New OPNsense Release

OPNsense 17.1.6 released


Good day everyone,

Other than the usual bulk of improvements, the Quagga plugin gained BGP support and the Phalcon framework is now able to run smoothly on PHP 7.1, which we are targeting for 17.7. The next bit of planned work in the 17.1 series is switching OpenVPN to version 2.4. It can already be reviewed in the development version.

Enjoy the security-silence this time around. ­čÖé

Here are the full patch notes:

o system: proper autofill of imported CA fields
o system: fix off by one and add validation for next serial in CA import
o system: new global product info file and associated cleanups
o system: prompt for new root password on console reset rather than using the factory default
o system: remove PHP version specific code to automatically support newer versions such as PHP 7.1
o system: raise PHP memory limit by 50%
o firmware: show downgrades in update list as well
o firmware: update pkg alongside other packages if it does not need an explicit upgrade
o firmware: add plugin list to crash report if plugins are installed
o interfaces: do not hide the save button when all interfaces have been assigned
o firewall: support tag/tagged for manual outbound NAT
o firewall: exclude IPv6 extension headers
o firewall: disable filter association when no-rdr port forward option is selected
o firewall: do not endlessly try to fetch bogons on systems with no connectivity
o captive portal: fix autocomplete, autocapitalize and autocorrect (contributed by Johann Richard)
o dhcp: fix static leases issue with loading settings into form
o dhcp: add interface-mtu option
o ipsec: move to plugin code framework
o openvpn: fix possible start failure of servers using udp6 or tcp6
o router advertisements: force restart of daemon to adapt to time zone change
o unbound: statistics API (contributed by Fabian Franz)
o web proxy: reorder pre-auth plugins and local auth settings (contributed by Evgeny Bevz)
o mvc: set locale in APIControllerBase (contributed by Alexander Shursha)
o mvc: dialog translations (contributed by Fabian Franz)
o mvc: escape @ in menu entry to avoid error on mailto: url
o plugins: igmp-proxy 1.1 renames internal service reload endpoint
o plugins: quagga 1.1.0 adds BGP support and assorted fixes (contributed by Fabian Franz and Michael Muenz)
o plugins: relayd 1.1 adds session timeout configuration (contributed by Frank Brendel)
o plugins: snmp 1.1 renames internal service reload endpoint
o ports: ca_root_nss 3.30.2
o ports: phalcon 3.1.2[1]
o ports: unbound 1.6.2 [2]

Stay safe,
Your OPNsense team


[1] https://github.com/phalcon/cphalcon/releases
[2] http://www.unbound.net/download.html