Download OPNsense 23.1.11

The OPNsense package is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up entirely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among other things. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 23.1.11 and the release notes for that release can be found below.

OPNsense 23.1.11 released

So this is the end of life release for the 23.1 series which includes the recent FreeBSD advisories as well as plugin support for Zabbix 6.4.

We have finished the OpenVPN MVC “instances” for anyone who is interested in a preview using the current development release. FreeBSD 13.2 side looks ready so we will be releasing 23.7-RC1 some time in the second half of July. The final 23.7 release is scheduled for July 31. The upgrade path from 23.1 will be enabled shortly after the new major release, but can take up to 24 hours due to testing and mirror propagation. Please don’t despair. 😉

Here are the full patch notes:

• system: add RADIUS authentication support for MSCHAPv2 using Crypt_CHAP_MSv2()
• system: propagate error in rc.syshook scripts
• dhcp: validate client hostnames in Dnsmasq/Unbound lease watchers
• firmware: automatic kernel upgrade after reboot like base and package stages
• firmware: sticky advanced mode if flavor is set to non-default
• intrusion detection: add missing typecast in getAlertLogsAction()
• mvc: fix locking regression that caused bulk changes to not being rendered correctly
• plugins: os-zabbix-agent plugin variant for Zabbix 6.4
• plugins: os-zabbix-proxy plugin variant for Zabbix 6.4
• src: axgbe: account for 4 SFP ports during GPIO expander check
• src: ipsec: make algorithm tables read-only
• src: mpr: fix copying of event_mask
• src: pam_krb5: fix spoofing vulnerability
• src: loader: comconsole: do not unconditionally wipe out hw.uart.console
• src: contrib/tzdata: import tzdata 2023c
• src: ixgbe: change if condition for RSS and rxcsum
• src: pf: fix pf_nv##_array() size check
• src: e1000: fix VLAN 0
• ports: py-setuptools fix for CVE-2022-40897