OPNsense Roadmap

Planned enhancements and innnovations

This is the OPNsense Roadmap, an open source, free software project supported by volunteers and businesses. We release two major versions each year, this roadmap aims to provide an insight of the direction of the project. By no means is this meant to be a detailed list. Development information, bugs and outstanding issues are available at the OPNsense page on GitHub.

Version naming

The OPNsense Roadmap version naming system consists of year.month, so the first release took place in January 2015 -> release 15.1
In the event of minor releases within the same month an extra number will be added, like 24.1.2
We plan to use a 6 months major release cycle with firm release dates. Major release versions will have code names of animals, mountains or whatever we can think of that sounds good.

Each release has a number, a code name and a release date.

NEXT RELEASE 19.1 - Januari 2019

= planned | = Completed



January 2019

Improved IPv6 support
Replace firewall aliases with api capable version
Proxy add WPAD support
FreeBSD 11.2
API enabled OpenVPN client export utility
Influence default gateway switching order by weight

LATEST RELEASE 18.7 - July 31, 2018

= planned | = Completed

Currently planned and realised enhancements and innnovations.


"Happy Hippo"

31st July 2018

 Pluggable backup modules
Nextcloud backup support
Improve multiwan support
IDS / upgrade ET-open rules to suricata 4
Remove QinQ interface type
FreeBSD Meltdown and Spectre V2 mitigations
Gateway monitoring via dpinger utility
OpenVPN support for Radius Framed-IP-Address
GUI/API hardening
Intel NIC driver updates from FreeBSD 11.2
Revive IPv6 Rapid Deployment (6RD)
IDS/IPS application detection rules
Easily accessible API docs
Monit core integration

Future development - not yet planned

The development team has some wishes they'd like to see in one of the future releases.

## ##

 No more static PHP pages for the frontend
 Privilege separation by integrating all backend commands into configd calls
 Full (rest) api support for every component in the system using the same base components
 ARM64 support
Easily accessible API docs
ZFS installer support

Previous Releases & Accomplishments

Some history as we are proud of the rapid development and great innovation already delivered upon.


Groovy Gecko

January 29th 2018

 Improved shared forwarding with IPv6 and tryforward support
Portable NAT before IPsec support
UTM plugins: antivirus, antispam, mail, web proxy extensions
Reverse DNS lookup API for Insight and Live Log
IDS alert log improvements
UI layout improvements and consolidation
Local group restriction feature in OpenVPN and IPsec
OpenVPN multi-remote support for clients
Debug kernel support
FreeBSD 11.1
LibreSSL 2.6
PHP 7.1
jQuery 3.2.1
pluggable NAT rules

Free Fox
31 Julyth 2017

 HardenedBSD SafeStack for base applications and selected ports
RFC 2136 and Dynamic DNS services as plugins
HardenedBSD procfs hardening
Interface code speedup
Completed translations for Chinese, Czech, Portuguese (Portugal), Portuguese (Brazil), German
CARP preempt

Eclectic Eagle
January 31th 2017

 CSRF replacement for static PHP pages
 Pluggable firewall rules
PHP 7.0
FreeBSD 11
PAM support for OPNsense authentication system
Incorporate HardenedBSD's SEGVGUARD
Position Independent Executables
 Pluggable authentication
 Extensions on the mvc model, like referential checks
 Phalcon 3.0
 installer per SSH
Unit tests for main mvc parts
Single-slice Nano with auto-resize after first boot
Lets Encrypt plugin
Tinc plugin -full mesh routing for virtual private networks
Load Balancer, UPnP, SNMP, IGMP, WOL as plugins

Dancing Dolphin
July 28th 2016

 Pluggable service infrastructure
Remove PPPoE, L2TP and PPTP servers from base installation
OpenVPN, add server specific client overrides
RFC 4638 support (MTU > 1492 in PPPoE)
HTTPS proxy support
Restyle services section
Add traffic analysis and netflow export
Active Queue Management (AQM): Controlled delay (CoDel) and FlowQueue-CoDel
PPTP, L2TP and PPPoE Servers ported to MPD5
Documentation for all major features
Dashboard feature revamp
Two factor authentication using RFC 6238
Virtual machine disk images build options
Pluggable interface infrastructure
Japanese and Russian translations completed
Firmware Improvements and development/stable versions
Cron GUI and API
FreeBSD 10.3
HardenedBSD's ASLR implementation
IDS reporting enhancements

Crafty Coyote
January 28th 2016

Plugin support
-- Replace ACL
-- Extensible menu system
-- Build framework and repository
-- GUI plugin management
OpenVPN/IPSec pages rework
Firewall pages rework
Firmware mirror location and crypto selection
Replace RRD frontend using a modern alternative
Crash reporter revamp for direct problem submissions
Rewrite the captive portal application using new framework components
Implement API session handling to make use of the already build (RESTful) services
Menu/navigation restructuring
Switch to FreeBSD 10.2
Quick navigation feature

Brave Badger
July 2nd 2015

Base proxy support
Base IDS support
OpenSSH/OpenSSL updates via ports
Support both OpenSSL and LibreSSL
pfSense config importer (for versions ≤ 2.1.5)
BSDinstaller support for embedded installations
Move to FreeBSD 10.1 for long term support
Support Base upgrade
Initial implementation of MVC framework
Code refactoring
Replace backend service (check_reload_status) with new configurable configd system
OpenVPN client exporter

Ascending Albatross
January 5th 2015

Feature enhancements
Limited additional features
Code cleanup