OPNsense 19.7 released, which brings Prominent Changes

OPNsense Team is pleased tannounce the latest stable release of OPNsense 19.7 on 17th July 2019.

It’s codenamed “Jazzy Jaguar”. OPNsense is open source, FreeBSD-based firewall and routing distribution.

This release improved statistics and visibility of rules, reliable and consistent live logging and alias utility improvements in firewalls.

OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

All the third party software has been updated tup-to-date releases.

It’s also offering built-in remote system logging through Syslog-ng, route-based IPsec.

Notable changes on OPNsense 19.7:

  • system: lower automatic gateway priority for tunnel interfaces
  • system: only show enabled interfaces on gateway edit
  • system: speed up console banner interface print
  • interfaces: typo in default WAN selection for packet capture
  • interfaces: support multiple interfaces for packet capture
  • interfaces: fix ambiguity in get_parent_interface()
  • firewall: restart filterlog with every filter reload
  • firmware: add update syshook
  • ipsec: phase2 IP type selector using the wrong class
  • reporting: fix Insight bug not processing top port and address statistics
  • ui: window_highlight_table_option() fix for Safari
  • wizard: improve logo contrast in welcome message
  • plugins: os-frr redistribute configuration fix (contributed by Cedric Vanet)
  • plugins: os-intrusion-detection-content-et-pro 1.0.1 now uses suricata-4.0 rulesets
  • plugins: os-haproxy 2.17[2][3]
  • plugins: os-mail-backup 1.0 (contributed by Joao Vilaca)
  • plugins: os-maltrail 1.0 (contributed by Michael Muenz)
  • plugins os-smart 2.0 MVC conversion (contributed by Smart-Soft)
  • plugins: os-tinc chroot setup with resolv.conf
  • plugins: os-wireguard 1.0 (contributed by Michael Muenz)
  • plugins: os-wol 2.2 fixes byte conversion
  • src: bump netmap ring size, still too small in FreeBSD
  • src: add FCC6_FCCA regulatory domain to ath_hal(4)
  • src: restore IPV6_NEXTHOP option support
  • src: fix privilege escalation in cd(4) driver[4]
  • src: fix kernel stack disclosure in UFS/FFS[5]
  • src: fix iconv buffer overflow[6]
  • src: import tzdata 2019b
  • ports: ca_root_nss 3.45
  • ports: filterlog 0.3 will not print to console and lowercase IPv6 protocol output
  • ports: postfix update is now non-interactive to prevent stalls
  • ports: rrdtool 1.7.2[7]

Known issues and limitations:

  • Web proxy squid update from version 3 to 4 breaks the cache database. To repair go to “Services: Web Proxy: Administration” tab “Support” and click “Reset”.
  • Web proxy login privilege is no longer available. Access may be restricted by a group selector instead.
  • Nano images require a reinstall using the latest image to avoid inode shortage which makes the System appear to run out of space during recent 19.1.x updates.
  • OpenVPN no longer supports listening on gateway groups. Use localhost paired with port forwards instead.

OPNsense 19.7 Download Link:

References:

Leave a Reply

Your email address will not be published. Required fields are marked *