Download OPNsense 20.7.4

The package OPNsense is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 20.7.4 with the following announcement:

OPNsense 20.7.4 released

This release finally wraps up the recent Netmap kernel changes and tests. The Realtek vendor driver was updated as well as third party software cURL, libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple of them.

We would like to thank Sunny Valley Networks for their relentless efforts to bring said Netmap fixes and improvements into FreeBSD.

If you are having trouble with a stuck update try the command sequence below from the root shell or simply reboot from the GUI and rerun the update in case it was not fully carried out yet.

# pkill syslog-ng
# service syslog-ng restart

Here are the full patch notes:

• system: switch web GUI address selection to avoid server.bind in IPv6 first case
• system: fix defunct “use default” button on web GUI listen interfaces
• system: signal “auth user changed” when a user is modified via web GUI
• system: replace gateway widget and add proper API endpoint for it
• system: fix reading displayName attribute on LDAP search
• interfaces: change maximum MTU value to 65535 in accordance with RFC 791
• interfaces: update wireless device detection prefixes
• interfaces: lexical sort interface keys for assignments
• firewall: add support for network exclusions in network alias type
• firewall: add NAT information to pfInfo page
• firewall: associated NAT rules missed state keyword
• firewall: allow “or” conditions in live log
• firewall: use pfctl for alias IP check
• dnsmasq: regenerate resolv.conf on save
• dnsmasq: log queries option
• intrusion detection: ignore pkill exit status when performing update
• ipsec: add description to reconfigure action
• unbound: rebuild unbound blacklist download
• unbound: restructure reconfigure so that we always flush config
• backend: add new “config changed” event using syshook structure
• mvc: add a few missing control widgets from log pages
• ui: upgrade moment.js to 2.27.0
• plugins: os-freeradius 1.9.8
• plugins: os-git-backup 1.0
• plugins: os-haproxy 2.25
• plugins: os-stunnel 1.0.2 adds service protocol selector
• src: extended netmap update and driver fixes
• src: netmap tun and lagg support
• src: update Realtek re driver to upstream version 1.96.04
• ports: curl 7.73.0
• ports: libxml2 fixes for CVE-2019-20388, CVE-2020-7595 and CVE-2020-24977
• ports: nss 3.58
• ports: openssl 1.1.1h
• ports: php 7.3.23
• ports: pkg 1.15.10
• ports: radvd patch for dynamic interface shifting index
• ports: sudo 1.9.3p1
• ports: suricata 5.0.4
• ports: syslog-ng 3.29.1
• ports: unbound 1.12.0