pfSenseをアップデート 2.4.5_1→2.5.0

pfSenseをアップデートした記録 2.4.5_1→2.5.0

アップデート内容確認

2.4.5_1(2.4.5-p1)から2.5.0にアップデートします

変更点を確認
https://docs.netgate.com/pfsense/en/latest/releases/2-5-0.html

pfSense Plus
    Support for Intel® QuickAssist Technology, also known as QAT.
        QAT accelerates cryptographic and hashing operations on supported hardware, and can be used to accelerate IPsec, OpenVPN, and other OpenCrypto Framework-aware software.
        Supported hardware includes many Intel-based systems sold by Netgate (e.g. XG-7100, SG-5100) and add-on cards.
        From the FreeBSD man page:
            The qat driver supports the QAT devices integrated with Atom C2000 and C3000 and Xeon C620 and D-1500 chipsets, and the Intel QAT Adapter 8950.
            It can accelerate AES in CBC, CTR, XTS (except for the C2000) and GCM modes, and can perform authenticated encryption combining the CBC, CTR and XTS modes with SHA1-HMAC and SHA2-HMAC. The qat driver can also compute SHA1 and SHA2 digests.
    Improved SafeXcel cryptographic accelerator support for SG-2100 and SG-1100 which can improve IPsec performance.
        From the FreeBSD man page:
            The driver can accelerate the following AES modes: AES-CBC, AES-CTR, AES-XTS, AES-GCM, AES-CCM
            The driver also implements SHA1 and SHA2 transforms, and can combine AES-CBC and AES-CTR with SHA1-HMAC and SHA2-HMAC for encrypt-then-authenticate operations.
    Updated IPsec profile export
        Exports Apple profiles compatible with current iOS and OS X versions
        New export function for Windows clients to configure tunnels using PowerShell
Operating System / Architecture changes
    Base OS upgraded to FreeBSD 12.2-STABLE
    OpenSSL upgraded to 1.1.1i-freebsd
    PHP upgraded to 7.4 #9365 #10659
    Python upgraded to 3.7 #9360
Security / Errata
    Deprecated the built-in relayd Load Balancer #9386
        relayd does not function with OpenSSL 1.1.x
        The relayd FreeBSD port has been changed to require libressl – There is no apparent sign of work to make it compatible with OpenSSL 1.1.x
        The HAProxy package may be used in its place; It is a much more robust and more feature-complete load balancer and reverse proxy
        For more information on implementing HAProxy, see HAProxy package and the Hangout
Aliases/Tables
    Fixed aliases to allow IPv6 prefix entries which end in IPv4 addresses (e.g. x:x:x:x:x:x:d.d.d.d from RFC 4291 section 2.2.2) #10694
    Fixed a PHP error processing aliases when the configuration contains no aliases section #9936
    Fixed URL-based Alias only storing last-most entry in the configuration #9074
    Fixed an issue with PF tables remaining active after they had been deleted #9790
    Added Internationalized domain names support for aliases #7255
    Added the ability to copy an existing alias when creating a new entry #6908
    Fixed handling of URL-based aliases containing multiple URLs #11256
Authentication
    Added RADIUS authentication for SSH users #10545
    Added LDAP authentication for SSH users #8698
    Added option to control behavior of unauthenticated LDAP binds #9909
    Converted LDAP TLS setup from environment variables to LDAP_OPT_X_TLS_* options #9417
    Set RADIUS NAS Identifier to include webConfigurator and the firewall hostname when logging in the GUI #9209
    Added LDAP extended query for groups in RFC2307 containers #9527
    Fixed errors when using RADIUS for GUI authentication while the WAN is down #11109
Backup/Restore
    Changed crypt_data() to use stronger key derivation #9421
    Updated crypt_data() syntax for OpenSSL 1.1.x #9420 #10178
    Disabled AutoConfigBackup manual backups when AutoConfigBackup is disabled #9785
    Improved error handling when attempting to restore encrypted and otherwise invalid configurations which result in errors (e.g. wrong encryption passphrase, malformed XML) #10179
    Added option to include the DHCP v4/v6 leases database in config.xml backups #10910
    Added option to include the Captive Portal database in config.xml backups #10868
    Added option to include the Captive Portal used MACs database in config.xml backups #10856
    Added option to prevent all extra data from being added to config.xml backups #10914
    Added password confirmation when encrypting a config.xml backup #10301
    Added support for GPT partitioned drives to the External Configuration Locator #9097
    Added support for Limiters to the Traffic Shaper backup and restore area option #4763
    Added option to backup Dynamic DNS area #3559
    Fixed restoration of active voucher data from backup #3128
Captive Portal
    Improved XMLRPC sync of Captive Portal database information #97
    Changed Captive Portal vouchers to use phpseclib so it can generate keys natively in PHP, and to work around OpenSSL deprecating key sizes needed for vouchers #9443
    Added trim() to the submitted username, so that spaces before/after in input do not cause authentication errors #9274
    Optimized Captive Portal authentication attempts when using multiple authentication servers #9255
    Fixed Captive Portal session timeout values for RADIUS users who do not have a timeout returned from the server #9208
    Changed Captive Portal so that users no longer get disconnected when changes are made to Captive Portal settings #8616
    Added an option so that Captive Portals may choose to remove or retain logins across reboot #5644
    Fixed deletion of related files when removing a Captive Portal zone #10891
    Fixed XMLRPC sync of Captive Portal used MACs database #10857
    Added validation of Captive Portal zone names to prevent using reserved words #10798
    Added support for IDN hostnames to Captive Portal Allowed Hostnames tab #10747
    Improved Captive Portal Allowed Hostnames so it supports multiple DNS records in responses #10724
    Fixed retention of automatic pass-through MAC entries when using Captive Portal Vouchers #9933
    Fixed Captive Portal Bandwidth per-user bandwidth limit values being applied when disabled #9437 #9311
    Changed handling of voucher logins with Concurrent Login option so that new logins are prevented rather than removing old sessions #9432 #2146
    Changed XMLRPC behavior to not remove zones from secondary node when disabling Captive Portal #9303
    Fixed XMLRPC sync failing to propagate voucher roll option changes to the secondary node #8809
    Fixed XMLRPC sync failing to create Captive Portal voucher files on secondary node #8807
    Fixed Captive Portal + Bridge interface validation #6528
    Added support for masking of Captive Portal pass-thru MACs #2424
    Added support for pre-filling voucher codes via URL parameters, so they can be used via QR code #1984
Certificates
    Fixed OCSP stapling detection for OpenSSL 1.1.x #9408
    Fixed GUI detection of revoked status for certificates issued and revoked by an intermediate CA #9924
    Removed PKCS#12 export links for entries which cannot be exported in that format (e.g. no private key) #10284
    Added an option to globally trust local CA manager entries #4068
    Added support for randomized certificate serial numbers when creating or signing certificates with local internal CAs #9883
    Added validation for CA/CRL serial numbers #9883 #9869
    Added support for importing ECDSA keys in certificates and when completing signing requests #9745
    Added support for creating and signing certificates using ECDSA keys #9843 #10658
    Added detailed certificate information block to the CA list, using code shared with the Certificate list #9856
    Added Certificate Lifetime to certificate information block #7332
    Added CA validity checks when attempting to pre-fill certificate fields from a CA #3956
    Added a daily certificate expiration check and notice, with settings to control its behavior and notifications (Default: 27 days) #7332
    Added functionality to import certificates without private keys (e.g. PKCS#11) #9834
    Added functionality to upload a PKCS#12 file to import a certificate #8645
    Added CA/Certificate renewal functionality #9842
        This allows a CA or certificate to be renewed using its current settings (or a more secure profile), replacing the entry with a fresh one, and optionally retaining the existing key.
    Added an “Edit” screen for Certificate entries
        This view allows editing the Certificate Descriptive name field #7861
        This view also adds a (not stored) password field and buttons for exporting encrypted private keys and PKCS#12 archives #1192
    Improved default GUI certificate strength and handling of weak values #9825
        Reduced the default GUI web server certificate lifetime to 398 days to prevent errors on Apple platforms #9825
        Added notes on CA/Cert pages about using potentially insecure parameter choices
        Added visible warnings on CA/Cert pages if parameters are known to be insecure or not recommended
    Revamped CRL management to be easier to use and more capable
        Added the ability to revoke certificates by serial number #9869
        Added the ability to revoke multiple entries at a time #3258
        Decluttered the main CRL list screen
        Moved to a single CRL create control to the bottom under the list rather than multiple buttons
    Optimized CA/Cert/CRL code in various ways, including:
        Actions are now performed by refid rather than array index, which is more accurate and not as prone to being affected by parallel changes
        Improved configuration change descriptions as shown in the GUI and configuration history/backups
        Miscellaneous style and code re-use improvements
        Changed CA/Cert date calculations to use a more accurate method, which ensures accuracy on ARM past the 2038 date barrier #9899
Configuration Backend
    Changed error handling on boot error ‘XML configuration file not found’ so the user is given an opportunity to fix the problem manually #10556
Configuration Upgrade
    Retired m0n0wall configuration upgrade support #10997
Console Menu
    Fixed rc.initial execution of rc.local.running #10978
    Fixed rc.initial handling of -c commands with arguments #10603
    Fixed console menu display of subnet masks for DHCP interfaces #10740
Dashboard
    Added PPP uptime to the Dashboard Interfaces Widget #9426
    Improved long description truncation behavior in the services status widget #10795
    Fixed Dashboard traffic graph widget display of bandwidth units (b/s vs. B/s) #9072
    Added adaptive state timeout indication to the state table usage meter #7016
    Fixed Thermal Sensors dashboard widget showing invalid sensors #10963
    Added default route indicator to Gateways widget #11057
    Added hardware interface name as a tooltip on Interfaces widget entries #11041
DHCP (IPv4)
    Fixed handling of spaces in DHCP lease hostnames by dhcpleases #9758
    Fixed DHCP leases hostname parsing problems which prevented some hostnames from being displayed in the GUI #3500
    Added OMAPI settings to the DHCP Server #7304
    Increased number of NTP servers sent via DHCP to 3 #9661
    Added an option to prevent known DHCP clients from obtaining addresses on any interface (e.g. known clients may only obtain an address from the interface where the entry is defined) #1605
    Added count of static mappings to list when editing DHCP settings for an interface #9282
    Fixed handling of client identifiers on static mappings containing double quotes #10295
    Added ARM32/64 network booting support to the DHCP Server #10374
    Increased the number of NTP servers for DHCP Static Mappings #10333
    Fix DHCP Dynamic DNS handling of per-host zone and key options from static mappings #10224
    Added per-host custom BOOTP/DHCP Options to static mappings #8990
    Added a button to clear all DHCP leases #7406
    Fixed ARPA zone declaration formatting in DHCP server configuration file #11224
DHCP (IPv6)
    Added options to disable pushing IPv6 DNS servers to clients via DHCP6 #9302
    Fixed DHCPv6 domain search list #10200
    Fixed validation to allow omission of DHCPv6 range for use with stateless DHCP #9596
    Fixed issues creating IPv6 Static Mappings #7443
    Fixed DHCPv6 merging an IPv6 prefix with the input submitted in DNS servers field when using Track Interface #7384
    Fixed prefix delegation not being requested if no interfaces were set to track6 #11005
    Fixed DHCPv6 Dynamic DNS domain key name validation #10844
    Fixed line formatting issues in the DHCPv6 configuration file #10675
    Fixed prefix not being included in the DNS entry registered by DHCPv6 #8156
    Fixed DHCPv6 static mapping changes requiring a restart of the DNS resolver to activate #10882
    Fixed issues running DHCPv6 on certain types of tracked interfaces (e.g. bridges, VLANs) #3965
    Fixed issues with WAN not renewing IPv6 address after an upstream failure #10966
DHCP Relay
    Fixed DHCP Relay validation to allow OpenVPN TAP interfaces #10711
    Fixed inconsistent validation behavior for DHCP relay and bridges #7778
Diagnostics
    Added Reroot and Reboot with Filesystem Check options to GUI Reboot page #9771
    Added option to control wait time between ICMP echo request (ping) packets diag_ping.php #9862
    Improved data sanitization in status.php #10946 #10944 Sanitize MaxMind GeoIP key #10797 #10569 #10794
    Added config history list to status.php #10696
    Added DNS Resolver configuration to status.php #10635
    Added L2TP VPN configuration to status.php #10583
    Changed pftop page to hide filtering controls for views which do not support filtering #10625
    Added support for IDN hostnames to DNS Lookup, Ping, and Traceroute #10538
    Fixed diag_dns.php link to Ping passing incorrect parameters #10537
    Added a button to clear the NDP cache #10975
    Added a button to clear the ARP cache #4038
    Fixed hostname being ignored when DNS Lookup calculates response time #11018
    Fixed Kill States button on diag_dump_states.php when used with CIDR-masked subnets #9270
DNS Forwarder
    Updated dnsmasq to 2.84 #11278
DNS Resolver
    Added IPv6 OpenVPN client addresses resolution to the DNS Resolver #8624
    Added DNS64 options to the DNS Resolver #10274
    Added support for multiple IP addresses in a DNS Resolver Host Override entry #10896
    Fixed DNS Resolver restart commands to work around potential environment issues #10781
    Fixed saving DNS Resolver ACL entries when using a non-English translation #10742
    Added support for IDN symbols in DNS Resolver ACL entries #10730
    Added Aggressive NSEC option to the DNS Resolver #10449
    Fixed DNS Resolver unintentionally retaining DHCP registration entries after disabling that feature #8981
    Fixed DNS Resolver restarting on every OpenVPN client connection when registering clients in DNS #11129
    Fixed issues with the DNS Resolver not starting when bound to disabled interfaces or interfaces without carrier #11087
    Fixed DNS Resolver custom TLS listen port being ignored #11051
    Improved formatting and ordering of items in the DNS Resolver access list configuration file #11309
Dynamic DNS
    Fixed Dynamic DNS Dashboard Widget address parsing for entries with split hostname/domain (e.g. Namecheap) #9564
    Added support for new CloudFlare Dynamic DNS API tokens #9639
    Added IPv6 support to No-IP Dynamic DNS #10256
    Fixed issues with Hover Dynamic DNS #10241
    Updated Cloudflare Dynamic DNS to query Zone ID with token #10992
    Added support for IPv6 to easyDNS Dynamic DNS #10972
    Added support for Domeneshop Dynamic DNS #10826
    Added Zone option to RFC 2136 Dynamic DNS #10684
    Updated FreeDNS Dynamic DNS to use their v2 API #10617
    Fixed DigitalOcean Dynamic DNS processing of zones with multiple pages of records #10592
    Improved Dynamic DNS Logging #10459
    Added support for dynv6.com Dynamic DNS #9642
    Fixed handling of Dynamic DNS AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces #9641
    Added a button to duplicate Dynamic DNS entries #8952
    Fixed Dynamic DNS update for HE.net Tunnelbroker always setting IP address of the default WAN interface #11024
    Updated HE.net Tunnelbroker Dynamic DNS to use their current API #11037
    Added support for Wildcard A records for Gandi Dynamic DNS #11159
    Updated No-IP Dynamic DNS to use a newer API #6638
    Fixed Namecheap Dynamic DNS error code checking #5308
    Improved color blind accessibility of Dynamic DNS status #3229
Gateways
    Added support for obtaining a gateway via DHCP which is outside of the interface subnet #7380
    Added validation to prevent using descriptions on interfaces which would cause gateway names to exceeded the maximum allowed length #9401
    Added tooltip text to icons on the Gateways #10719
    Fixed issues with dpinger failing to update IPv6 gateway address on DHCPv6 WAN interfaces #8136
Hardware / Drivers
    Added bnxt driver for Broadcom NetXtreme interfaces #9155
    Added iOS/Android/Generic USB tethering driver #7467
IGMP Proxy
    Added input validation for IGMP Proxy settings #7163
Installer
    Created separate Auto (UFS) UEFI and Auto (UFS) BIOS installation options to avoid problems on hardware which boots differently on USB and non-USB disks #8638
    Fixed reinstalling with UFS on a ZFS formatted drive #10690
    Fixed platform detection for MBT-4220 and MBT-2220 on newer BIOS revisions #9242
    Fixed an issue with shutting down instead of rebooting after installing using ZFS #7307
Interfaces
    Added support for using IPv4 and IPv6 addresses on GRE interfaces at the same time #10392
    Added a check to disable Hardware Checksum Offloading in environments with interfaces which do not support it (e.g. vtnet, ena) #10723
    Changed the way interface VLAN support is detected so it does not rely on the VLANMTU flag #9548
    Added a PHP shell playback script restartallwan which restarts all WAN-type interfaces #9688
    Changed assignment of the fe80::1:1 default IPv6 link-local LAN address so it does not remove existing entries, which could cause problems such as Unbound failing to start #9998
    Added automatic MTU adjustment for GRE interfaces using IPsec as a transport #10222
    Fixed SLAAC interface selection when using IPv6 on a link which also uses PPP #9324
    Added GUI interface descriptions to Operating System interfaces #1557
    Added the ability to assign virtual type interfaces (IPsec, OpenVPN, GIF, GRE, etc) during console interface assignment #10947
    Fixed TSO not being disabled in some cases #10836
    Fixed group name length input validation #10835
    Improved interface caching for environments with many interfaces #10680
    Fixed fe80::1:1 being added to interfaces without track6 #10661
    Added a check to prevent stf (6RD/6to4) interfaces from being used as parent interfaces #10626
    Fixed redundant disabling of static ARP at boot before it could be enabled #10589
    Fixed initialization of bridges which include a GIF interface at boot #10524
    Fixed problems with post-install interface changes not being retained if the user did not complete the wizard #10383
    Fixed inefficiencies when applying settings to a VLAN parent interface #9154
    Fixed interface MTU setting not being applied to all IPv6 routes #6868
    Fixed handling of MTU setting for 6rd and 6to4 interfaces #6377
    Fixed IPv6 IP Alias preventing Track Interface from working with DHCPv6 and RA #5999
    Changed DHCP interface renewal behavior to not restart services if the IP address did not change #11142
    Fixed an error when changing bridge STP settings #11122
    Added a binary package with updated Realtek interface drivers #11079
    Improved link state visibility on Status > Interfaces #11045
    Removed VTI interfaces from Interface Group selection since they do not currently function in this manner #11134
    Fixed issues with IPv6 on top of IPv4 PPPoE placing default route on incorrect interface #9324
IPsec
    Added 25519 curve-based IPsec DH and PFS groups 31 and 32 #9531
    Enabled the strongSwan PKCS#11 plugin #6775
    Added support for ECDSA certificates to IPsec for IKE #4991
    Renamed IPsec “RSA” options to “Certificate” since both RSA and ECDSA certificates are now supported, and it is also easier for users to recognize #9903
    Converted IPsec configuration code from ipsec.conf ipsec/stroke style to swanctl.conf swanctl/vici style #9603
        Split up much of the single large IPsec configuration function into multiple functions as appropriate.
        Optimized code along the way, including reducing code duplication and finding ways to generalize functions to support future expansion.
        For IKEv1 and IKEv2 with Split Connections enabled, P2 settings are properly respected for each individual P2, such as separate encryption algorithms #6263
            N.B.: In rare cases this may expose a previous misconfiguration which allowed a Phase 2 SA to connect with improper settings, for example if a required encryption algorithm was enabled on one P2 but not another.
        New GUI option under VPN > IPsec, Mobile Clients tab to enable RADIUS Accounting which was previously on by default. This is now disabled by default as RADIUS accounting data will be sent for every tunnel, not only mobile clients, and if the accounting data fails to reach the RADIUS server, tunnels may be disconnected.
        Additional developer & advanced user notes:
            For those who may have scripts which touched files in /var/etc/ipsec, note that the structure of this directory has changed to the new swanctl layout.
            Any usage of /usr/local/sbin/ipsec or the stroke plugin must also be changed to /usr/local/sbin/swanctl and VICI. Note that some commands have no direct equivalents, but the same or better information is available in other ways.
            IPsec start/stop/reload functions now use /usr/local/sbin/strongswanrc
            IPsec-related functions were converged into ipsec.inc, removed from vpn.inc, and renamed from vpn_ipsec_<name> to ipsec_<name>
        Reworked how reauthentication and rekey behavior functions, giving more control to the user compared to previous options #9983
    Reformatted status_ipsec.php to include more available information (rekey timer, encryption key size, IKE SPIs, ports) #9979
    Added support for PKCS#11 authentication (e.g. hardware tokens such as Yubikey) for IPsec #9878
    Fixed usage of Hash Algorithm on child ESP/AH proposals using AEAD ciphers #9726
    Added support for IPsec remote gateway entries using FQDNs which resolve to IPv6 addresses #9405
    Added manual selection of Pseudo-Random Function (PRF) for use with AEAD ciphers #9309
    Added support for using per-user addresses from RADIUS and falling back to a local pool otherwise #8160
    Added an option which allows multiple tunnels to use the same remote peer in certain situations (read warnings on the option before use) #10214
    Improved visible distinction of online/offline mobile IPsec users in the IPsec status and dashboard widget #10340
    Added options to change the IPsec NAT-T ports (local and remote) #10870
    Improved boot-time initialization of IPsec VTI interfaces #10842
    Added support for limiting IPsec VPN access by RADIUS user group #10748
    Changed IPsec to share the same RADIUS Cisco-AVPair parser code as OpenVPN for Xauth users #10469
    Fixed handling of IPsec VTI interfaces in environments with large numbers of IPsec tunnels #9592
    Added IPsec Advanced option to control maximum allowed Parallel P2 Rekey exchanges #9331
    Fixed issues with bringing up new Phase 2 entries on IPsec tunnels with “Split connections” enabled #8472
    Fixed issues where, in rare cases, IPsec tunnels would not reconnect until the firewall was rebooted #8015
    Improved the Remote Gateway field description for IPsec Phase 1 entries to indicate that 0.0.0.0 is allowed #7095
    Fixed issues with IKEv2 IPsec tunnels with multiple phase 2 entries combining traffic selectors in unexpected ways (set “Split Connections” to isolate them) #6324
    Added options to create IPsec bypass rules which prevent specific source and destination network pairs from entering policy-based IPsec tunnels #3329
    Documented settings which work around SA duplication issues experienced by users in certain cases #10176
    Improved IPsec GUI options for P1/P2 SA expiration and replacement to help prevent SA duplication #11219
    Fixed a PHP error in mobile IPsec input validation #11212
    Added validation to prevent unsupported wildcard certificates from being selected for use with IPsec #11297
IPv6 Router Advertisements (RADVD)
    Fixed Router Advertisement configuration missing information in Unmanaged mode #9710
    Fixed Router Advertisement lifetime input validation #10709
L2TP
    Fixed L2TP secret using an empty value after removing it from the GUI #10710
    Fixed L2TP input validation to allow leaving the remote address field blank when assigning addresses from RADIUS #7562
    Fixed inefficiencies in the initial L2TP reconfiguration process #7558
    Fixed L2TP Server and Client both using l2tpX for interface names #11006
    Fixed static routes on L2TP interfaces not being reapplied when reconnecting #10407
    Fixed L2TP server being restarted when making user account changes #11059
LAGG Interfaces
    Improved Interface Status and Widget information for LAGG #9187
    Fixed route for GIF/GRE peer when using VLAN on LAGG #10623
    Added option to toggle LACP PDU transmission fast timeout #10504
    Fixed LAGG member interface events causing filter reloads #10365
    Fixed issues with LAGG interface MTU being incorrectly applied to VLAN subinterfaces #8585
    Added option to control the master interface for LAGG in Failover mode #1019
Logging
    Changed system logging to use plain text logging and log rotation, the old binary clog format has been deprecated #8350
    Updated default log size (512k + rotated copies), default lines to display (500, was 50), and max line limits (200k, up from 2k) #9734
    Added log tabs for nginx, userlog, utx/lastlog, and some other previously hidden logs #9714
    Relocated Package Logs into a tab under System Logs and standardized display/filtering of package logs #9714
    Added GUI options to control log rotation #9711
    Added code for packages to set their own log rotation parameters #9712
    Removed the redundant nginx-error.log file #7198
    Fixed some instances where logs were mixed into the wrong log files/tabs (Captive Portal/DHCP/squid/php/others) #1375
    Reorganized/restructured several log tabs #9714
    Added a dedicated authentication log #9754
    Added an option for RFC 5424 format log messages which have RFC 3339 timestamps #9808
    Fixed an issue where a firewall log entry for loopback source/destination occasionally reported 127.0.0.1 as 127.0.01 #10776
    Fixed issues with syslogd using an old IP address after an interface IP address change #9660
    Added watchfrr to routing log #11207
Multi-WAN
    Fixed Gateways being removed from routing groups based on low alert thresholds #10546
    Fixed a possible race condition in gateway group fail-over causing unexpected behavior #9450
    Fixed a load balancing failure when one gateway had a weight of 1 and another gateway had a weight >1 #6025
NAT Reflection
    Fixed port forwards where the destination is a network alias creating invalid refection rules if multiple subnets are in that alias #7614
Notifications
    Deprecated & Removed Growl Notifications #8821
    Added a daily certificate expiration notification with settings to control its behavior #7332
    Fixed input validation of SMTP notification settings #8522
    Added support for sending notifications via Pushover API #10495
    Added support for sending notifications via Telegram #10354
    Fixed a PHP error when SMTP notifications fail #11063
NTPD
    Added GUI options for NTP sync/poll intervals #6787
    Added validation to prevent using noselect and noserve with pools #9830
    Added feature to automatically detect GPS baud rate #7284
    Fixed status and widget display of long hostnames and stratum #10307
    Fixed handling of the checkbox options on NTP servers #10276
    Updated GPS initialization commands for Garmin devices #10327
    Added an option to limit NTP pool server usage #10323
    Added option to force IPv4/IPv6 DNS resolution for NTP servers #10322
    Added support for NTP server authentication #8794
    Added an option to disable NTP #3567
    Added units to the NTP status page #2850
OpenVPN
    Updated OpenVPN to 2.5.0 #11020
        The default compression behavior has changed for security reasons. Incoming packets will be decompressed, outgoing packets will not be compressed. There is a GUI control to alter this behavior.
        Data cipher negotiation (Formerly known as Negotiable Cryptographic Parameters, or NCP) is now compulsory. Disabling negotiation has been deprecated. The option is still present in the GUI, but negotiation will be unilaterally enabled on upgrade. The upgrade process will attempt to use the expected data encryption algorithms before and after the upgrade completes, but in some cases more secure algorithms may be enabled as well. #10919
        We strongly encourage using AEAD ciphers such as AES-GCM, future versions of OpenVPN will require them and will not have configurable cipher lists.
    Added connection count to OpenVPN status and widget #9788
    Enabled the OpenVPN x509-alt-username build option #9884
    Restructured the OpenVPN settings directory layout
        Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to /var/etc/openvpn/<mode><id>/<x>
            This keeps all settings for each client and server in a clean structure
    Moved to CApath style CA structure for OpenVPN CA/CRL usage #9915
    Added support for OCSP verification of client certificates #7767
    Fixed a potential race condition in OpenVPN client ACLs obtained via RADIUS #9206
    Added support for more protocols (IP, ICMP), ports, and a template variable ({clientip}) in OpenVPN client ACLs obtained via RADIUS #9206
    Added the ability to register OpenVPN Remote Access (User Auth) clients in the DNS Resolver #10999
    Fixed an issue where duplicating an OpenVPN instance did not copy the password #10703
    Fixed issues with OpenVPN TCP clients failing to start #10650
    Added support for IPv6 OpenVPN ACLs obtained via RADIUS #10454
    Fixed validation to enforce OpenVPN client password usage when setting a username, to prevent a missing password from interrupting the boot process #10409
    Enabled asynchronous push in OpenVPN binary #10273
    Added OpenVPN client-specific override option to ignore routes pushed by the server (“push-reset”) #9702
    Clarified behavior of OpenVPN server option for Duplicate Connections #10363
Operating System
    Fixed a network performance regression in the fast forwarding path with IP redirects enabled NG4965
    Fixed double ZFS entries in loader.conf #10375
    Added a method to enable persistent command history in the shell #11029
    Changed the default domain name of the firewall from .localdomain to .home.arpa #10533
Package System
    Disabled spell checking on package upgrade progress textarea #10637
    Fixed issues with package upgrade or reinstall hanging indefinitely #10610
    Fixed description used for buttons when editing packages #11208
PPP Interfaces
    Fixed issues with PPPoE over a VLAN failing to reconnect #9148
    Enabled selection of QinQ interfaces for use with PPP #9472
    Added option to set Host-Uniq value for PPPoE #10597
    Fixed incorrect interface assignment after switching from PPPoE #10240
    Fixed IPv6 not being disabled in mpd.conf when the IPv6 GUI option is set to ‘disabled’ #7386
    Fixed PPPoE interface errors due to MTU settings #11035
PPPoE Server
    Fixed PPPoE server ignoring secondary RADIUS Server #10926
    Fixed PPPoE server Accounting updates option #10869
    Removed unnecessary restarts of the PPPoE server when adding/modifying users #10318
    Added input validation to prevent enabling the PPPoE server on a PPPoE client interface #4510
Routing
    Fixed automatic static routes set for DNS gateway bindings not being removed when no longer necessary #8922
    Fixed missing tooltip text for icons on the Static Routes Page #10889
RRD Graphs
    Fixed RRD graph handling of NTP graph data with negative freq values #6503
    Fixed RRD graph creation for interfaces using CODELQ #6277
Rules / NAT
    Added the ability to configure negated tagging, to match packets which do not not contain a given tag #10186
    Added support for IPv6 Port Forwards #10984
    Fixed handling of IPv6 NPt rules on 6rd WAN interfaces #10757
    Fixed 1:1 NAT issue when internal interface has VIPs #10752
    Fixed policy routing rules not being written correctly for a down gateway #10716
    Added EoIP to firewall rule Protocol list #10698
    Fixed separator bars on floating rules not covering the full table width #10667
    Fixed 1:1 NAT for IPv6 applying wrong subnet mask to “Single Host” #7742
    Added validation to prevent accidentally overlapping NPt networks and interface networks #7741
    Added support for dynamic interface addresses in 1:1 NAT rules #7705
    Added default values of TCP and UDP timeouts to the GUI #7362
    Fixed handling of IPv6 floating rules on 6rd interfaces #7142
    Fixed firewall rules for “PPPoE clients” only including the first PPPoE server instance #6598
    Fixed duplicated tracker IDs on block private networks rules #6030
    Fixed reply-to on rules for PPPoE WANs with IPv6 SLAAC #5258
    Added gateway/group IP addresses to mouseover on rules #885
    Fixed formatting of floating rules with large numbers interfaces #10892
    Fixed form rendering issues with Port Forward Address Fields in Safari #10674
    Fixed firewall ruleset failing to load at boot when new ruleset would be invalid #6028
    Fixed an issue adding or deleting separator bars when no rules are present #10827
S.M.A.R.T.
    Updated S.M.A.R.T. Page with new capabilities #9367
SNMP
    Fixed SNMP reporting incorrect speed for switch uplink interface on Netgate SG-3100 #10793
    Fixed SNMP input validation to require the Host Resources module when the PF module is also enabled #10471
Traffic Graphs
    Changed the Traffic Graph page from rate to iftop which brings IPv6 support and various other improvements #3334
Traffic Shaper (ALTQ)
    Changed default ALTQ queue bandwidth type to Mbit/s #10988
    Updated traffic shaper wizard settings for XBox and Wii ports #10837
    Added Broadcom NetXtreme to ALTQ-capable list #10762
    Added ALTQ support to the ix(4) driver #7378
    Fixed deletion of associated shaper queues when deleting an interface #3488
    Fixed ALTQ root queue bandwidth calculation #3381
    Fixed input validation for amount of queues supported by ALTQ schedulers #1353
    Added Google Stadia port range to the traffic shaper wizard #10743
    Fixed PHP errors in the traffic shaper wizard #10660
    Fixed ALTQ on hn(4) interfaces #8954
Traffic Shaper (Limiters)
    Fixed issues with net.inet.ip.dummynet.* tunables being ignored #10780
    Fixed issues with renaming limiters removing them from firewall rules #3924
    Fixed mask options not applying to sched limiter #10838
    Changed default Limiter queue bandwidth type to Mbit/s #10727
Translations
    Added Italian translation #9716
Upgrade
    Fixed issues with checking for updates from the GUI behind a proxy with authentication #9478
    Changed phrasing of message indicating the firewall is rebooting to upgrade #10387
    Fixed issues with the GUI incorrectly reporting “The system is on the latest version” #8870
UPnP
    Improved handling of UPnP with multiple gaming systems #7727
User Manager / Privileges
    Added menu entry for User Password Manager if the user does not have permission to reach the User Manager #9428
    Improved consistency of SSL/TLS references in LDAP authentication servers #10172
    Fixed irrelevant output being printed to users with ssh_tunnel_shell #9260
    Fixed theme not being applied to LDAP test results modal #7912
    Changed to more secure default values for certificates created through the user manager #11167
    Changed SSL/TLS LDAP authentication implementation to improve handling of multiple secure LDAP (SSL/TLS or STARTTLS) servers used at the same time #10704
Virtual IP Addresses
    Fixed a problem with PID file handling for the proxy ARP daemon #7379
    Fixed IP Alias VIPs on PPPoE interfaces #7132
Web Interface
    Updated JQuery to address multiple issues #10676
    Updated Bootstrap to 3.4.1 #9892
    Updated Font-Awesome to v5 #9052
    Increased the number of colors available for the login screen #9706
    Added TLS 1.3 to GUI and Captive Portal web server configuration, and removed older versions (TLS 1.0 removed from Captive Portal, TLS 1.1 removed from GUI) #9607
    Fixed empty lines in various forms throughout the GUI #9449
    Improved validation of FQDNs #9023
    Added CHACHA20-POLY1305 to nginx cipher list #9896
    Fixed Setup Wizard input validation to allow Primary/Secondary DNS Server field to remain empty #10982
    Fixed Setup Wizard input validation for IPv6 DNS Servers #10720
    Added an option to omit DNS Servers from resolv.conf #10931
    Fixed the icon area within buttons not being clickable #10846
    Fixed visibility issues with multiple selection form control in the pfsense-BETA-dark theme #10705
    Updated documentation links in the GUI #10481
    Fixed netmask/prefix form control incorrectly resetting to 128/32 #10433
    Updated Help shortcut links #10135
    Improved handling of multiple login form submissions to avoid a potential CSRF error #9855
    Fixed reboot message when changing the Hardware Checksum Offloading setting #3031
    Added support for new site icons requested by current versions of Safari #11068
    Added descriptions to all write_config() calls #204
WireGuard
    Added kernel-based WireGuard VPN implementation #8786
Wireless
    Added support for the athp(4) wireless interface driver #9538 #9600
    Added support for the ral(4) wireless interface driver to arm64 #10934
    Added support for the rtwn(4) wireless interface driver #10639
    Added support for selecting 802.11n channel width (HT) #10678
Development
    Added a “periodic” style framework to allow for daily/weekly/monthly tasks from the base system or packages by way of plugin calls #7332
    Added a central file download function for internal use throughout the GUI
    Added TCP_RFC7413 in kernel, required for the BIND package #7293
XMLRPC
    Fixed XMLRPC synchronization of admin authorized keys for the admin user #9539
    Added option to synchronize changes for the account used for XMLRPC sync #9622
    Fixed XMLRPC synchronization for firewall rule descriptions with special characters #1478
    Fixed Incorrect synchronize IP address value causing XMLRPC errors #11017

前回のアップデートから1年8か月も空いてしまったのもあり相当な修正量です
アップデート前に必ずバックアップ!作業時間・確認時間を確保しておきましょう

まず確認したいのはベースOSがFreeBSD11.3からFreeBSD12.0への変更で
ハードウェア要件はもちろんドライバ関係が更新・削除されているので
古いハードウェアを利用している人は事前にチェックしましょう

The FreeBSD Project | FreeBSD 12.0-RELEASE Release Notes
https://www.freebsd.org/releases/12.0R/relnotes/

一時期はpfSense2.5.0からAES-NI必須になると言われており
AES-NI非対応CPUは使えない予定でしたが
計画が変更されたのでpfSense2.5.0でも2.4系と同じくAES-NIは必須ではありません

Netgateが力を入れてきたWireGuardも今回から正式に実装されているので
WireGuardを利用したVPNも利用可能

OpenVPNについては今回からOpenVPN2.4系からOpenVPN2.5.0に更新されているので
更新後に既存のOpenVPNクライアントから接続できない可能性もあります
(特にOpenVPN2.3系と共存している環境の場合)
OpenVPNで遠隔管理している環境の場合はすぐに現地で作業できる状態で
アップデート作業を実施した方が無難です

OpenVPN 2.5 のサイファの互換性 | OpenVPN.JP
https://www.openvpn.jp/2020/10/29/1370/

非推奨だった標準のロードバランサーが遂に削除されていますので
HAProxyパッケージに移行していない環境は注意です

他にも修正だけでなく機能変更などが結構あるので
各自で利用している機能の部分だけでもリリースノートをチェックしましょう

アップデート処理中の再起動にいつもより少し時間がかかり
5分程度ですが多めに作業時間が必要でした
再起動時はWEBGUI画面復帰までちゃんと待機しましょう

私の環境では6時間ほど経過しましたがパケロス・切断もなく
外部とのセッションは維持できており問題ありませんでしたが
設定値が一部消えたりする報告もあるので
アップデート後にFW・DNS・VPNなど再確認しておきましょう

pfSense Plusについて

リリースノートの最初にもある通り
先月に発表されたpfSense Plusが今月よりリリースされました

今までは商用向けのpfSense FE(Factory Edition)と
無償で利用できるpfSense CE(Community Edition)の2種類でしたが
商用向けのpfSense FEがpfSense Plusになります

pfSense CEについては今までと同じでオープンソースで開発が継続されますが
pfSense PlusについてはNetgateが開発するクローズドソースとなります

pfSense Plusは主にNetgateが開発・販売しているアプライアンスを購入した人向けで
iXsystemsのTrueNAS(CORE/Enterprise)と似たような感じですが
pfSense Plusの方は将来的に他のハードウェアでも
有償で導入できるようになる予定みたいです

バージョン管理を間違えないようにpfSense CEは今まで通り2.5.xの表記ですが
pfSense PlusはTSNRと同様に「年.月」になり
今回のリリースはpfSense Plus 21.02になります

今までのpfSense FEはARMサポートぐらいしかpfSense CEと違いはなかったのですが
今回の21.02ではpfSense CEにはないIntel QuickAssist Technologyのサポート
今後もNetgateアプライアンスにチューニングしたりいろいろ差別化していく予定とのこと
(ロードマップを今後発表予定)

既にNetgateアプライアンスをpfSense FEで利用している場合は
今回のアップデート機能でpfSense Plusにスイッチ可能ですが
NetgateアプライアンスにpfSense CEをインストールして利用している場合は
現時点では再インストールでスイッチする必要があるとのこと
pfSense CEからpfSense Plusへのアップデート機能は2021年中に実装予定みたいです

ちなみにAWSとAzureで利用できるpfSenseはpfSense FEなので
pfSense Plusを利用可能となります

アップデートの手順

今回はいつも通りpfSense CEからpfSense CEへのアップデートです

事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです

2.4.5_1から2.5.0へアップデートと表示出てるのを確認して「Confirm」を押す

無事に完了すると自動で再起動開始されます

最後に2.5.0の状態で設定をバックアップして完了

Update時の処理ログ

>>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: . done
Processing entries: . done
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: 
Processing entries............. done
pfSense repository update completed. 509 packages processed.
All repositories are up to date.
>>> Locking package pkg... done.
>>> Setting vital flag on pkg... done.
>>> Removing vital flag from php72... done.
>>> Unlocking package pkg... done.
>>> Downloading upgrade packages... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (101 candidates): .......... done
Processing candidates (101 candidates): .......... done
The following 216 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
    php72: 7.2.29
    php72-bcmath: 7.2.29
    php72-bz2: 7.2.29
    php72-ctype: 7.2.29
    php72-curl: 7.2.29
    php72-dom: 7.2.29
    php72-filter: 7.2.29
    php72-gettext: 7.2.29
    php72-hash: 7.2.29
    php72-intl: 7.2.29
    php72-json: 7.2.29
    php72-ldap: 7.2.29
    php72-mbstring: 7.2.29
    php72-opcache: 7.2.29
    php72-openssl: 7.2.29
    php72-openssl_x509_crl: 1.2
    php72-pcntl: 7.2.29
    php72-pdo: 7.2.29
    php72-pdo_sqlite: 7.2.29
    php72-pear: 1.10.6
    php72-pear-Auth_RADIUS: 1.1.0_4
    php72-pear-Cache_Lite: 1.7.16,1
    php72-pear-Crypt_CHAP: 1.5.0
    php72-pear-HTTP_Request2: 2.3.0,1
    php72-pear-Mail: 1.4.1,1
    php72-pear-Net_Growl: 2.7.0
    php72-pear-Net_IPv6: 1.3.0.b2_2
    php72-pear-Net_SMTP: 1.9.0
    php72-pear-Net_Socket: 1.0.14
    php72-pear-Net_URL2: 2.2.1
    php72-pear-XML_RPC2: 1.1.4
    php72-pecl-mcrypt: 1.0.3
    php72-pecl-radius: 1.4.0.b1
    php72-pecl-rrd: 2.0.1_1
    php72-pecl-zmq: 1.1.3_3
    php72-pfSense-module: 0.65
    php72-posix: 7.2.29
    php72-readline: 7.2.29
    php72-session: 7.2.29
    php72-shmop: 7.2.29
    php72-simplepie: 1.5.1_1
    php72-simplexml: 7.2.29
    php72-sockets: 7.2.29
    php72-sqlite3: 7.2.29
    php72-sysvmsg: 7.2.29
    php72-sysvsem: 7.2.29
    php72-sysvshm: 7.2.29
    php72-tokenizer: 7.2.29
    php72-xml: 7.2.29
    php72-xmlreader: 7.2.29
    php72-xmlwriter: 7.2.29
    php72-zlib: 7.2.29

New packages to be INSTALLED:
    ccid: 1.4.32 [pfSense]
    dbus: 1.12.20_3 [pfSense]
    iftop: 1.0.p4 [pfSense]
    libinotify: 20180201_2 [pfSense]
    libuv: 1.40.0 [pfSense]
    nss_ldap: 1.265_13 [pfSense]
    opensc: 0.21.0 [pfSense]
    pam_ldap: 186 [pfSense]
    pam_mkhomedir: 0.2 [pfSense]
    pcre2: 10.36 [pfSense]
    pcsc-lite: 1.9.0_1,2 [pfSense]
    php74: 7.4.15 [pfSense]
    php74-bcmath: 7.4.15 [pfSense]
    php74-bz2: 7.4.15 [pfSense]
    php74-ctype: 7.4.15 [pfSense]
    php74-curl: 7.4.15 [pfSense]
    php74-dom: 7.4.15 [pfSense]
    php74-filter: 7.4.15 [pfSense]
    php74-gettext: 7.4.15 [pfSense]
    php74-intl: 7.4.15 [pfSense]
    php74-json: 7.4.15 [pfSense]
    php74-ldap: 7.4.15 [pfSense]
    php74-mbstring: 7.4.15 [pfSense]
    php74-opcache: 7.4.15 [pfSense]
    php74-openssl: 7.4.15 [pfSense]
    php74-openssl_x509_crl: 1.3 [pfSense]
    php74-pcntl: 7.4.15 [pfSense]
    php74-pdo: 7.4.15 [pfSense]
    php74-pdo_sqlite: 7.4.15 [pfSense]
    php74-pear: 1.10.12 [pfSense]
    php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense]
    php74-pear-Cache_Lite: 1.7.16,1 [pfSense]
    php74-pear-Crypt_CHAP: 1.5.0 [pfSense]
    php74-pear-HTTP_Request2: 2.3.0,1 [pfSense]
    php74-pear-Mail: 1.4.1,1 [pfSense]
    php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense]
    php74-pear-Net_SMTP: 1.9.0 [pfSense]
    php74-pear-Net_Socket: 1.0.14 [pfSense]
    php74-pear-Net_URL2: 2.2.1 [pfSense]
    php74-pear-XML_RPC2: 1.1.4 [pfSense]
    php74-pecl-mcrypt: 1.0.4 [pfSense]
    php74-pecl-radius: 1.4.0.b1 [pfSense]
    php74-pecl-rrd: 2.0.1_1 [pfSense]
    php74-pecl-zmq: 1.1.3_3 [pfSense]
    php74-pfSense-module: 0.69_1 [pfSense]
    php74-phpseclib: 2.0.17 [pfSense]
    php74-posix: 7.4.15 [pfSense]
    php74-readline: 7.4.15 [pfSense]
    php74-session: 7.4.15 [pfSense]
    php74-shmop: 7.4.15 [pfSense]
    php74-simplepie: 1.5.1_1 [pfSense]
    php74-simplexml: 7.4.15 [pfSense]
    php74-sockets: 7.4.15 [pfSense]
    php74-sqlite3: 7.4.15 [pfSense]
    php74-sysvmsg: 7.4.15 [pfSense]
    php74-sysvsem: 7.4.15 [pfSense]
    php74-sysvshm: 7.4.15 [pfSense]
    php74-tokenizer: 7.4.15 [pfSense]
    php74-xml: 7.4.15 [pfSense]
    php74-xmlreader: 7.4.15 [pfSense]
    php74-xmlwriter: 7.4.15 [pfSense]
    php74-zlib: 7.4.15 [pfSense]
    wireguard-tools: 20210201 [pfSense]

Installed packages to be UPGRADED:
    bind-tools: 9.14.12 -> 9.16.11 [pfSense]
    bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense]
    ca_root_nss: 3.51 -> 3.58 [pfSense]
    check_reload_status: 0.0.8 -> 0.0.10_1 [pfSense]
    curl: 7.67.0 -> 7.74.0 [pfSense]
    devcpu-data: 1.28 -> 1.37 [pfSense]
    dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense]
    dhcpleases: 0.3_2 -> 0.5_1 [pfSense]
    dhcpleases6: 0.1_2 -> 0.1_3 [pfSense]
    dmidecode: 3.2 -> 3.3 [pfSense]
    dnsmasq: 2.80_4,1 -> 2.84,1 [pfSense]
    expat: 2.2.8 -> 2.2.10 [pfSense]
    filterdns: 2.0_3 -> 2.0_5 [pfSense]
    filterlog: 0.1_5 -> 0.1_6 [pfSense]
    gettext-runtime: 0.20.1 -> 0.21 [pfSense]
    glib: 2.56.3_7,1 -> 2.66.4_1,1 [pfSense]
    gmp: 6.1.2_1 -> 6.2.1 [pfSense]
    hostapd: 2.9 -> 2.9_2 [pfSense]
    icu: 65.1,1 -> 68.2,1 [pfSense]
    igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense]
    ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense]
    isc-dhcp44-client: 4.4.1_1 -> 4.4.2_1 [pfSense]
    isc-dhcp44-relay: 4.4.1 -> 4.4.2_1 [pfSense]
    isc-dhcp44-server: 4.4.1_4 -> 4.4.2_1 [pfSense]
    json-c: 0.14 -> 0.15_1 [pfSense]
    ldns: 1.7.1_1 -> 1.7.1_2 [pfSense]
    libedit: 3.1.20191211,1 -> 3.1.20191231,1 [pfSense]
    libevent: 2.1.11 -> 2.1.12 [pfSense]
    libffi: 3.2.1_3 -> 3.3_1 [pfSense]
    libgcrypt: 1.8.5 -> 1.8.7 [pfSense]
    libgpg-error: 1.36 -> 1.41 [pfSense]
    libiconv: 1.14_11 -> 1.16 [pfSense]
    liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense]
    libnghttp2: 1.40.0 -> 1.42.0 [pfSense]
    libxml2: 2.9.10 -> 2.9.10_2 [pfSense]
    libxslt: 1.1.34 -> 1.1.34_1 [pfSense]
    links: 2.16_2,1 -> 2.20.2_1,1 [pfSense]
    lua-resty-core: 0.1.17 -> 0.1.21_1 [pfSense]
    lua-resty-lrucache: 0.09 -> 0.10 [pfSense]
    luajit-openresty: 2.1.20190912_2 -> 2.1.20201027 [pfSense]
    miniupnpd: 2.1.20190210,1 -> 2.2.1,1 [pfSense]
    mpd5: 5.8_10 -> 5.9 [pfSense]
    nettle: 3.5.1_1 -> 3.6 [pfSense]
    nginx: 1.16.1_11,2 -> 1.18.0_45,2 [pfSense]
    norm: 1.5r6 -> 1.5r6_1 [pfSense]
    ntp: 4.2.8p14 -> 4.2.8p15 [pfSense]
    oniguruma: 6.9.3 -> 6.9.6 [pfSense]
    openldap-client: 2.4.48 -> 2.4.57 [pfSense]
    openvpn: 2.4.9 -> 2.5.0 [pfSense]
    pcre: 8.43_2 -> 8.44 [pfSense]
    perl5: 5.30.1 -> 5.32.1_1 [pfSense]
    pfSense: 2.4.5_1 -> 2.5.0 [pfSense]
    pfSense-Status_Monitoring: 1.7.11_1 -> 1.7.11_3 [pfSense]
    pfSense-base: 2.4.5_1 -> 2.5.0 [pfSense-core]
    pfSense-default-config: 2.4.5_1 -> 2.5.0 [pfSense-core]
    pfSense-kernel-pfSense: 2.4.5_1 -> 2.5.0 [pfSense-core]
    pfSense-rc: 2.4.5_1 -> 2.5.0 [pfSense-core]
    py37-setuptools: 41.4.0_1 -> 44.0.0 [pfSense]
    python37: 3.7.7 -> 3.7.9_1 [pfSense]
    radvd: 2.18_2 -> 2.19 [pfSense]
    rate: 0.9_1 -> 0.9_2 [pfSense]
    readline: 8.0.1 -> 8.0.4 [pfSense]
    rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense]
    smartmontools: 7.0_2 -> 7.2 [pfSense]
    sqlite3: 3.30.1 -> 3.34.0,1 [pfSense]
    ssh_tunnel_shell: 0.1_1 -> 0.2_1 [pfSense]
    sshguard: 2.4.0_4,1 -> 2.4.1,1 [pfSense]
    strongswan: 5.8.4 -> 5.9.1 [pfSense]
    unbound: 1.10.1 -> 1.13.0_2 [pfSense]
    wpa_supplicant: 2.9 -> 2.9_7 [pfSense]
    wrapalixresetbutton: 0.0.7 -> 0.0.7_1 [pfSense]

Installed packages to be REINSTALLED:
    beep-1.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    bwi-firmware-kmod-3.130.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    cpdup-1.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    dpinger-3.0 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    expiretable-0.6_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libargon2-20190702 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libdaemon-0.14_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libidn2-2.3.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libmcrypt-2.5.8_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libunistring-0.9.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libzmq4-4.3.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    mobile-broadband-provider-info-20190618_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    py37-ply-3.11 [pfSense] (ABI changed: 'freebsd:11:*' -> 'freebsd:12:*')
    qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    scponly-4.8.20110526_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')

Number of packages to be removed: 52
Number of packages to be installed: 63
Number of packages to be upgraded: 71
Number of packages to be reinstalled: 30

The process will require 76 MiB more space.
173 MiB to be downloaded.
[1/164] Fetching xinetd-2.3.15_2.txz: .......... done
[2/164] Fetching wrapalixresetbutton-0.0.7_1.txz: . done
[3/164] Fetching wpa_supplicant-2.9_7.txz: .......... done
[4/164] Fetching wol-0.7.1_4.txz: .... done
[5/164] Fetching vstr-1.0.15_1.txz: .......... done
[6/164] Fetching voucher-0.1_2.txz: . done
[7/164] Fetching unbound-1.13.0_2.txz: .......... done
[8/164] Fetching uclcmd-0.1_3.txz: ... done
[9/164] Fetching strongswan-5.9.1.txz: .......... done
[10/164] Fetching sshguard-2.4.1,1.txz: .......... done
[11/164] Fetching ssh_tunnel_shell-0.2_1.txz: .......... done
[12/164] Fetching sqlite3-3.34.0,1.txz: .......... done
[13/164] Fetching smartmontools-7.2.txz: .......... done
[14/164] Fetching scponly-4.8.20110526_4.txz: ... done
[15/164] Fetching rrdtool-1.7.2_4.txz: .......... done
[16/164] Fetching readline-8.0.4.txz: .......... done
[17/164] Fetching rate-0.9_2.txz: ....... done
[18/164] Fetching radvd-2.19.txz: ....... done
[19/164] Fetching qstats-0.2.txz: . done
[20/164] Fetching python37-3.7.9_1.txz: .......... done
[21/164] Fetching py37-setuptools-44.0.0.txz: .......... done
[22/164] Fetching py37-ply-3.11.txz: .......... done
[23/164] Fetching pftop-0.7_9.txz: ........ done
[24/164] Fetching pfSense-rc-2.5.0.txz: .. done
[25/164] Fetching pfSense-kernel-pfSense-2.5.0.txz: .......... done
[26/164] Fetching pfSense-default-config-2.5.0.txz: . done
[27/164] Fetching pfSense-base-2.5.0.txz: .......... done
[28/164] Fetching pfSense-Status_Monitoring-1.7.11_3.txz: ... done
[29/164] Fetching pfSense-2.5.0.txz: . done
[30/164] Fetching perl5-5.32.1_1.txz: .......... done
[31/164] Fetching pcre-8.44.txz: .......... done
[32/164] Fetching openvpn-auth-script-1.0.0.3.txz: . done
[33/164] Fetching openvpn-2.5.0.txz: .......... done
[34/164] Fetching openldap-client-2.4.57.txz: .......... done
[35/164] Fetching oniguruma-6.9.6.txz: .......... done
[36/164] Fetching ntp-4.2.8p15.txz: .......... done
[37/164] Fetching norm-1.5r6_1.txz: .......... done
[38/164] Fetching nginx-1.18.0_45,2.txz: .......... done
[39/164] Fetching nettle-3.6.txz: .......... done
[40/164] Fetching mpd5-5.9.txz: .......... done
[41/164] Fetching mobile-broadband-provider-info-20190618_1.txz: ........ done
[42/164] Fetching miniupnpd-2.2.1,1.txz: ......... done
[43/164] Fetching minicron-0.0.2.txz: . done
[44/164] Fetching lzo2-2.10_1.txz: .......... done
[45/164] Fetching luajit-openresty-2.1.20201027.txz: .......... done
[46/164] Fetching lua-resty-lrucache-0.10.txz: . done
[47/164] Fetching lua-resty-core-0.1.21_1.txz: .... done
[48/164] Fetching links-2.20.2_1,1.txz: .......... done
[49/164] Fetching libzmq4-4.3.1_1.txz: .......... done
[50/164] Fetching libxslt-1.1.34_1.txz: .......... done
[51/164] Fetching libxml2-2.9.10_2.txz: .......... done
[52/164] Fetching libunistring-0.9.10_1.txz: .......... done
[53/164] Fetching libucl-0.8.1.txz: .......... done
[54/164] Fetching libnghttp2-1.42.0.txz: .......... done
[55/164] Fetching libmcrypt-2.5.8_3.txz: .......... done
[56/164] Fetching liblz4-1.9.3,1.txz: .......... done
[57/164] Fetching libltdl-2.4.6.txz: ..... done
[58/164] Fetching libidn2-2.3.0_1.txz: .......... done
[59/164] Fetching libiconv-1.16.txz: .......... done
[60/164] Fetching libgpg-error-1.41.txz: .......... done
[61/164] Fetching libgcrypt-1.8.7.txz: .......... done
[62/164] Fetching libffi-3.3_1.txz: ..... done
[63/164] Fetching libevent-2.1.12.txz: .......... done
[64/164] Fetching libedit-3.1.20191231,1.txz: .......... done
[65/164] Fetching libdaemon-0.14_1.txz: .... done
[66/164] Fetching libargon2-20190702.txz: ......... done
[67/164] Fetching ldns-1.7.1_2.txz: .......... done
[68/164] Fetching json-c-0.15_1.txz: ........ done
[69/164] Fetching isc-dhcp44-server-4.4.2_1.txz: .......... done
[70/164] Fetching isc-dhcp44-relay-4.4.2_1.txz: .......... done
[71/164] Fetching isc-dhcp44-client-4.4.2_1.txz: .......... done
[72/164] Fetching ipmitool-1.8.18_3.txz: .......... done
[73/164] Fetching indexinfo-0.3.1.txz: . done
[74/164] Fetching igmpproxy-0.3,1.txz: ... done
[75/164] Fetching icu-68.2,1.txz: .......... done
[76/164] Fetching hostapd-2.9_2.txz: .......... done
[77/164] Fetching gmp-6.2.1.txz: .......... done
[78/164] Fetching glib-2.66.4_1,1.txz: .......... done
[79/164] Fetching gettext-runtime-0.21.txz: .......... done
[80/164] Fetching filterlog-0.1_6.txz: .. done
[81/164] Fetching filterdns-2.0_5.txz: ... done
[82/164] Fetching expiretable-0.6_1.txz: . done
[83/164] Fetching expat-2.2.10.txz: .......... done
[84/164] Fetching dpinger-3.0.txz: .. done
[85/164] Fetching dnsmasq-2.84,1.txz: .......... done
[86/164] Fetching dmidecode-3.3.txz: ........ done
[87/164] Fetching dhcpleases6-0.1_3.txz: .. done
[88/164] Fetching dhcpleases-0.5_1.txz: .. done
[89/164] Fetching dhcp6-20080615.2_4.txz: .......... done
[90/164] Fetching devcpu-data-1.37.txz: .......... done
[91/164] Fetching curl-7.74.0.txz: .......... done
[92/164] Fetching cpustats-0.1_1.txz: . done
[93/164] Fetching cpdup-1.20.txz: .... done
[94/164] Fetching choparp-20150613.txz: . done
[95/164] Fetching check_reload_status-0.0.10_1.txz: ..... done
[96/164] Fetching ca_root_nss-3.58.txz: .......... done
[97/164] Fetching bwi-firmware-kmod-3.130.20.txz: ... done
[98/164] Fetching bsnmp-ucd-0.4.5.txz: ... done
[99/164] Fetching bsnmp-regex-0.6_2.txz: ... done
[100/164] Fetching bind-tools-9.16.11.txz: .......... done
[101/164] Fetching beep-1.0_1.txz: . done
[102/164] Fetching dbus-1.12.20_3.txz: .......... done
[103/164] Fetching php74-7.4.15.txz: .......... done
[104/164] Fetching pcre2-10.36.txz: .......... done
[105/164] Fetching php74-pecl-rrd-2.0.1_1.txz: .. done
[106/164] Fetching php74-simplepie-1.5.1_1.txz: ......... done
[107/164] Fetching php74-curl-7.4.15.txz: .... done
[108/164] Fetching php74-tokenizer-7.4.15.txz: .. done
[109/164] Fetching php74-mbstring-7.4.15.txz: .......... done
[110/164] Fetching php74-session-7.4.15.txz: ..... done
[111/164] Fetching php74-opcache-7.4.15.txz: .......... done
[112/164] Fetching php74-xmlwriter-7.4.15.txz: .. done
[113/164] Fetching php74-xmlreader-7.4.15.txz: .. done
[114/164] Fetching php74-dom-7.4.15.txz: ....... done
[115/164] Fetching php74-xml-7.4.15.txz: ... done
[116/164] Fetching php74-simplexml-7.4.15.txz: ... done
[117/164] Fetching php74-ctype-7.4.15.txz: . done
[118/164] Fetching php74-posix-7.4.15.txz: .. done
[119/164] Fetching wireguard-tools-20210201.txz: ...... done
[120/164] Fetching php74-phpseclib-2.0.17.txz: .......... done
[121/164] Fetching php74-openssl-7.4.15.txz: ........ done
[122/164] Fetching php74-filter-7.4.15.txz: ... done
[123/164] Fetching php74-openssl_x509_crl-1.3.txz: .. done
[124/164] Fetching php74-bcmath-7.4.15.txz: ... done
[125/164] Fetching php74-pecl-mcrypt-1.0.4.txz: .. done
[126/164] Fetching php74-pear-Crypt_CHAP-1.5.0.txz: . done
[127/164] Fetching php74-pear-1.10.12.txz: .......... done
[128/164] Fetching php74-zlib-7.4.15.txz: ... done
[129/164] Fetching pam_mkhomedir-0.2.txz: . done
[130/164] Fetching pam_ldap-186.txz: ..... done
[131/164] Fetching opensc-0.21.0.txz: .......... done
[132/164] Fetching pcsc-lite-1.9.0_1,2.txz: .......... done
[133/164] Fetching php74-sockets-7.4.15.txz: ..... done
[134/164] Fetching php74-ldap-7.4.15.txz: .... done
[135/164] Fetching php74-pecl-zmq-1.1.3_3.txz: .... done
[136/164] Fetching php74-pecl-radius-1.4.0.b1.txz: ... done
[137/164] Fetching php74-pear-XML_RPC2-1.1.4.txz: ........ done
[138/164] Fetching php74-pear-HTTP_Request2-2.3.0,1.txz: .......... done
[139/164] Fetching php74-pear-Net_URL2-2.2.1.txz: ... done
[140/164] Fetching php74-pear-Cache_Lite-1.7.16,1.txz: .... done
[141/164] Fetching php74-pear-Net_IPv6-1.3.0.b2_2.txz: .. done
[142/164] Fetching php74-pear-Auth_RADIUS-1.1.0_4.txz: .. done
[143/164] Fetching nss_ldap-1.265_13.txz: ....... done
[144/164] Fetching iftop-1.0.p4.txz: ..... done
[145/164] Fetching php74-pear-Mail-1.4.1,1.txz: ... done
[146/164] Fetching php74-pear-Net_SMTP-1.9.0.txz: .. done
[147/164] Fetching php74-pear-Net_Socket-1.0.14.txz: . done
[148/164] Fetching php74-sysvshm-7.4.15.txz: . done
[149/164] Fetching php74-sysvsem-7.4.15.txz: . done
[150/164] Fetching php74-sysvmsg-7.4.15.txz: . done
[151/164] Fetching php74-shmop-7.4.15.txz: . done
[152/164] Fetching php74-readline-7.4.15.txz: .. done
[153/164] Fetching php74-pcntl-7.4.15.txz: .. done
[154/164] Fetching php74-json-7.4.15.txz: ... done
[155/164] Fetching php74-intl-7.4.15.txz: .......... done
[156/164] Fetching php74-gettext-7.4.15.txz: . done
[157/164] Fetching php74-pfSense-module-0.69_1.txz: ...... done
[158/164] Fetching ccid-1.4.32.txz: ........ done
[159/164] Fetching php74-sqlite3-7.4.15.txz: ... done
[160/164] Fetching php74-pdo_sqlite-7.4.15.txz: .. done
[161/164] Fetching php74-pdo-7.4.15.txz: ...... done
[162/164] Fetching php74-bz2-7.4.15.txz: .. done
[163/164] Fetching libinotify-20180201_2.txz: .... done
[164/164] Fetching libuv-1.40.0.txz: .......... done
Checking integrity... done (51 conflicting)
  - php74-7.4.15 [pfSense] conflicts with php72-7.2.29 [installed] on /usr/local/bin/php
  - php74-7.4.15 [pfSense] conflicts with php72-hash-7.2.29 [installed] on /usr/local/include/php/ext/hash/php_hash.h
  - php74-pecl-rrd-2.0.1_1 [pfSense] conflicts with php72-pecl-rrd-2.0.1_1 [installed] on /usr/local/include/php/ext/rrd/rrd_info.h
  - php74-simplepie-1.5.1_1 [pfSense] conflicts with php72-simplepie-1.5.1_1 [installed] on /usr/local/www/simplepie/simplepie.inc
  - php74-curl-7.4.15 [pfSense] conflicts with php72-curl-7.2.29 [installed] on /usr/local/include/php/ext/curl/config.h
  - php74-tokenizer-7.4.15 [pfSense] conflicts with php72-tokenizer-7.2.29 [installed] on /usr/local/include/php/ext/tokenizer/config.h
  - php74-mbstring-7.4.15 [pfSense] conflicts with php72-mbstring-7.2.29 [installed] on /usr/local/include/php/ext/mbstring/php_mbregex.h
  - php74-session-7.4.15 [pfSense] conflicts with php72-session-7.2.29 [installed] on /usr/local/include/php/ext/session/php_session.h
  - php74-opcache-7.4.15 [pfSense] conflicts with php72-opcache-7.2.29 [installed] on /usr/local/include/php/ext/opcache/zend_file_cache.h
  - php74-xmlwriter-7.4.15 [pfSense] conflicts with php72-xmlwriter-7.2.29 [installed] on /usr/local/include/php/ext/xmlwriter/config.h
  - php74-xmlreader-7.4.15 [pfSense] conflicts with php72-xmlreader-7.2.29 [installed] on /usr/local/include/php/ext/xmlreader/config.h
  - php74-dom-7.4.15 [pfSense] conflicts with php72-dom-7.2.29 [installed] on /usr/local/include/php/ext/dom/dom_ce.h
  - php74-xml-7.4.15 [pfSense] conflicts with php72-xml-7.2.29 [installed] on /usr/local/include/php/ext/xml/php_xml.h
  - php74-simplexml-7.4.15 [pfSense] conflicts with php72-simplexml-7.2.29 [installed] on /usr/local/include/php/ext/simplexml/php_simplexml.h
  - php74-ctype-7.4.15 [pfSense] conflicts with php72-ctype-7.2.29 [installed] on /usr/local/include/php/ext/ctype/config.h
  - php74-posix-7.4.15 [pfSense] conflicts with php72-posix-7.2.29 [installed] on /usr/local/include/php/ext/posix/config.h
  - php74-openssl-7.4.15 [pfSense] conflicts with php72-openssl-7.2.29 [installed] on /usr/local/include/php/ext/openssl/config.h
  - php74-filter-7.4.15 [pfSense] conflicts with php72-filter-7.2.29 [installed] on /usr/local/include/php/ext/filter/filter_private.h
  - php74-openssl_x509_crl-1.3 [pfSense] conflicts with php72-openssl_x509_crl-1.2 [installed] on /usr/local/share/openssl_x509_crl/ASN1.php
  - php74-bcmath-7.4.15 [pfSense] conflicts with php72-bcmath-7.2.29 [installed] on /usr/local/include/php/ext/bcmath/config.h
  - php74-pecl-mcrypt-1.0.4 [pfSense] conflicts with php72-pecl-mcrypt-1.0.3 [installed] on /usr/local/include/php/ext/mcrypt/php_mcrypt.h
  - php74-pear-Crypt_CHAP-1.5.0 [pfSense] conflicts with php72-pear-Crypt_CHAP-1.5.0 [installed] on /usr/local/share/pear/Crypt/CHAP.php
  - php74-pear-1.10.12 [pfSense] conflicts with php72-pear-1.10.6 [installed] on /usr/local/bin/pear
  - php74-zlib-7.4.15 [pfSense] conflicts with php72-zlib-7.2.29 [installed] on /usr/local/include/php/ext/zlib/php_zlib.h
  - php74-sockets-7.4.15 [pfSense] conflicts with php72-sockets-7.2.29 [installed] on /usr/local/include/php/ext/sockets/sendrecvmsg.h
  - php74-ldap-7.4.15 [pfSense] conflicts with php72-ldap-7.2.29 [installed] on /usr/local/include/php/ext/ldap/config.h
  - php74-pecl-zmq-1.1.3_3 [pfSense] conflicts with php72-pecl-zmq-1.1.3_3 [installed] on /usr/local/include/php/ext/zmq/php_zmq_pollset.h
  - php74-pecl-radius-1.4.0.b1 [pfSense] conflicts with php72-pecl-radius-1.4.0.b1 [installed] on /usr/local/include/php/ext/radius/radius_init_const.h
  - php74-pear-XML_RPC2-1.1.4 [pfSense] conflicts with php72-pear-XML_RPC2-1.1.4 [installed] on /usr/local/share/doc/pear/XML_RPC2/docs/Makefile
  - php74-pear-HTTP_Request2-2.3.0,1 [pfSense] conflicts with php72-pear-HTTP_Request2-2.3.0,1 [installed] on /usr/local/share/doc/pear/HTTP_Request2/LICENSE
  - php74-pear-Net_URL2-2.2.1 [pfSense] conflicts with php72-pear-Net_URL2-2.2.1 [installed] on /usr/local/share/doc/pear/Net_URL2/docs/6470.php
  - php74-pear-Cache_Lite-1.7.16,1 [pfSense] conflicts with php72-pear-Cache_Lite-1.7.16,1 [installed] on /usr/local/share/doc/pear/Cache_Lite/LICENSE
  - php74-pear-Net_IPv6-1.3.0.b2_2 [pfSense] conflicts with php72-pear-Net_IPv6-1.3.0.b2_2 [installed] on /usr/local/share/pear/Net/IPv6.php
  - php74-pear-Auth_RADIUS-1.1.0_4 [pfSense] conflicts with php72-pear-Auth_RADIUS-1.1.0_4 [installed] on /usr/local/share/doc/pear/Auth_RADIUS/examples/radius-acct.php
  - php74-pear-Mail-1.4.1,1 [pfSense] conflicts with php72-pear-Mail-1.4.1,1 [installed] on /usr/local/share/doc/pear/Mail/LICENSE
  - php74-pear-Net_SMTP-1.9.0 [pfSense] conflicts with php72-pear-Net_SMTP-1.9.0 [installed] on /usr/local/share/doc/pear/Net_SMTP/LICENSE
  - php74-pear-Net_Socket-1.0.14 [pfSense] conflicts with php72-pear-Net_Socket-1.0.14 [installed] on /usr/local/share/pear/Net/Socket.php
  - php74-sysvshm-7.4.15 [pfSense] conflicts with php72-sysvshm-7.2.29 [installed] on /usr/local/include/php/ext/sysvshm/php_sysvshm.h
  - php74-sysvsem-7.4.15 [pfSense] conflicts with php72-sysvsem-7.2.29 [installed] on /usr/local/include/php/ext/sysvsem/php_sysvsem.h
  - php74-sysvmsg-7.4.15 [pfSense] conflicts with php72-sysvmsg-7.2.29 [installed] on /usr/local/include/php/ext/sysvmsg/config.h
  - php74-shmop-7.4.15 [pfSense] conflicts with php72-shmop-7.2.29 [installed] on /usr/local/include/php/ext/shmop/php_shmop.h
  - php74-readline-7.4.15 [pfSense] conflicts with php72-readline-7.2.29 [installed] on /usr/local/include/php/ext/readline/readline_cli.h
  - php74-pcntl-7.4.15 [pfSense] conflicts with php72-pcntl-7.2.29 [installed] on /usr/local/include/php/ext/pcntl/php_pcntl.h
  - php74-json-7.4.15 [pfSense] conflicts with php72-json-7.2.29 [installed] on /usr/local/include/php/ext/json/php_json_encoder.h
  - php74-intl-7.4.15 [pfSense] conflicts with php72-intl-7.2.29 [installed] on /usr/local/include/php/ext/intl/intl_error.h
  - php74-gettext-7.4.15 [pfSense] conflicts with php72-gettext-7.2.29 [installed] on /usr/local/include/php/ext/gettext/php_gettext.h
  - php74-pfSense-module-0.69_1 [pfSense] conflicts with php72-pfSense-module-0.65 [installed] on /usr/local/include/php/ext/pfSense/php_pfSense.h
  - php74-sqlite3-7.4.15 [pfSense] conflicts with php72-sqlite3-7.2.29 [installed] on /usr/local/include/php/ext/sqlite3/config.h
  - php74-pdo_sqlite-7.4.15 [pfSense] conflicts with php72-pdo_sqlite-7.2.29 [installed] on /usr/local/include/php/ext/pdo_sqlite/php_pdo_sqlite.h
  - php74-pdo-7.4.15 [pfSense] conflicts with php72-pdo-7.2.29 [installed] on /usr/local/include/php/ext/pdo/php_pdo.h
  - php74-bz2-7.4.15 [pfSense] conflicts with php72-bz2-7.2.29 [installed] on /usr/local/include/php/ext/bz2/php_bz2.h
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 216 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
    php72: 7.2.29
    php72-bcmath: 7.2.29
    php72-bz2: 7.2.29
    php72-ctype: 7.2.29
    php72-curl: 7.2.29
    php72-dom: 7.2.29
    php72-filter: 7.2.29
    php72-gettext: 7.2.29
    php72-hash: 7.2.29
    php72-intl: 7.2.29
    php72-json: 7.2.29
    php72-ldap: 7.2.29
    php72-mbstring: 7.2.29
    php72-opcache: 7.2.29
    php72-openssl: 7.2.29
    php72-openssl_x509_crl: 1.2
    php72-pcntl: 7.2.29
    php72-pdo: 7.2.29
    php72-pdo_sqlite: 7.2.29
    php72-pear: 1.10.6
    php72-pear-Auth_RADIUS: 1.1.0_4
    php72-pear-Cache_Lite: 1.7.16,1
    php72-pear-Crypt_CHAP: 1.5.0
    php72-pear-HTTP_Request2: 2.3.0,1
    php72-pear-Mail: 1.4.1,1
    php72-pear-Net_Growl: 2.7.0
    php72-pear-Net_IPv6: 1.3.0.b2_2
    php72-pear-Net_SMTP: 1.9.0
    php72-pear-Net_Socket: 1.0.14
    php72-pear-Net_URL2: 2.2.1
    php72-pear-XML_RPC2: 1.1.4
    php72-pecl-mcrypt: 1.0.3
    php72-pecl-radius: 1.4.0.b1
    php72-pecl-rrd: 2.0.1_1
    php72-pecl-zmq: 1.1.3_3
    php72-pfSense-module: 0.65
    php72-posix: 7.2.29
    php72-readline: 7.2.29
    php72-session: 7.2.29
    php72-shmop: 7.2.29
    php72-simplepie: 1.5.1_1
    php72-simplexml: 7.2.29
    php72-sockets: 7.2.29
    php72-sqlite3: 7.2.29
    php72-sysvmsg: 7.2.29
    php72-sysvsem: 7.2.29
    php72-sysvshm: 7.2.29
    php72-tokenizer: 7.2.29
    php72-xml: 7.2.29
    php72-xmlreader: 7.2.29
    php72-xmlwriter: 7.2.29
    php72-zlib: 7.2.29

New packages to be INSTALLED:
    ccid: 1.4.32 [pfSense]
    dbus: 1.12.20_3 [pfSense]
    iftop: 1.0.p4 [pfSense]
    libinotify: 20180201_2 [pfSense]
    libuv: 1.40.0 [pfSense]
    nss_ldap: 1.265_13 [pfSense]
    opensc: 0.21.0 [pfSense]
    pam_ldap: 186 [pfSense]
    pam_mkhomedir: 0.2 [pfSense]
    pcre2: 10.36 [pfSense]
    pcsc-lite: 1.9.0_1,2 [pfSense]
    php74: 7.4.15 [pfSense]
    php74-bcmath: 7.4.15 [pfSense]
    php74-bz2: 7.4.15 [pfSense]
    php74-ctype: 7.4.15 [pfSense]
    php74-curl: 7.4.15 [pfSense]
    php74-dom: 7.4.15 [pfSense]
    php74-filter: 7.4.15 [pfSense]
    php74-gettext: 7.4.15 [pfSense]
    php74-intl: 7.4.15 [pfSense]
    php74-json: 7.4.15 [pfSense]
    php74-ldap: 7.4.15 [pfSense]
    php74-mbstring: 7.4.15 [pfSense]
    php74-opcache: 7.4.15 [pfSense]
    php74-openssl: 7.4.15 [pfSense]
    php74-openssl_x509_crl: 1.3 [pfSense]
    php74-pcntl: 7.4.15 [pfSense]
    php74-pdo: 7.4.15 [pfSense]
    php74-pdo_sqlite: 7.4.15 [pfSense]
    php74-pear: 1.10.12 [pfSense]
    php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense]
    php74-pear-Cache_Lite: 1.7.16,1 [pfSense]
    php74-pear-Crypt_CHAP: 1.5.0 [pfSense]
    php74-pear-HTTP_Request2: 2.3.0,1 [pfSense]
    php74-pear-Mail: 1.4.1,1 [pfSense]
    php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense]
    php74-pear-Net_SMTP: 1.9.0 [pfSense]
    php74-pear-Net_Socket: 1.0.14 [pfSense]
    php74-pear-Net_URL2: 2.2.1 [pfSense]
    php74-pear-XML_RPC2: 1.1.4 [pfSense]
    php74-pecl-mcrypt: 1.0.4 [pfSense]
    php74-pecl-radius: 1.4.0.b1 [pfSense]
    php74-pecl-rrd: 2.0.1_1 [pfSense]
    php74-pecl-zmq: 1.1.3_3 [pfSense]
    php74-pfSense-module: 0.69_1 [pfSense]
    php74-phpseclib: 2.0.17 [pfSense]
    php74-posix: 7.4.15 [pfSense]
    php74-readline: 7.4.15 [pfSense]
    php74-session: 7.4.15 [pfSense]
    php74-shmop: 7.4.15 [pfSense]
    php74-simplepie: 1.5.1_1 [pfSense]
    php74-simplexml: 7.4.15 [pfSense]
    php74-sockets: 7.4.15 [pfSense]
    php74-sqlite3: 7.4.15 [pfSense]
    php74-sysvmsg: 7.4.15 [pfSense]
    php74-sysvsem: 7.4.15 [pfSense]
    php74-sysvshm: 7.4.15 [pfSense]
    php74-tokenizer: 7.4.15 [pfSense]
    php74-xml: 7.4.15 [pfSense]
    php74-xmlreader: 7.4.15 [pfSense]
    php74-xmlwriter: 7.4.15 [pfSense]
    php74-zlib: 7.4.15 [pfSense]
    wireguard-tools: 20210201 [pfSense]

Installed packages to be UPGRADED:
    bind-tools: 9.14.12 -> 9.16.11 [pfSense]
    bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense]
    ca_root_nss: 3.51 -> 3.58 [pfSense]
    check_reload_status: 0.0.8 -> 0.0.10_1 [pfSense]
    curl: 7.67.0 -> 7.74.0 [pfSense]
    devcpu-data: 1.28 -> 1.37 [pfSense]
    dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense]
    dhcpleases: 0.3_2 -> 0.5_1 [pfSense]
    dhcpleases6: 0.1_2 -> 0.1_3 [pfSense]
    dmidecode: 3.2 -> 3.3 [pfSense]
    dnsmasq: 2.80_4,1 -> 2.84,1 [pfSense]
    expat: 2.2.8 -> 2.2.10 [pfSense]
    filterdns: 2.0_3 -> 2.0_5 [pfSense]
    filterlog: 0.1_5 -> 0.1_6 [pfSense]
    gettext-runtime: 0.20.1 -> 0.21 [pfSense]
    glib: 2.56.3_7,1 -> 2.66.4_1,1 [pfSense]
    gmp: 6.1.2_1 -> 6.2.1 [pfSense]
    hostapd: 2.9 -> 2.9_2 [pfSense]
    icu: 65.1,1 -> 68.2,1 [pfSense]
    igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense]
    ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense]
    isc-dhcp44-client: 4.4.1_1 -> 4.4.2_1 [pfSense]
    isc-dhcp44-relay: 4.4.1 -> 4.4.2_1 [pfSense]
    isc-dhcp44-server: 4.4.1_4 -> 4.4.2_1 [pfSense]
    json-c: 0.14 -> 0.15_1 [pfSense]
    ldns: 1.7.1_1 -> 1.7.1_2 [pfSense]
    libedit: 3.1.20191211,1 -> 3.1.20191231,1 [pfSense]
    libevent: 2.1.11 -> 2.1.12 [pfSense]
    libffi: 3.2.1_3 -> 3.3_1 [pfSense]
    libgcrypt: 1.8.5 -> 1.8.7 [pfSense]
    libgpg-error: 1.36 -> 1.41 [pfSense]
    libiconv: 1.14_11 -> 1.16 [pfSense]
    liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense]
    libnghttp2: 1.40.0 -> 1.42.0 [pfSense]
    libxml2: 2.9.10 -> 2.9.10_2 [pfSense]
    libxslt: 1.1.34 -> 1.1.34_1 [pfSense]
    links: 2.16_2,1 -> 2.20.2_1,1 [pfSense]
    lua-resty-core: 0.1.17 -> 0.1.21_1 [pfSense]
    lua-resty-lrucache: 0.09 -> 0.10 [pfSense]
    luajit-openresty: 2.1.20190912_2 -> 2.1.20201027 [pfSense]
    miniupnpd: 2.1.20190210,1 -> 2.2.1,1 [pfSense]
    mpd5: 5.8_10 -> 5.9 [pfSense]
    nettle: 3.5.1_1 -> 3.6 [pfSense]
    nginx: 1.16.1_11,2 -> 1.18.0_45,2 [pfSense]
    norm: 1.5r6 -> 1.5r6_1 [pfSense]
    ntp: 4.2.8p14 -> 4.2.8p15 [pfSense]
    oniguruma: 6.9.3 -> 6.9.6 [pfSense]
    openldap-client: 2.4.48 -> 2.4.57 [pfSense]
    openvpn: 2.4.9 -> 2.5.0 [pfSense]
    pcre: 8.43_2 -> 8.44 [pfSense]
    perl5: 5.30.1 -> 5.32.1_1 [pfSense]
    pfSense: 2.4.5_1 -> 2.5.0 [pfSense]
    pfSense-Status_Monitoring: 1.7.11_1 -> 1.7.11_3 [pfSense]
    pfSense-base: 2.4.5_1 -> 2.5.0 [pfSense-core]
    pfSense-default-config: 2.4.5_1 -> 2.5.0 [pfSense-core]
    pfSense-kernel-pfSense: 2.4.5_1 -> 2.5.0 [pfSense-core]
    pfSense-rc: 2.4.5_1 -> 2.5.0 [pfSense-core]
    py37-setuptools: 41.4.0_1 -> 44.0.0 [pfSense]
    python37: 3.7.7 -> 3.7.9_1 [pfSense]
    radvd: 2.18_2 -> 2.19 [pfSense]
    rate: 0.9_1 -> 0.9_2 [pfSense]
    readline: 8.0.1 -> 8.0.4 [pfSense]
    rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense]
    smartmontools: 7.0_2 -> 7.2 [pfSense]
    sqlite3: 3.30.1 -> 3.34.0,1 [pfSense]
    ssh_tunnel_shell: 0.1_1 -> 0.2_1 [pfSense]
    sshguard: 2.4.0_4,1 -> 2.4.1,1 [pfSense]
    strongswan: 5.8.4 -> 5.9.1 [pfSense]
    unbound: 1.10.1 -> 1.13.0_2 [pfSense]
    wpa_supplicant: 2.9 -> 2.9_7 [pfSense]
    wrapalixresetbutton: 0.0.7 -> 0.0.7_1 [pfSense]

Installed packages to be REINSTALLED:
    beep-1.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    bwi-firmware-kmod-3.130.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    cpdup-1.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    dpinger-3.0 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    expiretable-0.6_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libargon2-20190702 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libdaemon-0.14_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libidn2-2.3.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libmcrypt-2.5.8_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libunistring-0.9.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    libzmq4-4.3.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    mobile-broadband-provider-info-20190618_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    py37-ply-3.11 [pfSense] (ABI changed: 'freebsd:11:*' -> 'freebsd:12:*')
    qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    scponly-4.8.20110526_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
    xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')

Number of packages to be removed: 52
Number of packages to be installed: 63
Number of packages to be upgraded: 71
Number of packages to be reinstalled: 30

The process will require 76 MiB more space.
>>> Downloading pkg... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
    pkg-1.16.1 [pfSense]

Number of packages to be reinstalled: 1
>>> Locking package pkg... done.
>>> Upgrading pfSense-rc... 
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    pfSense-rc: 2.4.5_1 -> 2.5.0 [pfSense-core]

Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-rc from 2.4.5_1 to 2.5.0...
[1/1] Extracting pfSense-rc-2.5.0: ...... done
>>> Upgrading pfSense kernel... 
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    pfSense-kernel-pfSense: 2.4.5_1 -> 2.5.0 [pfSense-core]

Number of packages to be upgraded: 1

The process will require 14 MiB more space.
[1/1] Upgrading pfSense-kernel-pfSense from 2.4.5_1 to 2.5.0...
[1/1] Extracting pfSense-kernel-pfSense-2.5.0: .......... done
===> Keeping a copy of current kernel in /boot/kernel.old
>>> Removing unnecessary packages... done.
System is going to be upgraded.  Rebooting in 10 seconds.
>>> Unlocking package pkg... done.
Success