Die Open-Source Firewall und ehemalige Fork der Firewall Distribution, PDFSense, OPNsense, erhielt das Bugfix Release 18.1.7. Es wurden diverse kleinere Fehlerbehoben, darunter auch gravierende Fehler wie im Reconnect Problem mit Verbindungen von IPv6. Ebenso wurde OpenVPN auf Version 2.4.6 aktualisiert. LibreSSL wurde ebenso aktualisiert, nun Version 2.6, wodurch sich die Geschwindigkeit von AESNI verbesserte.
Achtung an die Jenigen, die den Web Proxy für IDNA Domains nutzen. Dieser wurde entfernt, da er in der Konfiguration Domains nicht encodierte und codierte. Alle Domains werden nun während der Laufzeit im Setup encodiert. Daher müssen alle zuvor falsch encodierten Domains gelöscht und neu hinzugefügt werden.
OPNsense 18.1.7 Release Notes
- system: validate pfsync peer as IPv4-only
- system: flip order of arguments for system_routing_configure()
- system: convert cron to mutable model controller
- system: convert routing to mutable model controller
- system: log table header cleanup
- system: more aggressive factory reset and shut down after completion
- system: remove duplicate addresses before binding web GUI and OpenSSH
- system: fix Framed-Route parsing for RADIUS authentication
- system: properly translate save message on user language change
- interfaces: PPPoE link down script improvements
- interfaces: emit prefix-interface for trackers in advanced DHCPv6 configurations
- interfaces: DHCPv6 configuration creation breakout (contributed by Team Rebellion)
- interfaces: SIGHUP reload for dhcp6c (contributed by Team Rebellion)
- interfaces: wait for dhcp6c to be stopped by pending apply
- interfaces: only reconfigure VLAN interface after edit when necessary
- interfaces: create IPv4 and IPv6 tunnel gateways for GIF/GRE when the setup allows it
- interfaces: remove unused $flush argument from various functions
- interfaces: fixed creation of GIF/GRE tunnel with an outer IPv6 remote address (contributed by Christoph Engelbert)
- interfaces: fixed router advertisement setup of former static but now tracking interface (contributed by Christoph Engelbert)
- interfaces: remove obsolete address requirement for CARP VIPs
- interfaces: back out get_dyndns_ip() IPv6 online detection and properly propagate a lookup error
- interfaces: no more spurious redirection for dhclient invoke
- firewall: remove a side effect from filter_delete_states_for_down_gateways()
- firewall: adjust maximum table entries for error-free bogonsv6 usage
- firewall: add buckets option to traffic shaper
- firewall: update help text for port ranges (contributed by Michael Muenz)
- power: power off modal to indicate that the GUI is no longer responsive
- captive portal: add traffic data and IP address to RADIUS accounting messages (contributed by CJ)
- captive portal: fix voucher table rendering issue seen in Firefox
- intrusion detection: add destination IP to alert search (contributed by Jeffrey Gentes)
- intrusion detection: add abuse.ch URLhaus rules
- ipsec: keep road warrior rightsubnet to default as stated by the docs
- ipsec: add missing phase 2 DH groups
- openvpn: switch to interface „any“ for IPv6-friendly defaults
- openvpn: remove side-effects from configuration code
- openvpn: let CIDR validation tell us that only one network is expected
- openvpn: allow explicit selection of tcp4 and udp4
- openvpn: wizard can now set IPv4/IPv6 tunnel, local and remote addresses
- openvpn: improved automatic local port selection in wizard
- openvpn: bigger wizard button on server list page
- openvpn: allow IPv6-only tunnel setups
- openvpn: assorted cleanups in the associated GUI pages
- unbound: fix a faulty format string
- web proxy: use error_directory translation as set by system language (contributed by Smart-Soft)
- web proxy: add support for SNMP (contributed by Smart-Soft)
- web proxy: rewrite the IDN support to only affect the template write
- console: make tracking the default for LAN IPv6 during interface reconfiguration
- console: reset VLANs as stated during port reconfiguration
- mvc: track attached models of model relation fields
- mvc: remove obsoleted „page-“ prefix check for ACL
- mvc: unit tests for DependConstraint
- mvc: only use configdpRun() when needed
- rc: generate and permanently save host ID
- rc: always reload VPN after filter to allow for better default gateway switching
- rc: reconfigure IPv4 and IPv6 only once after boot
- rc: do not run plugin reconfigure if a system configuration is not present
- ui: merge system activity and services diagnostics menu
- ui: move defaults page from firmware to configuration section
- ui: fix issue with typeahead selection in tokenizer
- ui: order reporting menu naturally
- lang: updates for Czech, French, German, Portuguese (Brazil)
- plugins: os-acme-client 1.14 adds support for CloudDNS (contributed by Frank Wall)
- plugins: os-freeradius 1.5.3_1 fixes form property auto-select
- plugins: os-monit 1.7_1 merges setup code into migration framework
- plugins: os-postfix 1.2 relax relay host validation (contributed by Michael Muenz)
- plugins: os-rspamd 1.3 adds file for milter headers (contributed by Fabian Franz)
- plugins: os-snmp 1.2 avoids usage of does_interface_exist()
- plugins: os-web-proxy-useracl 1.1._1 reworks IDN support
- plugins: os-zabbix-agent 1.3 adds working default values (contributed by Frank Wall)
- ports: enable previously defunct AES-NI acceleration in LibreSSL 2.6
- ports: switch from dhcp6 to our own lightweight dhcp6c[1]
- ports: sudo upstream patch to correct a FreeBSD issue[2]
- ports: openldap 2.4.46[3]
- ports: openssh 7.7p1[4]
- ports: openvpn 2.4.6[5]
- ports: perl 5.26.2[6]
- ports: php 7.1.17[7]
- ports: sqlite 3.23.0[8]
A hotfix release was issued as 18.1.7_1:
- mvc: fix regression in model relation load order[9]
Quelle: https://forum.opnsense.org/index.php?topic=8595.0
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.