Download OPNsense 22.1.2

Spread the love

The package OPNsense is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 22.1.2 with the following announcement:

OPNsense 22.1.2 released

This release adds GUI support for Intel QuickAssist Technology (QAT) and SYN cookies as per virtue of the FreeBSD 13 operating system. The work to modernize the interfaces subsystem and improve the new ddclient dynamic DNS plugin are also progressing.

Due to signs of decay in the build infrastructure, license nitpicking in FreeBSD ports and the upcoming OpenSSL 3 release (which will complicate things most likely) we have decided to discontinue LibreSSL at the end of this year meaning there will be no more LibreSSL flavor starting with version 23.1. Non-essential software will no longer be manually fixed and provided as binary packages if broken by upstream from this point on.

Since 2015 we have been working on functional LibreSSL support with steady means, but 7 years later and OpenSSL making an effort through numerous ways we are sad to give up this alternative since we do not see LibreSSL being used and properly integrated in software projects as often anymore. It has been a slow but steady decline for the past 2 years that also has to do with a LibreSSL release cycle tailored for OpenBSD in particular and OpenSSL library integration quality, which is almost impossible to improve upon in complex third-party software projects. We simply cannot afford the time for it any longer.

All users are able to update to the OpenSSL flavor without issues now or at any later given point.

Here are the full patch notes:

  • system: Intel QuickAssist Technology (QAT) crypto module selection and support multiple selection
  • system: AESNI crypto module is a kernel-builtin since 22.1 and no longer needs to be selected to work
  • system: enable library support of PCRE JIT included since 21.1.1
  • system: limit rowCount in log viewer (contributed by kulikov-a)
  • system: unify system tunables handling and tweak UX of the respective GUI page
  • system: no longer default to hw.uart.console use in factory configuration
  • system: remove console mute use from boot sequence
  • reporting: fill missing insight data with zeros
  • interfaces: assignments should take OpenVPN into account
  • interfaces: only ever store nobind for ipalias/carp
  • interfaces: align IPv4 address statistics read with IPv6
  • interfaces: simplify device destroy code
  • interfaces: avoid use legacy_get_interface_addresses() in MAC address read
  • interfaces: remove unused opportunistic interface address functions
  • firewall: exclude localhost stateless traffic from default logging (contributed by kulikov-a)
  • firewall: using port type aliases the “enable” flag was ignored when not enabled
  • firewall: add support for SYN cookies
  • firmware: opnsense code: support “-z” snapshot mode
  • firmware: opnsense-revert: support “-z” snapshot mode
  • firmware: opnsense update: support version print for sets
  • firmware: check repository and plugin state in health audit
  • ipsec: pass protocol when resolving via ipsec_resolve() (contributed by FloMeyer)
  • ipsec: fix mobile property passing when creating a new phase 2 entry
  • ipsec: rename “My Certificate Authority” to “Remote Certificate Authority” to avoid ambiguity
  • openvpn: avoid use of find_interface_network() et al
  • openvpn: stop removing name server-related files never written
  • openvpn: improve gateway detection in topology mode
  • ipsec: avoid use of find_interface_network() et al
  • dhcp: avoid use of find_interface_network() et al
  • console: move console mite calls into port setting function
  • ui: sidebar 2nd submenu view fix (contributed by Team Rebellion)
  • mvc: refactor and extend HostnameField to add options to validate partial hostnames and root zones
  • plugins: os-bind 1.22
  • plugins: os-ddclient 1.2
  • plugins: os-freeradius 1.9.19
  • plugins: os-stunnel 1.0.4 fix connect format for IPv6 (contributed by Johnny S. Lee)
  • src:stand:add EFI support for MMIO serial consoles
  • src: apei: make sure event data fit into the buffer
  • ports: php 7.4.28
  • ports: unbound 1.15.0

Version number 22.1.2
Release status Final
Operating systems Linux, BSD
Website OPNsense
License type GPL
You might also like