pfSense CE 2.5.0 is now available for new installations and upgrades

Over 550 issues are resolved, including bug fixes, new features and other significant changes.

Changes and updates to pfSense CE include:

The basic operating system has been updated to FreeBSD 12.2-STABLE
OpenSSL updated to 1.1.1
Performance improvements
Implementing the WireGuard Kernel , as mentioned in a previous post on the WireGuard blog
- WireGuard is a new VPN Layer 3 protocol designed for speed and simplicity
- The pfSense documentation site includes information on how to configure WireGuard, as well as examples of configuration recipes
IPsec enhancements
- The configuration for the strongSwan IPSec back-end has been changed from the deprecated ipsec.conf / stroke format to the new swanctl / VICI format
- Various tunnel configuration improvements, including better lifetime and rekey options, to avoid duplicate security associations
OpenVPN has been updated to 2.5.0
- OpenVPN 2.5.0 now requires negotiating data figures, but also tries to be friendly with older customers
- ChaCha20-Poly1305 is now supported, which is the same cipher used by WireGuard and can provide speed improvements on some platforms.
- OpenVPN now disables compression by default because it is insecure, but can still decompress traffic received from clients while not transmitting compressed packets.
Certified Manager Updates
- GUI now accepts renewal of certificate manager entries (certification authorities and certificates)
- Notifications are generated for expiring certificate entries
- Certificate keys and PKCS # 12 archives can now be exported with password protection
- Added support for elliptic curve certificates (ECDSA)
- Internal and imported CA inputs can be added to the trusted store at the system level