pfSense Plus RELEASE 24.11

This new version includes several major features, and many other enhancements and bug fixes:

• Multi-instance Management Early Look: This release offers a glimpse into the future of multi-instance management for pfSense Plus. A web GUI and a set of APIs for monitoring and managing multiple pfSense Plus instances are now available.Learn more about Multi-Instance Management here.
• Kea DHCP Enhancements: Continued improvements in the Kea DHCP service provide greater capabilities and significant improvements over the previous release, including:
  • High Availability: Kea now supports High Availability for IPv4 and IPv6
  • Simplified High Availability Setup: Kea DHCP uses a single, global High Availability configuration, which is easier to set up and manage than ISC DHCP’s per-interface configuration.
  • More Reliable Failover: Kea operates in “hot standby” mode, providing more reliable failover, especially when booting a secondary node.
  • Improved Security: Kea can synchronize lease data over the SYNC interface for security and ease of use, and can optionally encrypt the sync data for added protection.
• Kea DHCP DNS Resolution: The Kea DHCP daemon now integrates with the Unbound DNS Resolver to provide automatic DNS registration. This means: 
  • DNS Registration of DHCP Clients: DNS records are updated dynamically on-the-fly, they do not require a resolver restart and are not disruptive.  This works for IPv4 and IPv6.
  • Improved Update Detection: With Kea, pfSense Plus software uses an extension that allows Kea itself to trigger DNS changes for lease events. With ISC DHCP, pfSense software used a dedicated daemon that monitored DHCP leases externally and triggered DNS updates based on that detection. This daemon was running and consuming resources as long as the feature was enabled, and it was not always reliable.
  • No Service Interruptions: The older method of updating ISC DHCP resulted in an interruption of DNS service any time a DNS record changed. This was especially problematic on busy networks or environments where the DNS resolver did not restart quickly. The new method of updating DNS records in the resolver utilizes features of Unbound which allow for seamless updates, without the need to restart the Unbound service.
• System Aliases in Custom Rules: Users can now use built-in system aliases (like bogons, vpn_networks, etc)) in custom firewall rules. This improves rule management efficiency and standardization. 
• NTP Authentication: This release implements NTP client authentication support, enabling secure time synchronization across networks.

These updates are designed to improve the functionality and security of pfSense Plus, making it a more robust and versatile network management solution.