Software-update: OPNsense 23.1.4

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.1.4 uitgebracht en deze versie gaat vergezeld met de volgende aantekeningen:

OPNsense 23.1.4 released

Another stable update to fix a StrongSwan regression and two OpenVPN incompatibilities introduced prior. We have also improved the service handling code in multiple areas, fixed issues like the VIP migration problem with IP alias on a CARP VIP and improved/simplified the firmware settings now that cryptography flavours no longer exist.

Here are the full patch notes:

• system: address a number of web GUI startup problems
• system: service handling refactor, tweaks and improvements
• system: rework killbypid()/killbyname() behaviour
• system: use system_resolver_configure() everywhere
• reporting: simplify state collection for system-states.rrd
• interfaces: fix an issue with a batch killbyname() in static ARP case
• interfaces: make sure output buffering is disabled when downloading a packet capture
• interfaces: lock gateway save button while the request is being processed
• interfaces: fix IP alias with VHID validation issue
• dhcp: several plumbing improvements in service handling
• dnsmasq: remove now unused host configuration and refactor
• firmware: responsiveness fix (contributed by kulikov-a)
• firmware: move settings handling to full-fledged model
• firmware: add advanced/help toggles, cancel button, subscription errors
• monit: add permanent include statement for custom configuration files (contributed by codiflow)
• openvpn: add ovpn_status.py script and configd action to fetch connected clients
• openvpn: reintroduce "cipher" keyword for older clients
• openvpn: add missing static-challenge parsing for auth framework introduced in 23.1.3
• unbound: adhere to restart logic during hosts configure and wait for service to start
• unbound: add infra-keep-probing advanced option
• unbound: lowercase domain for case insensitive search in blocklists
• mvc: fix PHP warnings and dance around null/0.0.0 ambiguity in migration code
• plugins: os-api-backup 1.1
• plugins: os-theme-cicada 1.34 (contributed by Team Rebellion)
• plugins: os-theme-tukan 1.27 (contributed by Team Rebellion)
• plugins: os-theme-vicuna 1.45 (contributed by Team Rebellion)
• ports: curl 7.88.1
• ports: nss 3.89
• ports: php 8.1.17
• ports: py-vici 5.9.10
• ports: squid 5.8
• ports: strongswan EAP-TLS upstream fix