pfSense Community Edition (CE) 2.8.0 was released on May 28, 2025. This major version introduces a new kernel-based PPPoE backend (if_pppoe) for improved efficiency and speed, alongside features previously exclusive to pfSense Plus. Status & Quality Report
Performance: Users report high quality and stability, with significant CPU usage reductions (from 25% down to less than 10%) when utilizing updated packages like pfBlockerNG in python mode.
Installation Changes: Netgate has shifted toward a Netgate Installer model. A standalone, direct ISO for CE 2.8.0 is not provided as a standard download; instead, users often install CE 2.7.2 and upgrade via the web interface or use the new universal installer. Known Issues:
Certificate Errors: Some fresh installations or upgrades may encounter "untrusted certificate" warnings. This can often be resolved by running certctl rehash from the console.
Upgrade Path: Direct upgrades are only supported from the two previous versions (e.g., must be on 2.7.2 before going to 2.8.0). Key Features Kernel PPPoE
Replaces the old MPD-based backend for faster throughput on PPPoE lines. Plus Feature Migration
Includes several security and functional updates formerly locked to the paid Plus edition. PHP Update
Includes major underlying system changes; it is critical to uninstall packages before upgrading to avoid crashes. Recommendation For a "high quality" deployment, it is best practice to:
Pfsense updated to 2.8 and now get an crash report - Netgate Forum
pfSense Community Edition (CE) 2.8.0-RELEASE is a high-quality, major update released on May 28, 2025, that significantly modernizes the open-source firewall platform. This release is built on FreeBSD 15-CURRENT and upgrades the core PHP to version 8.3, providing improved hardware support and better web interface performance. Key High-Quality Features
Kernel-Based PPPoE (if_pppoe): A major highlight for performance. This new backend can be manually enabled to dramatically increase WAN throughput and reduce CPU usage, making it ideal for high-speed fiber connections.
Kea DHCP Integration: pfSense 2.8.0 integrates the modern Kea DHCP server, replacing the older ISC DHCP. It introduces high-availability (HA) support for both DHCPv4 and DHCPv6, which is more reliable and easier to sync between nodes.
NAT64 Support: This version adds native NAT64 functionality, allowing IPv6-only internal clients to reach the IPv4 internet seamlessly.
Security Hardening: The update includes numerous critical security patches for the base system and WebGUI, fixing potential XSS vulnerabilities and improving state handling by making rules "Interface-Bound" by default. Community & Stability Review pfsensece280releaseamd64isogz high quality
Performance: Reviewers generally report that the system "feels faster," with improved WebUI responsiveness and efficient rule management.
Stability Mixed for Upgrades: While many users had flawless upgrades, others reported bootloader corruption or crashes under heavy load immediately after updating from version 2.7.2.
Installer Changes: Some users expressed disappointment with the move toward a "net installer" that requires an internet connection during the installation process, which can be difficult for isolated or high-security networks. Installation File Details
For high-quality installation on standard 64-bit hardware, you typically use the amd64 architecture.
This blog post explores the features, security upgrades, and performance boosts found in the pfSense Community Edition (CE) 2.8.0 release.
pfSense CE 2.8.0: The Powerhouse Upgrade for Home Labs and Prosumers
If you’ve been running your home lab or small business on the rock-solid pfSense CE 2.7.2, the wait for a major evolution is over. The release of pfSense CE 2.8.0 marks a significant milestone, bringing many features once exclusive to the Plus edition directly to the community.
Whether you are looking for better performance on high-speed fiber or need to close critical security gaps, the pfsense-ce-2.8.0-release-amd64.iso.gz is the high-quality starting point your network hardware has been waiting for. 1. Performance Redefined: The New PPPoE Driver
For users with multi-gigabit fiber connections, the standout feature of 2.8.0 is the new PPPoE backend (if_pppoe).
The Boost: By moving away from the older MPD-based implementation, this new driver dramatically reduces CPU usage while increasing throughput.
How to Enable: It isn't on by default. Navigate to System > Advanced on the Networking tab to opt-in and unlock those higher speeds. 2. Modern Networking with Kea DHCP & NAT64
The transition to the Kea DHCP daemon reaches near-parity with the older ISC DHCP in this release, offering better High Availability (HA) support for both IPv4 and IPv6. Additionally, 2.8.0 introduces NAT64 support, making it easier for IPv6-only clients to access IPv4 resources—a must-have for forward-looking network administrators. 3. Critical Security Hardening
Security is the heart of any firewall. This release addresses several high-impact vulnerabilities (pfSense-SA-25_01 through 25_07): pfSense Community Edition (CE) 2
WebGUI Fixes: Patched multiple XSS vulnerabilities in the Dashboard, Firewall Schedules, and Wake on LAN pages.
OpenVPN Protection: Fixed a command injection flaw in the OpenVPN management interface.
Kernel Stability: Includes fixes for rare kernel panics, ensuring your uptime remains uninterrupted. 4. Under the Hood: FreeBSD 15.0 & PHP 8.3
This version is built on FreeBSD 15.0-CURRENT, providing broader hardware compatibility and a more modern foundation. The upgrade to PHP 8.3 for the web interface doesn't just make the GUI snappier; it closes modern security holes associated with older PHP versions. Quick Tips for a Smooth Upgrade
Backup First: Always download your XML configuration before starting. Navigate to Diagnostics > Backup & Restore.
Uninstall Packages: Netgate recommends uninstalling all extra packages before the upgrade to avoid compatibility issues with the new FreeBSD base.
Fresh Install: If you're doing a fresh build, you can find the installer on the official Netgate Download Page.
The 2.8.0 release proves that pfSense CE is far from stagnant, delivering professional-grade features to the open-source community.
Ready to level up your network? Check out the official pfSense 2.8.0 Release Notes for a deep dive into every single bug fix and enhancement.
Are you planning a fresh install or an in-place upgrade for your current hardware? 2.8.0 New Features and Changes | pfSense Documentation
The "pfSense-CE-2.8.0-RELEASE-amd64.iso.gz" refers to the installer for pfSense Community Edition 2.8.0, which was officially released on May 28, 2025.
This version is a significant upgrade, moving to FreeBSD 15-CURRENT and PHP 8.3. 🚀 Key Features in 2.8.0 New PPPoE Backend (if_pppoe)
High Performance: Replaces the legacy MPD-based driver with a kernel-based one. Write to USB (Linux) dd if=pfSense-CE-2
Speed: Significantly increases throughput and reduces CPU load for multi-gigabit fibre connections.
Note: It is disabled by default. Enable it via System > Advanced > Networking. Kea DHCP Integration
Modernization: Replaces the aging ISC DHCP (which is now deprecated).
Advanced HA: Supports High Availability for both DHCPv4 and DHCPv6 with encrypted lease synchronization.
DNS Sync: Automatically registers client hostnames in the Unbound DNS resolver without requiring service restarts. Networking & Security Upgrades
NAT64 Support: Allows IPv6-only clients to access IPv4 resources seamlessly.
Default State Policy: Changed from "Floating" to "Interface Bound" for tighter security, though this can be toggled back if compatibility issues arise with IPsec VTI or Multi-WAN.
Gateway Fail-back: New option to clear states on lower-tier gateways when a preferred WAN recovers, forcing traffic back to the primary link. 🛠️ Installation & Download Notes
New Installer: Netgate moved to a "Netgate Installer" model. Full standalone ISOs are no longer provided for 2.8.0; instead, a tiny installer downloads necessary files during setup.
Memory Warning: Devices with 1 GB of RAM or less may struggle with the upgrade process. It is recommended to disable non-essential packages before starting.
ZFS Bootloader: The upgrade automatically updates the bootloader, which is required for the new FreeBSD 15 kernel. 2.8.0 New Features and Changes | pfSense Documentation
dd if=pfSense-CE-2.8.0-RELEASE-amd64.iso of=/dev/sdX bs=4M status=progress
GPG Key: BF91 8D71 6442 178B 2BDF A5CE 5C44 D5AB 7AAD 54B2 (pfSense Project)
Verify signature:
gpg --verify pfSense-CE-2.8.0-RELEASE-amd64.iso.gz.sig pfSense-CE-2.8.0-RELEASE-amd64.iso.gz