Nach mehr als 9 Jahren stellt die Open-Source Firewall OPNsense nun das neue Release 24.7 bereit. In dieser Zeit ist viel passiert und die Firewall hast sich stetig weiter entwickelt. Die neue Version 24.7 ist auf den Namen „Thriving Tiger“ getauft und bringt einige Neuerungen. Das offensichtlichste ist das überarbeitete Dashboard sowie Features wie:
- system trust MVC/API support,
- GRE and GIF MVC/API support,
- NAT 1-to-1 MVC/API support,
- WireGuard QR code generator,
- dynamic IPsec VTI tunnel support,
- experimental OpenVPN DCO support,
- FreeBSD 14.1,
- Python 3.11
- plus much more
OPNsense Changlog against Version 24.1.10:
- system: remove „load_balancer“ configuration remnants from core
- system: replace usage of mt_rand() with random_int()
- system: rewrote Trust configuration using MVC/API
- system: add XMLRPC option for OpenDNS
- system: rewrote the high availability settings page using MVC/API
- system: remove obsolete SSH DSA key handling
- system: replaced the dashboard with a modern alternative with streaming widgets
- system: harden a number of PHP settings according to best practices
- system: support streaming of log files for the new dashboard widget
- system: assorted dashboard widget tweaks
- system: sidebar optimisation and fixes (contributed by Team Rebellion)
- system: set short Cache-Control lifetime for widgets
- interfaces: rewrote GRE configuration using MVC/API
- interfaces: rewrote GIF configuration using MVC/API
- interfaces: temporary flush SLAAC addresses in DHCPv6 WAN mode to avoid using them primarily
- interfaces: add peer/peer6 options to CARP VIPs
- interfaces: allow to assign a prefix ID to WAN interface in DHCPv6 as well
- interfaces: allow to set manual interface ID in DHCPv6 and tracking modes
- firewall: performance improvements in alias handling
- firewall: refactor pftop output, move search to controller layer and implement cache for sessions page
- firewall: support streaming of filter logs for the new dashboard widget
- captive portal: add „Allow inbound“ option to select interfaces which may enter the zone
- captive portal: remove defunct transparent proxy settings
- captive portal: clean up the codebase
- ipsec: prevent gateway when remote gateway family does not match selected protocol in legacy tunnel configuration
- isc-dhcp: do not reload DNS services when editing static mappings to match behaviour with Kea
- monit: expose HTTPD username and password settings to GUI
- openvpn: optionally support DCO devices for instances
- openvpn: remove duplicate and irrelevant data for the client session in question
- openvpn: add „remote_cert_tls“ option to instances
- backend: add „cache_ttl“ parameter to allow for generic caching of actions
- backend: run default action „configd actions“ when none was specified
- backend: extended support for streaming actions
- installer: update the ZFS install script to the latest FreeBSD 14.1 code
- installer: prefer ZFS over UFS in main menu selection
- ui: assorted improvements for screen readers (contributed by Jason Fayre)
- ui: add „select all“ to standard form selectors and remove dialog on „clear all“ for tokenizers
- ui: lock save button while in progress to prevent duplicate input on Bootgrid
- ui: backport accessibility fix in Bootstrap
- mvc: replaced most of the Phalcon MVC use with a native band compatible implementation
- mvc: improve searchRecordsetBase() filtering capabilities
- mvc: improve container field cloning
- mvc: remove obsolete getParams() usage in ApiControllerBase
- mvc: hook default index action in API handler
- plugins: os-acme-client 4.4[2]
- plugins: os-caddy 1.6.1[3]
- plugins: os-dec-hw 1.1 replaces the dashboard widget
- plugins: os-etpro-telemetry 1.7 replaces dashboard widget
- plugins: os-freeradius 1.29.4[4]
- plugins: os-nginx 1.34[5]
- plugins: os-theme-cicada 1.37 fixes dropdown element style (contributed by Team Rebellion)
- plugins: os-theme-vicuna 1.47 fixes dropdown element style (contributed by Team Rebellion)
- src: FreeBSD 14.1-RELEASE[6]
- src: assorted backports from FreeBSD stable/14 branch
- ports: hostapd 2.11[7]
- ports: libpfctl 0.12
- ports: phalcon 5.8.0[8]
- ports: openvpn 2.6.12[9]
- ports: wpa_supplicant 2.11[10]
OPNsense Hotfix 24.7_5
- system: fix disk widget byte unit „B“ parsing crashing the whole widget
- interfaces: improve apply of the new peer/peer6 options to avoid unneeded reset
- firewall: fix one-to-one NAT migration with external address without a subnet set
- openvpn: disable DCO permanently in legacy client/server configuration
- mvc: fix API regression due to getParams() removal
- plugins: os-udpbroadcastrelay API error fixes (contributed by Team Rebellion)
OPNsense Hotfix 24.7_9
- system: increase widget timeout to 5 seconds
- system: cores and threads flipped in system widget
- system: increase the PHP children count of the web GUI
- mvc: make Response->setContentType() second argument optional
- plugins: os-theme-rebellion 1.9 fixes compatibility issues with new dashboard (contributed by Team Rebellion)
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.