This is a partial Work in progress list of the new features an major changes in the pfSense® 2.1 release. 

  • IPv6 support - throughout the GUI in many areas. See here for a list of complete areas and areas that still need work.
  • PBI (push button installer) package support
  • Based on FreeBSD 8.3
  • Switch from Prototype to jQuery
  • Multi instance Captive Portal
  • Multiple Captive Portal RADIUS authentication sources (e.g. one for users, one for cards)
  • Ability to select serial port speed
  • DynDNS multi-wan failover
  • IPsec multi-wan failover
  • OpenVPN multi-wan failover
  • AES-NI support (Cryptographic Accelerator feature on new Intel/AMD CPUs)
  • NTP daemon now has GPS support
  • Improved navigation and service status in the GUI
  • More IPsec hash algorigthms and DH key groups added, "base" negotiation mode added.
  • OpenVPN can accept attributes from RADIUS via avpairs for things like inacl, outacl, dns-server, routes.
  • Aliases separated into tabs for Hosts, Ports, and URLs to improve manageability.
  • Multiple language support, a mostly-complete translation for Brazillian Portuguese is included
  • NAT reflection options re-worded to be less confusing
  • Adjustable source tracking timeout for Sticky connections
  • Support for certain thermal sensors via ACPI, coretemp, and amdtemp.
  • System startup beep can be disabled
  • Improved denoting of certificate purposes in the certificate list
  • More system log separation, Gateways, Routing, Resolver split into their own tabs
  • High Availability Synchronization options (Formerly known as "CARP Settings" under Virtual IPs Promoted to its own menu entry, System > High Avail. Sync.
    • This is to make it easier to find, as well as make its purpose more clear. "CARP" is a part of High Availability, as is XMLRPC/pfsync state synchronization, but it's a bit of a misnomer to refer to the sync settings as CARP.
  • Updated atheros drivers
  • Fixes for conf_mount_ro/conf_mount_rw reference checking/locking
  • DHCP can support multiple pools inside a single subnet, with distinct options per pool
  • DHCP can allow/deny access to a DHCP pool by partial (or full) MAC address
  • Firewall logs can now be filtered by interface, sorted by any column, and can optionally show the matching rule description inline.
  • Firewall rules now support matching on ECE and CWR TCP flags
  • IPsec supports separate "split dns" field and doesn't just assume the default domain for split DNS domains
  • Properly ignore disabled IPsec phase 2 entries
  • Improvements for state killing when an interface goes down
  • Diagnostics > Sockets page to show open network sockets on the firewall
  • Added a warning to the PPTP page with links explaining how the protocol has been broken.
  • Many, many bug fixes
  • Various fixes for typos, formatting, etc.