OPNsense 24.1.6

0
12

The OPNsense package is a firewall with extensive options. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up entirely via a web interface and has support for mfa, OpenVPN, IPsec, CARP and captive portal, among other things. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 24.1.6 and the release notes for that release can be found below.

OPNsense 24.1.6 released

Today we are happy to announce another milestone regarding ISC DHCP removal: the arrival of a DHCRelay replacement based on code forked and maintained by OpenBSD. While here the whole DHCP relay section was moved to MVC/API for the usual reasons and now offers a combined GUI for both DHCPv4 and DHCPv6 relay. As a special treat this also includes being able to run ISC DHCP as well as any desired relay at the same time.

The feedback for the WireGuard peer generator was quite extensive so a few more tweaks and fixes have been done in that area. Thank you for all the responses regarding that feature addition! Otherwise this update simply moves ahead with security-related third party updates in OpenSSL and PHP.

Last but not least we are releasing the OPNProxy (formerly business) plugin to the community version for fine-grained access control using Squid with Redis as a database backend. For more details please consult the available documentation linked below.

Here are the full patch notes:

  • firewall: show automation rules in their own section
  • firewall: keep permissions to standard for filter.lock file
  • firewall: replace searchNoCategoryItemAction() with new searchBase() extension
  • firewall: add gateway to the states diagnostics output
  • firewall: fix visible rows quantity off-by-one (contributed by NYOB)
  • intrusion detection: query all fields for searchBase () actions
  • dhcrelay: functional MVC/API replacement using the OpenBSD dhcrelay(6) fork
  • isc-dhcp: fix log file location
  • wireguard: add DNS field to peer generator and store previous used values ​​in instance
  • wireguard: add address field to peer generator which auto -calculates the next available address in the pool
  • wireguard: add restart action to available cron tasks (contributed by Michael Muenz)
  • wireguard: unlink instance on peer delete

    • < li>mvc: extend searchBase() to return all fields when no list is provided

  • mvc: fix config locking issue when already owning the lock
  • plugins: add globbing for plugin run tasks as well
  • plugins: os-OPNProxy 1.0.5 business plugin released to community version
  • plugins: os-acme-client 4.2
  • plugins: os-caddy 1.5.4
  • plugins: os-zabbix-proxy 1.10
  • ports: dhcrelay 0.4
  • ports: openssl fix for CVE-2024-2511
  • ports: php 8.2.18