Software update: OPNsense 23.7.3

The OPNsense package is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up entirely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among other things. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 23.7.3 and the release notes for that release can be found below.

OPNsense 23.7.3 released

Recently we improved the workflow for language bringing updates to the release so here we are with an updated translation package including added support for Korean. Thanks a lot to all contributors for keeping this going strong! If you would like to help with translations you can sign up via thislink.

Of note is also the largely rewritten backend for the WireGuard kernel module plugin which offers separate services for each instance much like OpenVPN offers it. The requirement of the wireguard tools and bash packages were removed. This also means the plugin will be moved to the core for 24.1 along with Wireguard go plugin being removed completely since on FreeBSD 13.2 no external package is needed to enjoy WireGuard and the permanent existence of a kernel module renders the Go fallback defunct through wireguard-tools /wg-quick implementation quirks.

Here are the full patch notes:

• system: fix missing config save when RRD data is supplied during backup import
• system: defer config reload to SIGHUP in gateway watcher
• system: handle “force_down” state correctly in gateway watcher
• system: make Gateways class argument optional
• interfaces: tweak UX or interface settings page
• interfaces: further improve PPP MTU handling
• interfaces: remove workaround to re-load the routing during bootup for edge case that no longer exists
• firewall: fix group priority handling regression
• firewall: improve filter functionality to combine multiple network clauses in states page
• dhcp: map interfaces to interface names instead of devices
• dhcp: fix iaid_duid parsing in IPv6 lease page
• intrusion detection: support “bypass” keyword in user-defined rules (contributed by Monviech)
• openvpn: fix mismatch issue when pinning a CSO to a specific instance
• openvpn: add advanced option for optional CA selection
• unbound: fix concurrent session closing the handle while still writing data in Python module
• web proxy: remove long deprecated “dns_v4_first” setting from GUI
• mvc: extend PortField to optionally allow port type aliases
• lang: update all languages ​​and add Korean
• plugins: os-firewall 1.4 adds port alias support
• plugins: os-frr 1.35
• plugins: os-wireguard 2.0
• ports: filterlog fix to prevent crash on default rule number -1