Download OPNsense 20.1.4

Spread the love

The package OPNsense is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers previously released OPNsense 20.1.4 with the following announcement:

system:

  • add missing strtolower() in LDAP sync response
  • fix /var/run/legacy_log socket creation race with Syslog-ng
  • add info button to display privilege / ACL endpoints
  • make IPsec tap tunables overwriteable

firewall:

  • floating means either all interfaces or more than one selected
  • simplify group maintenance by only applying them on filter reload

interfaces:

  • use primary IPv6 and support VIP tracking
  • multiple changes in radvd.conf setup (contributed by maurice-w)

dhcp:

  • fix DDNS support in DHCPv6 (contributed by Wagner Sartori Junior)

firmware:

  • mirror opnsense.ieji.de renamed to opn.sense.nz

openvpn:

  • improve openvpn_port_used() logic

unbound:

  • minor cleanup in /api/unbound/diagnostics/stats endpoint
  • remove 192.0.0.0/24 from rebinding prevention list (contributed by maurice-w)

mvc:

  • simplify reload of captive portal, cron, IDS, alias, loopback, VXLAN, web proxy, routes, syslog and shaper
  • limit dropdown size to 10 is none specified
  • support inheritance of the ArrayField type
  • synchronize backup timestamps with revisions
  • fixed width for timestamp column in logging
  • init errorMessage to prevent crash reports

shell:

  • use interfaces_primary_address6() for correct IPv6 display
  • append a newline in pluginctl -g mode

plugin:

  • os-acme-client 1.30[1]
  • ox-bind 1.13[2]
  • os-freeradius 1.9.6[3]
  • os-haproxy 2.21[4]
  • ox-maltrail 1.5[5]
  • os-nginx 1.19[6]
  • os-nut 1.7[7]
  • os postfix 1.14[8]
  • os-tayga 1.0 (contributed by Michael Muenz)
  • os-telegraf 1.7.7[9]
  • os-unbound-plus 1.0 (contributed by Michael Muenz and Petr Kejval)

long:

  • multiple updates to supported languages
  • new Turkish translation (contributed by Aydin Yakar)

src:

  • work around PCI devices which return all zeros for reads of existing MSI-X table VCTRL registers
  • fix incorrect checksum calculations with IPv6 extension headers[10]
  • fix TCP IPv6 SYN cache kernel information disclosure[11]
  • fix insufficient oce(4) ioctl(2) privilege checking[12]
  • fix incorrect user-controlled pointer use in epair[13]
  • fix kernel memory disclosure with nested jails[14]

port:

  • curl 7.69.1[15]
  • krb5 1.18[16]
  • openssh 8.2p1[17]
  • openssl 1.1.1f[18]
  • perl 5.30.2[19]
  • php 7.2.29[20]
  • python 3.7.7[21]
  • strongswan 5.8.3[22]
  • sudo 1.8.31p1[23]

Version number 20.1.4
Release status Final
Operating systems BSD
Website OPNsense
Download https://opnsense.org/download/
License type Conditions (GNU/BSD/etc.)
You might also like