Hi everyone,

The release schedule is being stretched bit by bit to see how long we can go without an update. Well, we did not want to wait any longer to share with you the following bits… so here they are. 😉

FreeBSD incorporated several reliability fixes for Hyper-V and we had to back out an ICMP stable commit that was not fully working for trace route output over the network. There are several important ports updates, namely Lighttpd, Strongswan and OpenSSH all brought to their latest versions.

On our side, multi-point VPN plugins have been corrected to properly group to their respective firewall rule interface. For anyone waiting to migrate their VPNs from 16.1.20 to 16.7, now is the time to do so! Also, the stale OpenVPN windows binaries have been removed. Note that we gracefully support configuration file export in several formats.

Here are the full patch notes:

  • src: revert fix ICMP translation in pf[1]
  • src: better handle unknown options received from a DHCP server[2]
  • src: void using spin locks for channel message locks[3]
  • src: enable INQUIRY result check only on Windows 10 host systems[4]
  • src: register time counter early enough for TSC freq calibration[5]
  • src: disable incorrect callout in hv_storvsc(4)[6]
  • src: better handle the GPADL setup failure in Hyper-V[7]
  • src: fix SCSI INQUIRY checks and error handling[8]
  • ports: lighttpd 1.4.41[9], strongswan 5.5.0[10], curl 7.50.1[11]
  • ports: ca_root_nss 3.26, openssh 7.3p1[12]
  • ports: enabled LDAP SASL bindings
  • system: remove source maps to prevent further Chrome breakage during API calls
  • system: switch to individual registration of PHP extensions
  • system: added UO field to CSR
  • interfaces: properly remove PPPoE server from list of firewall interfaces when deactivated
  • interfaces: extended logging for 4G modems
  • interfaces: correct download of large packet captures
  • interfaces: add lacp_fast_timeout flag support for LAGG
  • interfaces: fix clearing the DHCP config file when override file is gone
  • interfaces: improve dmesg probe on interface listing (contributed by Per von Zweigbergk)
  • firewall: double-check file availability after alias URL download
  • services: corrected DNS forwarder settings save in mobile layout
  • dashboard: fix gateway widget status text update
  • plugins: corrected firewall interface usage for multi-point VPNs
  • vpn: removed the stale OpenVPN windows installer binaries
  • vpn: default to IPsec main mode
  • lang: assorted translation fixes (contributed by Fabian Franz and Antonio Prado)
  • lang: translation updates for Chinese, French, German and Japanese

Stay safe,
Your OPNsense team

[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201519
[2] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:10.dhclient.asc
[3] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:11.vmbus.asc
[4] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:12.hv_storvsc.asc
[5] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:13.vmbus.asc
[6] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:14.hv_storvsc.asc
[7] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:15.vmbus.asc
[8] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:16.hv_storvsc.asc
[9] https://www.lighttpd.net/download/
[10] https://wiki.strongswan.org/projects/strongswan/wiki/Changelog55
[11] https://curl.haxx.se/changes.html#7_50_1
[12] http://www.openssh.com/txt/release-7.3