OPNsense 16.1 Released

jan 28, 2016

New OPNsense Release

Welcome back!

No, we would not say it was easy getting here, but booting into 16.1 for the first time sure is as relieving (and exciting) as it could get for our project growing beyond what we had ever imagined. It has been more than a year since OPNsense first came out. Back then it was FreeBSD 10.0. Not even two months after, 10.1 was introduced along with the opnsense-update utility. Today is the day for FreeBSD 10.2, the latest and greatest release currently available for broader driver support and stability improvements.

16.1 is nick-named “Crafty Coyote” in honour of our beloved childhood TV sessions. It is the accumulation of 6 months of work, having had our focus on reengineering the captive portal, native intrusion prevention, plugin support, and transforming the reporting frontend into something more modern and flexible just to name a few[1]. Apart from the recently published security advisories (see patch notes below), we have included a quick navigation feature which can be activated by pressing (TAB) followed by search keywords and hitting (ENTER) to go to the desired page. Last but not least, a larger batch of improvements and fixes went into assorted sections of the GUI that certainly help to get your work done without ending up dazed and confused.

Speaking of clearing things up, there is more… While Ad, Franco and a couple of amazing external contributors have been busy writing and reviewing code, Jos worked in the shadows to bring to you a fully revised set of project documentation in the form of an online handbook[2]. More content will follow as we slow down development speed a bit in order to catch up. We will have to see how that works out. 😉

Another thing we have noticed is that translations are hard! We have planned to finish a translation for this iteration, but the sheer amount of work overwhelmed even the sizeable German translation team. The German translation is now at 77% percent completed with Japanese, Chinese and French chasing tails. If you want to help drop us a line at project@opnsense.org for details on how to contribute.

All images have been pushed as well, although may take a bit more time to reach a mirror near you. You can find the checksums attached at the end of this announcement.


Finally, here are the full patch notes:

  • src: FreeBSD 10.2-RELEASE-p11[4]
  • bootstrap: can now update from any available FreeBSD 10 release
  • ports: libarchive 3.1.2_6[5], Suricata 3.0[6], squid 3.5.13[7], bind 9.10.3P3[8], sqlite 3.10.2[9], ntp 4.2.8p6[10],
  • firewall: lock source / destination port settings when neither TCP nor UDP is selected
  • firewall: simplify the outbound page to hide unwanted items and zap complicated explanations (contributed by Manuel Faux)
  • firewall: do not leak floating rules into other interface tabs
  • firewall: add clear button to all log file types
  • firewall: hide NAT rules from normal rules screen
  • firewall: removed the unsupported dscp rule option
  • firewall: display alias descriptions as tooltips (contributed by Manuel Faux)
  • universal plug and play: switch to secure mode as the new default
  • unbound: add MX entries to host overrides (contributed by Manuel Faux)
  • gateways: always safe the monitor IP regardless of monitoring being on or off
  • gateways: properly add and remove routes for monitors on toggle
  • backend: fix harmless error message caused by a sample template
  • high availability: allow specification of a different port for synchronisation
  • high availability: special characters are now being properly preserved
  • high availability: added new captive portal and traffic shaper as sync options
  • high availability: reworked and pruned the client synchronisation
  • firmware: optional php extensions now peacefully coexist with preinstalled extensions
  • firmware: update plugin list on refresh to reveal available plugin list
  • intrusion detection: adds intrusion prevention mode for netmap(4) devices (must disable Hardware CRC manually)
  • captive portal: completely rewritten on top of our new components
  • proxy: hook up remote ACL settings to translation engine (contributed by Fabian Franz)
  • proxy: add support for compressed ACLs (.gz, .tar.gz, .tgz, .zip)
  • proxy: fix toggle for storage log
  • ipsec: improve display of tunnel overview
  • openvpn: provide full ca chain on client export (contributed by Manuel Faux)
  • openvpn: fix engine detection for LibreSSL
  • layout: all tooltips and icons of action buttons have been updated for proper look and feel (contributed by Manuel Faux)
  • layout: added the infamous quick navigation feature
  • layout: consolidated the display of the upper right corner (user@host.domain)
  • interfaces: reworked all the pages for proper look and feel
  • interfaces: ARP and NDP tables have been rewritten and now properly show vendor info
  • login: improved look and feel
  • dashboard: rss widget has been reworked and its library has been updated to a new version
  • config: recover last backup automatically on broken xml
  • menu: properly aligned submenu icons
  • system: removed XDebug package from the default installation

We thank all our contributors and users for their ongoing love and support. <3 Cheers, Ad, Franco and Jos -- [1] https://opnsense.org/about/road-map/
[2] https://docs.opsense.org/
[3] https://pkg.opnsense.org/releases/mirror/README
[4] https://www.freebsd.org/releases/10.2R/announce.html
[5] https://vuxml.freebsd.org/freebsd/7c63775e-be31-11e5-b5fe-002590263bf5.html
[6] http://suricata-ids.org/2016/01/27/suricata-3-0-available/
[7] http://ftp.meisei-u.ac.jp/mirror/squid/squid-3.5.13-RELEASENOTES.html
[8] https://kb.isc.org/article/AA-01346/81/BIND-9.10.3-P3-Release-Notes.html
[9] http://www.sqlite.org/changes.html
[10] http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities