Software-update: OPNsense 25.7.2

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben de tweede update voor versie 25.7 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 25.7.2 released

This stable update has the look and feel of a typical update across all corners of the project: FreeBSD advisories and errata, fixes and quality of life improvements in core, several plugin and third party software updates. We are also compiling the roadmap for 26.1 at the moment. Stay tuned.

Here are the full patch notes:

system: increase log file download timeout to prevent exit before data has returnedsystem: HTML decode entities when generating new QR code for usersystem: add missing timestamp formatter in snapshotssystem: prevent the root user from changing its nameinterfaces: capture netmap ring when listening on interfaces in netmap modefirewall: skip reply-to for inversion rulesfirewall: remove unused "set loginterface" clausefirewall: additional statistics for alias gridfirewall: fix shaper reset buttoncaptive portal: preparations for SSO identification supportdnsmasq: swap hosts and domains tab for consistency reasonsdnsmasq: allow disabling local for DHCP domainsfirmware: abort on what appear to be partial updates due to obscure file errorsfirmware: store update and upgrade logs in edge casesfirmware: opnsense-version: support file based -R optionfirmware: opnsense-update: support -g for update log viewfirmware: remove tier 2 workaround for Zenarmor pluginsfirmware: add date to modal headerkea-dhcp: ignore encoding errors in lease parserintrusion detection: fix and simplify grid search in download tabipsec: passthrough networks setting missed "allow new" flagipsec: add firewall rules skip option for VTIsipsec: deprecate legacy stroke and implement swanctl for overviewisc-dhcp: allow static mapping export for disabled entriesopenvpn: add nopool directiveunbound: configurable top domain list length in reporting view (contributed by sopex)unbound: remove unknown model reference and protect/simplify remaining onewireguard: move backend scripts to proper locationbackend: added IPv6 bracket helper for templates (contributed by BPplays)lang: updates for Chinese, Czech, German and Greekmvc: improve resilience of VPNIdField and LinkAddressFieldmvc: repair side affect of getDescription() change causing performance regressionsmvc: modify existing and add missing descriptions in modelsmvc: set default validation message for CertificateFieldrc: make changes to php,var,tmp bootstrapui: fix language selection for low vertical resolution screens (contributed by sopex)ui: hide header of the picture widget on the dashboard (contributed by sopex)plugins: os-clamav 1.8.1plugins: os-crowdsec 1.0.12plugins: os-frr 1.46plugins: os-shadowsocks 1.2 switches to shadowsocks-rustplugins: os-smart 2.4 adds extended info option (contributed by poisonbl)plugins: os-telegraf 1.12.13plugins: os-theme-advanced updates logos (contributed by Raushan Patel)src: route: fix "route -n monitor" when its output is redirectedsrc: add a new sysctl in order to differentiate UEFI architecturessrc: libarchive: merge version 3.8.1src: lagg: fix if_hw_tsomax_update() not being calledsrc: wg: add support for removing allowed-ip entries and assorted cleanupssrc: ovpn: support multihomed server configurations and assorted cleanupssrc: netlink: fully clear parser state between messagessrc: udp: fix a inpcb refcount leak in the tunnel receive pathsrc: p9fs: assorted fixesports: ca_root_nss / nss 3.115ports: krb5 1.22ports: libpfctl 0.16ports: lighttpd 1.4.81ports: perl 5.40.3ports: php 8.3.24ports: py-jq 1.10.0

system: increase log file download timeout to prevent exit before data has returned

system: HTML decode entities when generating new QR code for user

system: add missing timestamp formatter in snapshots

system: prevent the root user from changing its name

interfaces: capture netmap ring when listening on interfaces in netmap mode

firewall: skip reply-to for inversion rules

firewall: remove unused "set loginterface" clause

firewall: additional statistics for alias grid

firewall: fix shaper reset button

captive portal: preparations for SSO identification support

dnsmasq: swap hosts and domains tab for consistency reasons

dnsmasq: allow disabling local for DHCP domains

firmware: abort on what appear to be partial updates due to obscure file errors

firmware: store update and upgrade logs in edge cases

firmware: opnsense-version: support file based -R option

firmware: opnsense-update: support -g for update log view

firmware: remove tier 2 workaround for Zenarmor plugins

firmware: add date to modal header

kea-dhcp: ignore encoding errors in lease parser

intrusion detection: fix and simplify grid search in download tab

ipsec: passthrough networks setting missed "allow new" flag

ipsec: add firewall rules skip option for VTIs

ipsec: deprecate legacy stroke and implement swanctl for overview

isc-dhcp: allow static mapping export for disabled entries

openvpn: add nopool directive

unbound: configurable top domain list length in reporting view (contributed by sopex)

unbound: remove unknown model reference and protect/simplify remaining one

wireguard: move backend scripts to proper location

backend: added IPv6 bracket helper for templates (contributed by BPplays)

lang: updates for Chinese, Czech, German and Greek

mvc: improve resilience of VPNIdField and LinkAddressField

mvc: repair side affect of getDescription() change causing performance regressions

mvc: modify existing and add missing descriptions in models

mvc: set default validation message for CertificateField

rc: make changes to php,var,tmp bootstrap

ui: fix language selection for low vertical resolution screens (contributed by sopex)

ui: hide header of the picture widget on the dashboard (contributed by sopex)

plugins: os-clamav 1.8.1

plugins: os-crowdsec 1.0.12

plugins: os-frr 1.46

plugins: os-shadowsocks 1.2 switches to shadowsocks-rust

plugins: os-smart 2.4 adds extended info option (contributed by poisonbl)

plugins: os-telegraf 1.12.13

plugins: os-theme-advanced updates logos (contributed by Raushan Patel)

src: route: fix "route -n monitor" when its output is redirected

src: add a new sysctl in order to differentiate UEFI architectures

src: libarchive: merge version 3.8.1

src: lagg: fix if_hw_tsomax_update() not being called

src: wg: add support for removing allowed-ip entries and assorted cleanups

src: ovpn: support multihomed server configurations and assorted cleanups

src: netlink: fully clear parser state between messages

src: udp: fix a inpcb refcount leak in the tunnel receive path

src: p9fs: assorted fixes

ports: ca_root_nss / nss 3.115

ports: krb5 1.22

ports: libpfctl 0.16

ports: lighttpd 1.4.81

ports: perl 5.40.3

ports: php 8.3.24

ports: py-jq 1.10.0

Source: Tweakers.net