Download OPNsense 21.1.3

The package OPNsense is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 21.1.3 with the following announcement:

OPNsense 21.1.3 released

Today we move ahead with the firmware UI and API rework as we are happy with the new user experience. You will also notice the new plugin conflict dialog which will report that plugins have been installed previously but not registered in the configuration. This can be easily amended by reseting the local conflicts, which essentially accepts the current plugin configuration as the new default.

The HAProxy plugin was updated to version 3.0. This release marks the switch to the HAProxy 2.2 release series, which may result in incompatible changes for some users. Many new features were also added, including the possibility to update SSL certificates in runtime. These features should be considered experimental. We encourage everyone to install this version in a test environment before using it in production. As usual, please have a look at the plugin changes and report bugs on GitHub.

Here are the full patch notes:

• system: prevent duplicate dashboard traffic pollers mangling with the graphs
• system: added cron job “HA update and reconfigure backup”
• system: unify HA sync sections and remove legacy blocks
• system: adapt lighttpd ssl.privkey approach
• system: correctly remove routing entries directly connected to an interface
• interfaces: correct dhcp6c configuration issue on PPPoE link down (contributed by Team Rebellion)
• interfaces: better primary IPv6 address detection in diagnostic tools
• interfaces: handle disabled interfaces in overview
• interfaces: drop early return in PPPoE link down
• interfaces: remove unused global definitions
• firewall: typo in outbound alias use (contributed by kulikov-a)
• firewall: rules icon color after toggle fix (contributed by kulikov-a)
• reporting: prevent crash when NetFlow attributes are missing
• reporting: aggregate iftop results for traffic graphs
• firmware: opnsense-bootstrap shellcheck audit (contributed by Michael Adams)
• firmware: revamp the UI and API
• firmware: revoke old business key
• intrusion detection: add new Abuse.ch feed ThreatFox to detect indicators of compromise
• intrusion detection: make manual rule status boolean for policies (contributed by kulikov-a)
• ipsec: calculate netmask for provided tunnel addresses when using VTI
• ipsec: do not pin reqid in case of mobile connections
• openvpn: extend compression options (contributed by vnxme)
• unbound: handle DHCP client expiring and returning (contributed by Gareth Owen)
• ui: refactor bootgrid usage in ARP, NDP, captive portal session, system activity and routes
• ui: align layouts of select_multiple and dropdown types
• plugins: os-haproxy 3.0
• plugins: os-nginx 1.21
• plugins: os-node_exporter 1.1
• src: jail: Handle a possible race between jail_remove(2) and fork(2)
• src: jail: Change both root and working directories in jail_attach(2)
• src: x86: free microcode memory later
• src: xen-blkback: fix leak of grant maps on ring setup failure
• src: rtsold: auto-probe point to point interfaces
• src: growfs: update check-hash when doing large filesystem expansions
• src: axgbe: change default parameters to prevent manual tunable settings
• src: arp: avoid segfaulting due to out-of-bounds memory access
• ports: cpdup 1.22
• ports: krb5 1.19.1
• ports: nss 3.62
• ports: pkg now provides fallback for version mismatch on pkg-add
• ports:python 3.7.10
• ports: syslog-ng 3.31.1