Software-update: OPNsense 23.1.10

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.1.10 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 23.1.10 released

As summer is approaching we release this minor update in preparation for the upcoming 23.7 series. We are planning the upgrade to FreeBSD 13.2 as well as offering an MVC variant of the OpenVPN integration amongst many other improvements some of which already shipped in previous 23.1.x releases. There may be another kernel update before the final 23.7 arrives but that is for next week to decide. For now enjoy the sun and stay hydrated!

Here are the full patch notes:

• system: do not delete dpinger PID file
• system: improve RRD collector PID/service handling
• system: do not touch /var/run/booting if it exists (contributed by William Desportes)
• system: do a full transition on gateway group apply
• system: automatically create core dump with installed debug kernel
• interfaces: minor fixes in IP address status read
• interfaces: additions for legacy_interface_stats()
• interfaces: use interfaces_primary_address() during IPv4 renewal
• firewall: remove duplicate table defintions
• firewall: prevent VIP address adding /32 on IPv6 rule selection
• firmware: opnsense-update: move -K option to -x
• firmware: opnsense-update: support deferred kernel set install
• firmware: opnsense-update: use -w option with -a option in fetch(1)
• firmware: opnsense-update: ensure kernel directory consistency
• firmware: shift subscription key extract to "-x" option
• firmware: use post-upgrade hook and stage kernel as well for clean abort
• firmware: sort plugins before store
• dhcp: fix IPv6 lease page undefined vars and other issues
• dhcp: share DUID parsing code via dhcpd_parse_duid()
• dhcp: revamp the prefix route handling also adding support for statically mapped downstream routers
• monit: fix "not on" validation
• openvpn: fix typo in widget for client timestamp display
• web proxy: syslog parsing cleanup
• ui: remove noodp and noydir from HTML meta robots tag (contributed by William Desportes)
• plugins: os-crowdsec 1.0.6
• plugins: os-nginx 1.32.1
• plugins: os-zabbix-proxy plugin variant for Zabbix 6.4
• ports: curl 8.1.2
• ports: krb5 1.21
• ports: nss 3.90
• ports: ntp 4.2.8p17
• ports: openssl 1.1.1u
• ports: openvpn 2.6.5
• ports: php 8.1.20
• ports: phalcon 5.2.2
• ports: python 3.9.17
• ports: squid 5.9
• ports: strongswan upstream fix for VICI stalls
• ports: suricata 6.0.13