Software update: OPNsense 23.7.4

The OPNsense package is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up entirely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among other things. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 23.7.4 and the release notes for that release can be found below.

OPNsense 23.7.4 released

The usual amount of improvements go out today with FreeBSD security advisories on top. The new Python version was also picked up. Note that the WireGuard plugin improvement effort is still going on and this time we refreshed the dashboard widget as that was being requested a number of times. The Polish language has been added to the GUI as well.

Here are the full patch notes:

• system: correctly set RFC 5424 on remote TLS system logging
• system: remove hasGateways() and write DHCP router option unconditionally
• system: avoid plugin system for gateways monitor status fetch
• system: remove passing unused ifconfig data to Gateways class on static pages
• system: remove passing unused ifconfig data on gateway monitor status fetch
• system: remove the unused “alert interval” option from the gateway configuration
• interfaces: calculate_ipv6_delegation_length() should take advanced and custom dhcp6c into account
• interfaces: teach ifctl to dump all files and its data for an interface
• interfaces: remove dead link/hint in GIF table
• interfaces: avoid duplicating $vfaces array
• interfaces: introduce interfaces_restart_by_device()
• firewall: remove old __empty__ options trick from shaper model
• firewall: update models for clarity
• firmware: update model for clarity
• ipsec: omit conditional authentication properties when not applicable on connections
• ipsec: fix key pair generator for secp256k1 EC and add cleaner naming to GUI (contributed by Manuel Faux)
• ipsec: allow the use of eap_id = %any in instances
• openvpn: fix certificate list for client export when optional CA specified (contributed by Manuel Faux)
• openvpn: add CARP VHID tracking for client instances
• openvpn: add tun-mtu/fragment/mssfix combo for instances
• openvpn: add “route-gateway” advanced option to CSO
• openvpn: use new File::file_put_contents() wrapper for instances
• openvpn: updated model and clarified “auth” default option
• mvc: remove “non-functional” hints from form input elements
• mvc: uppercase default label in BaseListField is more likely
• ui: add bytes format to standard formatters list
• plugins: os-ddclient 1.16
• plugins: os-frr 1.36
• plugins: os-wireguard 2.1
• plugins: os-tinc 1.7 adds support for “StrictSubnets” variable (contributed by andrewhotlab)
• lang: update translations and add Polish
• src: bring back netmap tun(4) ethernet header emulation (contributed by Sunny Valley Networks)
• src: axgbe: gracefully handle i2c bus failures
• src: bnxt: do not restart on VLAN changes
• src: ice: do not restart on VLAN changes
• src: net: do not overwrite VLAN PCP
• src: net: remove VLAN metadata on PCP / VLAN encapsulation
• src: if_vlan: always default to 802.1
• src: iflib: fix panic during driver reload stress test
• src: iflib: fix white space and reduce some line lengths
• src: ixgbe: define IXGBE_LE32_TO_CPUS
• src: ixgbe: check for fw_recovery
• src: net80211: fail for unicast traffic without unicast key
• src: pcib: allocate the memory BAR with the MSI-X table
• ports: php 8.2.10
• ports: python 3.9.18
• ports: unbound 1.18.0