Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 22.7.6 uitgebracht en deze versie gaat vergezeld met de volgende aantekeningen:
OPNsense 22.7.6 releasedThis update fixes CRL code handling with third party software and sandboxes the code to avoid dealing with boot-time issues ever again. However, due to the nature of the sandboxing no automatic fix can be made for the following case:
Creating and using an empty CRL in OpenVPN broke in 22.7.5 due to an ancient bug not populating the empty CRL in binary format: the side effect "correcting" this at runtime was removed. 22.7.6 will now correctly populate the binary format of the empty CRL upon creation in the config.xml as originally intended.The options to manually fix existing empty CRLs are as follows:
- Remove the CRL from OpenVPN as it is unused anyway, or
- Add a dummy certificate to it to populate the CRL properly, or
- Add and remove a random existing certificate to populate an empty CRL.
These fixes can be carried out on older installation without a problem as well prior to upgrading to avoid OpenVPN from not working post-upgrade.
Here are the full patch notes:
- system: fix inconsistent is_crl_internal() implementation
- system: make sure we always generate a CRL when saved
- system: sandbox code handling CRL manipulation in the CRL manager page
- system: wrap global product information handling into a singleton
- system: move get_nameservers() to ifctl use
- reporting: traffic graph polling interval selection and UX tweaks
- interfaces: port 6RD/6to4 to ifctl use
- interfaces: optionally use reverse DNS resolution for ARP table hostnames (contributed by soif)
- interfaces: allow user-configurable VLAN device names with certain restrictions
- interfaces: small cleanup on get_real_interface()
- firewall: simplify port forward rule logic for delete and toggle and make sure to toggle firewall rule as well
- firewall: various performance and usability improvements in live log
- firewall: extend all firewall rules with a UUID to align with MVC code upon edit
- firmware: display license validity when applicable in business edition
- ipsec: ACL fix for sessions users
- unbound: support setting type value for DNS over TLS/Query Forwarding API (contributed by kulikov-a)
- unbound: convert advanced settings to MVC/API
- mvc: remove "clear all", "copy" and "paste" options when only a single entry is allowed
- mvc: fix typo in searchRecordsetBase()
- ports: isc-dhcp 4.4.3P1
- ports: phalcon 5.0.3
- ports: php 8.0.24
- ports: squid no-forgery patch fix
- ports: strongswan 5.9.8
:strip_exif()/i/2003304354.png?f=thumbmedium)
:strip_icc():strip_exif()/u/506130/keitjes.jpg?f=community){kind=small}