Download OPNsense 22.7.3

The OPNsense package is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be fully configured via a web interface and includes support for 2fa, openvpn, ipsec, carp and captive portal. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 22.7.3 and this version is accompanied by the following notes:

OPNsense 22.7.3 released

Pick up the new FreeBSD security advisories while also introducing assorted reliability improvements. CRL now works again for elliptic curve with the adoption of version 3 of phpseclib. Wireless handling was improved due to PHP 8 errors and coding style issues. It is also the subject of further work for 23.1.

Here are the full patch notes:

• system: migrate CRL handling to phpseclib version 3
• system: run monitor reload inside system_routing_configure()
• system: fix IPv6 link-local HTTP_REFERER check (contributed by Maurice Walker)
• system: fix assorted PHP 8 warnings in the codebase
• system: extend nameservers script return for debugging purposes, ie “configctl system list nameservers debug”
• system: lighttpd obsoletion of server directive listing, disabled by default
• system: decode stored CRL data before display (contributed by kulikov-a)
• interfaces: update link-local matching pattern
• interfaces: PPP is an exception, only created after interface configuration
• interfaces: only remove known primary addresses in interface_bring_down()
• interfaces: improve shell banner address return in prefix-only IPv6 case
• interfaces: improve problematic node handling
• interfaces: DHCP does not signal RELEASE
• interfaces: web GUI locale sorts files differently when invoking ifctl
• interfaces: improve legacy_interface_listget()
• interfaces: only parse actual options in legacy_interfaces_details(), not nd6 options
• firewall: implement a router file read fallback for new ifctl :slaac suffix
• firewall: stick-address only in effect with pool option and multiple routers
• firewall: remove dead pptpd server code
• captive portal: lighttpd deprecation of legacy SSL options, disabled by default
• dhcp: allow rapid-commit message exchange in IPv6 server (contributed by Maurice Walker)
• firmware: major upgrade “pkgs” set was still unknown to plugin sync
• intrusion detection: fix enable rule button and present active detail overwrite if present
• ipsec: fixed widget link (contributed by Patrik Kernstock)
• unbound: improve FQDN handling when address is moving in DHCP watcher
• unbound: prevent DNS rebinding check and DNSSEC validation on explicit forwarded domains
• unbound: restrict creation of PTR records for both the system domain and host overrides
• unbound: add AAAA-only mode (contributed by Maurice Walker)
• lang: fix syntax errors in French translation (contributed by kulikov-a)
• ui: fix type cast issue in Bootgrid
• plugins: os-ddclient relaxes validation of description field
• plugins: os-frr 1.30
• plugins: os-nginx now uses simplified NAME_setup service handling
• plugins: os-wireguard 1.12
• plugins: os-zabbix-agent 1.13
• plugins: os-zabbix-proxy 1.9
• src: rc: improve NAME_setup integration
• src: zlib: fix a bug when getting a gzip header extra field with inflate()
• src: tzdata: import tzdata 2022b and 2022c
• ports: ldns 1.8.3
• ports: liblz4 1.9.4
• ports: libxml 2.10.1
• ports: nss 3.82
• ports: phpseclib 3.0.14