@ -159,7 +313,7 @@ Here are the full patch notes against version 21.7.7:
* lang: update translations for Chinese, French, German, Italian, Japanese, Norwegian, Spanish, and Turkish
* lang: update translations for Chinese, French, German, Italian, Japanese, Norwegian, Spanish, and Turkish
* lang: demote Italian to development-only language due to lowered translation ratio
* lang: demote Italian to development-only language due to lowered translation ratio
* monit: move logging to own target
* monit: move logging to own target
* network time: add iburst option and stop using it by default (contributed by Patrick M. Hausen)
* network time: add "iburst" option and stop using it by default (contributed by Patrick M. Hausen)
* network time: detach "limited" from "kod" option (contributed by Zsolt Zsiros)
* network time: detach "limited" from "kod" option (contributed by Zsolt Zsiros)
* network time: remove PID file use as it can be unreliable
* network time: remove PID file use as it can be unreliable
* openvpn: kill by common name when kill by address does not work
* openvpn: kill by common name when kill by address does not work
@ -226,8 +380,8 @@ Known issues and limitations:
* This release contains a new major operating system version and should be carried out with the necessary care. Despite extended test coverage changes made by FreeBSD may still affect operation without our knowledge. Except for ZFS boot environments rollbacks between major operating system versions are extremely fragile and a reinstall of an older version should be attempted in the worst case. For more information please consult the FreeBSD 13.0 release notes `[28] <https://www.freebsd.org/releases/13.0R/relnotes/>`__ .
* This release contains a new major operating system version and should be carried out with the necessary care. Despite extended test coverage changes made by FreeBSD may still affect operation without our knowledge. Except for ZFS boot environments rollbacks between major operating system versions are extremely fragile and a reinstall of an older version should be attempted in the worst case. For more information please consult the FreeBSD 13.0 release notes `[28] <https://www.freebsd.org/releases/13.0R/relnotes/>`__ .
* IPsec hash and cipher removals in FreeBSD 13 can affect existing setups as insecure cryptographic options have been removed upstream. If you are using MD5, Blowfish, DES, 3DES, or CAST128 in your phase 2 please move to more secure settings prior to the upgrade. Note that phase 1 settings are unaffected, but insecure settings should still be avoided. For more information see the FreeBSD commit in question `[29] <https://github.com/opnsense/src/commit/16aabb761c0a>`__ .
* IPsec hash and cipher removals in FreeBSD 13 can affect existing setups as insecure cryptographic options have been removed upstream. If you are using MD5, Blowfish, DES, 3DES, or CAST128 in your phase 2 please move to more secure settings prior to the upgrade. Note that phase 1 settings are unaffected, but insecure settings should still be avoided. For more information see the FreeBSD commit in question `[29] <https://github.com/opnsense/src/commit/16aabb761c0a>`__ .
* The Realtek vendor driver is no longer bundled with the updated FreeBSD kernel. If unsure whether FreeBSD 13 supports your Realtek NIC please install the os-realtek-re plugin prior to upgrading to retain operability of your NICs.
* The Realtek vendor driver is no longer bundled with the updated FreeBSD kernel. If unsure whether FreeBSD 13 supports your Realtek NIC please install the os-realtek-re plugin prior to upgrading to retain operability of your NICs.
* MAC spoofing now only pertains to the configured interface and not the VLAN siblings or parent interface. This can introduces unwanted configuration due to previous side effects in the code. Make sure to assign and set the spoofed MAC for all interfaces that require a spoofed MAC.
* MAC spoofing now only pertains to the configured interface and not the VLAN siblings or parent interface. This can introduce unwanted configuration due to previous side effects in the code. Make sure to assign and set the spoofed MAC for all interfaces that require a spoofed MAC or simply spoof the MAC on the parent and leave the VLAN sibling settings empty to let them follow the parent MAC automatically. If in doubt the parent interface can be set into promiscuous mode now to allow for mixed MAC address use across VLANs too.
* Media settings are no longer shown for non-parent interfaces and need to be set individually to take effect. This can introduce unwanted configuration due to previous side effects in the code. If the parent interface was not previously assigned please assign it to reapply the required media settings.
* Media and hardware offload settings are no longer shown for non-parent interfaces and need to be set individually on the parent interface to take effect. This can introduce unwanted configuration due to previous side effects in the code. If the parent interface was not previously assigned please assign it to reapply the required settings.
* NTPD defaults changed to exclude the "iburst" option by default. "limited" setting was detached from "kod" option. In both cases configuration adjustments can achieve previous behaviour if required.
* NTPD defaults changed to exclude the "iburst" option by default. "limited" setting was detached from "kod" option. In both cases configuration adjustments can achieve previous behaviour if required.
* Rebind checks through os-dyndns or os-rfc2136 will no longer work due to the deprecation of both plugins. Please add your rebind hosts manually or disable rebind protection prior to the upgrade.
* Rebind checks through os-dyndns or os-rfc2136 will no longer work due to the deprecation of both plugins. Please add your rebind hosts manually or disable rebind protection prior to the upgrade.
* GRE link1 support has been removed and needs a static route to function now.
* GRE link1 support has been removed and needs a static route to function now.