Software-update: OPNsense 17.7

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packet filtering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 17.7 uitgebracht met de volgende aankondiging:

OPNsense 17.7 released

Hello, hello!

For more than two and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

We are writing to you today to announce the final release of version 17.7 “Free Fox”, which, over the course of the last 6 months, includes highlights such as SafeStack application hardening, the Realtek re(4) driver for better network stability, a Quagga plugin with broad routing protocol support and the Unbound resolver as the new default. Additionally, translations for Czech, Chinese, Japanese, Portuguese and German have been completed for the first time during this development cycle.

Focus in OPNsense has shifted to improving and streamlining its various systems and providing continuous updates, which amounts to over 300 individual changes made since 17.1 so far. The plugin infrastructure is growing as well thanks to our awesome contributors Frank Wall, Frank Brendel, Fabian Franz and Michael Muenz. And we, last but not least, have been working more closely than ever with HardenedBSD by unifying our ports infrastructure.

Here is the full list of changes against version 17.7-RC2:

• interfaces: dhcp6c can now properly reload without leaking its listening socket to e.g. OpenVPN
• interfaces: correctly write Host-Uniq string in PPPoE configuration (contributed by Paolo Velati)
• firmware: fix JavaScript typo in the GUI that would prevent an update with a pending reboot
• firmware: zap spurious newlines in end-of-life message
• rc: allow to optionally prevent launch of configd via rc.conf variable
• rc: print root file system when boot is completed
• lang: Chinese 91% completed (contributed by Tianmo)
• lang: Czech 94% completed (contributed by Pavel Borecki)
• lang: German 100% completed (contributed by Fabian Franz et al)
• lang: Japanese 92% completed (contributed by Chie and Takeshi Taguchi)
• lang: Russian 89% completed (contributed by SmartSoft)
• plugins: os-freeradius 1.0.0 (contributed by Michael Muenz)
• plugins: os-quagga 1.3.2 (contributed by Fabian Franz and Michael Muenz)
• src: do not update the LAGG link layer address when destroying a LAGG clone
• src pull the next header as well to restore filtering on incoming IPsec NAT-T traffic
• ports: haproxy 1.7.8
• ports: strongswan 5.5.3

The list of currently known issues with 17.7:

• Users from 17.7-RC2 may have trouble upgrading via the GUI. Run “opnsense-patch 246513c” from the command line to correct this problem
• A regression in floating rules in 17.7 does not honour the non-quick setting. Run “opnsense-patch f25d8b” from the command line to correct this problem.

All images are provided with SHA-256 signatures, which can be verified against the distributed public key.

Stay safe,
Your OPNsense team