Download OPNsense 24.1.4

The OPNsense package is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up entirely via a web interface and has support for mfa, OpenVPN, IPsec, CARP and captive portal, among other things. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 24.1.4 and the release notes for that release can be found below.

OPNsense 24.1.4 released

Suricata and Unbound have been updated to their latest versions. Support for dynamic DNS VTI connections has also been added among other things. We would like to thank Cedrik Pischem (Monviech) for upstreaming his Caddy plugin to the official packages. If you already have this plugin installed no further action has to be taken and updates should proceed through the standard firmware channel from now on. Documentation for it was added to the manual as well.

For 24.7, we are currently working on a DHCP-Relay replacement, a rewrite of the trust section in MVC as well as a new dashboard implementation. It has been busy and we will keep it that way.

Here are the full patch notes:

• system: allow 0 length voucher passwords in authentication server
• system: merge static logging settings into existing MVC page
• system: fix handling of empty “serialusb” node set during import
• system: prevent empty “user” node to crash during boot
• interfaces: prevent modal x-axis overflow on packet capture page
• firewall: refactor schedule matching and fix an end-of-the-month bug
• firewall: fix incorrect packet counters statistics collection
• intrusion detection: align performValidation()->count() to use count() instead
• ipsec: optionally hook VTI tunnel configuration to connection up event to support dynamic DNS
• isc-dhcp: do not add interfaces for non-Ethernet types to relaying
• kea-dhcp: add domain-search, time-servers and static-routes client options to subnet configuration
• openvpn: various improvements for TAP servers
• wireguard: migrate non-netmask allowed IP entries and enforce them in validation
• wireguard: show proper names when public keys overlap between instances
• mvc: fix PHP_FLOAT_MIN being unreliable
• mvc: Add simple Message class and remove the previous Phalcon dependency
• mvc: refactor HostnameField, remove HostValidator dependency and add unit test
• mvc: add new static Autoconf class to access information collected by ifctl
• mvc: fix rewind() stream not supporting seeking error
• mvc: add copy of our html_safe() and use it in the translator
• ui: adjust margin of hr elements to match __mX helpers
• ui: add a button to allow textarea style edits of free-form tokenizers
• ui: when an error is raised make sure it is always visible
• ui: fix copy/paste buttons not showing for tokenizers in some situations
• plugins: os-bind 1.30
• plugins: os-caddy 1.5.2
• ports: expat 2.6.1
• ports: libpfctl 0.10
• ports: nss 3.98
• ports: phalcon 5.6.2
• ports: sqlite 3.45.1
• ports: suricata 7.0.4
• ports: unbound 1.19.3