Software-update: OPNSense 23.1

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.1 uitgebracht en deze versie gaat vergezeld met de volgende aantekeningen:

Version 23.1, nicknamed "Quintessential Quail", features Unbound DNS statistics with a blocklist rewrite in Python, improved WAN SLAAC operability, firewall alias BGP ASN type support, PHP 8.1, assorted FreeBSD networking updates, MVC/API pages for packet capture/virtual IPs/IPsec connection management, IPsec configuration file migration to swanctl.conf, new sslh plugin, ddclient custom backend support (including Azure), WireGuard kernel module plugin variant as the new default plus much more.

system: replaced log_error() use with log_msg() and adjusted logging levels accordinglysystem: introduced a service boot logsystem: the LibreSSL flavour has been discontinuedsystem: simplify gateway monitoring setup codesystem: add option to skip gateway monitor host routesystem: populate /etc/hosts file with IPv6 addresses toosystem: simplify and guard host route creationsystem: merge system_staticroutes_configure() into system_routing_configure()system: do not yield process after calling shutdown commandsystem: apply tunables during late boot in case a module was loaded depending on them to be set to a specific valuesystem: show size of ZFS ARC (adaptive replacement cache) in system widgetsystem: introduce support tier annotations for core and pluginssystem: add cron tasks for scrubbing and trimming ZFS pools (contributed by Iain Henderson)system: fix 6rd/6to4 gateway interface detection (contributed by Frans J Elliott)reporting: add Unbound DNS statistics frontend including client drill-downinterfaces: heavy cleanup of the wireless device integrationinterfaces: use 802.1ad protocol for stacked VLAN parent (QinQ)interfaces: GIF and GRE now support subnet-based IPv6 configurations instead of always falling back to a point-to-point (/128) setupinterfaces: GIF and GRE now disable IPv6 on IPv4 tunnels (contributed by Maurice Walker)interfaces: add isolated PPPoEv6 mode to selectively enable IPv6 CP negotiation and turn it off when no IPv6 mode is setinterfaces: add support for SLAAC WAN interfaces without DHCPv6 (contributed by Maurice Walker)interfaces: register LAGG, PPP, VLAN and wireless devices as pluginsinterfaces: simplified get_real_interface() functioninterfaces: removed obsolete "defaultgw" filesinterfaces: simplified rc.linkup scriptinterfaces: improve IP address cache behaviour in rc.newwanip(v6) scriptsinterfaces: converted virtual IPs to MVC/APIinterfaces: add MAC filtering to packet captureinterfaces: convert ARP/NDP pages to server-side searchable variantinterfaces: create null route for DHCPv6 delegated prefixinterfaces: tighten the concept of hardware interfaces and pull supported plugin devices into assignments page automaticallyfirewall: remove deprecated "Dynamic state reset" mechanicfirewall: invalidate port forward rule entry when no target is specifiedfirewall: hide deprecated source OS rule setting under advancedfirewall: add group option to prevent grouping in interfaces menufirewall: safeguard against missing name from the alias API callintrusion detection: keep grid to prevent widgets being removedintrusion detection: reload grid after log drop (contributed by kulikov-a)intrusion detection: add verbose logging mode selectoripsec: disable charon.install_routes completely in case upstream would implement it for FreeBSD later onipsec: move user PSK (pre-shared key) and static PSK items to new MVC/API implementationipsec: migrate existing configuration from ipsec.conf to swanctl.confipsec: add a new independent connections MVC/API component to manage IPsec in a layout matching swanctl.conf syntax more closelyipsec: rewrote lease status page in MVC/APIipsec: add configurable "unique" setting to phase 1ipsec: missing correct phase 1 to collect "Network List" optionmonit: support start timeout setting (contributed by spoutin)openvpn: add unique daemon name to each instanceunbound: add statistics database backendunbound: add exact domain blockingmvc: call plugins_interfaces() optionally on service reconfiguremvc: match UUID for multiple values (contributed by kulikov-a)mvc: convert setBase() to an upsert operationmvc: change default sorting to case-insensitivemvc: add TextField tests (contributed by agh1467)mvc: implement required getRealInterface() variantui: assorted improvements in bootgrid and form controlsui: switch to pure JSON data in bootgridsplugins: os-bind 1.25plugins: os-ddclient 1.11plugins: os-dyndns end of life note moves to 23.7plugins: os-freeradius 1.9.22plugins: os-frr 1.32plugins: os-haproxy 4.0plugins: os-puppet-agent 1.1plugins: os-sslh 1.0plugins: os-theme-cicada 1.32 (contributed by Team Rebellion)plugins: os-upnp 1.5plugins: os-wireguard switches to kernel module with a separate os-wireguard-go variant available for installation to keep the old behavioursrc: assorted FreeBSD 13 stable fixes for e.g. bpf, bridge, bsdinstall ifconfig, iflib, ipfw, ipsec, lagg, netmap, pf, route and vlan componentsports: php 8.1.14ports: sudo 1.9.12p2