Downloads

Software Update: OPNsense 21.7.5

By admin
Spread the love

The package OPNsense is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 21.7.5 with the following announcement:

OPNsense 21.7.5 released

FreeBSD security advisories and an issue with Intel-based ixgbe driver with “ifconfig -v” stalls keep this release rolling. Also note that OpenSSH was updated to version 8.8 which deprecates ssh-rsa usage which is mainly an issue for client access from the OPNsense system to the outside and can be amended as per the suggestions in the respective release notes.

And as promised the development version includes the upgrade path to the 22.1-BETA1 release. This will be an online-beta with a few iterations over the FreeBSD 13 stable branch and eventually move to FreeBSD 13.1 release as that becomes available.

Highlights for 22.1 already include:

  • Suricata Netmap v14 support for multi-gigabit speed in IPS mode with RSS enabled
  • Separate VLAN MAC spoofing and permanently promiscuous mode setting
  • Tunable analytics provide automatic descriptions and type
  • IPsec tunnel overview ported to MVC with pagination
  • Proofpoint Emerging Threats rules for Suricata 5.0
  • Removed opportunistic interface address read functions
  • Console-based LAGG configuration support
  • Removed state killing on gateway failure feature
  • Improved firmware update capabilities
  • No-bind service awareness for virtual IPs
  • FreeBSD 13 stable branch
  • RFC 5424 and severity support in logs
  • Clog support has been removed
  • And more…

Please note that the beta version will always be available for upgrade when switching to the development version. At this point no stable packages are provided and this includes plugins. These will become available as the release candidate is released in early January 2022. All feedback is welcome but keep in mind that there are still a number of moving parts ahead. Upgrade responsibly.

Here are the full patch notes for version 21.7.5:

  • system: remove support for obsolete “local” syslog socket plugin request
  • system: prevent setup wizard error in WAN-only configuration
  • system: properly extract keyid string (contributed by kulikov-a)
  • system: show all threads and correct WCPU in activity (contributed by kulikov-a)
  • system: fix display and sorting in activity (contributed by kulikov-a)
  • interfaces: remove obsolete link_interface_to_vlans() function
  • interfaces: inline legacy_interface_rename() function
  • interfaces: verbose output on test port (contributed by kulikov-a)
  • firewall: add live view templates page to respective ACL (contributed by kulikov-a)
  • firewall: replace pfInfo with statistics page
  • firewall: add rules to statistics page (contributed by kulikov-a)
  • firewall: remove defunct “block carp from self” CARP rule
  • dhcp: automatically set AdvRASrcAddress for link-local CARP address
  • dhcp: exclude link-local subnet router advertisements
  • firmware: remove unavailable Hostcentral mirror
  • firmware: opnsense-update: replace -A before -M and handle single directory -M independently
  • firmware: opnsense-verify: disable verification for repositories without signatures
  • firmware: opnsense-verify: let -l option properly discard duplicate repositories
  • firmware: opnsense-version: support -x effective ABI probing
  • ipsec: add sha256_96 flag (contributed by Patrick M. Hausen)
  • monit: add polltime to service settings (contributed by Frank Brendel)
  • ui: prevent event propagation to avoid click() events being forwarded
  • plugins: os-bind 1.19
  • plugins: os-dnscrypt-proxy 1.10
  • plugins: os-dyndns 1.26
  • plugins: os-freeradius 1.9.17
  • plugins: os-frr 1.23
  • plugins: os-haproxy 3.7
  • plugins: os-nut 1.8.1
  • plugins: os-openconnect 1.4.1
  • plugins: os-relayd 2.6
  • plugins: os-telegraf 1.12.2
  • plugins: os-vnstat 1.3
  • plugins: os wireguard 1.8
  • src: axgbe: correctly enable RSS driver support by default
  • src: ixgbe: prevent subsequent I2C bus read timeouts
  • src: fix kernel panic in vmci driver initialization
  • src: timezone database information update
  • ports: lighttpd 1.4.61
  • ports: nss 3.72
  • ports: openssh 8.8p1
  • ports: pcre2 10.39
  • ports: php 7.4.25
  • ports: phpseclib 2.0.34

Version number 21.7.5
Release status Final
Operating systems Linux, BSD
Website OPNsense
Download
License type GPL
You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Rumor: EU starts investigation into Microsoft for including Teams with Office