Software-update: OPNsense 24.1.6

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 24.1.6 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 24.1.6 released

Today we are happy to announce another milestone regarding ISC DHCP removal: the arrival of a DHCRelay replacement based on code forked and maintained by OpenBSD. While here the whole DHCP relay section was moved to MVC/API for the usual reasons and now offers a combined GUI for both DHCPv4 and DHCPv6 relay. As a special treat this also includes being able to run ISC DHCP as well as any desired relay at the same time.

The feedback for the WireGuard peer generator was quite extensive so a few more tweaks and fixes have been done in that area. Thank you for all the responses regarding that feature addition! Otherwise this update simply moves ahead with security-related third party updates in OpenSSL and PHP.

Last but not least we are releasing the OPNProxy (formerly business) plugin to the community version for fine-grained access control using Squid with Redis as a database backend. For more details please consult the available documentation linked below.

Here are the full patch notes:

• firewall: show automation rules in their own section
• firewall: keep permissions to standard for filter.lock file
• firewall: replace searchNoCategoryItemAction() with new searchBase() extension
• firewall: add gateway to the states diagnostics output
• firewall: fix visible rows quantity off-by-one (contributed by NYOB)
• intrusion detection: query all fields for searchBase() actions
• dhcrelay: functional MVC/API replacement using the OpenBSD dhcrelay(6) fork
• isc-dhcp: fix log file location
• wireguard: add DNS field to peer generator and store previous used values in instance
• wireguard: add address field to peer generator which auto-calculates the next available address in the pool
• wireguard: add restart action to available cron tasks (contributed by Michael Muenz)
• wireguard: unlink instance on peer delete
• mvc: extend searchBase() to return all fields when no list is provided
• mvc: fix config locking issue when already owning the lock
• plugins: add globbing for plugin run tasks as well
• plugins: os-OPNProxy 1.0.5 business plugin released to community version
• plugins: os-acme-client 4.2
• plugins: os-caddy 1.5.4
• plugins: os-zabbix-proxy 1.10
• ports: dhcrelay 0.4
• ports: openssl fix for CVE-2024-2511
• ports: php 8.2.18