Hi everyone,Our first stable round of version 17.7 brings a number of improvements, fixes and software updates for third party services. Special attention goes to the major bump of LibreSSL from 2.4 to 2.5. NAT before IPsec is now also neatly integrated and there are new plugins for fast Collectd and Zerotier setup.We would also like to use this opportunity to remind everyone that OPNsense is and always will be free software. All of its source code and associated build tools can be found here:Over the course of the coming weeks, we will be focusing on releasing the roadmap for version 18.1, ClamAV integration, PHP 7.1 and going back to a more frequent update schedule.Here are the full patch notes:o system: add email and comment field to userso system: do not set LC_ALL localeo firewall: fix floating rules default for quick parameter (contributed by Frank Wall)o firewall: support outbound NAT source inverto firewall: allow SSH installer anti-lockout on setups with only one interfaceo firewall: add back interface gateway pinning when the protocol is assignedo firewall: add optional VHID to support alias IP on CARPo firewall: use privilege separation to fetch diagnostic stateso firmware: revoke 17.1 fingerprinto interfaces: better labels for DHCPv6 extended settings (contributed by Fabian Franz)o interfaces: fix display of validation error from gateway addition requesto interfaces: do not write defunct advanced settingso interfaces: add ability to lock vital interfaces to prevent reboot network recoveryo interfaces: split device create and rename ifconfig calls as a single call can be unstableo interfaces: probe VLAN hardware settings before changingo reporting: better insight database corruption detection and repairo captive portal: better login database corruption detection and repairo captive portal: fix startup after unclean shutdowno dhcp: fix string offset warnings in leases page (contributed by Elias Werberich)o intrusion detection: fix startup after config import if no remote files have been downloaded yeto ipsec: portable NAT before IPsec support[1]o openvpn: fix Tunnelblick link on export page (contributed by Stefan Husch)o openvpn: fix connected timestamp and bytes up/down displayo openvpn: write proxy auth file in shared key exporto openvpn: minor display tweaks in widget and configuration pageso openvpn: local group restriction featureo update: rename bootstrap '-V' argument to '-r' for consistencyo update: fix code bug for /etc/make.conf link rewrite on upgradeo update: support '-S' argument to probe remote set sizeo update: support loading kernel debug sets via '-g' optiono mvc: add standard dialog helper (contributed by Frank Wall)o mvc: simplify language selection code (contributed by Alexander Shursha)o mvc: allow to run targeted model migration if requestedo mvc: ensure backend-cached JSON data is valido lang: small updates to Chinese and Germano lang: Japanese back at 100% (contributed by Chie and Takeshi Taguchi)o plugins: several updates for PHP 7.1 compatibilityo plugins: os-acme-client 1.9 (contributed by Frank Wall)o plugins: os-collectd 1.0 (contributed by Michael Muenz)o plugins: os-freeradius 1.0.1 (contributed by Micheal Muenz)o plugins: os-dyndns 1.1 removes legacy notification support and adds regfish IPv4 and IPv6 as a providero plugins: os-haproxy 1.17 adds hard stop feature to avoid shutdown stalls (contributed by Frank Wall)o plugins: os-rfc2136 1.2 removes legacy notification supporto plugins: os-zerotier 1.0 (contributed by David Harrigan)o src: fix panic in PPPoE session lookup (contributed by Alex Dupre)o src: add new USB ID for Sierra LTE modemo src: fix VNET kernel panic with asynchronous I/O[2]o ports: curl 7.55.1[3]o ports: isc-dhcp 4.3.6[4]o ports: libressl 2.5.5[5]o ports: phalcon 3.2.2[6]o ports: php 7.0.22[7]o ports: sqlite 3.20.1[8]o ports: strongswan 5.6.0[9]o ports: suricata 4.0.0[10]o ports: unbound 1.6.5[11]Stay safe,Your OPNsense team--[1] https://github.com/opnsense/core/issues/440 [2] https://www.freebsd.org/security/advisories/FreeBSD-EN-17:07.vnet.asc[3] https://curl.haxx.se/changes.html [4] https://kb.isc.org/article/AA-01518/0/DHCP-4.3.6-Release-Notes.html [5] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.5-relnotes.txt [6] https://github.com/phalcon/cphalcon/releases/tag/v3.2.2 [7] http://php.net/ChangeLog-7.php#7.0.22 [8] https://www.sqlite.org/releaselog/3_20_1.html [9] https://wiki.strongswan.org/versions/66 [10] https://suricata-ids.org/2017/07/27/suricata-4-0-released/ [11] http://www.unbound.net/download.html