Download OPNsense 19.1.3

The package OPNsense is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 19.1.3 with the following announcement:

OPNsense 19.1.3 released

Hi all,

This is a smaller stable update consisting of LDAPS authentication server improvements, Unbound host overrides alias support, OpenSSL 1.0.2r security update and the recent PAM rework for better privilege separation.

We are currently focusing on IPsec VTI, third-party service PAM integration and investigating kernel boot crashes. In the latter case we are aware of the update issues some people are having and recommend running 18.7 until this is taken care of. Above all, please be patient. New images and seamless upgrade paths will be provided as soon as the problems have been pinned down.

Here are the full patch notes:

• system: improve LDAPS mode and related authentication cleanups
• system: move enable checkbox to the top in remote logging settings
• system: allow reset of tunables to factory defaults
• system: new tunables factory default to prevent ICMP redirects being sent (net.inet.icmp.drop_redirect=1)
• firewall: allow explicitly setting source hash key in outbound NAT (Fredrik Ronnvall)
• interfaces: probe media before applying new settings
• interfaces: correctly compare MAC addresses
• dhcp: added TFTP bootfile-name (contributed by Bjorn Kalkbrenner)
• firmware: move duty to return the correct set name / ID to opnsense-version
• firmware: finally revoke 18.7 fingerprint
• intrusion detection: minor template cleanups using helpers.empty()
• ipsec: peer identifier can now fall back to remote-gateway in manual SPD entries
• ipsec: allow easier override of colors in widget (contributed by Fabian Franz)
• monit: add validation for test type (contributed by Frank Brendel)
• openvpn: add auth-nocache option in exporter
• openvpn: validate certificate type for servers
• unbound: add host overrides alias support
• web proxy: add auth to parent proxy (contributed by Michael Muenz)
• backend: add helpers.empty() in configd
• mvc: simplify save / close / cancel button labels
• mvc: add sorting for field list types
• rc: move all template generation to early stage
• ui: improve escaping of displayed data in static pages
• ui: escape button values ​​in static pages
• ui: avoid short PHP tags
• plugins: os-dnscrypt-proxy 1.3
• plugins: os-frr brings in missing area range code
• plugins: os-postfix log file ACL and wrapper mode typo fix (contributed by Michael Muenz)
• plugins: os-theme-cicada IPsec widget color fix (contributed by Team Rebellion)
• plugins: os-theme-tukan IPsec widget color fix (contributed by Team Rebellion)
• plugins: os-vnstat /var MFS fix
• plugins: os-zabbix4-proxy 1.0 (contributed by Michael Muenz)
• ports: openssl 1.0.2r
• ports: pam_opnsense 19.1.3 uses setuid for privilege separation
• ports: phalcon 3.4.3

stay safe,
Your OPNsense team