OPNsense Release Information

From Thomas-Krenn-Wiki
Jump to navigation Jump to search
The OPNsense Dashboard shows all important status information and serves as a starting point for further firewall configuration.

OPNsense is a Open Source Firewall Distribution, which is based on the FreeBSD operating system and its packet filter pf. For use as a firewall, DHCP server, DNS server or VPN, it can be installed both on a physical server and in a virtual machine. OPNsense was launched in 2015 as a fork of pfSense, which started in 2004 as a fork of m0n0wall. OPNsense now only contains about 10% of the PfSense code, so it can be considered a new security platform.[1]


OPNSense Firewalls from Thomas-Krenn

Versions

The following table shows an overview of the released OPNsense versions:

Version FreeBSD Base Release message Important innovations (in extracts) Further information
OPNsense 24.1
(current stable version) 		FreeBSD 13.2-RELEASE-p9
  • Ports-based OpenSSL 3
  • Suricata 7
  • Several MVC/API conversions
  • New neighbor configuration feature for ARP/NDP
  • Core inclusion of the os-firewall and os-wireguard plugins
  • CARP VHID tracking for OpenVPN and WireGuard
  • Functional Kea DHCPv4 server with HA support
OPNsense 23.7 FreeBSD 13.2-RELEASE-p1 23.7
  • FreeBSD 13.2-RELEASE-p1
  • PHP 8.2
  • OpenVPN "instances" configuration option
  • OpenVPN group alias support
  • deferred authentication for OpenVPN
OPNsense 23.1 FreeBSD 13.1-RELEASE-p5 23.1
  • Unbound DNS statistics
  • Improved WAN SLAAC operability
  • Firewall alias BGP ASN type support
  • PHP 8.1
  • FreeBSD networking updates
  • WireGuard kernel module plugin
  • Important note: In the web interface under System -> Firmware, then tab Settings, there was previously a choice between OpenSSL and LibreSSL in the line Flavour. With 23.1, LibreSSL has been removed. You must switch back to OpenSSL to upgrade to 23.1 if you previously used LibreSSL.
OPNsense 22.7 FreeBSD 13.1-RELEASE 22.7
  • Upgrade to FreeBSD 13.1-RELEASE
  • PHP 8.0
  • Phalcon 5
  • stacked VLAN support
  • Intel QuickAssist (QAT) support
  • DDoS protection using SYN cookies
  • MVC/API pages for IPsec status
  • Unbound overrides
  • new APCUPSD and CrowdSec plugins
OPNsense 22.1 FreeBSD 13-STABLE 22.1
  • Upgrade to FreeBSD 13
  • Improved visibility and flexibility of tunables
  • Circular logging support removed
  • Insecure IPsec hash and cipher removed
  • Migrated to LUA boot loader
OPNsense 21.7 FreeBSD 12.1 (HardenedBSD) 21.7
  • Last release on HardenedBSD 12.1
  • The installer was replaced to offer native ZFS installations and prevent glitches in virtual machines using UEFI.
  • Firmware updates partially redesigned
  • UI layout consolidated between static and MVC pages.
  • The live log now contains the actual rule ID to avoid mismatches after adjusting your ruleset and the firewall aliases now also support wildcard netmasks.
 Announcement for 21.7 Release (phoronix.com)
OPNsense 21.1 FreeBSD 12.1 (HardenedBSD) 21.1
  • New and improved are the firewall rules and NAT categories
  • Traffic graphs support IPv6
  • Intrusion detection rule management by policies
  • Alias for MAC addresses and NAT over IPsec
  • Serial image now supports UEFI
  • Dnsmasq has been switched to a pluggable file-based approach
 Announcement for 21.1 Release (phoronix.com)
OPNsense 20.7 FreeBSD 12.1 (HardenedBSD) 20.7
  • HardenedBSD 12.1
  • Traffic shaper statistics API and GUI page
  • Firewall API plugin
  • Missing plugin GUI install/dismiss feature
  • Suricata 5 and optimized ET Pro Telemetry rules plugin
  • Images are amd64 only as we jump the major OS version and leave i386 behind
  • Nano images probably have a defunct growfs feature, but already fixed on master
 Announcement for 20.7 Release (phoronix.com)
OPNsense 20.1 FreeBSD 11.2 (HardenedBSD) 20.1
  • VXLAN device support
  • Captive portal performance improvements
  • Logging frontend migrated to MVC / API
  • IPsec public key authentication support
  • Elliptic curve TLS certificate creation
  • CARP service demotion hook
  • Loopback device support
  • Python 3.7 is now the default Python version
 Announcement for 20.1 Release (phoronix.com)
OPNsense 19.7 FreeBSD 11.2 (HardenedBSD) 19.7
  • Wireguard VPN support (os-wireguard plugin)
  • Remote logging via Syslog-ng
  • Route-based IPsec support
  • Ability to view automatic firewall rules
  • Default gateway priority switching feature
 Announcement for 19.7 Release (pro-linux.de)
OPNsense 19.1 FreeBSD 11.2 (HardenedBSD) 19.1
  • Fully functional firewall alias API
  • Migration to HardenedBSD 11.2
  • 2FA support with a remote LDAP / local TOTP combination
  • OpenVPN client export rewritten for full API support
  • Realtek NIC driver version 1.95
 Announcement for 19.1 Release (pro-linux.de)
OPNsense 18.7 FreeBSD 11.1 18.7
  • Improved default route handling and gateway switching
  • OpenVPN default setup improvements for IPv6 and RADIUS attribute support
  • Monit core integration
  • Pluggable backup framework with new Nextcloud option
  • Firmware GUI speedup
  • ZFS on root boot support
  • Backports of FreeBSD 11.2 Intel NIC drivers (ixl version 1.9.9-k)
  • Language updates
 Announcement for 18.7 release (pro-linux.de)
OPNsense 18.1 FreeBSD 11.1 18.1
  • UTM plugins: antivirus, antispam, mail, web proxy extensions
  • Portable NAT before IPsec support
  • UI layout improvements and consolidation
 Announcement for 18.1 release (pro-linux.de)
OPNsense 17.7 FreeBSD 11.0 17.7
  • SafeStack application hardening
  • Quagga plugin with broad routing protocol support
  • Unbound resolver as the new default
 Announcement for 17.7 release (pro-linux.de)
OPNsense 17.1 FreeBSD 11.0 17.1
  • PHP7
  • SSH Installer
  • Lets Encrypt plugin
  • HardenedBSD's SEGVGUARD
 Announcement for 17.1 release (heise.de)
OPNsense 16.7 FreeBSD 10.3 16.7
  • Pluggable service infrastructure
  • Two factor authentication using RFC 6238
  • HardenedBSD's ASLR implementation
 Announcement for 16.7 release (heise.de)
OPNsense 16.1 FreeBSD 10.2 16.1
  • Plugin support
  • Menu/navigation restructuring
OPNsense 15.7 FreeBSD 10.1 15.7
  • Support both OpenSSL and LibreSSL
  • Code refactoring
OPNsense 15.1 FreeBSD 10.0 15.1
  • Feature enhancements
  • Code cleanup

For information on future versions, a detailed roadmap is available.[2]

Business Edition

The OPNsense Business Edition offers some additional features. The respective versions of the Business Edition are based on the following OPNsense versions:

Version OPNsense base FreeBSD base
OPNsense 23.10 OPNsense 23.7.6 FreeBSD 13.2
OPNsense 23.4 OPNsense 23.1.5 FreeBSD 13.1
OPNsense 22.10 OPNsense 22.7.6 FreeBSD 13.1
OPNsense 22.4 OPNsense 22.1.4 FreeBSD 13
OPNsense 21.10 OPNsense 21.7.3 FreeBSD 12.1 (HardenedBSD)
OPNsense 21.4 OPNsense 21.1.4 FreeBSD 12.1 (HardenedBSD)

Download and installation

Information on download and installation can be found in the article Install OPNsense.

References

  1. About the Fork (wiki.opnsense.org)
  2. OPNsense Roadmap (opnsense.org)

Further information


Foto Werner Fischer.jpg

Author: Werner Fischer

Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.


Related articles

Install OPNsense
Show article
OPNsense OpenVPN performance tests and results
Show article
OPNsense Software RAID 1 setup
Show article