Download OPNsense 18.1

The package OPNsense is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 18.1 with the following announcement:

OPNsense 18.1 Released

Hello good folks of the Internet,

For more than 3 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

We humbly present to you the sum of another major iteration of the OPNsense firewall. Over the second half of 2017 well over 500 changes have made it into this release, nicknamed “Groovy Gecko”. Most notably, the firewall NAT rules have been reworked to be more flexible and usable via plugins, which is going to pave the way for subsequent API works on the core firewall functionality. For more details please find the attached list of changes below.

The upgrade track from 17.7 will be available later today. Please be patient.

Meltdown and Specter patches are currently being worked on in FreeBSD, but there is no reliable timeline. We will keep you up to date through the usual channels as more news become available. Hang in there!

These are the most prominent changes since version 17.7:

• FreeBSD 11.1, PHP 7.1 and jQuery 3 migration
• Realtek vendor NIC driver version 1.94
• Portable NAT before IPsec support
• Local group restriction feature in OpenVPN and IPsec
• OpenVPN multi-remote support for clients
• Strict interface binding for SSH and web GUI
• Improved MVC tabs and general page layout
• Shared forwarding now works on IPv6, in conjunction with “try-forwarding” and improved reply-to multi-WAN behavior
• Easy-to-use update cache support for Linux and Windows in web proxy
• Intrusion detection alert improvements and plugin support for new rulesets (ET Pro, Snort VRT)
• Revamped HAProxy plugin with introduction pages
• Moved interface selection to menu and quick search for firewall rules, DHCP and wireless status
• Alias ​​backend rewrite for future extensibility
• Plugin-capable firewall NAT rules
• Migration of system routes UI and backend to MVC (also available via API)
• Reverse DNS support for insight reporting (also available via API)
• Fully rewritten firewall live log in MVC (also available via API)
• New plugins: zerotier, mdns-repeater, collectd, telegraf, clamav, c-icap, tor, siproxd, web-proxy-sso, web-proxy-useracl, postfix, rspamd, redis, iperf, arp-scan, zabbix-proxy , frr, node_exporter