Download OPNsense 20.1.4

The package OPNsense is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers previously released OPNsense 20.1.4 with the following announcement:

system:

• add missing strtolower() in LDAP sync response
• fix /var/run/legacy_log socket creation race with Syslog-ng
• add info button to display privilege / ACL endpoints
• make IPsec tap tunables overwriteable

firewall:

• floating means either all interfaces or more than one selected
• simplify group maintenance by only applying them on filter reload

interfaces:

• use primary IPv6 and support VIP tracking
• multiple changes in radvd.conf setup (contributed by maurice-w)

dhcp:

• fix DDNS support in DHCPv6 (contributed by Wagner Sartori Junior)

firmware:

• mirror opnsense.ieji.de renamed to opn.sense.nz

openvpn:

• improve openvpn_port_used() logic

unbound:

• minor cleanup in /api/unbound/diagnostics/stats endpoint
• remove 192.0.0.0/24 from rebinding prevention list (contributed by maurice-w)

mvc:

• simplify reload of captive portal, cron, IDS, alias, loopback, VXLAN, web proxy, routes, syslog and shaper
• limit dropdown size to 10 is none specified
• support inheritance of the ArrayField type
• synchronize backup timestamps with revisions
• fixed width for timestamp column in logging
• init errorMessage to prevent crash reports

shell:

• use interfaces_primary_address6() for correct IPv6 display
• append a newline in pluginctl -g mode

plugin:

• os-acme-client 1.30[1]
• ox-bind 1.13[2]
• os-freeradius 1.9.6[3]
• os-haproxy 2.21[4]
• ox-maltrail 1.5[5]
• os-nginx 1.19[6]
• os-nut 1.7[7]
• os postfix 1.14[8]
• os-tayga 1.0 (contributed by Michael Muenz)
• os-telegraf 1.7.7[9]
• os-unbound-plus 1.0 (contributed by Michael Muenz and Petr Kejval)

long:

• multiple updates to supported languages
• new Turkish translation (contributed by Aydin Yakar)

src:

• work around PCI devices which return all zeros for reads of existing MSI-X table VCTRL registers
• fix incorrect checksum calculations with IPv6 extension headers[10]
• fix TCP IPv6 SYN cache kernel information disclosure[11]
• fix insufficient oce(4) ioctl(2) privilege checking[12]
• fix incorrect user-controlled pointer use in epair[13]
• fix kernel memory disclosure with nested jails[14]

port:

• curl 7.69.1[15]
• krb5 1.18[16]
• openssh 8.2p1[17]
• openssl 1.1.1f[18]
• perl 5.30.2[19]
• php 7.2.29[20]
• python 3.7.7[21]
• strongswan 5.8.3[22]
• sudo 1.8.31p1[23]