Software-update: OPNsense 24.1.1

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 24.1.1 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 24.1.1 released

Apart from rolling back Suricata 7 to 6 the new major version is looking good. The two intertwined Suricata default config changes in version 7 have been identified and fixed in the development version so that we can move back to version 7 in 24.1.2. This minor release is intended as a small round of fixes and third party updates to ensure reliability and security.

Here are the full patch notes:

system: enable OpenSSL legacy provider by default to allow Google Drive backup to continue working with OpenSSL 3system: bring back the interface statistics dashboard widget update intervalsystem: fix all items in the OPNsense container being synced in XMLRCP when NAT option is selectedinterfaces: overview page UX improvementsfirewall: align GeoIP file check with documentationfirewall: fix virtual IP API use with subnet/subnet_bits usagewireguard: allow instances to start their ID at 0 like they used to a long time agodhcp: omit faulty comma in Kea config when control agent is disableddhcp: add opt-out automatic firewall rules for Kea server accessipsec: remove AEAD algorithms without a PRF for IKE proposals in connectionsopenvpn: fix cso_login_matching being ignored during authenticationbackend: optimise stream_handler to exit and kill running process when no listener is attachedplugins: os-frr 1.39plugins: os-haproxy 4.3plugins: os-ntopng 1.3plugins: os-tor 1.10 adds MyFamily support (contributed by Mike Bishop)ports: nss 3.97ports: openldap 2.6.7ports: openssl 3.0.13ports: syslog-ng 4.6.0

system: enable OpenSSL legacy provider by default to allow Google Drive backup to continue working with OpenSSL 3

system: bring back the interface statistics dashboard widget update interval

system: fix all items in the OPNsense container being synced in XMLRCP when NAT option is selected

interfaces: overview page UX improvements

firewall: align GeoIP file check with documentation

firewall: fix virtual IP API use with subnet/subnet_bits usage

wireguard: allow instances to start their ID at 0 like they used to a long time ago

dhcp: omit faulty comma in Kea config when control agent is disabled

dhcp: add opt-out automatic firewall rules for Kea server access

ipsec: remove AEAD algorithms without a PRF for IKE proposals in connections

openvpn: fix cso_login_matching being ignored during authentication

backend: optimise stream_handler to exit and kill running process when no listener is attached

plugins: os-frr 1.39

plugins: os-haproxy 4.3

plugins: os-ntopng 1.3

plugins: os-tor 1.10 adds MyFamily support (contributed by Mike Bishop)

ports: nss 3.97

ports: openldap 2.6.7

ports: openssl 3.0.13

ports: syslog-ng 4.6.0

Source: Tweakers.net