pfSense CEをアップデート 2.5.2→2.6.0

pfSense CEをアップデートした記録 2.5.2→2.6.0

アップデート内容確認

pfSense CE 2.5.2からpfSense CE 2.6.0にアップデートします

変更点を確認
https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html

Security
    This release includes corrections for the following vulnerabilities in pfSense software:
        pfSense-SA-22_01.webgui (File overwrite in services_ntpd_gps.php, #12191)
        pfSense-SA-22_02.webgui (Potential vulnerabilities with route collection on diag_routes.php , #12257)
        pfSense-SA-22_03.webgui (Potential vulnerabilities in OpenVPN form validation, #12677)
        pfSense-SA-22_04.webgui (XSS in pkg.php, #12725)

Errata
    There is a patch available to improve NAT behavior for UPnP and multiple game consoles or clients playing the same game but the fix was discovered too late for it to be included in 22.01/2.6.0. For additional details and instructions on how to apply the patch, see Redmine issue #7727 note #74 and #75, the Github commit, and the forum thread for testing feedback.

General
    This release contains several significant changes to IPsec for stability and performance. Read the IPsec section of this document carefully.
        Warning
            IPsec VTI interface names have changed in this release. Configurations will be updated automatically where possible to use the new names.
            Check the interface names of assigned VTI instances under Interfaces > Assignments to ensure they are correct after the upgrade completes.
            If any third party software configurations or other manual changes referenced the old IPsec VTI interface names directly (e.g. ipsecNNNN) they must be updated to the new format.
    ZFS is now the default filesystem for new installations of pfSense Plus and pfSense CE software on all platforms which support booting from ZFS.
        It is not possible to change from UFS to ZFS in place, a reinstallation of pfSense Plus or CE is required to migrate from UFS use ZFS.
        The ZFS pool name and datasets have also been updated and optimized. Users who were already using ZFS may want to reinstall as well to ensure they have the most optimal disk layout.
        pfSense Plus software has a new ZFS dashboard widget to track the status of disks using ZFS.
    Log Compression for rotation of System Logs is now disabled by default for new ZFS installations as ZFS performs its own compression.
        Tip
            The best practice is to disable Log Compression for rotation of System Logs manually for not only existing ZFS installations, but also for any system with slower CPUs. This setting can be changed under Status > System Logs on the Settings tab.
    The default password hash format in the User Manager has been changed from bcrypt to SHA-512. New users created in the User Manager will have their password stored as a SHA-512 hash. Existing user passwords will be changed to SHA-512 next time their password is changed.
        Note
            User Manager passwords are only stored as a hash, thus existing users cannot be automatically changed to the new format. To convert a user password from an older hash format, change the password for the user in the User Manager.
    The firewall now bootstraps its clock at boot in multiple ways, one of which utilizes multiple NTP servers with static IP addresses from Google Public NTP. This avoids a chicken-and-egg problem where the firewall cannot resolve NTP servers because DNSSEC, which is enabled by default, cannot function when the clock is inaccurate. The firewall performs this sync once per boot before it starts the NTP daemon.
        Note
            This behavior can easily be changed or disabled. See Changing Clock Bootstrap Behavior.
    Several areas of the documentation have been rewritten and updated for these releases. Notably, the IPsec and OpenVPN sections have been updated significantly including all of the related configuration recipes.

pfSense Plus

PHP Interpreter
    Fixed: PHP exits with signal 11 on SG-3100 when calling PCRE functions #11466

pfSense CE

Aliases / Tables
    Fixed: Error loading rules when URL Table Ports content is empty #4893
    Fixed: Mixed use of aliases in a port range produces unloadable ruleset #11818
    Fixed: Unable to create nested URL aliases #11863
    Fixed: Creating or editing aliases fails with multiple hosts separated by spaces #12124
    Fixed: When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message #12177

Authentication
    Changed: Use SHA-512 for user password hashes #10298
    Fixed: Deny SSH access for admin and root users when the admin GUI account is disabled #12346

Backup / Restore
    Fixed: Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically #10662
    Added: Backup and restore SSH host key(s) #11118
    Fixed: Output from reboot process is printed on Backup & Restore page when restoring a configuration file #11909
    Fixed: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page #11946
    Added: AutoConfigBackup performance improvements #12193
    Fixed: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load #12247
    Changed: Explicitly state where AutoConfigBackup stores encrypted backup data #12296

Build / Release
    Changed: Remove deprecated libzmq code and references #12060

CARP
    Fixed: Cannot enter persistent CARP maintenance mode when CARP is disabled #11727
    Fixed: When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active #12202
    Fixed: Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs #12227
    Fixed: rc.carpmaster only sends notifications via SMTP #12584

Captive Portal
    Fixed: Vouchers may expire too early when using RAM disks #11894
    Fixed: Incorrect variable substitution in captive portal error page #11902
    Fixed: Clicking “logout” on portal page does not function when logout popup is disabled #12138
    Fixed: Captive Portal database and ipfw rules are out of sync after unclean shutdown #12355
    Fixed: Captive Portal input validation for “After authentication Redirection URL” and “Blocked MAC address redirect URL” is swapped #12388
    Fixed: Captive Portal online user statistics data is not cleared on unclean shutdown #12455

Certificates
    Fixed: Certificate Revocation tab does not list active users of CRL entries #11831
    Fixed: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS #11922
    Fixed: Certificate Manager performs redundant escaping of special characters in certificate DN fields #12034
    Added: Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components #12035
    Fixed: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding #12041

Console Menu
    Fixed: Cannot configure WAN IP address with /32 CIDR mask via console menu #11581
    Changed: Suppress kernel messages when loading dummynet and thermal sensor modules #12454

DHCP (IPv4)
    Added: DHCPv4 client does not support supersede statement for option 54 #7416
    Added: Support for UEFI HTTP Boot option in DHCPv4 Server #11659
    Fixed: DHCPv4 server configuration does not include ARM TFTP filenames #11905
    Fixed: ARM 32/64 network boot options are not parsed on Static DHCP Mapping page #12216

DHCP (IPv6)
    Fixed: DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces #12277

DHCP Relay
    Fixed: PHP error if no DHCPv6 Relay interfaces are selected #11969

DNS Resolver
    Fixed: Unbound crashes with signal 11 when reloading #11316
    Fixed: Unbound fails to start if its configuration references a python script which does not exist #12274
    Fixed: Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable #12460

Dashboard
    Fixed: System Information widget unnecessarily polls data for hidden items #12241
    Fixed: IPsec widget generates errors if no tunnels are defined #12337
    Fixed: IPsec widget treats phase 1 in “connecting” state as connected #12347
    Added: Disks dashboard widget to replace Disk Usage section of System Information widget #12349
    Fixed: Thermal Sensors Dashboard widget filter for negative values refers to invalid variable #12470

Diagnostics
    Fixed: State table content on diag_dump_states.php does not sort properly #11852
    Changed: Hide “Reboot and run a filesystem check” for ZFS systems #11983
    Fixed: “GoTo line #” function does not work on diag_edit.php #12050
    Fixed: Sanitize WireGuard private and pre-shared keys in status output #12256
    Added: Include firewall rules from packages which failed to load in status output #12269
    Added: Include firewall rules generated from OpenVPN RADIUS ACL entries in status output #12316
    Fixed: ARP table interface column empty for entries on unassigned interfaces #12698

Dynamic DNS
    Added: Option to set interval of forced Dynamic DNS updates #9092
    Added: Support DNS Made Easy authentication without a username #9341
    Fixed: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records #11816
    Added: New Dynamic DNS Provider: Strato #11978
    Fixed: Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day #12007
    Fixed: NoIP.com incorrectly encodes Dynamic DNS update credentials #12021
    Added: New Dynamic DNS Provider: deSEC #12086
    Added: Support Check IP services which return bare IP address values #12194
    Fixed: Yandex Dynamic DNS client does not set the PddToken value #12331
    Added: Dynamic DNS client proxy support #12342
    Fixed: Update Dynamic DNS code for one.com to use their new login process #12352
    Fixed: Dynamic DNS updates do not respect certificate authority trust store #12589
    Fixed: Dynamic DNS client updates using a private IP address when it cannot determine the public IP address #12617
    Fixed: Dynamic DNS may not use the correct interface when updating during failover #12631

FreeBSD
    Fixed: Duplicate comconsole_port lines in /boot/loader.conf #11653
    Changed: Upgrade to pkg 1.17.x #12171

Gateways
    Added: Support DNS server gateway selection on system.php for multiple gateways not assigned to interfaces #12116
    Fixed: Default IPv4 gateway may be set to IPv6 gateway value in certain cases #12282

Hardware / Drivers
    Added: Support for network interfaces using the qlnxe driver #11750

High Availability
    Fixed: Incorrect RADVD log message on HA event #11966

IGMP Proxy
    Added: Support 0 CIDR mask for IGMP Proxy networks #7749

IPsec
    Fixed: Disconnected IPsec phase 2 entries are not shown in IPsec status #6275
    Fixed: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded #7801
    Fixed: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes #11447
    Fixed: Incorrect phase 2 entry removed when deleting multiple items consecutively #11552
    Fixed: strongSwan configuration contains incorrect structure for mobile pool DNS records #11891
    Fixed: IPsec status tunnel descriptions are incorrect #11910
    Changed: PC/SC Smart Card Daemon pcscd running on all devices at all times, should be optional #11933
    Fixed: IPsec status fails when many tunnels are connected #11951
    Fixed: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point #11967
    Fixed: Mobile IPsec NAT/BINAT entries missing from firewall rules #12023
    Fixed: Applying IPsec settings for many tunnels is slow or times out #12026
    Fixed: Gateway alarm always triggers IPsec restart #12039
    Changed: Improve IPsec identifier settings #12044
    Fixed: IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID #12052
    Fixed: Tunnels with conflicting REQID values can lead to multiple identical Child SA entries #12155
    Added: IPsec keep alive option to initiate phase 2 without using ICMP #12169
    Added: Add connect/disconnect buttons to IPsec dashboard widget #12181
    Added: GUI options to configure IKE retransmission behavior #12184
    Fixed: IPsec status shows connect buttons while tunnel is connecting #12189
    Fixed: IPsec writes CRL files when tunnel does not use certificates #12195
    Fixed: IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available #12196
    Fixed: Mobile IPsec phase 1 should not display “Gateway duplicates” option #12197
    Fixed: Disabling an IPsec phase 1 entry does not disable related phase 2 entries #12198
    Fixed: Disabled IPsec VTI interfaces are always created #12212
    Fixed: IPsec bypass rules display help text under each entry #12236
    Fixed: IPsec phase 1 entry with 0.0.0.0 as its remote gateway does not receive correct automatic firewall rules #12262
    Changed: Update “IPsec Filter Mode” option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE) #12289
    Fixed: IPsec manual initiation and termination should use a timeout value or forced actions #12298
    Fixed: IPsec tunnels using a gateway group do not get reloaded in some cases #12315
    Fixed: IPsec Phase 2 entry incorrectly orders proposals in AH mode #12323
    Fixed: Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode #12324
    Fixed: IPsec VTI interface remote endpoint is not resolved the correct way #12328
    Fixed: Incorrect label for IPsec DH group 32 #12350
    Added: Distinguish between policy-based and route-based entries on IPsec status SPD tab #12397
    Fixed: Console boot output includes Configuring IPsec VTI interfaces when no VTI interfaces are configured #12419
    Changed: Add IPsec phase 2 BINAT subnet size input validation #12430
    Fixed: IPsec initiates on HA backup node when a tunnel interface is set to a gateway group #12566
    Fixed: IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled #12575

IPv6 Router Advertisements (RADVD)
    Fixed: radvd only responds to the first Router Solicitation received after each multicast Router Advertisement #10304
    Fixed: “Default preferred lifetime” router advertisement validation check uses incorrect variable #12159
    Fixed: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106 #12173
    Fixed: Default IPv6 router advertisement intervals and lifetime are too low #12280
    Fixed: “Default preferred lifetime” field for IPv6 RA does not have input validation #12439
    Fixed: IPv6 interface prefix change not reflected in RADVD configuration #12604
    Fixed: Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces #12626

Installer
    Added: Restore RRD and extra data from configuration backups when restoring during installation #12518
    Fixed: Minnowboard Turbo cannot boot a clean install #12707

Interfaces
    Fixed: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot #6507
    Fixed: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface #11337
    Fixed: QinQ using OpenVPN ovpn interface as a parent is not configured at boot time #11662
    Fixed: VLAN and QinQ edit pages allows selecting incompatible OpenVPN tun interfaces #11675
    Fixed: Advanced DHCP client configuration “Protocol timing” help text is in the wrong location #11926
    Added: VLAN list sorting #11968
    Fixed: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured #12002
    Fixed: Input validation incorrectly rejects a second IPv4-only GRE tunnel #12049
    Fixed: Interface assignment mismatch is not detected if VLAN-only parent interface is removed #12170
    Fixed: IPv6 DNS servers from dynamic sources are not listed on status_interfaces.php #12252
    Fixed: IPv6 gateway for an interface is not shown on status_interfaces.php if the interface does not also have an IPv4 gateway #12253
    Fixed: Remove subnet overlap check on LAN interfaces when using 6rd #12371
    Fixed: “6RD Prefix” field does not have input validation #12435
    Fixed: Trying to delete an assigned PPPoE interface fails without printing an error message #12514

L2TP
    Fixed: Kernel panic during L2TP retransmit #9058
    Fixed: FQDN L2TP server address is only resolved at boot #12072

Logging
    Fixed: Logging configuration added by a package is not removed on uninstall #11846
    Fixed: Remote log server input validation allows invalid values #12000
    Added: Disable log compression on new installations when /var/log is a ZFS dataset with compression enabled #12011
    Changed: Improve log settings help text for file size, compression, and retention count #12012
    Added: Create a log entry when a configuration change occurs #12118
    Fixed: Rotation settings for individual log files do not take effect after saving #12366

NTPD
    Added: Poll Interval For GPS and PPS #9439
    Added: Support for NTP Peer mode #11496
    Fixed: File overwrite in services_ntpd_gps.php via gpsport parameter #12191
    Added: Support SHA-256 hash NTP authentication #12213
    Fixed: ZFS installations without an RTC battery boot with clock at BIOS/EFI default value because they do not receive initial clock value from filesystem data #12769

Notifications
    Added: Option to suppress expiration notifications for revoked certificates #12109
    Added: Support for Slack notifications #12291
    Added: Send notification for halt, reboot, and reroot events #12441
    Fixed: rc.notify_message only sends notifications via SMTP #12585

OpenVPN
    Added: Support aliases in OpenVPN local/remote/tunnel network fields #2668
    Changed: Set explicit-exit-notify option by default for new OpenVPN server instances #11684
    Fixed: OpenVPN client certificate validation with OCSP always fails #11829
    Added: Option to validate OpenVPN peer TLS certificate key usage #11865
    Added: Log external IP address of OpenVPN clients on connect and disconnect #11935
    Fixed: DNS Resolver does not add PTR record for OpenVPN clients #11938
    Fixed: OpenVPN IPv6 tunnel network is not validated properly #11999
    Fixed: OpenVPN RADIUS-based firewall rules use incorrect port ranges #12020
    Fixed: Incorrect OpenVPN Client Export help link #12022
    Fixed: OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses #12076
    Fixed: Prevent using OpenVPN “Exit Notify” option with point-to-point modes #12102
    Fixed: OpenVPN Wizard configuration missing recently added default values #12172
    Fixed: OpenVPN does not clean up previous CA and CRL files #12192
    Changed: Move “Description” option on OpenVPN server and client pages to top of the page, show internal instance ID #12218
    Fixed: Prevent using OpenVPN “Inactive” option with point-to-point modes #12219
    Fixed: Configuration files are not deleted after disabling an OpenVPN instance #12223
    Fixed: OpenVPN page allows to delete/disable instance with an assigned interface #12224
    Fixed: OpenVPN status incorrect for TAP servers without a defined tunnel network #12232
    Fixed: OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode #12238
    Added: Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page #12321
    Added: Support OpenVPN client-kill to terminate remote clients instead of clearing their session #12416
    Fixed: Set OpenVPN Gateway Creation value to “Both” by default for new instances #12448
    Fixed: OpenVPN form validation issues #12677

Operating System
    Changed: Ensure /usr/local/sbin/ scripts use full path to executable files #11985
    Fixed: Update NGINX to address CVE-2021-23017 #12061
    Added: Suppress kernel messages for lo0 configuration during boot #12094
    Changed: Convert RAM disks to tmpfs #12145
    Changed: Improve uses of grep which utilize user-supplied patterns #12265
    Fixed: Update mpd5 to address vulnerabilities in < 5.9_2 #12373
    Fixed: Update python to address vulnerabilities < 3.8.12 #12374
    Fixed: Multiple cURL Vulnerabilities #12434
    Changed: Add note in log settings that disabling logging also disables sshguard login protection #12511
    Fixed: Kernel panic in nd6_dad_timer() #12548

PHP Interpreter
    Fixed: diag_dump_states.php no longer filters by rule ID #12605

PPP Interfaces
    Fixed: PPP interfaces lose the description field in ifconfig output when restarted #11959

PPPoE Server
    Added: Option to select PPPoE Server authentication protocol #12438

Package System
    Fixed: Package <plugins> and <tabs> content missing from configuration in some cases #11290
    Added: Add librdkafka package to the pfSense package repository #12290
    Fixed: PHP error on pkg_mgr_install.php when multiple instances are running #12713
    Fixed: Potential XSS in pkg.php via pkg_filter #12725

RRD Graphs
    Added: Graph for hardware temperature readings #9297

Routing
    Fixed: Static routes using aliases are not automatically updated when alias content changes #7547
    Fixed: Input validation does not prevent removing a gateway used by a DNS server #8390
    Fixed: Kernel route table entries are removed if they match disabled static route entries #10706
    Fixed: Modifying static routes results in a logged error, changes are not reflected in routing table #11599
    Added: Require user to manually apply changes after altering static route entries #11895
    Fixed: Route data collection method on diag_routes.php has multiple issues #12257

Rules / NAT
    Added: IPv6 support in easyrule CLI script #11439
    Fixed: NAT rule overlap detection is inconsistent #11734
    Fixed: Input validation not working for 1:1 NAT entries using an alias as a destination #11923
    Fixed: easyrule script does not function properly #12151
    Fixed: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ::/0 #12164
    Fixed: 1:1 NAT rule with internal IP address of “Any” results in an invalid firewall rule #12168
    Fixed: Firewall rule tabs load slowly when many rules on the tab utilize gateways #12174
    Fixed: VIP network addresses are not expanded on Port Forward rules #12233
    Fixed: Duplicating a Port Forward does not copy “Filter Rule Association” values of “None” or “Pass” #12272
    Added: Display default “Reflection Timeout” value on system_advanced_firewall.php #12318
    Fixed: NAT rule overlap detection does not check special networks #12361
    Fixed: Input validation prevents creating 1:1 NAT rules on OpenVPN #12408
    Fixed: 1:1 NAT edit page lists incorrect entries in the Destination field #12410
    Added: Icon for traffic direction on floating rules tab #12433
    Fixed: Port forward rules are not created for special networks (pppoe, openvpn) #12452
    Fixed: Automatic outbound NAT for reflection does not support IPv6 #12500
    Fixed: Interface group name starting with a digit creates invalid XML for rule separators #12529
    Added: Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry #12555
    Fixed: Automatic rule tracker IDs incorrect after multiple filter reloads #12588
    Fixed: PHP error when clicking Delete on Outbound NAT with no rules selected #12694

SNMP
    Added: IPv6 support for base system SNMP service #12325

Services
    Fixed: System attempts to stop inactive services at shutdown #12001
    Fixed: System attempts to start inactive services at boot #12038

Traffic Shaper (ALTQ)
    Added: IPv6 support in the Traffic Shaper Wizard #4769
    Fixed: Panic when using CBQ traffic shaping #11470
    Added: Allow Chelsio T6 CXGBE (cc) drivers to be used for ALTQ traffic shaping #12499
    Changed: Traffic shaper wizard default bandwidth type should be Mbit/s #12501

Traffic Shaper (Limiters)
    Fixed: Unable to delete limiter referenced in filter rules #12503
    Fixed: Kernel panic when using fq_pie limiter scheduler #12622

UPnP/NAT-PMP
    Added: UPnP/NAT-PMP STUN configuration options #10587

Upgrade
    Changed: pfSense-upgrade should reinstall all packages on new version upgrades #12235

User Manager / Privileges
    Added: Copy button for group entries in the User Manager #12226

Virtual IP Addresses
    Fixed: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries #12356
    Fixed: Validation when deleting a VIP does not prevent deleting a CARP VIP used as a parent for an IP Aliases VIP #12362

Wake on LAN
    Added: Wake on LAN button to wake all devices #12480

Web Interface
    Changed: Update font formats to WOFF2 #11507
    Fixed: DHCP Leases page and ARP table page fail to load if DNS is not available #11512
    Fixed: Notifications page cannot be saved without configuring or disabling SMTP #12107
    Changed: Convert help shortcut links to server-side redirects #12314
    Fixed: Help text for RAM disk settings does not mention Captive Portal data #12389
    Fixed: Input validation error can unintentionally result in removal of PPP type interface settings #12498

Wireless
    Fixed: wpa_supplicant uses 100% of a CPU core at boot #11453
    Fixed: Interfaces page does not show Wireless EAP client options #12239

XMLRPC
    Fixed: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface #10955
    Added: XMLRPC synchronization for DHCP relay settings #11957
    Changed: XMLRPC client improvements #12051
    Fixed: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync #12075

今回は久々のバージョンアップですので
かなり大規模な修正・変更がありますが
大半が各種修正や内部ソフトのバージョンアップになります

2.6.0のベースOSはFreeBSD12.3-STABLE

主な変更点としては
・pfSenseインストール時にファイルシステムの既定値がUFSからZFSに変更
・ユーザマネージャのパスワードハッシュ形式がbcryptからSHA-512に変更
・IPsecのインターフェイス名変更

既存システムはUFSでインストールされていると思いますが
UFS→ZFSに変換したりはできないのでZFSにしたい人は再インストールが必須となります
ただしすぐにZFS化する必要性はありませんし
ZFSはメモリ消費量が多いというデメリットもありますので
今後ZFSシステムのみが使用できる機能がpfSenseに搭載されたり
ハードウェア更新時にZFS化する程度でいいと思います

パスワードハッシュ形式がbcryptからSHA-512に変更された件については
新ユーザに対してはもちろんSHA-512を使用されますが
既存ユーザはbcryptのまま保存されています
既存ユーザもSHA-512で保存したい場合はパスワード再設定を行う必要がありますので
2.6.0更新後は全ユーザのパスワードを再設定しておくといいでしょう

IPsecに関しては既にOpenVPNしか使用していない環境だったので
どう変更になっているか確認出来ずでした
利用している人のみ各自確認ください

アップデートの作業時間はいつもと違って20分程度を要しました
これは今回のバージョンアップでは
全てのパッケージ(システム・アドオン両方)が再インストールされる為で
ダウンロードに今まで以上に時間がかかりました
(配布サーバが空いていれば20分もかからずに済むと思います)

作業時間は長かったもののダウンタイムとなるシステム再起動は
いつもの再起動とほぼ変わらずだったのでその点は良かったです

再起動後にもアドオンパッケージがバックグラウンドで
インストールされるケースもあるらしく
(その際はWEBGUI画面のトップページにメッセージが出ます)
念のため更新時の再起動後に動作確認したら再度再起動しておいた方が無難です

アップデート後、24時間以上経過してますが特に不具合は発生してません

pfSense Plusについて

2021年1月に発表されたpfSense Plusですが
今までのpfSense PlusはpfSense FEからサポートしていたAWSやAzureのVMと
Netgateが開発・販売しているアプライアンス向けのソフトウェアでした

しかしこの度Netgate以外のハードウェアでも利用が可能になるようです

ライセンスの種類についてはこちら

軸としてはこの2種類
今まで通り無料・OSSであるpfSense CE
Netgateの基本有料ソフトとなるpfSense Plus

pfSense CEは今まで通り1種類ですが
pfSense Plusは5種類のタイプあります
・Home(非商用 自宅利用向け 無料)
・Lab(商用評価用 TACライセンス購入前のテストなど非実稼働環境向け 無料)
・TAC Lite(商用 サポート内容:小)Netgateアプライアンスに付属
・TAC Professional(商用 サポート内容:中)
・TAC Enterprise(商用 サポート内容:大)

pfSense Software Types
https://www.netgate.com/pfsense-plus-software/software-types

サブスクリプション販売サイト
https://shop.netgate.com/products/pfsense-software-subscription

現時点ではpfSense CEとpfSense Plusはほぼ違いがないので
あえてpfSense Plusを利用するメリットはサポートされているAWSやAzure
そしてNetgateのアプライアンスを使用している人以外はありません

ちなみにPlusにしかない機能例としては以下があります
・AWS向けとしてAWS VPC Wizard
・IPsecのエクスポートできるアドオンパッケージ、IPSec Profile Wizard

pfSense Plusの開発方針もNetgateのアプライアンスに合わせた開発を行うとのことなので
今後、自作PCや仮想マシンなどで使用している人に
どの程度恩恵があるのかは現時点では不明です

アプライアンスに合わせた開発というのは
ドライバの最適化など基本的なことはもちろんのこと
アプライアンスのオンボードに追加されている機能や
特定の拡張カードが搭載されていたりした場合に
CEでは使えないがPlusだとその機能を有効化できるようなイメージらしいです

pfSense Plusのタイプ5種類についてですが
HomeとLabがアプライアンス以外を利用している人向けに
今回新たに設定された無料枠になります
Home・Labともに非営利目的向けで商用利用は禁止
個人の自宅利用であればHomeで問題ないでしょう
Labは評価版ライセンスですしHomeと現時点で機能差もなく選択する理由は特になし

TACの3種類は今までpfSense CEにあったTACがそのまま移行された形です
TACとはTechnical Assistance Centerの略
TACのLite/Pro/Entの違いは電話やチケット数などのサポートの有無のみ

販売ページにもあるようにTAC Liteについては今だけ年間129ドルが無料となっています

現在販売されているNetgateのアプライアンスを購入するとTAC Liteが標準で付属するので
現時点ではそのまま商用利用可能でpfSense Plus Homeを選択する必要もありません
TAC Liteは将来的に年間129ドルになるのが確定していることもあって
付属するTAC Liteが何年分なのかが気になる所ですが
Netgateによると以下の説明がされています

TAC Lite Is included with Netgate appliances with pfSense Plus for life of the product. See our Lifecycle page for details on lifetime.

翻訳を通すと
「TAC Liteは、製品の寿命が尽きるまで、pfSensePlusを備えたNetgateアプライアンスに含まれています。 ライフサイクルの詳細については、ライフサイクルページを参照してください。」

ここからはまだ確定情報ではありませんが
Netgateでは販売終了(End odf Sale)のEOSから製品別に1~3年で
サポート終了(End of Life)のEOLを迎えます
わざわざTAC Liteと製品寿命の文にライフサイクルのページを案内している点と
ライフサイクルページではEOSとEOLの間を
「Support Subscription Available」と表記している点から
おそらく付属するTAC Liteは各モデルのEOLまでのサポートとなり
EOL以降もアプライアンスを使用し続ける場合は
非商用であればpfSense CEかpfSense Plus Homeへ切り替え
商用であればpfSense CEか年間129ドルでTAC Liteを継続するかを
選択する必要が出てくると思われます
期限切れ通知がメールなどであると思いますがEOL付近になったら放置せず要確認です

今回pfSense Plus Homeが登場したことで良かった点としては
今まではアプライアンスを所有しているとpfSense Plusが使えるわけですが
仮にアプライアンスが故障した場合はハードウェアに紐付けされている為
新たに別のアプライアンスを買いなおさないと他の自作PCなどでは
pfSense Plusを継続利用できずpfSense CEに戻す必要があった問題が解消されました
(他のハードウェアでpfSense Plusを選ぶ意味があるかは置いといて)

ちなみにNetgateのアプライアンスに関しては
アプライアンスにpfSenseをインストールされていると
WEBGUIのダッシュボードにあるSystem Informationで
以下のように自動で認識されるので
使用モデルによって自動で最適化され設定値などが調整されます

個人的には長年使っているアプライアンスのSG-4860(RCC-VE 4860)が
残念ながらEOLをとっくに過ぎているのと
現在のpfSense CEに不満はなくpfSense Plusと機能差もないことから
pfSense CEを継続利用して様子見する予定で
今後の記事もpfSense CEベースになると思いますが
今後差別化でpfSense CEが放置・改悪される可能性も十分ありえることから
しばらくはNetgateの動きに注意したいと思います

アップデートの手順

事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです

2.5.2から2.6.0へアップデートと表示出てるのを確認して「Confirm」を押す

無事に完了すると自動で再起動開始されます

最後に2.6.0の状態で設定をバックアップして完了

Update時の処理ログ

>>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: . done
Processing entries: . done
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: 
Processing entries............. done
pfSense repository update completed. 511 packages processed.
All repositories are up to date.
>>> Setting vital flag on pkg... done.
>>> Removing vital flag from php74... done.
>>> Downloading upgrade packages... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (164 candidates): .......... done
Processing candidates (164 candidates): .......... done
The following 168 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    cyrus-sasl: 2.1.27_2 [pfSense]
    devcpu-data-amd: 20211115 [pfSense]
    devcpu-data-intel: 20210608 [pfSense]
    libssh2: 1.9.0_3,3 [pfSense]
    openldap24-client: 2.4.59_4 [pfSense]
    openpgm: 5.2.122_6 [pfSense]
    php74-pear-HTTP_Request2: 2.5.0,1 [pfSense]
    unbound: 1.13.2 [pfSense]

Installed packages to be UPGRADED:
    bind-tools: 9.16.16 -> 9.16.23 [pfSense]
    ca_root_nss: 3.63 -> 3.71 [pfSense]
    ccid: 1.4.32 -> 1.4.36 [pfSense]
    check_reload_status: 0.0.10_1 -> 0.0.11 [pfSense]
    curl: 7.76.1 -> 7.80.0 [pfSense]
    dbus: 1.12.20_4 -> 1.12.20_5 [pfSense]
    devcpu-data: 1.39 -> 20211109 [pfSense]
    dnsmasq: 2.85_1,1 -> 2.86,1 [pfSense]
    filterlog: 0.1_6 -> 0.1_9 [pfSense]
    glib: 2.66.8,2 -> 2.70.2,2 [pfSense]
    hostapd: 2.9_3 -> 2.9_4 [pfSense]
    icu: 69.1,1 -> 70.1_1,1 [pfSense]
    libgcrypt: 1.9.3 -> 1.9.4 [pfSense]
    libgpg-error: 1.42 -> 1.43 [pfSense]
    libidn2: 2.3.1 -> 2.3.2 [pfSense]
    libnghttp2: 1.43.0 -> 1.46.0 [pfSense]
    libuv: 1.41.0 -> 1.42.0 [pfSense]
    libxml2: 2.9.10_4 -> 2.9.12 [pfSense]
    libxslt: 1.1.34_1 -> 1.1.34_2 [pfSense]
    lua-resty-core: 0.1.21_1 -> 0.1.22 [pfSense]
    lua-resty-lrucache: 0.10 -> 0.11 [pfSense]
    luajit-openresty: 2.1.20201027 -> 2.1.20210510 [pfSense]
    miniupnpd: 2.2.1,1 -> 2.2.1_1,1 [pfSense]
    mobile-broadband-provider-info: 20201225 -> 20210805 [pfSense]
    mpd5: 5.9 -> 5.9_6 [pfSense]
    nginx: 1.20.1,2 -> 1.20.2_1,2 [pfSense]
    nss_ldap: 1.265_13 -> 1.265_14 [pfSense]
    ntp: 4.2.8p15 -> 4.2.8p15_3 [pfSense]
    opensc: 0.21.0 -> 0.22.0 [pfSense]
    openvpn: 2.5.2_2 -> 2.5.4_1 [pfSense]
    pam_ldap: 186 -> 186_1 [pfSense]
    pcre: 8.44 -> 8.45 [pfSense]
    pcre2: 10.37 -> 10.39 [pfSense]
    pcsc-lite: 1.9.1,2 -> 1.9.4,2 [pfSense]
    pfSense: 2.5.2 -> 2.6.0 [pfSense]
    pfSense-Status_Monitoring: 1.7.11_3 -> 1.7.11_4 [pfSense]
    pfSense-base: 2.5.2 -> 2.6.0 [pfSense-core]
    pfSense-default-config: 2.5.2 -> 2.6.0 [pfSense-core]
    pfSense-kernel-pfSense: 2.5.2 -> 2.6.0 [pfSense-core]
    pfSense-rc: 2.5.2 -> 2.6.0 [pfSense-core]
    php74: 7.4.20 -> 7.4.26 [pfSense]
    php74-bcmath: 7.4.20 -> 7.4.26 [pfSense]
    php74-bz2: 7.4.20 -> 7.4.26 [pfSense]
    php74-ctype: 7.4.20 -> 7.4.26 [pfSense]
    php74-curl: 7.4.20 -> 7.4.26 [pfSense]
    php74-dom: 7.4.20 -> 7.4.26 [pfSense]
    php74-filter: 7.4.20 -> 7.4.26 [pfSense]
    php74-gettext: 7.4.20 -> 7.4.26 [pfSense]
    php74-intl: 7.4.20 -> 7.4.26 [pfSense]
    php74-json: 7.4.20 -> 7.4.26 [pfSense]
    php74-ldap: 7.4.20 -> 7.4.26 [pfSense]
    php74-mbstring: 7.4.20 -> 7.4.26 [pfSense]
    php74-opcache: 7.4.20 -> 7.4.26 [pfSense]
    php74-openssl: 7.4.20 -> 7.4.26 [pfSense]
    php74-pcntl: 7.4.20 -> 7.4.26 [pfSense]
    php74-pdo: 7.4.20 -> 7.4.26 [pfSense]
    php74-pdo_sqlite: 7.4.20 -> 7.4.26 [pfSense]
    php74-pear-Cache_Lite: 1.7.16,1 -> 1.8.3,1 [pfSense]
    php74-pear-Net_SMTP: 1.9.0 -> 1.10.0 [pfSense]
    php74-pear-Net_Socket: 1.0.14 -> 1.2.2 [pfSense]
    php74-pfSense-module: 0.72 -> 0.76 [pfSense]
    php74-posix: 7.4.20 -> 7.4.26 [pfSense]
    php74-readline: 7.4.20 -> 7.4.26 [pfSense]
    php74-session: 7.4.20 -> 7.4.26 [pfSense]
    php74-shmop: 7.4.20 -> 7.4.26 [pfSense]
    php74-simplexml: 7.4.20 -> 7.4.26 [pfSense]
    php74-sockets: 7.4.20 -> 7.4.26 [pfSense]
    php74-sqlite3: 7.4.20 -> 7.4.26 [pfSense]
    php74-sysvmsg: 7.4.20 -> 7.4.26 [pfSense]
    php74-sysvsem: 7.4.20 -> 7.4.26 [pfSense]
    php74-sysvshm: 7.4.20 -> 7.4.26 [pfSense]
    php74-tokenizer: 7.4.20 -> 7.4.26 [pfSense]
    php74-xml: 7.4.20 -> 7.4.26 [pfSense]
    php74-xmlreader: 7.4.20 -> 7.4.26 [pfSense]
    php74-xmlwriter: 7.4.20 -> 7.4.26 [pfSense]
    php74-zlib: 7.4.20 -> 7.4.26 [pfSense]
    python38: 3.8.10 -> 3.8.12_1 [pfSense]
    scponly: 4.8.20110526_4 -> 4.8.20110526_5 [pfSense]
    smartmontools: 7.2_1 -> 7.2_3 [pfSense]
    sqlite3: 3.35.5_1,1 -> 3.35.5_4,1 [pfSense]
    sshguard: 2.4.1,1 -> 2.4.2_1,1 [pfSense]
    strongswan: 5.9.2_2 -> 5.9.4 [pfSense]
    wpa_supplicant: 2.9_10 -> 2.9_11 [pfSense]
    wrapalixresetbutton: 0.0.7_1 -> 0.0.8 [pfSense]

Installed packages to be REINSTALLED:
    beep-1.0_1 [pfSense]
    bsnmp-regex-0.6_2 [pfSense]
    bsnmp-ucd-0.4.5 [pfSense]
    bwi-firmware-kmod-3.130.20 [pfSense]
    choparp-20150613 [pfSense]
    cpdup-1.22 [pfSense]
    cpustats-0.1_1 [pfSense]
    dhcp6-20080615.2_4 [pfSense]
    dhcpleases-0.5_1 [pfSense]
    dhcpleases6-0.1_3 [pfSense]
    dmidecode-3.3 [pfSense]
    dpinger-3.0 [pfSense]
    expat-2.4.1 [pfSense]
    expiretable-0.6_2 [pfSense]
    filterdns-2.0_5 [pfSense]
    gettext-runtime-0.21 [pfSense]
    iftop-1.0.p4 [pfSense]
    igmpproxy-0.3,1 [pfSense]
    indexinfo-0.3.1 [pfSense]
    ipmitool-1.8.18_3 [pfSense]
    isc-dhcp44-client-4.4.2P1 [pfSense]
    isc-dhcp44-relay-4.4.2P1 [pfSense]
    isc-dhcp44-server-4.4.2P1_1 [pfSense]
    json-c-0.15_1 [pfSense]
    ldns-1.7.1_2 [pfSense]
    libargon2-20190702 [pfSense]
    libedit-3.1.20210216,1 [pfSense]
    libevent-2.1.12 [pfSense]
    libffi-3.3_1 [pfSense]
    libiconv-1.16 [pfSense]
    libinotify-20180201_2 [pfSense]
    libltdl-2.4.6 [pfSense]
    liblz4-1.9.3,1 [pfSense]
    libmcrypt-2.5.8_3 [pfSense]
    libucl-0.8.1 [pfSense]
    libunistring-0.9.10_1 [pfSense]
    libzmq4-4.3.4 [pfSense]
    links-2.20.2_1,1 [pfSense]
    lzo2-2.10_1 [pfSense]
    minicron-0.0.2 [pfSense]
    mpdecimal-2.5.1 [pfSense]
    norm-1.5r6_1 [pfSense]
    oniguruma-6.9.7.1 [pfSense]
    openvpn-auth-script-1.0.0.3 [pfSense]
    pam_mkhomedir-0.2 [pfSense]
    perl5-5.32.1_1 [pfSense]
    pfSense-repo-2.6.0 [pfSense]
    pfSense-upgrade-1.0_12 [pfSense]
    pftop-0.7_9 [pfSense]
    php74-openssl_x509_crl-1.3 [pfSense]
    php74-pear-1.10.12 [pfSense]
    php74-pear-Auth_RADIUS-1.1.0_4 [pfSense]
    php74-pear-Crypt_CHAP-1.5.0 [pfSense]
    php74-pear-Mail-1.4.1,1 [pfSense]
    php74-pear-Net_IPv6-1.3.0.b2_2 [pfSense]
    php74-pear-Net_URL2-2.2.1 [pfSense]
    php74-pear-XML_RPC2-1.1.4 [pfSense] (direct dependency changed: php74-pear-HTTP_Request2)
    php74-pecl-mcrypt-1.0.4 [pfSense]
    php74-pecl-radius-1.4.0b1_1 [pfSense]
    php74-pecl-rrd-2.0.1_1 [pfSense]
    php74-phpseclib-2.0.17 [pfSense]
    php74-simplepie-1.5.1_1 [pfSense] (direct dependency changed: php74)
    pkg-1.17.5_2 [pfSense]
    py38-ply-3.11 [pfSense]
    py38-setuptools-57.0.0 [pfSense]
    qstats-0.2 [pfSense]
    radvd-2.19_2 [pfSense]
    rate-0.9_2 [pfSense]
    readline-8.1.1 [pfSense] (options changed)
    rrdtool-1.7.2_4 [pfSense]
    ssh_tunnel_shell-0.2_1 [pfSense]
    uclcmd-0.1_3 [pfSense]
    voucher-0.1_2 [pfSense]
    vstr-1.0.15_1 [pfSense]
    wol-0.7.1_4 [pfSense]
    xinetd-2.3.15_2 [pfSense]

Number of packages to be installed: 8
Number of packages to be upgraded: 84
Number of packages to be reinstalled: 76

The process will require 116 MiB more space.
194 MiB to be downloaded.
[1/165] Fetching xinetd-2.3.15_2.pkg: .......... done
[2/165] Fetching wrapalixresetbutton-0.0.8.pkg: . done
[3/165] Fetching wpa_supplicant-2.9_11.pkg: .......... done
[4/165] Fetching wol-0.7.1_4.pkg: .... done
[5/165] Fetching vstr-1.0.15_1.pkg: .......... done
[6/165] Fetching voucher-0.1_2.pkg: . done
[7/165] Fetching uclcmd-0.1_3.pkg: ... done
[8/165] Fetching strongswan-5.9.4.pkg: .......... done
[9/165] Fetching sshguard-2.4.2_1,1.pkg: .......... done
[10/165] Fetching ssh_tunnel_shell-0.2_1.pkg: .......... done
[11/165] Fetching sqlite3-3.35.5_4,1.pkg: .......... done
[12/165] Fetching smartmontools-7.2_3.pkg: .......... done
[13/165] Fetching scponly-4.8.20110526_5.pkg: ... done
[14/165] Fetching rrdtool-1.7.2_4.pkg: .......... done
[15/165] Fetching readline-8.1.1.pkg: .......... done
[16/165] Fetching rate-0.9_2.pkg: ....... done
[17/165] Fetching radvd-2.19_2.pkg: ....... done
[18/165] Fetching qstats-0.2.pkg: . done
[19/165] Fetching python38-3.8.12_1.pkg: .......... done
[20/165] Fetching py38-setuptools-57.0.0.pkg: .......... done
[21/165] Fetching py38-ply-3.11.pkg: .......... done
[22/165] Fetching php74-zlib-7.4.26.pkg: ... done
[23/165] Fetching php74-xmlwriter-7.4.26.pkg: .. done
[24/165] Fetching php74-xmlreader-7.4.26.pkg: .. done
[25/165] Fetching php74-xml-7.4.26.pkg: ... done
[26/165] Fetching php74-tokenizer-7.4.26.pkg: .. done
[27/165] Fetching php74-sysvshm-7.4.26.pkg: . done
[28/165] Fetching php74-sysvsem-7.4.26.pkg: . done
[29/165] Fetching php74-sysvmsg-7.4.26.pkg: .. done
[30/165] Fetching php74-sqlite3-7.4.26.pkg: ... done
[31/165] Fetching php74-sockets-7.4.26.pkg: ..... done
[32/165] Fetching php74-simplexml-7.4.26.pkg: ... done
[33/165] Fetching php74-simplepie-1.5.1_1.pkg: ......... done
[34/165] Fetching php74-shmop-7.4.26.pkg: . done
[35/165] Fetching php74-session-7.4.26.pkg: ..... done
[36/165] Fetching php74-readline-7.4.26.pkg: .. done
[37/165] Fetching php74-posix-7.4.26.pkg: .. done
[38/165] Fetching php74-phpseclib-2.0.17.pkg: .......... done
[39/165] Fetching php74-pfSense-module-0.76.pkg: ...... done
[40/165] Fetching php74-pecl-rrd-2.0.1_1.pkg: .. done
[41/165] Fetching php74-pecl-radius-1.4.0b1_1.pkg: ... done
[42/165] Fetching php74-pecl-mcrypt-1.0.4.pkg: .. done
[43/165] Fetching php74-pear-XML_RPC2-1.1.4.pkg: ........ done
[44/165] Fetching php74-pear-Net_URL2-2.2.1.pkg: ... done
[45/165] Fetching php74-pear-Net_Socket-1.2.2.pkg: . done
[46/165] Fetching php74-pear-Net_SMTP-1.10.0.pkg: .. done
[47/165] Fetching php74-pear-Net_IPv6-1.3.0.b2_2.pkg: .. done
[48/165] Fetching php74-pear-Mail-1.4.1,1.pkg: ... done
[49/165] Fetching php74-pear-Crypt_CHAP-1.5.0.pkg: . done
[50/165] Fetching php74-pear-Cache_Lite-1.8.3,1.pkg: .... done
[51/165] Fetching php74-pear-Auth_RADIUS-1.1.0_4.pkg: .. done
[52/165] Fetching php74-pear-1.10.12.pkg: .......... done
[53/165] Fetching php74-pdo_sqlite-7.4.26.pkg: .. done
[54/165] Fetching php74-pdo-7.4.26.pkg: ...... done
[55/165] Fetching php74-pcntl-7.4.26.pkg: .. done
[56/165] Fetching php74-openssl_x509_crl-1.3.pkg: .. done
[57/165] Fetching php74-openssl-7.4.26.pkg: ........ done
[58/165] Fetching php74-opcache-7.4.26.pkg: .......... done
[59/165] Fetching php74-mbstring-7.4.26.pkg: .......... done
[60/165] Fetching php74-ldap-7.4.26.pkg: .... done
[61/165] Fetching php74-json-7.4.26.pkg: ... done
[62/165] Fetching php74-intl-7.4.26.pkg: .......... done
[63/165] Fetching php74-gettext-7.4.26.pkg: . done
[64/165] Fetching php74-filter-7.4.26.pkg: ... done
[65/165] Fetching php74-dom-7.4.26.pkg: ....... done
[66/165] Fetching php74-curl-7.4.26.pkg: .... done
[67/165] Fetching php74-ctype-7.4.26.pkg: . done
[68/165] Fetching php74-bz2-7.4.26.pkg: .. done
[69/165] Fetching php74-bcmath-7.4.26.pkg: ... done
[70/165] Fetching php74-7.4.26.pkg: .......... done
[71/165] Fetching pftop-0.7_9.pkg: ........ done
[72/165] Fetching pfSense-rc-2.6.0.pkg: .. done
[73/165] Fetching pfSense-kernel-pfSense-2.6.0.pkg: .......... done
[74/165] Fetching pfSense-default-config-2.6.0.pkg: . done
[75/165] Fetching pfSense-base-2.6.0.pkg: .......... done
[76/165] Fetching pfSense-Status_Monitoring-1.7.11_4.pkg: ... done
[77/165] Fetching pfSense-2.6.0.pkg: . done
[78/165] Fetching perl5-5.32.1_1.pkg: .......... done
[79/165] Fetching pcsc-lite-1.9.4,2.pkg: .......... done
[80/165] Fetching pcre2-10.39.pkg: .......... done
[81/165] Fetching pcre-8.45.pkg: .......... done
[82/165] Fetching pam_mkhomedir-0.2.pkg: . done
[83/165] Fetching pam_ldap-186_1.pkg: ..... done
[84/165] Fetching openvpn-auth-script-1.0.0.3.pkg: . done
[85/165] Fetching openvpn-2.5.4_1.pkg: .......... done
[86/165] Fetching opensc-0.22.0.pkg: .......... done
[87/165] Fetching oniguruma-6.9.7.1.pkg: .......... done
[88/165] Fetching ntp-4.2.8p15_3.pkg: .......... done
[89/165] Fetching nss_ldap-1.265_14.pkg: ....... done
[90/165] Fetching norm-1.5r6_1.pkg: .......... done
[91/165] Fetching nginx-1.20.2_1,2.pkg: .......... done
[92/165] Fetching mpdecimal-2.5.1.pkg: .......... done
[93/165] Fetching mpd5-5.9_6.pkg: .......... done
[94/165] Fetching mobile-broadband-provider-info-20210805.pkg: ........ done
[95/165] Fetching miniupnpd-2.2.1_1,1.pkg: ......... done
[96/165] Fetching minicron-0.0.2.pkg: . done
[97/165] Fetching lzo2-2.10_1.pkg: .......... done
[98/165] Fetching luajit-openresty-2.1.20210510.pkg: .......... done
[99/165] Fetching lua-resty-lrucache-0.11.pkg: . done
[100/165] Fetching lua-resty-core-0.1.22.pkg: .... done
[101/165] Fetching links-2.20.2_1,1.pkg: .......... done
[102/165] Fetching libzmq4-4.3.4.pkg: .......... done
[103/165] Fetching libxslt-1.1.34_2.pkg: .......... done
[104/165] Fetching libxml2-2.9.12.pkg: .......... done
[105/165] Fetching libuv-1.42.0.pkg: .......... done
[106/165] Fetching libunistring-0.9.10_1.pkg: .......... done
[107/165] Fetching libucl-0.8.1.pkg: .......... done
[108/165] Fetching libnghttp2-1.46.0.pkg: .......... done
[109/165] Fetching libmcrypt-2.5.8_3.pkg: .......... done
[110/165] Fetching liblz4-1.9.3,1.pkg: .......... done
[111/165] Fetching libltdl-2.4.6.pkg: ..... done
[112/165] Fetching libinotify-20180201_2.pkg: .... done
[113/165] Fetching libidn2-2.3.2.pkg: .......... done
[114/165] Fetching libiconv-1.16.pkg: .......... done
[115/165] Fetching libgpg-error-1.43.pkg: .......... done
[116/165] Fetching libgcrypt-1.9.4.pkg: .......... done
[117/165] Fetching libffi-3.3_1.pkg: ..... done
[118/165] Fetching libevent-2.1.12.pkg: .......... done
[119/165] Fetching libedit-3.1.20210216,1.pkg: .......... done
[120/165] Fetching libargon2-20190702.pkg: ......... done
[121/165] Fetching ldns-1.7.1_2.pkg: .......... done
[122/165] Fetching json-c-0.15_1.pkg: ........ done
[123/165] Fetching isc-dhcp44-server-4.4.2P1_1.pkg: .......... done
[124/165] Fetching isc-dhcp44-relay-4.4.2P1.pkg: .......... done
[125/165] Fetching isc-dhcp44-client-4.4.2P1.pkg: .......... done
[126/165] Fetching ipmitool-1.8.18_3.pkg: .......... done
[127/165] Fetching indexinfo-0.3.1.pkg: . done
[128/165] Fetching igmpproxy-0.3,1.pkg: ... done
[129/165] Fetching iftop-1.0.p4.pkg: ..... done
[130/165] Fetching icu-70.1_1,1.pkg: .......... done
[131/165] Fetching hostapd-2.9_4.pkg: .......... done
[132/165] Fetching glib-2.70.2,2.pkg: .......... done
[133/165] Fetching gettext-runtime-0.21.pkg: .......... done
[134/165] Fetching filterlog-0.1_9.pkg: .. done
[135/165] Fetching filterdns-2.0_5.pkg: ... done
[136/165] Fetching expiretable-0.6_2.pkg: . done
[137/165] Fetching expat-2.4.1.pkg: .......... done
[138/165] Fetching dpinger-3.0.pkg: .. done
[139/165] Fetching dnsmasq-2.86,1.pkg: .......... done
[140/165] Fetching dmidecode-3.3.pkg: ........ done
[141/165] Fetching dhcpleases6-0.1_3.pkg: .. done
[142/165] Fetching dhcpleases-0.5_1.pkg: .. done
[143/165] Fetching dhcp6-20080615.2_4.pkg: .......... done
[144/165] Fetching devcpu-data-20211109.pkg: . done
[145/165] Fetching dbus-1.12.20_5.pkg: .......... done
[146/165] Fetching curl-7.80.0.pkg: .......... done
[147/165] Fetching cpustats-0.1_1.pkg: . done
[148/165] Fetching cpdup-1.22.pkg: .... done
[149/165] Fetching choparp-20150613.pkg: . done
[150/165] Fetching check_reload_status-0.0.11.pkg: .... done
[151/165] Fetching ccid-1.4.36.pkg: ........ done
[152/165] Fetching ca_root_nss-3.71.pkg: .......... done
[153/165] Fetching bwi-firmware-kmod-3.130.20.pkg: ... done
[154/165] Fetching bsnmp-ucd-0.4.5.pkg: ... done
[155/165] Fetching bsnmp-regex-0.6_2.pkg: ... done
[156/165] Fetching bind-tools-9.16.23.pkg: .......... done
[157/165] Fetching beep-1.0_1.pkg: . done
[158/165] Fetching unbound-1.13.2.pkg: .......... done
[159/165] Fetching libssh2-1.9.0_3,3.pkg: .......... done
[160/165] Fetching php74-pear-HTTP_Request2-2.5.0,1.pkg: .......... done
[161/165] Fetching openldap24-client-2.4.59_4.pkg: .......... done
[162/165] Fetching cyrus-sasl-2.1.27_2.pkg: .......... done
[163/165] Fetching openpgm-5.2.122_6.pkg: .......... done
[164/165] Fetching devcpu-data-intel-20210608.pkg: .......... done
[165/165] Fetching devcpu-data-amd-20211115.pkg: ..... done
Checking integrity... done (5 conflicting)
  - unbound-1.13.2 [pfSense] conflicts with unbound112-1.12.0_1 [installed] on /usr/local/etc/unbound/unbound.conf.sample
  - php74-pear-HTTP_Request2-2.5.0,1 [pfSense] conflicts with php74-pear-HTTP_Request2-230-2.3.0,1 [installed] on /usr/local/share/doc/pear/HTTP_Request2/LICENSE
  - openldap24-client-2.4.59_4 [pfSense] conflicts with openldap-client-2.4.59 [installed] on /usr/local/bin/ldapadd
  - devcpu-data-intel-20210608 [pfSense] conflicts with devcpu-data-1.39 [installed] on /usr/local/share/cpucontrol/06-03-02.00
  - devcpu-data-amd-20211115 [pfSense] conflicts with devcpu-data-1.39 [installed] on /usr/local/share/cpucontrol/microcode_amd.bin
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 172 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
    openldap-client: 2.4.59
    php74-pear-HTTP_Request2-230: 2.3.0,1
    unbound112: 1.12.0_1

New packages to be INSTALLED:
    cyrus-sasl: 2.1.27_2 [pfSense]
    devcpu-data-amd: 20211115 [pfSense]
    devcpu-data-intel: 20210608 [pfSense]
    libssh2: 1.9.0_3,3 [pfSense]
    openldap24-client: 2.4.59_4 [pfSense]
    openpgm: 5.2.122_6 [pfSense]
    php74-pear-HTTP_Request2: 2.5.0,1 [pfSense]
    unbound: 1.13.2 [pfSense]

Installed packages to be UPGRADED:
    bind-tools: 9.16.16 -> 9.16.23 [pfSense]
    ca_root_nss: 3.63 -> 3.71 [pfSense]
    ccid: 1.4.32 -> 1.4.36 [pfSense]
    check_reload_status: 0.0.10_1 -> 0.0.11 [pfSense]
    curl: 7.76.1 -> 7.80.0 [pfSense]
    dbus: 1.12.20_4 -> 1.12.20_5 [pfSense]
    dnsmasq: 2.85_1,1 -> 2.86,1 [pfSense]
    filterlog: 0.1_6 -> 0.1_9 [pfSense]
    glib: 2.66.8,2 -> 2.70.2,2 [pfSense]
    hostapd: 2.9_3 -> 2.9_4 [pfSense]
    icu: 69.1,1 -> 70.1_1,1 [pfSense]
    libgcrypt: 1.9.3 -> 1.9.4 [pfSense]
    libgpg-error: 1.42 -> 1.43 [pfSense]
    libidn2: 2.3.1 -> 2.3.2 [pfSense]
    libnghttp2: 1.43.0 -> 1.46.0 [pfSense]
    libuv: 1.41.0 -> 1.42.0 [pfSense]
    libxml2: 2.9.10_4 -> 2.9.12 [pfSense]
    libxslt: 1.1.34_1 -> 1.1.34_2 [pfSense]
    lua-resty-core: 0.1.21_1 -> 0.1.22 [pfSense]
    lua-resty-lrucache: 0.10 -> 0.11 [pfSense]
    luajit-openresty: 2.1.20201027 -> 2.1.20210510 [pfSense]
    miniupnpd: 2.2.1,1 -> 2.2.1_1,1 [pfSense]
    mobile-broadband-provider-info: 20201225 -> 20210805 [pfSense]
    mpd5: 5.9 -> 5.9_6 [pfSense]
    nginx: 1.20.1,2 -> 1.20.2_1,2 [pfSense]
    nss_ldap: 1.265_13 -> 1.265_14 [pfSense]
    ntp: 4.2.8p15 -> 4.2.8p15_3 [pfSense]
    opensc: 0.21.0 -> 0.22.0 [pfSense]
    openvpn: 2.5.2_2 -> 2.5.4_1 [pfSense]
    pam_ldap: 186 -> 186_1 [pfSense]
    pcre: 8.44 -> 8.45 [pfSense]
    pcre2: 10.37 -> 10.39 [pfSense]
    pcsc-lite: 1.9.1,2 -> 1.9.4,2 [pfSense]
    pfSense: 2.5.2 -> 2.6.0 [pfSense]
    pfSense-Status_Monitoring: 1.7.11_3 -> 1.7.11_4 [pfSense]
    pfSense-base: 2.5.2 -> 2.6.0 [pfSense-core]
    pfSense-default-config: 2.5.2 -> 2.6.0 [pfSense-core]
    pfSense-kernel-pfSense: 2.5.2 -> 2.6.0 [pfSense-core]
    pfSense-rc: 2.5.2 -> 2.6.0 [pfSense-core]
    php74: 7.4.20 -> 7.4.26 [pfSense]
    php74-bcmath: 7.4.20 -> 7.4.26 [pfSense]
    php74-bz2: 7.4.20 -> 7.4.26 [pfSense]
    php74-ctype: 7.4.20 -> 7.4.26 [pfSense]
    php74-curl: 7.4.20 -> 7.4.26 [pfSense]
    php74-dom: 7.4.20 -> 7.4.26 [pfSense]
    php74-filter: 7.4.20 -> 7.4.26 [pfSense]
    php74-gettext: 7.4.20 -> 7.4.26 [pfSense]
    php74-intl: 7.4.20 -> 7.4.26 [pfSense]
    php74-json: 7.4.20 -> 7.4.26 [pfSense]
    php74-ldap: 7.4.20 -> 7.4.26 [pfSense]
    php74-mbstring: 7.4.20 -> 7.4.26 [pfSense]
    php74-opcache: 7.4.20 -> 7.4.26 [pfSense]
    php74-openssl: 7.4.20 -> 7.4.26 [pfSense]
    php74-pcntl: 7.4.20 -> 7.4.26 [pfSense]
    php74-pdo: 7.4.20 -> 7.4.26 [pfSense]
    php74-pdo_sqlite: 7.4.20 -> 7.4.26 [pfSense]
    php74-pear-Cache_Lite: 1.7.16,1 -> 1.8.3,1 [pfSense]
    php74-pear-Net_SMTP: 1.9.0 -> 1.10.0 [pfSense]
    php74-pear-Net_Socket: 1.0.14 -> 1.2.2 [pfSense]
    php74-pfSense-module: 0.72 -> 0.76 [pfSense]
    php74-posix: 7.4.20 -> 7.4.26 [pfSense]
    php74-readline: 7.4.20 -> 7.4.26 [pfSense]
    php74-session: 7.4.20 -> 7.4.26 [pfSense]
    php74-shmop: 7.4.20 -> 7.4.26 [pfSense]
    php74-simplexml: 7.4.20 -> 7.4.26 [pfSense]
    php74-sockets: 7.4.20 -> 7.4.26 [pfSense]
    php74-sqlite3: 7.4.20 -> 7.4.26 [pfSense]
    php74-sysvmsg: 7.4.20 -> 7.4.26 [pfSense]
    php74-sysvsem: 7.4.20 -> 7.4.26 [pfSense]
    php74-sysvshm: 7.4.20 -> 7.4.26 [pfSense]
    php74-tokenizer: 7.4.20 -> 7.4.26 [pfSense]
    php74-xml: 7.4.20 -> 7.4.26 [pfSense]
    php74-xmlreader: 7.4.20 -> 7.4.26 [pfSense]
    php74-xmlwriter: 7.4.20 -> 7.4.26 [pfSense]
    php74-zlib: 7.4.20 -> 7.4.26 [pfSense]
    python38: 3.8.10 -> 3.8.12_1 [pfSense]
    scponly: 4.8.20110526_4 -> 4.8.20110526_5 [pfSense]
    smartmontools: 7.2_1 -> 7.2_3 [pfSense]
    sqlite3: 3.35.5_1,1 -> 3.35.5_4,1 [pfSense]
    sshguard: 2.4.1,1 -> 2.4.2_1,1 [pfSense]
    strongswan: 5.9.2_2 -> 5.9.4 [pfSense]
    wpa_supplicant: 2.9_10 -> 2.9_11 [pfSense]
    wrapalixresetbutton: 0.0.7_1 -> 0.0.8 [pfSense]

Installed packages to be REINSTALLED:
    beep-1.0_1 [pfSense]
    bsnmp-regex-0.6_2 [pfSense]
    bsnmp-ucd-0.4.5 [pfSense]
    bwi-firmware-kmod-3.130.20 [pfSense]
    choparp-20150613 [pfSense]
    cpdup-1.22 [pfSense]
    cpustats-0.1_1 [pfSense]
    dhcp6-20080615.2_4 [pfSense]
    dhcpleases-0.5_1 [pfSense]
    dhcpleases6-0.1_3 [pfSense]
    dmidecode-3.3 [pfSense]
    dpinger-3.0 [pfSense]
    expat-2.4.1 [pfSense]
    expiretable-0.6_2 [pfSense]
    filterdns-2.0_5 [pfSense]
    gettext-runtime-0.21 [pfSense]
    iftop-1.0.p4 [pfSense]
    igmpproxy-0.3,1 [pfSense]
    indexinfo-0.3.1 [pfSense]
    ipmitool-1.8.18_3 [pfSense]
    isc-dhcp44-client-4.4.2P1 [pfSense]
    isc-dhcp44-relay-4.4.2P1 [pfSense]
    isc-dhcp44-server-4.4.2P1_1 [pfSense]
    json-c-0.15_1 [pfSense]
    ldns-1.7.1_2 [pfSense]
    libargon2-20190702 [pfSense]
    libedit-3.1.20210216,1 [pfSense]
    libevent-2.1.12 [pfSense]
    libffi-3.3_1 [pfSense]
    libiconv-1.16 [pfSense]
    libinotify-20180201_2 [pfSense]
    libltdl-2.4.6 [pfSense]
    liblz4-1.9.3,1 [pfSense]
    libmcrypt-2.5.8_3 [pfSense]
    libucl-0.8.1 [pfSense]
    libunistring-0.9.10_1 [pfSense]
    libzmq4-4.3.4 [pfSense]
    links-2.20.2_1,1 [pfSense]
    lzo2-2.10_1 [pfSense]
    minicron-0.0.2 [pfSense]
    mpdecimal-2.5.1 [pfSense]
    norm-1.5r6_1 [pfSense]
    oniguruma-6.9.7.1 [pfSense]
    openvpn-auth-script-1.0.0.3 [pfSense]
    pam_mkhomedir-0.2 [pfSense]
    perl5-5.32.1_1 [pfSense]
    pfSense-repo-2.6.0 [pfSense]
    pfSense-upgrade-1.0_12 [pfSense]
    pftop-0.7_9 [pfSense]
    php74-openssl_x509_crl-1.3 [pfSense]
    php74-pear-1.10.12 [pfSense]
    php74-pear-Auth_RADIUS-1.1.0_4 [pfSense]
    php74-pear-Crypt_CHAP-1.5.0 [pfSense]
    php74-pear-Mail-1.4.1,1 [pfSense]
    php74-pear-Net_IPv6-1.3.0.b2_2 [pfSense]
    php74-pear-Net_URL2-2.2.1 [pfSense]
    php74-pear-XML_RPC2-1.1.4 [pfSense] (direct dependency changed: php74-pear-HTTP_Request2)
    php74-pecl-mcrypt-1.0.4 [pfSense]
    php74-pecl-radius-1.4.0b1_1 [pfSense]
    php74-pecl-rrd-2.0.1_1 [pfSense]
    php74-phpseclib-2.0.17 [pfSense]
    php74-simplepie-1.5.1_1 [pfSense] (direct dependency changed: php74)
    pkg-1.17.5_2 [pfSense]
    py38-ply-3.11 [pfSense]
    py38-setuptools-57.0.0 [pfSense]
    qstats-0.2 [pfSense]
    radvd-2.19_2 [pfSense]
    rate-0.9_2 [pfSense]
    readline-8.1.1 [pfSense] (options changed)
    rrdtool-1.7.2_4 [pfSense]
    ssh_tunnel_shell-0.2_1 [pfSense]
    uclcmd-0.1_3 [pfSense]
    voucher-0.1_2 [pfSense]
    vstr-1.0.15_1 [pfSense]
    wol-0.7.1_4 [pfSense]
    xinetd-2.3.15_2 [pfSense]

Number of packages to be removed: 3
Number of packages to be installed: 8
Number of packages to be upgraded: 83
Number of packages to be reinstalled: 76

The process will require 115 MiB more space.
>>> Downloading pkg... 

No packages are required to be fetched.
Integrity check was successful.
>>> Upgrading pfSense-rc... 
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    pfSense-rc: 2.5.2 -> 2.6.0 [pfSense-core]

Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-rc from 2.5.2 to 2.6.0...
===> Setting net.pf.request_maxcount=400000
[1/1] Extracting pfSense-rc-2.6.0: ...... done
>>> Upgrading pfSense kernel... 
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    pfSense-kernel-pfSense: 2.5.2 -> 2.6.0 [pfSense-core]

Number of packages to be upgraded: 1

The process will require 98 MiB more space.
[1/1] Upgrading pfSense-kernel-pfSense from 2.5.2 to 2.6.0...
[1/1] Extracting pfSense-kernel-pfSense-2.6.0: .......... done
===> Keeping a copy of current kernel in /boot/kernel.old
cp: /boot/kernel/.pkgtemp.fuse.ko.g1ZN8pFuO9kB: No such file or directory
cp: /boot/kernel/.pkgtemp.if_igb.ko.to0IdxhXQuQN: No such file or directory
cp: /boot/kernel/.pkgtemp.if_ixlv.ko.FYgmU292gIfB: No such file or directory
cp: /boot/kernel/.pkgtemp.if_tap.ko.ZhWmzF1DrUgm: No such file or directory
cp: /boot/kernel/.pkgtemp.if_tun.ko.VvLn16EfITW0: No such file or directory
pkg-static: DEINSTALL script failed
>>> Removing unnecessary packages... done.
System is going to be upgraded.  Rebooting in 10 seconds.
Success