OPNsense Roadmap

Planned enhancements and innnovations

This is the OPNsense Roadmap, an open source, free software project supported by volunteers and businesses. We release two major versions each year, this roadmap aims to provide an insight of the direction of the project. By no means is this meant to be a detailed list. Development information, bugs and outstanding issues are available at the OPNsense page on GitHub.

Version naming

The OPNsense Roadmap version naming system consists of year.month, so the first release took place in January 2015 -> release 15.1
In the event of minor releases within the same month an extra number will be added, like 24.1.2
We plan to use a 6 months major release cycle with firm release dates. Major release versions will have code names of animals, mountains or whatever we can think of that sounds good.

Each release has a number, a code name and a release date.

UPCOMING RELEASE 17.1 - January 2017

= Planned | = Completed

Currently planned and realised enhancements and innnovations.


January 31th 2017

 Screen reader optimizations
 CSRF replacement for static PHP pages
 Pluggable firewall rules
Easily accessible API docs
PHP 7.0
FreeBSD 11
PAM support for OPNsense authentication system
Incorporate HardenedBSD's SEGVGUARD
Position Independent Executables
 Pluggable authentication
 Extensions on the mvc model, like referential checks
 Phalcon 3.0
 installer per SSH
Unit tests for main mvc parts
Single-slice Nano with auto-resize after first boot
Load Balancer, UPnP, SNMP, IGMP, WOL as plugins

Future development - not yet planned

The development team has some wishes they'd like to see in one of the future releases.

## ##

 No more static PHP pages for the frontend
 Privilege separation by integrating all backend commands into configd calls
 Split the base installation into individual plugins
 Full (rest) api support for every component in the system using the same base components
 Unattended / Automated installation
 Functional second slice on NanoBSD images
 ARM support


  Full service oriented architecture
  Pluggable architecture using standard components
  Simple build and development system
  Easy and modern GUI for broad device access and quick configuration

Previous Releases & Accomplishments

Some history as we are proud of the rapid development and great innovation already delivered upon.

Dancing Dolphin
July 28th 2016

 Pluggable service infrastructure
Remove PPPoE, L2TP and PPTP servers from base installation
OpenVPN, add server specific client overrides
RFC 4638 support (MTU > 1492 in PPPoE)
HTTPS proxy support
Restyle services section
Add traffic analysis and netflow export
Active Queue Management (AQM): Controlled delay (CoDel) and FlowQueue-CoDel
PPTP, L2TP and PPPoE Servers ported to MPD5
Documentation for all major features
Dashboard feature revamp
Two factor authentication using RFC 6238
Virtual machine disk images build options
Pluggable interface infrastructure
Japanese and Russian translations completed
Firmware Improvements and development/stable versions
Cron GUI and API
FreeBSD 10.3
HardenedBSD's ASLR implementation
IDS reporting enhancements

Crafty Coyote
January 28th 2016

Plugin support
-- Replace ACL
-- Extensible menu system
-- Build framework and repository
-- GUI plugin management
OpenVPN/IPSec pages rework
Firewall pages rework
Firmware mirror location and crypto selection
Replace RRD frontend using a modern alternative
Crash reporter revamp for direct problem submissions
Rewrite the captive portal application using new framework components
Implement API session handling to make use of the already build (RESTful) services
Menu/navigation restructuring
Switch to FreeBSD 10.2
Quick navigation feature

Brave Badger
July 2nd 2015

Base proxy support
Base IDS support
OpenSSH/OpenSSL updates via ports
Support both OpenSSL and LibreSSL
pfSense config importer (for versions ≤ 2.1.5)
BSDinstaller support for embedded installations
Move to FreeBSD 10.1 for long term support
Support Base upgrade
Initial implementation of MVC framework
Code refactoring
Replace backend service (check_reload_status) with new configurable configd system
OpenVPN client exporter

Ascending Albatross
January 5th 2015

Feature enhancements
Limited additional features
Code cleanup