New OPNsense Release

It has been 5 months since 16.1 came out. Since then, over 1500 commits and 18 stable releases have continuously improved and enhanced the project. Since then, thousands of new users have joined. And our new documentation has been extended and tweaked with numerous guides, explanations and answers to your questions.

The cumulation of these efforts is this announcement of the first release candidate for 16.7. Images are being provided to encourage to try these in a fresh setting, but the config import in the installer and the GUI work as usual so that migration is simple. Checksums for the images can be found below. VGA images have been omitted to permit work on the UEFI variant in the meantime.

The RC cycle will end in a month with the actual 16.7 release so that early birds will not have to reinstall afterwards. And remember: feedback is key in this phase, feel free to contact us in any way you like and let us make 16.7 grand together.

Here is our list of major features that were being worked on since 16.1:

  • SSL fingerprinting / blacklisting in the IDS/IPS
  • Firewall rules category tags for easy filtering
  • CPU temperature graph in system health
  • Custom mirror support for firmware upgrades
  • OpenVPN client-specific overrides can now be bound to selected servers
  • Added RFC 4638 support (MTU > 1492 in PPPoE)
  • NTP can now be disabled if required
  • New category-based remote ACL support in proxy server
  • ICAP configuration aded to proxy server
  • Pluggable service infrastructure
  • Pluggable syslog infrastructure
  • Finished a full sweep of visible GUI pages for improved look and feel
  • HTTPS proxy support
  • Russian translations 100% completed
  • NetFlow export to multiple remote destinations
  • NetFlow local reporting frontend
  • PPTP, L2TP and PPPoE Servers ported to MPD5
  • HAProxy plugin
  • Traffic shaping with CoDel / FQ-CoDel
  • Firewall alias geolocation support
  • Cron GUI and API
  • Japanese translations 100% completed
  • Dashboard revamp with multi-column support, drag and drop and mini API
  • RFC 6238 (TOTP) support for two-factor authentication
  • HardenedBSD’s ASLR implementation
  • High availability page for remote service status and start/stop/restart
  • API commands for remote reboot and power off
  • Firmware page resume support and cron-based “nightly” updates
  • opnsense-patch, the tremendously nifty patching tool
  • Traffic graphs frontend has been replaced by a modern alternative
  • PPTP, L2TP and PPPoE Servers are now individual plugins no longer found in the default installation
  • Pluggable interface infrastructure
  • New firewall GUI page for custom scrubbing rules (normalisation)
  • Removal of proxy-based NAT reflection
  • No more custom PHP modules
  • FreeBSD 10.3
  • Suricata 3.1

Stay safe,

Your OPNsense team

# SHA256 (OPNsense-16.7.r1-OpenSSL-cdrom-amd64.iso.bz2) = d5db6f91221121ab2e0efb962e9aa08ec095977e733a74f4e797d81329a4a1b7
# SHA256 (OPNsense-16.7.r1-OpenSSL-nano-amd64.img.bz2) = 596aa7468850a1857140bc3373650556b53bdde73fa1ac7cc639a868f4a0bcc7
# SHA256 (OPNsense-16.7.r1-OpenSSL-serial-amd64.img.bz2) = c28f7eebb6b56e91152bd21dee6a741ad09732d144af05c9a5099da12961531f
# SHA256 (OPNsense-16.7.r1-OpenSSL-cdrom-i386.iso.bz2) = fcac3e7aad5c09ed4f5352dc125cd00e200616bc77a47fa3ce4cf04826fc0970
# SHA256 (OPNsense-16.7.r1-OpenSSL-nano-i386.img.bz2) = 6a22e438ef30f7611df835ca53b0e0087d7eda3137f41224d2ee9e0d01d9ffe4
# SHA256 (OPNsense-16.7.r1-OpenSSL-serial-i386.img.bz2) = aeb5502a81520f7398187635d0426630034c276491fa32512e5702eb73d8525f

# MD5 (OPNsense-16.7.r1-OpenSSL-cdrom-amd64.iso.bz2) = 5a440e46e841d3c4c05bdb8ee6566fe6
# MD5 (OPNsense-16.7.r1-OpenSSL-nano-amd64.img.bz2) = 13ccbcf88b1b5338ccba7440526f146f
# MD5 (OPNsense-16.7.r1-OpenSSL-serial-amd64.img.bz2) = 97a3c5e08c4cecff62c5c63d5e29dda0
# MD5 (OPNsense-16.7.r1-OpenSSL-cdrom-i386.iso.bz2) = 8cced3f828d063ac237d96f32a8bb2e3
# MD5 (OPNsense-16.7.r1-OpenSSL-nano-i386.img.bz2) = 2f38a263a2f0ed2071d5698e31eeb30f
# MD5 (OPNsense-16.7.r1-OpenSSL-serial-i386.img.bz2) = 397a54eb4a51f5703b8ec3062afbcef0