|Version of the FreeBSD operating system|
|Developer||Rubicon Communications, LLC (Netgate)|
|Source model||Closed source and open source|
|Released to |
|Latest release||2.6.0 (amd64) / February 14, 2022|
|Platforms||32-bit (discontinued in 2.4.x); 64-bit Intel / AMD|
|License||Apache License 2.0 applies to pfSense CE|
|Supported by the community|
pfSense is a firewall/router computer software distribution based on FreeBSD. The open source pfSense Community Edition (CE) and pfSense Plus is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.
The pfSense project began in 2004 as a fork of the m0n0wall project by Chris Buechler and Scott Ullrich. Its first release was in October 2006. The name derives from the fact that the software uses the packet-filtering tool, PF.
In February 2021, feature updates of pfSense CE 2.5.0 and pfSense Plus 21.02 included a kernel WireGuard implementation, however, following reported issues in the code by WireGuard founder Jason Donenfeld, it was discontinued in March 2021. The July 2021 release of pfSense CE 2.5.2 version re-included WireGuard.
Notable functions of pfSense include traffic shaping, VPNs using IPsec or PPTP, captive portal, stateful firewall, network address translation, 802.1q support for VLANs, and dynamic DNS. pfSense can be installed on hardware with an x86-64 processor architecture. It can also be installed on embedded hardware using Compact Flash or SD cards, or as a virtual machine.
In November 2017, a World Intellectual Property Organization panel found Netgate, the copyright holder of pfSense, utilized OPNsense' trademarks in bad faith to discredit OPNsense, and obligated Netgate to transfer ownership of a domain name to Deciso.
In February 2020, a developer directly sponsored by Netgate started to commit code for a WireGuard kernel module to FreeBSD. By February 2021, the module was included in pfSense CE 2.5.0, pfSense Plus 21.02, and scheduled for release in FreeBSD 13.0. WireGuard founder Jason Donenfeld reviewed the code only to find glaring issues including “random sleeps added to ‘fix’ race conditions, validation functions that just returned true, catastrophic cryptographic vulnerabilities, whole parts of the protocol unimplemented, kernel panics, security bypasses, overflows, random printf statements deep in crypto code, the most spectacular buffer overflows, and the whole litany of awful things.” These discoveries prompted FreeBSD and later pfSense to remove WireGuard support.
In May 2021, WireGuard support was re-introduced back into pfSense CE and pfSense Plus development snapshots as an experimental package written by a member of the pfSense community, Christian McDonald. The WireGuard package for pfSense incorporates the ongoing kernel-mode WireGuard development work by Jason A. Donenfeld that was originally sponsored by Netgate.
In June 2021, the official package repositories for both pfSense CE 2.5.2 and pfSense Plus 21.05 included the WireGuard package.