Hi there,For more than four years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.The 19.1 release, nicknamed "Inspiring Iguana", consists of a total of 620 individual changes since 18.7 came out 6 months ago, spread out over 12 intermediate releases including the recent release candidates. That is the average of 2 stable releases per month, security updates and important bug fixes included! If we had to pick a few highlights it would be: The firewall alias API is finally in place. The migration to HardenedBSD 11.2 has been completed. 2FA now works with a remote LDAP / local TOTP combination. And the OpenVPN client export was rewritten for full API support as well.Download links, an installation guide[1] and the checksums for the images can be found below as well.o Europe: https://opnsense.c0urier.net/releases/19.1/ o US East Coast: http://mirrors.nycbug.org/pub/opnsense/releases/19.1/ o US West Coast: https://mirror.sfo12.us.leaseweb.net/opnsense/releases/19.1/ o South America: http://mirror.upb.edu.co/opnsense/releases/19.1/ o South-East Asia: https://ftp.yzu.edu.tw/opnsense/releases/19.1/ o Full mirror list: https://opnsense.org/download/ These are the most prominent changes since version 18.7:o fully functional firewall alias APIo PIE firewall shaper supporto firewall NAT rule logging supporto 2FA via LDAP-TOTP combinationo WPAD / PAC and parent proxy support in the web proxyo P12 certificate export with custom passwordso Dpinger is now the default gateway monitoro ET Pro Telemetry edition plugin[2]o extended IPv6 DUID supporto Dnsmasq DNSSEC supporto OpenVPN client export APIo Realtek NIC driver version 1.95o HardenedBSD 11.2, LibreSSL 2.7o Unbound 1.8, Suricata 4.1o Phalcon 3.4, Perl 5.28o firmware health check extended to cover all OS files, HTTPS mirror defaulto updates are browser cache-safe regarding CSS and JavaScript assetso collapsible side bar menu in the default themeo language updates for Chinese, Czech, French, German, Japanese, Portuguese and Russiano API backup export, Bind, Hardware widget, Nginx, Ntopng, VnStat and Dnscrypt-proxy pluginsHere are the full changes against version 19.1-RC2:o ipsec: add firewall interface as soon as phase 1 is enabledo ipsec: phase 1 selection GUI JavaScript compatibility fixo monit: widget improvements and bug fix (contributed by Frank Brendel)o ui: fix regression in single host or network subnet select in static pageso plugins: os-frr 1.7 updates OSFP outbound rules (contributed by Fabian Franz)o plugins: os-telegraf 1.7.4 fixes packet filter inputo plugins: os-theme-rebellion 1.8.2 adds image colour inverto plugins: os-vnstat 1.1[3]o plugins: os-zabbix-agent now uses Zabbix version 4.0o src: revert mmc_calculate_clock() as HS200/HS400 support breaks legacy supporto src: update sqlite3-3.20.0 to sqlite3-3.26.0[4]o src: import tzdata 2018h, 2018i[5]o src: avoid unsynchronized updates to kn_status[6]o ports: ca_root_nss 3.42o ports: dhcp6c 20190128 prevent rawops double-free (contributed by Team Rebellion)o ports: sudo patch to fix listpw=never[7]Migration notes and minor incompatibilities to look out for:o Gateway health graphs may need a manual reset due to the Apinger to Dpinger migration. Apinger is no longer available.o Intrusion detection GeoIP rules are automatically deactivated and need to be manually migrated to firewall alias GeoIP.o Quagga plugin has been superseded by FRR plugin. A binary quagga package has been conserved for the time being.o Please read the FRR documentation with regard to the required system tunables[8].o Bhyve UEFI boot may fail as a guest. The problem is being investigated.o SNMP plugin has been superseded by Net-SNMP plugin.The public key for the 19.1 series is:-----BEGIN PUBLIC KEY-----MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4NKHVbdmq9RN085Nfdycip5IMNwcc4QcvGIbN51+UiHh8+aj+JJSswHg5ZBwKk6bxt8kA1NAJQk5U6Qb/UXiQYt0zvN2ABrzBHq6WRE5WPzmQa1Raky4ChfQqorOFi3D96rMvI/Anm4OLllHcMX/GKPA1XcODJTFQOjsAR+87V6Em+W0YX0lGLTmWdmwWfGeGQFJzA2A/Wxn3b0jDS9mpyHlj4jzat6032qs7Uxf+qWopj+d76ZyxedQVPswKa9o9qKF2iUoSSG/11kFpLi6Y+gXCXZDL20GXsPuBi1hpPnkhBFI+WFlC1KiA8RRGMpDKGQFw/XYIwKvfdRw82MxNkJYCiRNZxXnDzInTLuyEpS9yzQXdxa6YFR9USeFpjLaVUppT57M5xfdPFRdhImj1crhMjQZWt+054JTadvEu4o1c+45damruqtQntvnF7h5vcNCjExlREKK32rMXbGDFb19G/3x8UASqVslkXeNtTj0fVPN+78yVyqjWCBe2zHiBlnWBmRu6tlrEDl/MVAzYk3rHMYdRpDYolWBD8bAzqohSatbrzWUjjF7GlLR6HfXsCYxPzGJb6Ed4We+ZjvHC3/LHyuZD6EmksSraJt8XeVvTQlPnPI+jVbqJERi/p3F9KRVy8mwEwk/4MDbPhZ0zizSg7+Yn6Rac/F0QlvUPa8CAwEAAQ==-----END PUBLIC KEY-----Stay safe,Your OPNsense team--[1] https://docs.opnsense.org/manual/install.html [2] https://docs.opnsense.org/manual/etpro_telemetry.html [3] https://github.com/opnsense/plugins/blob/master/net/vnstat/pkg-descr [4] https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc [5] https://www.freebsd.org/security/advisories/FreeBSD-EN-19:04.tzdata.asc [6] https://www.freebsd.org/security/advisories/FreeBSD-EN-19:05.kqueue.asc [7] https://bugzilla.sudo.ws/show_bug.cgi?id=869 [8] https://docs.opnsense.org/manual/dynamic_routing.html SHA256 (OPNsense-19.1-OpenSSL-dvd-amd64.iso.bz2) = 0a9e02954da1ddd1f0b7673394bbf81cfa74a1d5378600a87d3a9e6a26d3104dSHA256 (OPNsense-19.1-OpenSSL-nano-amd64.img.bz2) = 2c4b0056ca26053c8d5e4efe196e512af618bad4fa136ba0e2528083a6263528SHA256 (OPNsense-19.1-OpenSSL-serial-amd64.img.bz2) = c71274cea2b910cd4b3454b4ad29f7f70503fcb52ffa5b7f65ea96a27ac9e10dSHA256 (OPNsense-19.1-OpenSSL-vga-amd64.img.bz2) = 37164481a413716d8786676d30bb709f8b967e53a47a36d10118214304d14bb9SHA256 (OPNsense-19.1-OpenSSL-dvd-i386.iso.bz2) = 17d0aadf671bc2d99b57f0371e4fadfca0e2e9c8d27d6545674a610fc1f59c7aSHA256 (OPNsense-19.1-OpenSSL-nano-i386.img.bz2) = 0c4e7616c93f14f5988df84b9b620543cb23a89c1f91505527b6c999d2dc7889SHA256 (OPNsense-19.1-OpenSSL-serial-i386.img.bz2) = 93306e5349c7448ad3fdc03d9349ebf98e4d7c677201dcbec111f917c72dca24SHA256 (OPNsense-19.1-OpenSSL-vga-i386.img.bz2) = 03d21319a784f93a7940d35168a35d15005e6f4579ac5b1c7a6ff606beb062a6