Software update: pfSense Plus 23.05

Spread the love

Netgate has released version 23.05 of pfSense Plus. This package is based on the FreeBSD operating system and focuses on router and firewall tasks. It is available in the free Community Edition and a Plus version, which was previously offered as a Factory Edition. The Plus version runs on the hardware that Netgate offers, as a virtual machine in AWS or Azure and can also be used for free on your own hardware in a private environment. However, unlike pfSense CE, it is not open source.

It started in 2004 as a spin-off from m0n0wall due to different views among the developers and over the years has grown into a router and firewall package that can be deployed in both small and very large environments. For more information please refer to this page. The changelog for this release looks like this:


  • This release includes support for cryptographic acceleration through the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB) which leverages special CPU instructions to accelerate several algorithms for multiple types of VPNs and other uses. See Cryptographic Accelerator Support for details.
  • This release includes experimental support for Ethernet (Layer 2) rules. See Ethernet (Layer 2) Rules for details.
  • As of this release, several new and recent features combined enable using the GUI alone to configure a setup compatible with the AT&T Residential Fiber Network. The same setup should work for any similar ISPs which require special handling such as Priority Code Point tagging on VLAN 0 and 802.1X authentication passthrough to a modem. Previous versions of pfSense Plus software required additional scripts (eg “pfatt”) and/or manual changes outside the GUI. There is a new configuration recipe which covers using these features in the GUI to configure this use case: WAN Connectivity with 802.1X Authentication Bridging and VLAN 0 PCP Tagging.
  • Unicast CARP support can be configured on a per-VIP basis for environments where multicast CARP cannot function. This is a step toward future enhancements in virtualization and cloud environments which are still under development, including high availability in AWS and Azure. See VIP Configuration Options for details.
  • WireGuard is now installed by default on new installations. This does not affect upgrades or factory reset configurations, only fresh installations.
  • Several improvements have been made to memory usage reporting and to reduce some reported cases of increased memory usage in the previous release. See Memory Management and ZFS Tuning for additional information on memory usage and tuning
  • A bug in 23.01 caused some automatic dynamic gateway names to be in mixed case instead of all upper case, which may have led to loss of connectivity until the default gateway or gateway group membership was updated. This bug has been corrected, but anyone who worked around the problem by changing gateway entries will have to correct them again once they have upgraded to 23.05.


  • pfSense-SA-23_06.webgui A potential Authenticated Command Execution vulnerability from the bridgeif parameter on interfaces_bridge_edit.php in the GUI. Note: Users of pfSense Plus software version 23.01, pfSense Plus software version 22.05.x, and pfSense CE software version 2.6.0 can obtain corrections for this issue from the Recommended Patches area of ​​the System Patches package.
  • pfSense-SA-23_07.kernel Denial of Service on pfSense Plus software version 23.01 due to a kernel panic from oversize IPv6 packets.
    Warning: There is no patch for this issue as it is a problem in the kernel. Users must upgrade to pfSense Plus software version 23.05 or later to correct the problem.

    This problem did not affect any version of pfSense Plus software prior to 23.01, nor does it affect any released version of pfSense CE software. Users of pfSense CE development snapshots must upgrade to a current snapshot to correct the problem.

Version number 23.05
Release status Final
Operating systems B.S.D
Website Netgate
License type Freeware/Paid
You might also like