OPNsense 16.7 released

jul 28, 2016

New OPNsense Release

Welcome everyone,

It is time for the next major iteration in open-source security! After 6 months and 20 minor releases we hereby declare the general availability of OPNsense 16.7, nick-named “Dancing Dolphin”. The highlights of this major release include:

  • Suricata 3.1.1 with Intel Hyperscan support
  • NetFlow-based reporting and export
  • Traffic shaping using CoDel / FQ-CoDel
  • Two-factor authentication based on RFC 6238 (TOTP)
  • HTTPS and ICAP support in the proxy server
  • FreeBSD 10.3 with full integration of HardenedBSD ASLR
  • UEFI boot and installation modes
  • Substantial updates to our language packs: Japanese, Russian, German, French, Chinese

We thank all contributors, testers and users for their relentless support and invaluable feedback. The release candidate phase has been the most fun we have had so far. 🙂

Attention: An incompatibility in Chrome may prevent the firmware update from running. Try a different browser to upgrade to 16.7 where a workaround has been added to avoid the problem in the future.

All images can be found on the mirrors below with checksums attached to the end of this announcement:


Please stay in touch, tell us what you think about OPNsense and how we can improve it further! You can find us in any of these popular locations:

Twitter: https://twitter.com/opnsense
Forum: https://forum.opnsense.org/
GitHub: https://github.com/opnsense
IRC: Freenode #OPNsense

Lastly, here are the full changes since 16.7-RC2:

  • installer: fix UI glitch with overlong disk name selections
  • installer: warn on low RAM as install phase can fail
  • ports: suricata 3.1.1[1], php 5.6.24[2]
  • system: Etc/UTC is now the default time zone
  • system: prevent user from deleting itself
  • interfaces: register groups in the system immediately
  • firmware: add subscription option for private repositories[3]
  • firmware: work around API POST problem on Chrome by deleting css source map pointer
  • firewall: allow cron to set arbitrary syslog times for alias updates
  • proxy: add syslog target for access_log
  • reporting: can now individually flush health reports
  • reporting: can now flush insight and NetFlow data
  • reporting: translate interface names on health page
  • reporting: shut down insight service on backup to prevent database corruption
  • lang: Russian is now 97% completed (contributed by Smart-Soft Ltd.)
  • lang: minor updates in all other languages

Stay safe,
Your OPNsense team

[1] https://suricata-ids.org/2016/07/13/suricata-3-1-1-released/
[2] http://php.net/ChangeLog-5.php#5.6.24
[3] https://forum.opnsense.org/index.php?topic=3408.0