Download OPNsense 23.1.6

Spread the love

The OPNsense package is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up entirely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among other things. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 23.1.6 and this version is accompanied by the following notes:

OPNsense 23.1.6 released

Two major improvements being shipped today are standalone core DNS support for Bind and Dnscrypt-Proxy plugins as well as OpenVPN group firewall alias type. The latter makes it easier to manage distinct policies for connected VPN users. For more details please refer to the documentation listed below.

The other honorable mention is the netmap work we have been doing with Zenarmor and Klara on the FreeBSD kernel side which brings bridge device support as well as a considerable improvement to the emulated mode where several packet stalls and mbuf leaks have been identified and subsequently fixed. This should have an operational impact on Suricata (IPS mode) and Zenarmor. The state is much better now but please do not hesitate to contact us about issues that you might still be having with netmap-based packet flows as the topic is a rather complex one.

Orange FR users be aware that your ISP now requires strict VLAN PCP on all DHCPv4 requests so please do set ‘Use VLAN priority’ interface setting for both DHCPv4 and DHCPv6. The ‘Option Modifiers’ override for “vlan-pcp” in DHCPv4 can be removed and the documentation was updated accordingly.

Here are the full patch notes:

  • system: register DNS service ports for unified use across core and plugins
  • system: serialize deferred requests for web GUI restart
  • system: relocate API messages to backend log target as they currently end up in captive portal logs
  • system: remove /31 subnet restriction in wizard
  • system: use data attribute to find existing rows in service widget to avoid special character issues (contributed by Alexander O’Mara)
  • system: allow non-system group delete after faulty PHP 8 warning fix (contributed by kulikov-a)
  • system: handle empty DNS server gateway (contributed by Nicolas Thumann)
  • reporting: translate invalid interface name characters for NetFlow/Netgraph use
  • reporting: sort interfaces by description in health graphs
  • interfaces: ping diagnostic tool was rewritten using MVC/API
  • interfaces: allow to set PCP value on IPv4 DHCP traffic to address recent Orange FR changes
  • firewall: allow to create aliases for logged-in OpenVPN users
  • firewall: leave out fractional seconds from timestamps in aliases
  • firewall: fix progress bar default value (contributed by Nicolas Thumann)
  • dhcp: fix too many addresses issue in radvd RDNSS setting
  • dhcp: add missing double quotes in hostname handling
  • firmware: remove flavoring support from update tools
  • ipsec: pull data for dashboard widget exclusively from backend
  • ipsec: move XAuth out of “IKE Extensions” block
  • ipsec: add connection child as option for manual SPDs
  • ipsec: another small GUI fix for basic log option in advanced settings
  • openvpn: fix dashboard widget and add missing byte data to status call
  • plugins: os-bind 1.26
  • plugins: os-crowdsec 1.0.4
  • plugins: os-ddclient 1.12
  • plugins: os-dnscrypt-proxy 1.13
  • plugins: os-nginx 1.32
  • plugins: os-upnp now allows subnet mask 0 in rules (contributed by Reiko Asakura)
  • src: bridge: add support for emulated netmap mode
  • src: epair: also remove vlan metadata from mbufs
  • src: ifconfig: fix configuring if_bridge with additional operating parameters
  • src: netmap: fix queue stalls with generic interfaces
  • src: netmap: assorted upstream stable patches
  • src: sched_ule: assorted fixes to address issues on newer AMD platforms
  • ports: curl 8.0.1
  • ports: ifinfo now also prints interface index (contributed by Nicolas Thumann)
  • ports: php 8.1.17

Version number OPNsense 23.1.6
Release status Final
Operating systems Linux, BSD
Website OPNsense
Download https://opnsense.org/download/
License type Prerequisites (GNU/BSD/etc.)
You might also like
Exit mobile version