Home

Software-update: OPNsense 24.7

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 24.7 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 24.7 released

For more than 9 and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

24.7, nicknamed "Thriving Tiger", features a new dashboard, system trust MVC/API support, GRE and GIF MVC/API support, NAT 1-to-1 MVC/API support, WireGuard QR code generator, dynamic IPsec VTI tunnel support, experimental OpenVPN DCO support, FreeBSD 14.1, Python 3.11 plus much more.

The upgrade path from 24.1.x will follow tomorrow. Do not be hasty. The major operating system upgrade has not happened in while and should be taken with the appropriate amount of care.

Here are the full changes against version 24.1.10:
  • system: remove "load_balancer" configuration remnants from core
  • system: replace usage of mt_rand() with random_int()
  • system: rewrote Trust configuration using MVC/API
  • system: add XMLRPC option for OpenDNS
  • system: rewrote the high availability settings page using MVC/API
  • system: remove obsolete SSH DSA key handling
  • system: replaced the dashboard with a modern alternative with streaming widgets
  • system: harden a number of PHP settings according to best practices
  • system: support streaming of log files for the new dashboard widget
  • system: assorted dashboard widget tweaks
  • system: sidebar optimisation and fixes (contributed by Team Rebellion)
  • system: set short Cache-Control lifetime for widgets
  • interfaces: rewrote GRE configuration using MVC/API
  • interfaces: rewrote GIF configuration using MVC/API
  • interfaces: temporary flush SLAAC addresses in DHCPv6 WAN mode to avoid using them primarily
  • interfaces: add peer/peer6 options to CARP VIPs
  • interfaces: allow to assign a prefix ID to WAN interface in DHCPv6 as well
  • interfaces: allow to set manual interface ID in DHCPv6 and tracking modes
  • firewall: performance improvements in alias handling
  • firewall: refactor pftop output, move search to controller layer and implement cache for sessions page
  • firewall: support streaming of filter logs for the new dashboard widget
  • captive portal: add "Allow inbound" option to select interfaces which may enter the zone
  • captive portal: remove defunct transparent proxy settings
  • captive portal: clean up the codebase
  • ipsec: prevent gateway when remote gateway family does not match selected protocol in legacy tunnel configuration
  • isc-dhcp: do not reload DNS services when editing static mappings to match behaviour with Kea
  • monit: expose HTTPD username and password settings to GUI
  • openvpn: optionally support DCO devices for instances
  • openvpn: remove duplicate and irrelevant data for the client session in question
  • openvpn: add "remote_cert_tls" option to instances
  • backend: add "cache_ttl" parameter to allow for generic caching of actions
  • backend: run default action "configd actions" when none was specified
  • backend: extended support for streaming actions
  • installer: update the ZFS install script to the latest FreeBSD 14.1 code
  • installer: prefer ZFS over UFS in main menu selection
  • ui: assorted improvements for screen readers (contributed by Jason Fayre)
  • ui: add "select all" to standard form selectors and remove dialog on "clear all" for tokenizers
  • ui: lock save button while in progress to prevent duplicate input on Bootgrid
  • ui: backport accessibility fix in Bootstrap
  • mvc: replaced most of the Phalcon MVC use with a native band compatible implementation
  • mvc: improve searchRecordsetBase() filtering capabilities
  • mvc: improve container field cloning
  • mvc: remove obsolete getParams() usage in ApiControllerBase
  • mvc: hook default index action in API handler
  • plugins: os-acme-client 4.4
  • plugins: os-caddy 1.6.1
  • plugins: os-dec-hw 1.1 replaces the dashboard widget
  • plugins: os-etpro-telemetry 1.7 replaces dashboard widget
  • plugins: os-freeradius 1.29.4
  • plugins: os-nginx 1.34
  • plugins: os-theme-cicada 1.37 fixes dropdown element style (contributed by Team Rebellion)
  • plugins: os-theme-vicuna 1.47 fixes dropdown element style (contributed by Team Rebellion)
  • src: FreeBSD 14.1-RELEASE
  • src: assorted backports from FreeBSD stable/14 branch
  • ports: hostapd 2.11
  • ports: libpfctl 0.12
  • ports: phalcon 5.8.0
  • ports: openvpn 2.6.12
  • ports: wpa_supplicant 2.11
    • Migration notes, known issues and limitations:
  • The dashboard has been replaced. Widgets from the old format are no longer supported and need to be rewritten by the respective authors.
  • ISC DHCP will no longer reload DNS services on static mapping edits. This is for feature parity with Kea DHCP and avoiding cross-service complications. If you expect your static mappings to show up in a DNS service please restart it manually.

    • Source: Tweakers.net

    Previous

    Next