OPNsense Roadmap

Planned enhancements and innnovations

This is the OPNsense Roadmap, an open source, free software project supported by volunteers and businesses. We release two major versions each year, this roadmap aims to provide an insight of the direction of the project. By no means is this meant to be a detailed list. Development information, bugs and outstanding issues are available at the OPNsense page on GitHub.

Version naming

The OPNsense Roadmap version naming system consists of year.month, so the first release took place in January 2015 -> release 15.1
In the event of minor releases within the same month an extra number will be added, like 24.1.2
We plan to use a 6 months major release cycle with firm release dates. Major release versions will have code names of animals, mountains or whatever we can think of that sounds good.

Each release has a number, a code name and a release date.

NEXT RELEASE 20.1 - January 2020

= planned | = Completed

20.1

**

January 2020


Base system
Deprecate Python 2.7
HardenedBSD 12.1
jQuery 3.4.1
Firewall
Support direction and non-quick on interface rules
High availability
CARP service demotion hook
HASync only on command (legacy cleanup)
Services
Captive portal performance improvements for large setups
Documentation
Add documentation for all core components

LATEST RELEASE 19.7 - July 17th 2019

= planned | = Completed

19.7

Jazzy Jaguar

17th July 2019


Base system
LibreSSL 2.9
PHP upgrade to 7.2
Python add 3.7 to deprecate 2.7 in 2020
Tokenize2.js upgrade including sortable feature
Bootstrap 3.4.1 security upgrade
Squid 4
General
Spanish translation
Core system extend PAM support
Convert python 2.7 scripts to 3.7 for all core components
Gateways influence default switching order by weight
Support LDAP group synchronisation to enforce remote configured policies
Syslog-ng integration supporting both udp and tcp targets
High availability
More fluent switching into maintenance mode when using CARP
XML-RPC synchronise carp relevant ip aliases to backup node
Firewall
Firewall rule statistics
Firewall insights in generated rules
Firewall aliases, export + import functions
VPN
IPsec Route based mode (VTI)
IPsec switch to PAM for authentication
OpenVPN export add Microsoft certificate store option
OpenVPN server improve input validation to prevent wrong certificate type selection
OpenVPN server support static-challenge formatted passwords
Services
Suricata eve logging over syslog
Suricata improve rule toggle actions
Unbound add aliases in host overrides

Previous Releases & Accomplishments

Some history as we are proud of the rapid development and great innovation already delivered upon.

19.1

Inspiring Iguana

January 31th 2019


Fully functional firewall alias API
PIE firewall shaper support
firewall NAT rule logging support
WPAD / PAC and parent proxy support in the web proxy
API enabled OpenVPN client export utility
ET Pro Telemetry edition plugin
2FA via LDAP-TOTP combination
P12 certificate export with custom passwords
Dnsmasq DNSSEC support
HardenedBSD 11.2
extended IPv6 DUID support
Influence default gateway switching order by weight

18.7

"Happy Hippo"

31st July 2018


 Pluggable backup modules
Nextcloud backup support
Improve multiwan support
IDS / upgrade ET-open rules to suricata 4
Remove QinQ interface type
FreeBSD Meltdown and Spectre V2 mitigations
Gateway monitoring via dpinger utility
OpenVPN support for Radius Framed-IP-Address
GUI/API hardening
Intel NIC driver updates from FreeBSD 11.2
Revive IPv6 Rapid Deployment (6RD)
IDS/IPS application detection rules
Easily accessible API docs
Monit core integration

18.1

Groovy Gecko

January 29th 2018


 Improved shared forwarding with IPv6 and tryforward support
Portable NAT before IPsec support
UTM plugins: antivirus, antispam, mail, web proxy extensions
Reverse DNS lookup API for Insight and Live Log
IDS alert log improvements
UI layout improvements and consolidation
Local group restriction feature in OpenVPN and IPsec
OpenVPN multi-remote support for clients
Debug kernel support
FreeBSD 11.1
LibreSSL 2.6
PHP 7.1
jQuery 3.2.1
pluggable NAT rules

17.7
Free Fox
31 Julyth 2017

 HardenedBSD SafeStack for base applications and selected ports
RFC 2136 and Dynamic DNS services as plugins
HardenedBSD procfs hardening
Interface code speedup
Completed translations for Chinese, Czech, Portuguese (Portugal), Portuguese (Brazil), German
CARP preempt

17.1
Eclectic Eagle
January 31th 2017


 CSRF replacement for static PHP pages
 Pluggable firewall rules
PHP 7.0
FreeBSD 11
PAM support for OPNsense authentication system
Incorporate HardenedBSD's SEGVGUARD
Position Independent Executables
 Pluggable authentication
 Extensions on the mvc model, like referential checks
 Phalcon 3.0
 installer per SSH
Unit tests for main mvc parts
Single-slice Nano with auto-resize after first boot
Lets Encrypt plugin
Tinc plugin -full mesh routing for virtual private networks
Load Balancer, UPnP, SNMP, IGMP, WOL as plugins

16.7
Dancing Dolphin
July 28th 2016


 Pluggable service infrastructure
Remove PPPoE, L2TP and PPTP servers from base installation
OpenVPN, add server specific client overrides
RFC 4638 support (MTU > 1492 in PPPoE)
HTTPS proxy support
Restyle services section
Add traffic analysis and netflow export
Active Queue Management (AQM): Controlled delay (CoDel) and FlowQueue-CoDel
PPTP, L2TP and PPPoE Servers ported to MPD5
Documentation for all major features
Dashboard feature revamp
Two factor authentication using RFC 6238
Virtual machine disk images build options
Pluggable interface infrastructure
Japanese and Russian translations completed
Firmware Improvements and development/stable versions
Cron GUI and API
FreeBSD 10.3
HardenedBSD's ASLR implementation
UEFI/GPT boot
IDS reporting enhancements

16.1
Crafty Coyote
January 28th 2016

Plugin support
-- Replace ACL
-- Extensible menu system
-- Build framework and repository
-- GUI plugin management
OpenVPN/IPSec pages rework
Firewall pages rework
Firmware mirror location and crypto selection
Replace RRD frontend using a modern alternative
Crash reporter revamp for direct problem submissions
Rewrite the captive portal application using new framework components
Implement API session handling to make use of the already build (RESTful) services
IPS
Menu/navigation restructuring
Switch to FreeBSD 10.2
Quick navigation feature

15.7
Brave Badger
July 2nd 2015

Base proxy support
Base IDS support
OpenSSH/OpenSSL updates via ports
Support both OpenSSL and LibreSSL
pfSense config importer (for versions ≤ 2.1.5)
BSDinstaller support for embedded installations
Move to FreeBSD 10.1 for long term support
Support Base upgrade
Initial implementation of MVC framework
Code refactoring
Replace backend service (check_reload_status) with new configurable configd system
OpenVPN client exporter

15.1
Ascending Albatross
January 5th 2015

Feature enhancements
Limited additional features
Code cleanup