Software Update: OPNSense 22.7.8

The OPNsense package is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be fully configured via a web interface and includes support for 2fa, openvpn, ipsec, carp and captive portal. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 22.7.8 and this version is accompanied by the following notes:

OPNsense 22.7.8 released

A belated happy patch day to everyone, This is a small maintenance and security update. You will notice that LibreSSL no longer works with FreeRADIUS software due to hiding library internals that are used by the software. Your current install will continue to work, but we would recommend switching to OpenSSL to receive FreeRADIUS updates as they become available.

Also, the infamous log_error() message is being phased out in the development version to end the questions of “Why is this log message an error?” and so with log_msg() each log line receives a more appropriate log level between error, warning and notice.

Here are the full patch notes:

• system: add statistics tree view containing vmstat memory characteristics
• system: explicitly reopen main log file in case another log file was used and closed
• system: tweak log_msg() to prepare log level adjustments migration away from log_error()
• system: enforce config reload to fetch group membership in authentication tester
• system: separate interface type icon from name column in interface widget
• system: change system log default to “Notice”
• system: UX tweaks on activity page
• system: revised backend daemon startup delay
• system: drop empty plugins_run() result
• interfaces: migrate main clearing of interface data to ifctl
• interfaces: fix display of special HTML characters in packet capture
• interfaces: retain existing PPP settings on saving interface settings
• interfaces: delete the correct lock of PPP device
• interfaces: fix variable use in interface_proxyarp_configure()
• firewall: wrap user rule registration in new function filter_core_rules_user()
• firewall: simplify rule lookup by using filter_core_rules_user()
• firewall: allow external dynamic address in NPT
• firewall: remove extended VIP expansion from NAT rules
• firewall: fix live view hostname lookup may result in HTTP 431 error
• ipsec: remove side effect host route removal from Phase 1 page
• unbound: do not stop on potential errors in start script
• plugins: os-freeradius is no longer available for LibreSSL to allow updates of FreeRADIUS software
• plugins: os-nginx 1.31
• plugins: os-wireguard now skips invalid peers for dashboard widget (contributed by jkellerer)
• ports:expat 2.5.0
• ports: krb5 1.20.1
• ports: nss 3.85
• ports: phalcon 5.1.1
• ports: sudo 1.9.12p1