 We have since 2.5.0 development. Now this is not released yet. This is a development version like I'm pointing out here. Also, I don't know the date it's gonna be released. So we can just, you know, you can leave that a question if you want. I don't know. They don't do it based on a time date as much as when they feel there's enough features and all the little bugs are quashed, they then push it to production. They are not a company that works under the terms of move it, move fast, break fast type thing because, well, we certainly don't want that with our firewall. So I do appreciate their more methodical development methods which may take longer, but, you know, I'd rather have a bug-free firewall experience, especially because, well, it's a firewall. Back to the 2.5 version. So I'm not running this in production. I'm probably gonna move it as it seems to be stable enough that I'll start using it at home because, you know, worst case at home, I disrupt a few Netflix shows my wife is watching or something like that. But we do have a lot of lists of new features and we'll get to those in a second because first, this is how open source development works. One, it's done in the public. It's open to the community. So you can download development version. You can see it in action being developed and they have an entire process to reporting issues with PF Sense software. So there are methodologies by which they have a guide for to help you follow how the development process is going. And this doesn't just count for the beta. This also counts for if you wanna participate or assist in, you know, quashing bug reports. This is the way things get fixed. They do not get fixed by you ranting and saying this product is terrible because it doesn't support a certain thing or it crashes under a certain condition. If you're not helping to document that condition, you're not really contributing back the open source software. So they have an entire process by which to commit changes and things like that. They have a subreddit and a forum and they do admit that they use Redmine and Redmine is not a discussion forum. That's why this is highlighted. It is not a discussion platform where people first support. So first make sure you are very familiar with PF Sense and then if you do find an issue or find a bug or find a scenario, then work with part of the community to help fix that because it benefits all of us. All right, I'll leave links to this so you can redo it. PF Sense 2.5 new features and changes. It's a major OS version upgrade, open SSL upgrade, PHP and Python upgrade. So there's a lot of underlying that's different but interface-wise it's gonna be pretty much the same. This is the 2.5 development version and it doesn't look much different but for the noted changes. The first thing that this is just something that no matter how many blog posts or putting it at the very top as a warning message people still ask me this question at like every turn I thought it required AES and I. Also AES and I spent around for like, I don't know, eight or nine years I think. So processors have been around with this feature for a very long time. So I don't know why people made such a massive big deal that sometime there may be a requirement of AES and I in the processor but I guess people like running really old hardware that's older than that old, et cetera. But they have assured everyone it does not required. AES and I is not a required feature to run PF Sense 2.5. Let's get that out of the way and that way it'll wash those questions or maybe some people are just here to talk about that. Operating system architecture, I said 12 open SSL upgraded and there is a note about the open SSL upgrades. Because there's some differences in the later versions some things that rely on open SSL may have some problems in terms of some of the plugins while this is in beta. And they're, you know, this is all stuff that they're working on to fix. So security Rata, Relady does not function. Relady BSD port has changed to require a Libre SSL. There's no parent sign of work to make it compatible with open SSL. The HA proxy may still be used in its place but it is more as it is much more robust and complete than the load balancer. So they're deprecating that and, you know, focus on HA proxy which eventually I do want to do a video on known issues. This is the open SSL warning. And now let's dive into some of the cool features that are in here. There's a little bit changes to free radius which is cool. Fix URL based storing the last most entry list in the configuration, fix issue with PF tables remaining active after they have been deleted. So there's a little bug caution going on there, backup restorer, some updates there, better, you know, because it's going to use new open SSL so a stronger encryption there. This is where I wanted to start, though, in terms of features that I thought was really interesting is the captive portal. This particular feature that my client was really excited about because of the quantity of users. I think he's several thousand users if I'm not mistaken around his system and with captive portal, he uses to authenticate and set different speeds based on user names and passwords and manage the internet for these people. When you're doing that, one of the problems you're going into is, let me scroll down right here and it's preserve user database across reboots. So you have a thousand people and they log in and then they have to log in again because you updated the firewall so when a new version comes out or a power out and extended power outage and all those people start calling you saying, hey, I forgot what my login and password was, et cetera, et cetera, generally people, they're end users, they want to authenticate once. It's like an apartment complex essentially and the way you manage it with the captive portal so not everyone just gets internet. You have to have some type of password combination that they can offer or revoke but also if you reboot it would revoke all those. Again, they just have to do the portal login page because they like persistent logins. Now that can be preserved across reboot so that to me is a big feature change. There's a lot of other little things updated in there but that particular one is nice. They've added a lot of features to the way certificates works. There's a lot of a rat on that which is good. I haven't done a video yet on this but I plan to because the Acme system is one of the plugins you can get so you can use let's encrypt search with a variety of different DNS providers and then if you're doing something combining like captive portal for example with a let's encrypt search then you are able at that time to manage a HTTPS, a TLS connection to captive portal with a valid certificate and like I said, they've been a lot of little handling of making that a lot better. That's definitely a much improved there. DHCP, fixed handling of DHCP lease host names and minor changes there. Diagnostics, added reboot file system checked options from the GUI page. Now this is previously something that you can do from the command line. You can say reboot and check but now we go over here to diagnostics reboot and we can say normal reboot or file system check. So definitely neat. I like the fact that they added it there. That way I don't have to go to the command line if I wanted to just go ahead and do a file system check on reboot. Sometimes there's needs for that. Dynamic DNS updates, they're very cool there. Added support for Gandhi, Live DNS, Dynamic DNS. Now people ask me a lot of questions about this and I just don't have experience with PPOE connections or just not use very much with any of my clients that we currently have or generally in America I don't see them but it seems like whenever I get requests it's from someone overseas where it seems to be more prevalent. So it sounds like they do understand there's some issues with V landing and PPOE. I know people had this question comes up about the way they split the WAN VLAN with a PPOE pass through. It's something apparently some of the carriers do. I haven't run into this so I'm not versed in it but they are working on it. So hopefully that does quash whatever problem you may have been experiencing with it even though I'm not sure what that problem is. Lots of little updates and changes updating to IPsec. So added more support. So added a 25, 519 curve face IPsec, Diffie-Hellman and PF-Sense company. It's Diffie-Hellman DH and PFS groups. Enable strong swan and fixed IPsec configuration generation encryption options for every P2 and a given P1 are not duplicated. So a lot of minor changes here but those are important. Now this is another one where I'll say I'm pretty excited about is change logging system to plain text and log rotation. So the old binary clog format has been deprecated. I just like X logs, I'm partial to them. People have asked me about this before and I mean clog is okay, binary logs are okay. They have some use cases but they're being deprecated and PF-Sense so cool. And let me show you what it looks like now because they actually changed it a little bit. We do have a GUI service and OS boot in here now and we over here on the log settings, scroll down. You have the ability to log rotation of bytes, log compression types, nuns, Z standard, GZFBZF2, log rotation kind of thing. So it's gonna give them your standard.tgz or however you wanna rename them. I think this is kinda cool. So you can have a series of compressed logs. And there's a lot of different tools that can help handle that. And it's just a more common log format that I'm very used to. And this is great that they added this into the system here. Notifications, deprecate and remove ground notifications, added a daily certificate expiration notification settings and controls for that behavior, cool. I added GUI options for NP, sync, pull, intervals. But here's another one where there's definitely a lot more updates and let's actually take a look at that. So if we go over here to VPN, open VPN, I set up just a dummy VPN. And one of the things they did and I have solved some problems for people, you can't cross the pools now. Don't cross the streams and don't cross the pools. IPv4 tunnel network. The tunnel network was you're able to actually start reusing it and it would break things. And I've had to troubleshoot for people when the only problem they had was that they use the same tunnel network twice on two different open VPN and it says they couldn't figure out why things weren't working. Now they actually have that as a feature where it stops to check that to save you from yourself. So in this particular bug here, we can look at it and you can see you're here. Lots of newbies just pasted in as the tunnel network on their open VPN is this. This comes from an example set up somewhere. And it's funny because I actually see that a lot of people follow this on mine and they'll just pasted in exactly this, the 70.20 slash 24 because they copy one of my demos and then they'll make two of them. So yes, this is definitely, and by the way, it's kind of fun reading through all these comments on each of these to see the changes in action and the discussion around them. So our work says expected, exact matches are rejected, et cetera, so definitely pretty cool here that they've added that as a feature. Hopefully it'll save some people that are trying to set this up, some headache and troubleshooting because they'll say, oh, I've reused that same tunnel network before. Add exit notify to open VPN servers and clients and what does exit notify mean? That is the ping settings. So you can actually go in here and when it drops or causes open VPN after N seconds of an activity to go ahead and drop them off if you wanted to force a lot of people out, that is something you can do here and they've added all the menu options for it. Now, this is one of the cool things about PF Senses. These a lot of times are like custom parameters you can pass to open VPN as they update it, but one of the nice things about PF Senses is that they expose so much in the UI but then still leave you the option to if you ever had those extra parameters. So for those of you that wanted that feature and it's now there once again through some of the suggestions that come across. Routing, raid enable, raid X M path kernel option for multi-path routing, fix automatic static route set for DNS gateway bindings not being removed and no longer necessary. That is something that I think have covered in my dual WAN videos or failover WAN videos where there's some issues there where you have to make sure you have a DNS and set to each of the WANs. I believe it's all fixed now in this. It's an edge case if you have certain configurations. Fixed issues with checking updates to the GUI proxy authentication, cool. Created separate auto UFS, UFI and auto UFS BIOS installation up to avoid problems on hardware that boots differently and USB and non-USB disk. Yeah, UFI sometimes has problem with that. I'm not the biggest fan of UFI, but it's here, whatever, maybe I'm just old. It just has some pain in the butt things that can be annoying. It seems to always take longer to boot. Increase the number of colors available on the login screen, okay. These are those really minor things that happen, cool. Fixed empty lines in various terms throughout the UI. These are all those little things that I really like because it's always nice to see some visual enhancements on there. I don't want it to be a completely new interface because well, we like our firewalls being similar so I know where things are. But it's little things like, I noticed a couple of lines of forms are caused by using add input instead of add global. These are some of those little things where open source community is really that little bit of feedback of not just being able to say, hey, there's too many lines in it, but actually suggesting to them and giving the developers the feedback going, hey, we see this, and if you did this instead, it'd be more efficient than developer can validate that thought as a discussion in here and push it down to be closed and away you go with a pull request. So I think that's actually pretty cool that all this is being done. So that's pretty much it, like it's not, it is some significant under the hood, it's not significant in terms of interface. Like I said, so things are pretty much in the same places they were. Oh, I did gloss over one thing, but I will go back to it. If you're doing packet capture status, actually it's under diagnostics, packet capture. And you wanna do the packet capture. Now you have a few more options of host address and port number. So now you can do your packet capture and narrow it down to a port. Now this is very helpful when you wanna do larger packet captures, and you may have limited amounts of space on your system. Or just because you know what port the target data is going to be on that you're looking for, so you narrow it down to port, you just get a smaller capture file and there's less to sort out when you're using like wire shark, for example, to sort out those packets and figure things out and how it's working. So very cool if they added this as a port option and who knows what else they, what more little things that will be done before this reaches full development and becomes a release. But I'll leave a link to this on how to reboot very reporting. Like I said, this applies to current stable production version and beta versions for in terms of, how you report issues to PF sense. Feel free to read through all these discussions and you can get some wonderful insight that you don't get in closer software as to the reasons why they did things. Some people always rattle the cage and shake their hands in anger. I don't know why they did it this way. Well, a lot of times in open source that's the best part is there's an explanation for why they did something this way. And it's all done in a clear. It's all done in the open. So we know why it was developed. We can look at the code as it's being developed. All right, I'll leave links to all this so you can do some further reading. But if you have the ability to do some testing and help with the open source development of this, that would be awesome. And go ahead and check it out. It's free to download. All right, thanks. And thank you for making it to the end of the video. If you like this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon if you like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page, and let us know what we can help you with and what projects you'd like us to work together on. If you wanna carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos that are accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.