Netgate, the provider of pfSense Community Edition (CE) software, has announced the release of version 2.7.1. pfSense CE is an open-source project that has been supported by Netgate since 2008. The source code for the project is available on GitHub under the Apache 2.0 open-source license. pfSense CE can be used on common hardware to build routers and more.

One major change in this release is the upgrade of OpenSSL to version 3.0.12. This upgrade was necessary as OpenSSL 1.1.1 has reached its End of Life and will no longer receive security patches. With the upgrade to OpenSSL 3.0.12, older and weaker encryption and hash algorithms have been removed, and security certificates based on these algorithms have been deprecated. It is highly recommended to review the release notes and Netgate’s blog post on this topic before performing the upgrade.

Another notable feature in version 2.7.1 is the addition of Kea DHCP as an opt-in feature. While basic functionality is present, it is not yet feature-complete. Switching to the Kea DHCP server can be done through the web interface by navigating to System > Advanced and changing the server backend radio button in the DHCP Options section to “Kea DHCP”. It is important to note that switching to Kea DHCP may result in ignored hostnames for devices on the network that were assigned using static leases or rely on dynamic lease registration in DNS.

This release also includes improved support for SCTP (Stream Control Transmission Protocol) in PF for firewall rules, NAT, and logging. Rules can now act on SCTP packets by port number, whereas previously it was only possible to filter on source or destination address. Additionally, the IPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as part of the ongoing integration of the Kea DHCP server.

Other changes in version 2.7.1 include the upgrade of PHP to version 8.2.11 and the base operating system to a more recent point of FreeBSD 14-CURRENT. The release also addresses various bugs and issues.

Source: pfSense.

Netgate has announced the Release Candidate (RC) of pfSense CE software version 2.7.1. This open-source project, supported by Netgate since 2008, is a widely-used firewall and routing platform. The RC release is an opportunity for users to try out the new version and provide feedback.

The major changes and features in pfSense CE software version 2.7.1 include:

1. Upgraded OpenSSL to version 3.0.12: This upgrade was necessary as OpenSSL 1.1.1 has reached its End of Life and will no longer receive security patches. The upgrade removes older and weaker encryption and hash algorithms, improving security.

2. Kea DHCP added as an opt-in feature: The Kea DHCP server is now available as an optional feature. While it is not feature complete in this version, users can switch to Kea DHCP by navigating to the System > Advanced menu and changing the DHCP Options to “Kea DHCP”. However, switching to Kea DHCP may result in the ignoring of assigned hostnames and dynamic lease registration in DNS.

3. Improved support for SCTP: Support for SCTP in firewall rules, NAT, and logging has been enhanced. Users can now filter SCTP packets by port number, in addition to source and destination address.

4. IPv6 Router Configuration moved: The IPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as part of the integration with the Kea DHCP server.

Other changes in this release include upgrading PHP to version 8.2.11, upgrading the base operating system to a more recent point of FreeBSD 14-CURRENT, and addressing various bugs and issues.

Testing of the RC software release is crucial to ensure its reliability and robustness for all users. Netgate encourages users to download and test the release candidate, and provide feedback on any issues they encounter.

To install the upgrade, users can follow the detailed Upgrade Guide available in the pfSense documentation. It is recommended to back up the pfSense CE configuration prior to the upgrade. The upgrade can be performed through the web interface by navigating to System > Update and setting the Branch to “Next Stable Version (2.7.1-RC)”.

Netmaker has released its latest version, v0.21.1, of their WireGuard mesh VPN. Netmaker is a platform that automates the creation of fast, secure, and distributed virtual networks.

With Netmaker, users can easily create virtual networks between data centers, clouds, and edge devices without the need for manual configuration. This automation saves time and effort for users, allowing them to focus on other important tasks.

One of the key features of Netmaker is its integration with Kernel WireGuard, which provides maximum speed, performance, and security. This ensures that the virtual networks created with Netmaker are not only efficient but also highly secure.

Netmaker is designed to scale from small businesses to enterprise-level organizations. This means that whether you are a small startup or a large corporation, Netmaker can meet your networking needs.

One of the standout features of Netmaker is its ability to be highly customized. Users can configure Netmaker with WireGuard for various use cases, such as peer-to-peer connections, site-to-site connections, Kubernetes deployments, and more. This flexibility allows users to tailor Netmaker to their specific requirements.

The latest version, v0.21.1, brings several new features and fixes to the Netmaker platform:

What’s New in v0.21.1:

• Remote access client session management: Users now have more control over managing remote access client sessions. Refer to the users section in the documentation for more details.
• Generic DNS entries: It is now possible to create generic DNS entries, providing more flexibility in configuring DNS settings.
• Upgrade client version: Users can now easily upgrade the client version to match the server version directly from the user interface.
• Moved PersistentKeepAlive setting: The PersistentKeepAlive setting has been moved from the node level to the host level, simplifying network configuration.

What’s Fixed in v0.21.1:

• Extclients DNS properly set: The issue of Extclients DNS not being properly set from the ingress DNS value provided has been resolved.
• Role update of OAuth user allowed: Users can now update the role of an OAuth user without any issues.
• Zombie node issue fixed: The issue of zombie nodes has been fixed, ensuring a smoother user experience.

Despite the improvements in v0.21.1, there are still a few known issues that users should be aware of:

• Windows installer does not install WireGuard: Users running the Windows installer may encounter an issue where WireGuard is not installed automatically. This can be resolved by manually installing WireGuard.
• netclient-gui error dialog: If the Netmaker server is offline, the netclient-gui application will continuously display an error dialog. This is a known issue that will be addressed in future releases.
• Mac IPv6 addresses/route issues: Mac users may experience issues with IPv6 addresses and routes. This is a known issue that is currently being investigated.
• Docker client re-join issue: Users may encounter difficulties when trying to re-join a network using the Docker client after complete deletion. This issue is currently being addressed.
• netclient-gui network tab blank: After disconnecting from a network, the network tab in the netclient-gui application may appear blank. This is a known issue that will be fixed in future updates.

Despite these known issues, Netmaker’s latest release, v0.21.1, brings several new features and fixes that further enhance its capabilities as a WireGuard mesh VPN solution. With its automation, scalability, and customization options, Netmaker continues to be a valuable tool for those interested in servers, Linux, DevOps, and home labs.

OpenWrt 23.05, the open-source Linux operating system for routers and resource-constrained headless embedded systems, has just been released with significant updates and improvements. This release comes with over 4300 commits since the previous release of OpenWrt 22.03, which was launched a little over a year ago.

One of the notable features of OpenWrt 23.05 is its expanded device support. It now supports over 1790 devices, which is an increase of about 200 devices compared to the previous release. Some of the new targets include the Qualcomm IPQ807x target for WiFi 6 SoCs, the Mediatek Filogic 830 and 630 subtarget for WiFi 6/6e chips, and the HiFive Unleashed and Unmatched targets for RISC-V development boards.

In terms of security, OpenWrt 23.05 has switched from using wolfSSL to MbedTLS as the default. This change was made because MbedTLS has a smaller footprint and offers a more stable ABI and LTS releases. However, it’s worth noting that MbedTLS lacks support for TLS 1.3. Therefore, users who require TLS 1.3 can still switch to using wolfSSL.

Another significant addition in this release is support for packages written with the Rust programming language. Some examples of these packages include bottom, maturin, aardvark-dns, and ripgrep. This expansion of supported programming languages provides developers with more flexibility and options when creating applications for OpenWrt.

OpenWrt 23.05 also brings updates to its core components. It now utilizes Linux 5.15 as the foundation for all targets, as well as updated versions of busybox, musl libc, glibc, gcc, and inutils. Additionally, the networking components have seen upgrades, including the use of the hostapd master snapshot from September 2023, dnsmasq 2.89, dropbear 2022.82, and cfg80211/mac80211 from kernel 6.1.24.

For users looking to upgrade from OpenWrt 22.03, the migration from swconfig to DSA configuration that was introduced in the previous releases is no longer an issue. Most people should be able to upgrade smoothly using the sysupgrade utility, which will preserve the configuration. However, it is still recommended to back up the configuration before proceeding with the upgrade.

OpenWrt 23.05 is now available for download, and users can find binary images for their specific targets on the OpenWrt website.

Source: CNX Software – Embedded Systems News.

GL.iNet has released the Flint2 (also known as GL-MT6000), a new AX6000 router based on the MediaTek MT7986 (Filogic 830) ARM SoC. This router supports VPN speeds of up to 900 Mbps using WireGuard and 190 Mbps with OpenVPN. Compared to previous GL.iNet routers like the Spitz AX and the Beryl AX, which were based on the Filogic 820 (MT7981B) CPU with transfer rates of up to 300 Mbps using WireGuard, the Flint2 is expected to triple the VPN performance.

The GL.iNet Flint2 router comes with the following specifications:

• SoC – MediaTek MT7986 (Filogic 830) quad-core Arm Cortex-A53 processor @ 2.0 GHz with hardware acceleration engines for Wi-Fi offloading and networking
• System Memory – 1GB DDR4
• Storage – 8GB eMMC flash
• Networking:
  • 2x 2.5 Gbps Ethernet ports
  • 4x Gigabit Ethernet LAN ports
  • 802.11b/g/n/ac/ax WiFi 6 with 4x external Wi-Fi antennas
    • Up to 1,148 Mbps @ 2.4 GHz
    • Up to 4,804 Mbps @ 5 GHz
    • DFS (Dynamic Frequency Selection) support
  • VPN – OpenVPN server/client tested up to 190 Mbps, and WireGuard server/client tested up to 900 Mbps (tests over Ethernet in client mode)
• USB – 1x USB 3.0 Type-A port
• Dimensions – 233 x 137 x 57mm

The GL.iNet Flint2 router comes pre-installed with OpenWrt 23.05 (or a fork) with Linux 5.15 and the GL.Inet Admin Panel, which is common to all GL.iNet routers. It supports four different network modes: router, access point, extender, and WDS. The router also includes features such as AdGuard Home, parental controls, and Cloud remote management.

The significant improvement in WireGuard performance, tripling the previous model’s speed, is noteworthy. While the upgrade from a 1.3 GHz dual-core Arm Cortex-A53 CPU to a 2.0 GHz quad-core Cortex-A53 CPU partially explains the increase, the main reason is likely the switch from Linux 5.4 to Linux 5.15. The Filogic 830-based router benefits from in-kernel WireGuard support introduced in Linux 5.6. As a point of comparison, the first Flint router achieves speeds of up to 500 Mbps with WireGuard.

The Filogic 830 SoC used in the Flint2 is also found in other devices, such as the Banana Pi BPI-R3 and BPI-R3 Mini router SBCs.

Source: CNX Software – Embedded Systems News.

NVIDIA is making advancements in their Linux InfiniBand driver to support 800Gb/s (XDR) speeds. The company has posted a set of six patches for the upstream Linux kernel, aiming for inclusion in Linux 6.7. These patches will enable the 800Gb/s support in the InfiniBand core networking code and the Mellanox MLX5 driver. The NVIDIA Mellanox Skyway GA100 InfiniBand to Ethernet Gateway is believed to be the first product capable of achieving the XDR speeds. This development showcases NVIDIA’s commitment to delivering high-speed networking solutions for servers.

The details of the preparations for the 800Gb/s (XDR) speed implementation in the Linux kernel’s InfiniBand code can be found in the patch series provided by NVIDIA.

Source: Phoronix.