Download OPNsense 22.7.7

The OPNsense package is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be fully configured via a web interface and includes support for 2fa, openvpn, ipsec, carp and captive portal. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 22.7.7 and this version is accompanied by the following notes:

OPNsense 22.7.7 released

We replaced the packet capture tool with a MVC/API rewrite and updated most plugins to use the new setup script facility when doing a start/restart/reload through the RC system. A number of FreeBSD kernel improvements have been included as well.

Although OpenSSL is being updated keep in mind that the current popular vulnerability only exists in version 3 and we still use 1.1.1.

Here are the full patch notes:

• system: fix getOID() call for phpseclib 3 while processing CSR
• system: avoid error on installer user creation
• system: show booting banner on dashboard
• interfaces: show attached interface for VLAN device in overview
• interfaces: packet capture MVC/API replacement
• interfaces: fix ARP table name resolve backend issue (contributed by soif)
• firewall: off-by-one in regex for target port range parse
• firewall: support Maxmind unclassified “EU” as selectable country
• firewall: fix possible race condition when changing limit in live log
• firewall: fix sorting bug in aliases list
• firewall: allow the use of “dynamic” interface types in shaper, eg IPsec devices
• dnsmasq: remove expired root trust anchor (contributed by Johnny S. Lee)
• firmware: always fetch the signature file to avoid signature issues after upgrades
• firmware: use effective ABI in changelog fetch
• firmware: ignore automatic business plugin and license hint
• intrusion detection: missing OPNsense categories
• ipsec:missing return in controller
• openvpn: use ifctl in link up/down scripts
• unbound: move the removal of pluggable files above the configuration check
• unbound: remove 127/8 from private-address block when rebind protection is enabled
• unbound: make the default private-address items configurable via the advanced page
• unbound: fix possible error while opening DoT page
• mvc: when multiple validation messages are returned wrap each message in a div tag
• mvc: prevent UserExceptions to end up in the crash reporter
• mvc: translate a base field error
• backend: wait 1 second for configd socket to become available
• console: store UUID for VLAN device
• rc: remove obsolete NAME_var_script and NAME_var_mfs support
• plugins: migrate all plugins to NAME_setup script use
• plugins: $verbose argument in plugins_run() is spurious
• plugins: os-acme-client 3.14
• plugins: os-apcupsd 1.1
• plugins: os-frr 1.31
• plugins: os-haproxy 3.12
• plugins: os-maltrail 1.10
• plugins: os-openconnect 1.4.3
• plugins: os-telegraf 1.12.6
• plugins: os-tor 1.9 enables hardware acceleration (contributed by haarp)
• plugins: os-wireguard 1.13
• src: revert “e1000: try auto-negotiation for fixed 100 or 10 configuration”
• src: vxlan: check the size of data available in mbuf before using them
• src: vm_page: fix a logic error in the handling of PQ_ACTIVE operations
• src: cam: provide compatibility for CAMGETPASSTHRU for periph drivers
• src: loader: fix elf lookup_symbol type filtering
• src: zfs: fix a pair of bugs in zfs_fhtovp()
• src:zfs:fix use-after-free in btree code
• src: tcp: finish SACK loss recovery on sudden lack of SACK blocks
• src: igc: remove unnecessary PHY ID checks
• src: ixl: add support for I710 devices and remove non-inclusive language
• src: ixl: fix SR-IOV panics
• src: rc: run NAME_setup before RC_ARG_precmd
• src: u3g: add more USB IDs
• ports: libxml 2.10.3
• ports: nss 3.84
• ports: openssl 1.1.1s
• ports: openvpn 2.5.8
• ports: phalcon 5.1.0
• ports:php 8.0.25
• ports:python 3.9.15
• ports: sudo 1.9.12
• ports: unbound 1.17.0