Over 550 issues are resolved, including bug fixes, new features and other significant changes.
Changes and updates to pfSense CE include:
The basic operating system has been updated to FreeBSD 12.2-STABLE
OpenSSL updated to 1.1.1
Performance improvements
Implementing the WireGuard Kernel , as mentioned in a previous post on the WireGuard blog
WireGuard is a new VPN Layer 3 protocol designed for speed and simplicity
The pfSense documentation site includes information on how to configure WireGuard, as well as examples of configuration recipes
IPsec enhancements
The configuration for the strongSwan IPSec back-end has been changed from the deprecated ipsec.conf / stroke format to the new swanctl / VICI format
Various tunnel configuration improvements, including better lifetime and rekey options, to avoid duplicate security associations
OpenVPN has been updated to 2.5.0
OpenVPN 2.5.0 now requires negotiating data figures, but also tries to be friendly with older customers
ChaCha20-Poly1305 is now supported, which is the same cipher used by WireGuard and can provide speed improvements on some platforms.
OpenVPN now disables compression by default because it is insecure, but can still decompress traffic received from clients while not transmitting compressed packets.
Certified Manager Updates
GUI now accepts renewal of certificate manager entries (certification authorities and certificates)
Notifications are generated for expiring certificate entries
Certificate keys and PKCS # 12 archives can now be exported with password protection
Added support for elliptic curve certificates (ECDSA)
Internal and imported CA inputs can be added to the trusted store at the system level
Significant changes in the backend of the captive portal and HA behavior
Upgrading from an earlier version to this version is possible from the graphical interface: