 Tom here from our systems MPF sense plus 2305 was released on May 23rd of 2023 today is May 26 Now they have a few changes that they made that will be coming and I'll talk about some of the UI changes But one of the first things I'll mention is one the upgrade has gone completely smooth I waited a few days to see what problems other people may have run into or any challenges I may have but of course I was running the beta and I just migrated some of our production systems right on over to the full release And that went really smooth of note You may have to click the pull down and click it back to the old version new version if you're running the beta It's kind of a weird little dance I did but that's all I had to do is solve it when it wouldn't see the new release from the beta But that's a pretty minor and easy thing to do I have tested the wire guard site-to-site snort and Saracada and different machines don't run them at the same time AT proxy and top ng open VPN open VPN with free radius as an authentication and all those seem to be working quite Well, there were a few issues on the date of release that seemed to take maybe 12 hours to get fixed there were a couple packages that wouldn't start Specifically it was syslog ng But if you're watching this video today that problem was resolved already and that has been marked as closed So they've been really quick to fix everything also worth noting if you have the patch system loaded I've talked about this before it's a really cool package It will apply any hot fixes and there's no hot fixes as of the release of this video for 23.05 but when you have the patch service loaded and you upgrade from the old version to 23.05 It'll automatically walk out any patches that are not necessary and as I stated right now There are none necessary as a recording of this video. So there's nothing you have to do in terms of that Now let's jump over to the details to talk about what's new in this release There's a couple interesting things that I want to first go over the list And then we'll talk about some of the UI elements and how they relate and change this because they did a facelift on a couple things That I want to talk about and I'll leave a link to this blog post But quickly to go over it we have cryptographic acceleration changes So they've added more support for more acceleration specifically with the Intel QAT the new packet capture GUI is really nice The experimental Ethernet layer 2 filtering is something I want to experiment with I haven't really done any testing with it But I'll show you what the UI looks like for that They fixed a problem with the dynamic gateway names the UDB broadcast relay package on the other hand This is something it's gonna be I'll have to find the time to go in-depth on we'll just say that because There's videos I did in the past with the of I package But the challenge is when you have different subnetting you have things that are expecting UDP broadcast It's not necessarily as easy as you think it's usually restrictive is the way you want business firewalls But a lot of home users using this are gonna say hey I would like these devices on this subnet to be able to talk with restricted rules and Relay this broadcast traffic back and forth for UDP broadcast and that's what this new plugin does is help facilitate that It's gonna be something I can show you how the package loads It's gonna take a little time to work out all the details It's probably gonna be videos on different devices and how to get them to broadcast because you it's not just click A button and turn it on it's about mapping the ports to make this work We now have unicast carp support and AT&T residential fiber network style wands This is an interesting feature that I have never really run into but I see a lot of discussion on it It's because I just don't have any clients that are using AT&T residential fiber for their WAN But there are third-party packages I if I understood correctly a lot of people load to get this working and now they're building this right in the PF sense to make this easier It's the way the authentication works and now also wire guard is installed by default. It's still a package This does not affect up upgrades or factory reset configurations only fresh installations They're just putting it in by default and I think that's pretty cool. I really like the wire guard service I've been using it as a site-to-site. It's no longer marked as an experimental package I really recommend if you have a site site, you like to use wire guard. Hey, go ahead and use it I have Videos that I've talked about before about using wire guard I'll be doing some new videos about setting up site-to-site and all the details of it Those are coming soon or maybe available already down in the link below with my PF sense playlist Now let's jump in and talk about some of the UI changes The first one I'm going to mention is under system advanced firewall and that and this is where you want to turn on Ethernet filtering experimental and we're going to get a new tab So if we go to firewall rules, there's now an Ethernet tab over here And this is what gives you some of those extra layer to functionality I may do a feature video in this after I do some experimenting or when this becomes less experimental But this is a pretty cool feature that they have added on Next one on talk about is go to diagnostics and we're going to look at the packet capture It's very similar to the way the packet capture was done before but we have a lot more granular tools Where we can include any of or exclude all of a untagged filter or exclude all or include any of This can help you if you want to only capture a specific fee land and all traffic related to it So you don't have to separate things out later through a larger packet capture It allows you to narrow things down such cool features to have all right here So if we're looking for a specific thing we can simply and I'll go ahead and reset all these to normal And then scroll down the bottom and we can just hit start and it will dump all the packets that you're doing here This is our lab system There's not too much on here You can see some of the things it's reaching out if we hit stop We'll scroll down. We can download this It'll open up a standard pcap file that you can use in something like wire shark or we can just clear the captures Now we're going to jump back over to system advanced miscellaneous We'll scroll down and this is where you just check a box provided you have a processor that supports it and to Enable the ipsec multi buffer cryptographic acceleration of note. It does require a reboot to apply changes So make sure you have the changes set here Whatever changes you may want here hit save restart and they're all going to be enabled Now under services I've installed the package for udb broadcast relay as I said This is under service udb broadcast relay and this allows you to individually add on each one of these interfaces That you'll select the broadcast relay across these interfaces You give it an instant id between 163 the udp port you want relayed ip address is optional Then we're going to hit save and this will allow the Relaying of that particular udp port across these two different interfaces So this is kind of an interesting thing. It'll be a more in-depth explainer coming later I'll check their forums There's posts and people discussing how this works and how you may want to configure and set this up Go ahead and save and we'll actually delete this because it's not what I want I do not want to relay things across wan now as I said I don't have an at&t fiber to do any testing with this But they did take the time to do a nice write up in the documentation that netki provides So you can look through how to do the at&t connectivity and the bridging on vlan pcp tagging They've got a write up that explains exactly how to configure this Like I said, I don't have any particular way of testing it But hopefully this helps people out of getting this set up Now I know there's still one more question people are asking and I want to make some clarifications on this I don't know when pfSense 2.7 is coming out But I do know it's closed because every time I've looked at it There's less and less bugs and it's getting closer to release They do a slower release cycle with the ce or community edition versus the pfSense plus edition But to be clear pfSense plus is free for home users free for lab users You just register for it on your site and they did make a nice clarification in their statement That pfSense is still being built open source And the pfSense plus is essentially the derived add-ons that do have some closed source plugins that come in on top of it I've got other videos where I've talked about the differences between pfSense ce and plus They do take more time to update the pfSense plus faster I'm aware of this as everyone likes to discuss But it does not mean they have abandoned it because they still and you can download and test as I do I have another test server that I'm running pfSense 2.7 on I do the build releases on theirs I like to keep up with and test it to see what some of the differences are. So yes, the builds are still coming The work is still being done on that version just for clarification. So people know I know that every version they release a ce is you know, allegedly the last version But hey, so far that has not held up to be true despite all the years of people saying it Nonetheless, love hearing from you leave your thoughts and comments down below Let me know what you like what you don't like if you got questions comments or concerns Check out my pfSense playlist like and subscribe and all that fun stuff It's much appreciated as it helps out the channel and I'll see you over in the forums