pretty cool I really like the wire guard service I've been using it as a site to site it's no longer marked as an experimental package I really recommend if you have a site site you like to use wire guard hey go ahead and use it I have videos that I've talked about before about using wire guard now dewy doing some new videos about setting up site to site and all the details of it those are coming soon or maybe available already down in the link below with my psn's playlist now let's jump in and talk about some of the UI changes the first one I'm going to mention is under system Advanced firewall and that and this is where you want to turn on ethernet filtering experimental and we're going to get a new tab so if we go to firewall rules there's now an Ethernet tab over here and this is what gives you some of those extra layer 2 functionality I may do a future video on this after I do some experimenting or when this becomes less experimental but this is a pretty cool feature they have added on next one I'm talking about is go to Diagnostics and we're going to look at the packet capture it's very very similar to the way the packet capture was done before but we have a lot more granular tools where we can include any of or exclude all of a untagged filter or exclude all or include any of this can help you if you want to only capture a specific VLAN and all traffic related to it so you don't have to separate things out later through a larger packet capture it allows you to narrow things down such cool features to have all right here so if we're looking for a specific thing we can simply and I'll go ahead and reset all these to normal and then scroll down the bottom and we can just hit start and it will dump all the packets that you're doing here this is our lab system there's not too much on here you can see some of the things it's reaching out if we hit stop we'll scroll down we can download this it'll open up a standard pcap file that you can use in something like Wireshark or we can just clear the captures now we're going to jump back over to system Advanced miscellaneous we'll scroll down and this is where you just check a box provided you have a processor that supports it and to enable the ipsec multi-buffer cryptographic acceleration of note it does require a reboot to apply changes so make sure you have the changes set here whatever changes you may want here hit save restart and they're all going to be enabled now under Services I've installed the package for udb broadcast relay as I said that's just under service udb broadcast relay and this allows you to individually add on each one of these interfaces that you'll select the broadcast relay across these interfaces you give it an instant ID between 163 the UDP Port you want relayed IP address is optional then we're going to hit save and this will allow the relaying of that particular EDP Port across these two different interfaces so this is kind of interesting thing it'll be a more in-depth explainer coming later check their forums there's posts and people discussing how this works and how you may want to configure and set this up go ahead and save we'll actually delete this because it's not what I want I do not want to relay things across Wan now as I said I don't have an ATT Fiverr to do any testing with this but they did take the time to do a nice write-up in the documentation that netkey provides so you can look look through how to do the ATT connectivity and the bridging on VLAN PCP tagging they've got a write-up that explains exactly how to configure this like I said I don't have any particular way of testing it but hopefully this helps people out of getting this set up now I know there's still one more question people are asking and I want to make some clarifications on this I don't know when PF sends 2.7 is coming out but I do know it's closed because every time I've looked at it there's less and less bugs and it's getting closer to release they do a slower release cycle with the CE or Community Edition versus the EPF sense plus Edition but to be clear pfSense Plus is free for home users free for lab users you just register for it on their site and they did make a nice clarification in their statement that pfSense is still being built open source and the PF sense plus is essentially the derived add-ons that do have some closed Source plugins that come in on top of it I've got other videos where I've talked about the differences between PFS and CE and plus they do take more time to update the PSNS plus faster I'm aware of this as Everyone likes to discuss but it does not mean they have abandoned it because he still and you can download and test as I do I have another test server that I'm running pfSense 2.7 on I do the build releases on theirs I like to keep up with and test it to see what some of the differences are so yes the builds are still coming the work is still being done on that version just for clarification so people know I know every version they release a CE is allegedly the last version but hey so far that has not held up to be true despite all the years of people saying it nonetheless love hearing from you leave your thoughts and comments down below let me know what you like what you don't like if you got questions comments or concerns check out my PF sense playlist like And subscribe and all that fun stuff it's much appreciated as it helps out the channel and I'll see you over in the forums [Music] thank you [Music]
Info
Channel: Lawrence Systems
Views: 36,910
Rating: undefined out of 5
Keywords: LawrenceSystems, pfsense firewall, pfsense 23.05, pfsense plus, pfsense plus setup, pfsense plus upgrade, pfsense plus free, pfsense plus 23, pfsense plus vs ce, pfsense plus home, pfsense update, network security
Id: NFMzDBLvdhY
Channel Id: undefined
Length: 8min 42sec (522 seconds)
Published: Fri May 26 2023
Related Videos
Tutorial: pfsense and pfBlockerNG Version 3
Lawrence Systems
209K
host ALL your AI locally
NetworkChuck
704K
Why I am Not Using OPNSense
Lawrence Systems
56K
A Detailed Comparison of The Latest pfSense and UniFi Firewalls in July 2023
Lawrence Systems
83K
Comparing Top Overlay VPN Networks: Tailscale, Netbird, Netmaker, Zerotier
Lawrence Systems
57K
Don't Waste $1000 on Data Recovery
Linus Tech Tips
4M
Which VPN To Use In pfsense?
Lawrence Systems
82K
How To Guide For HAProxy and Let's Encrypt on pfSense: Detailed Steps for Setting Up Reverse Proxy
Lawrence Systems
63K
pfsense VS OPNSense
Lawrence Systems
293K
Differences Between pfsense CE and pfsense plus in February 2022
Lawrence Systems
52K
My pfSense Setup - VLANs, VPN, Firewall, DHCP
Raid Owl
79K
pfSense Firewall (totally) Rules! Basic rule setup...🤫
The Network Berg
134K
How To Troubleshoot and Diagnose Networking Issues Using pfsense
Lawrence Systems
29K
The 12 Linux Apps Everyone Should Know About
DistroTube
446K
Comparing pfSense Plus & pfSense CE: Cost and Key Differences Explained
Lawrence Systems
24K
Virtualize vs. Containerize (Which should I choose?)
Techno Tim
183K
How To Setup VLANs With pfsense & UniFi 2023
Lawrence Systems
185K
How to Setup The Tailscale VPN and Routing on pfsense
Lawrence Systems
79K
Switching from PFsense to OPNsense? Here's a basic setup
Mactelecom Networks
36K
UniFi Network Setup & Configuration Guide | 2023
Unified IT
208K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.