OPNsense 18.7 released

OPNsense 18.7 released

Linux Distribution

OPNsense 18.7 released

OPNsense 18.7 released


For 3 and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

Another 6 months passed by ever so quickly!  The main goal for 18.7, nicknamed "Happy Hippo", is stability so we have not yet begun to adopt FreeBSD 11.2, but there are several of its Intel NIC driver updates included to bridge the gap until 19.1 comes out.  The upgrade also includes a tremendous amount of IPv6 improvements including 6RD support as well as authentication and backup framework consolidation.  Please also take note that QinQ is no longer included in this release.

These are the most prominent changes since version 18.1:

o improved WAN DHCPv6 and SLAAC connectivity and tracking
o functional IPv6 Rapid Deployment (6RD) support
o improved default route handling and gateway switching
o OpenVPN default setup improvements for IPv6 and RADIUS attribute support
o Dpinger gateway monitoring integration
o password policies for local authentication and coupled TOTP
o Monit core integration to eventually replace the legacy notifications
o OpenSSH access via group and shell selection instead of privilege
o pluggable backup framework with new Nextcloud option
o sytem tunables are now also used as loader tunables
o unrestricted VLAN usage for e.g. Xen
o QinQ interface removal
o firmware GUI speedup, improved error parsing and console reboot hint
o ZFS on root boot support (installer support is pending, but opnsense-bootstrap works)
o ZFS and MSDOS config import support
o ISC DHCP version moves from 4.3 to 4.4
o RRDtool version moves from 1.2 to 1.7
o rework rc.syshook facility to use drop-in directories instead of suffixes
o backports of FreeBSD 11.2 Intel NIC drivers
o stand-alone frontend UI development tools
o language updates for Czech, French, German, Portuguese (Brazil)
o UI header security and SSL cipher hardening
o extensive UI cleanups and menu consolidation
o new and rewritten plugins: os-cache, os-lcdproc-sdeclcd, os-net-snmp,
os-nut, os-openconnect, os-relayd 2.0, os-shadowsocks, os-theme-cicada,
os-theme-rebellion, os-theme-tukan, os-wol 2.0

We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.

Download links, an installation guide[1] and the checksums for the images can be found below as well.

o Europe: https://opnsense.c0urier.net/releases/18.7/
o US East Coast: http://mirrors.nycbug.org/pub/opnsense/releases/18.7/
o US West Coast: https://mirror.sfo12.us.leaseweb.net/opnsense/releases/18.7/
o South America: http://mirror.upb.edu.co/opnsense/releases/18.7/
o South-East Asia: https://ftp.yzu.edu.tw/opnsense/releases/18.7/
o Full mirror list: https://opnsense.org/download/

Here are the full changes against version 18.7-RC2:

o system: clarify help for preventing local nameserver usage in general settings
o system: deal with ACL trailing slash wildcards due to its removal from menu links
o system: allow LDAP user import even when multiple authentications servers are set
o system: merge duplicated encrypt() and decrypt() config backup implementations
o system: extend encrypt() and decrypt() with optional header, footer and attribute usage
o system: optional encryption of Nextcloud backup through user-specified password (contributed by Fabian Franz)
o interfaces: do not yield IPv6 tunnel addresses via legacy_getall_interface_addresses()
o firewall: rules alias preview on hover when no description was provided
o firewall: transitional code for upcoming alias API usage
o firewall: remove alias types urltable_ports and url_ports
o firewall: revert only binding to first interface address due to ambiguity in IPv6 local-link setups
o dnsmasq: unconditionally listen on loopback device but avoid binding more than in IPv4
o installer: properly accept cancel on guided install
o installer: removed unused mail log feature
o ipsec: remove validation to support for IPv6 over IPv4 tunnel and vice versa
o web proxy: more elaborate fix of IDNA encode with leading dots
o mvc: always use std_bootgrid_reload()( for bootgrid reloads
o ui: sidebar menu support for optional themes (contributed by Team Rebellion)
o plugins: os-dyndns 1.8 fixes Eurodns support
o plugins: os-theme-rebellion 1.3 (contributed by Team Rebellion)
o plugins: os-relayd 2.2 (contributed by Frank Brendel)
o plugins: os-siproxd 1.3 (contributed by Michael Muenz)
o ports: dhcp6c v20180720 with fix for raw support (contributed by Team Rebellion)
o ports: php 7.1.20[2]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.