Good day everyone,

It took a while to track down a NTP regression with FreeBSD that turned out to be a flaw in the kernel itself. That’s now fixed for all FreeBSD versions. Thanks everyone for helping out here again. 🙂

This update brings quite a few fixes, especially with regard to VMware and Xen virtualisation plugins. If you are in need of such plugins for seamless guest support the installation is quite painless:

# pkg install os-vmware
# pkg install os-xen

In case of VMware, the masterplan is that vmx network devices will be persistent after reboot so that such devices can be embedded into the config.xml. Let us know how that works for you guys. Needless to say, we’ll keep working on making plugins accessible through the GUI with our next major version that is 16.1.

We’ve also been working on ironing out further IPsec hiccups and adding more features to the captive portal in the development version. Oh, and this: fresh images based on 15.7.18 will be available a couple of days after this release.

Here are the full patch notes:

  • plugins: updated the VMware plugin to support early boot for persistent vmx(4) device access
  • plugins: added the Xen plugin for automatic guest support
  • openvpn: fix server not saving interface without IP
  • crash reporter: remember email for continuous feedback
  • crash reporter: Suhosin PHP module no longer triggers crash reports
  • crash reporter: fixed 10 assorted crash reports
  • languages: fix all apply button prompts for non-English translations
  • languages: updated German and French via https://translate.opnsense.org
  • backend: added simple plugin hooks for boot up, early boot up and shutdown
  • GUI: hooked up the authentication backend rewrite
  • dhcp: remove illegal ifconfig tag in custom dhclient script
  • virtual ips: make subnet selectable on ipalias
  • ipsec: flip ipv4/ipv6 subnet options in phase2
  • ipsec: fix issue when using both tunnels and roadwarrior
  • ipsec: listen to disabled ipsec nat entries
  • ipsec: do not overwrite settings for rekey/reauth
  • proxy: fix error on saving special URL characters
  • aliases: fix missing url table items
  • aliases: hide minus when not applicable
  • ntp: don’t trigger set_gps_default on page load
  • captive portal (development): clean rewrite of RADIUS authentication/accounting
  • captive portal (development): added a session overview feature to the new
  • captive portal (development): fixed template download file name in Google Chrome
  • src: Implement pubkey support for pkg(7) bootstrap [1]
  • src: rpcbind remote denial of service [2]
  • src: Applications exiting due to segmentation violation on a correct memory address [3]
  • src: tzdata updated to 2015g [4]
  • ports: ntp 4.2.8p4 [5]
  • ports: pkg 1.6.1 [6] [7]
  • ports: sqlite 3.9.1 [8]
  • ports: suricata 2.0.9 [9]
  • ports: php 5.6.15 [10]

Stay safe,
Your OPNsense team

[1] https://www.freebsd.org/security/advisories/FreeBSD-EN-15:18.pkg.asc
[2] https://www.freebsd.org/security/advisories/FreeBSD-SA-15:24.rpcbind.asc
[3] https://www.freebsd.org/security/advisories/FreeBSD-EN-15:20.vm.asc
[4] http://mm.icann.org/pipermail/tz-announce/2015-October/000034.html
[5] https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-dev
[6] https://github.com/freebsd/freebsd-ports/commit/233063d86be930
[7] https://github.com/freebsd/freebsd-ports/commit/4cee57325035cc6
[8] https://www.sqlite.org/releaselog/3_9_1.html
[9] http://suricata-ids.org/2015/09/25/suricata-2-0-9-available/
[10] http://php.net/ChangeLog-5.php#5.6.15