The package OPNsense is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 18.7.5 with the following announcement:
OPNsense 18.7.5 released
Hi folks,
While the HardenedBSD 11.2 adoption is almost finished behind the scenes, this release merely revolves around minor corrections and additions that make your life easier. We are also confident that 18.7.6 finally ships the firewall alias API.
Of worthy mention are also the IPsec phase 1 changes that allow multiple DH groups and hashes to be selected simultaneously to tackle interoperability between different mobile client requirements. Also check out the Nginx plugin which has again extended its utility belt to include limiting, permanent bans, caching and more.
Here are the full patch notes:
- system: add (de)select all option in LDAP importer
- firewall: keep previous content for URL alias on fetch error
- firewall: make schedule icon reflect current schedule state
- firewall: toggle and migration fix for upcoming alias API
- firewall: round-robin limitation is for host alias outbound NAT only
- firewall: resolve network addresses in kernel for static routes bypass option
- firewall: do not clean up visible records when limit was not reached
- firewall: do not hardcode live log pass / block colours
- firewall: add live log direction icons
- firmware: shorten shaper name and assorted cleanups
- firmware: fix upgrade compatibility with FreeBSD 11.2
- firmware: use opnsense-version where appropriate
- firmware: correctly translate GUI buttons
- dnsmasq: use more robust approach to interface binding
- ipsec: more secure phase 1 default settings
- ipsec: support for multiple phase 1 DH groups and hashes
- openvpn: option to match CSO against common_name or login
- unbound: fix usage of the remote control backend calls
- unbound: remove faulty “DHCP” label hint for IPv6 link-local registration option
- web proxy: several corrections for PAC template
- backend: fix CPU hogging when reading on already disconnected streams
- mvc: speed up parsing very large config files
- mvc: add single select constraint
- mvc: add UUID field to the result of addBase
- ui: sidebar UX improvements
- ui: use single guillemets for previous/next page
- plugins: os-acme-client /var MFS awareness
- plugins: os-cicada 1.5
- plugins: os-collectd 1.2 makes hostname override optional
- plugins: os-dyndns 1.10 adds CloudFlare IPv6 support
- plugins: os-net-snmp 1.2 adds write access for users
- plugins: os-nginx 1.2
- plugins: os-ntopng hides interface selection under advanced
- plugins: os-openconnect allows uppercase usernames
- plugins: os-postfix 1.6 adds port field
- plugins: os-telegraf 1.7.0 adds global tags, HAProxy input, prometheus output, fixes logging
- plugins: os-tukan 1.4
- plugins: os-vnstat 1.0
- plugins: os-zerotier fixes status table
- ports: mpd5 upstream MTU fix
- ports: PHP 7.1.23
stay safe,
Your OPNsense team
| Version number | 18.7.5 |
| Release status | Final |
| Operating systems | BSD |
| Website | OPNsense |
| Download | |
| License type | Conditions (GNU/BSD/etc.) |