16.1 is nick-named `Crafty Coyote' in honour of our beloved childhood TV sessions. It is the accumulation of 6 months of work, having had our focus on re engineering the captive portal, native intrusion prevention, plugin support, and transforming the reporting front-end into something more modern and flexible just to name a few. Apart from the recently published security advisories, we have included a quick navigation feature which can be activated by pressing (TAB) followed by search keywords and hitting (ENTER) to go to the desired page. Last but not least, a larger batch of improvements and fixes went into assorted sections of the GUI that certainly help to get your work done without ending up dazed and confused.

Recent Related News and Releases

BSD Release: OPNsense 20.7 Jos Schellevis has announced the release of OPNsense 20.1, the latest stable version of the project's open-source, easy-to-use, HardenedBSD-based firewall and routing platform. This version is based on HardenedBSD 12.1 and it ads several interesting enhancements to its web-based user interface: " For five and a half years, OPNsense has been driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing. 20.7, nicknamed 'Legendary Lion', is a major operating system jump forward on a sustainable firewall experience. This release adds DHCPv6 multi-WAN, custom error pages for the web proxy, Suricata 5, HardenedBSD 12.1, netstat tree view, basic firewall API support (via plugin) and extended live log filtering, amongst other new features. Here are the full patch notes against version 20.7-RC1: system - syslog-ng RFC5424 on FreeBSD 12 needs flags (syslog-protocol); installer - welcome users as genuine 20.7 installer.... " Read the full release announcement for a changelog and known issues. Download: OPNsense-20.7-OpenSSL-dvd-amd64.iso.bz2 (420MB, SHA256, signature).

BSD Release: OPNsense 20.1 Jos Schellevis has announced the release of OPNsense 20.1, which carries the code name "Keen Kingfisher". OPNsense is a HardenedBSD-based specialist operating system (and a fork of pfSense) designed for firewalls and routers. The project's latest introduces a number of security improvements and updates the default Python version to 3.7. " OPNsense 20.1, nicknamed 'Keen Kingfisher', is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging front-end was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout. These are the most prominent changes since version 19.7: Captive portal performance improvements; IPsec public key authentication support; Elliptic curve TLS certificate creation; CARP service demotion hook; VXLAN device support.... " Additional details, along with a list of changes and known issues, can be found in the project's release announcement. Download: OPNsense-20.1-OpenSSL-dvd-amd64.iso.bz2 (280MB, SHA256, signature).

BSD Release: OPNsense 19.7 OPNsense is a HardenedBSD-based specialist operating system (and a fork of pfSense) designed for firewalls and routers. The project's latest release is OPNsense 19.7 carries the codename "Jazzy Jaguar" and offers several new features. " For four and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing. 19.7, nicknamed "Jazzy Jaguar", embodies an iteration of what should be considered enjoyable user experience for firewalls in general: improved statistics and visibility of rules, reliable and consistent live logging and alias utility improvements. Apart from the usual upgrades of third party software to up-to-date releases, OPNsense now also offers built-in remote system logging through Syslog-ng, route-based IPsec, updated translations with Spanish as a brand new and already fully translated language and newer Netmap code with VirtIO, VLAN child and vmxnet support. " Additional information can be found in the project's release announcement. Download (SHA256): OPNsense-19.7-OpenSSL-dvd-amd64.iso.bz2 (291MB).

Development Release: OPNsense 19.7 RC1 Jos Schellevis has announced the availability of a new release candidate for OPNsense, a HardenedBSD-based specialist operating system (and a fork of pfSense) designed for firewalls and routers. The project's new development snapshot introduces new improvements to logging, several fixes and user interface enhancements. " Here are the full changes against version 19.1.10: system: new remote syslog setup via Syslog-ng; system: gateway handling rewrite; system: dpinger ported to plugin framework; system: bring back PHP warning log level; system: use authentication factory for user import; interfaces: VLAN, bridge, LAGG, GRE, GIF setup refactor; interfaces: improve load sequence to allow DHCPv6 on bridges; interfaces: GIF, GRE, IPsec and OpenVPN will no longer accept IP configuration... " There are also some known issues testers should be aware of: " Filterlog spamming console due to new Syslog-ng integration. Temporary workaround is stopping filterlog via "pkill filterlog". OpenVPN no longer supports listening on gateway groups. Use localhost paired with port forwards instead. The web proxy login privilege is no longer available. Access may be restricted by a group selector instead. " A complete list of changes can be found in the project's release announcement. Download: OPNsense-19.7.r1-OpenSSL-dvd-amd64.iso.bz2 (291MB, SHA256, signature).

BSD Release: OPNsense 19.1 OPNsense is a specialist operating system (and a fork of pfSense) designed for firewalls and routers. The project's latest release, OPNsense 19.1, shifts the operating system's base from FreeBSD to HardenedBSD which includes a number of security enhancements. " The 19.1 release, nicknamed "Inspiring Iguana", consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of two stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well. " Further details and links to the project's download mirrors can be found in the release announcement. Download: OPNsense-19.1-OpenSSL-dvd-amd64.iso.bz2 (265MB, SHA256, signature).

BSD Release: OPNsense 18.7 OPNsense is a FreeBSD-based specialist operating system designed for firewalls and routers. The project has released OPNsense 18.7 which introduces better IPv6 support, improved routing, a pluggable backup framework that features an Nextcloud option, and the ability to boot from a ZFS root volume. " These are the most prominent changes since version 18.1: improved WAN DHCPv6 and SLAAC connectivity and tracking; functional IPv6 Rapid Deployment (6RD) support; improved default route handling and gateway switching; OpenVPN default setup improvements for IPv6 and RADIUS attribute support; Dpinger gateway monitoring integration; password policies for local authentication and coupled TOTP; Monit core integration to eventually replace the legacy notifications; OpenSSH access via group and shell selection instead of privilege; pluggable backup framework with new Nextcloud option; sytem tunables are now also used as loader tunables; unrestricted VLAN usage for e.g. Xen; QinQ interface removal; firmware GUI speedup, improved error parsing and console reboot hint; ZFS on root boot support (installer support is pending, but opnsense-bootstrap works)... " Further details can be found in the release announcement. Download (SHA256): OPNsense-18.7-OpenSSL-dvd-amd64.iso.bz2 (250MB, signature).

Development Release: OPNsense 18.7 RC1 OPNsense is a FreeBSD-based specialist operating system designed for firewalls and routers. The project has published a new development snapshot, OPNsense 18.7 RC1, for testing. The new snapshot includes new Intel network driver improvements and better IPv6 support. " The main goal for 18.7 is stability so we have not yet begun to adopt FreeBSD 11.2, but there are several Intel NIC driver updates included to bridge the gap until 19.1 comes out. The upgrade also includes a tremendous amount of IPv6 improvements and authentication framework consolidation. Please also take note that QinQ is no longer included in this release. Here are the changes against version 18.1.11: improve local account expire cron job to also flush passwords and SSH keys; do not account-lock root user to avoid meddling with cron; only write authorized SSH keys for login-capable users; Diffie-Helman parameter selection - auto, cron-based, RFC 7919; avoid use of expired nsCertType attribute in certificate purpose test; steer SSH shell access via group to separate system-wide admins from SCP-only users; web GUI cipher hardening and optional HSTS use; administration settings now include session timeout and authentication server selection.... " A list of changes and known issues in the release candidate can be found in the project's release announcement. Download: OPNsense-18.7.r1-OpenSSL-dvd-amd64.iso.bz2 (261MB, SHA256, signature).

BSD Release: OPNsense 18.1 OPNsense is a FreeBSD-based specialist operating system (and a fork of pfSense) designed for firewalls and routers. The latest release, OPNsense 18.1, is built on FreeBSD 11.1 and includes PHP version 7.1. The new release also features strict interface binding for OpenSSH connections and a new Realtek network driver, version 1.94. " We humbly present to you the sum of another major iteration of the OPNsense firewall. Over the second half of 2017 well over 500 changes have made it into this release, nicknamed 'Groovy Gecko'. Most notably, the firewall NAT rules have been reworked to be more flexible and usable via plugins, which is going to pave the way for subsequent API works on the core firewall functionality. For more details please find the attached list of changes below. The upgrade track from 17.7 will be available later today. Please be patient. Meltdown and Spectre patches are currently being worked on in FreeBSD, but there is no reliable timeline. We will keep you up to date through the usual channels as more news become available. Hang in there! " Further details can be found in the project's release announcement and press release. Download (SHA256): OPNsense-18.1-OpenSSL-dvd-amd64.iso.bz2 (272MB, signature).