New Release Candidate

OPNsense 17.1-RC1


✓ More Secure   ✓ Better Language Support   ✓ More Features


Hi everyone,

The wish list for our kernel improvements has been emptied just a week ago, which makes OPNsense 17.1-RC1 look like the final 17.1 for all intents and purposes and already includes the stable upgrade path. Several features have been moved from the core to the plugins and may need to be reinstalled, namely Load Balancer, Wake on LAN, SNMP, IGMP Proxy and Universal Plug and Play. More details are listed below.

A special thank you goes to Carlos Meireles and Thiago Basilio, who brought to you Portuguese as a language choice (Portugal and Brazil, respectively). Awesome work!


Download OPNsense 17.1-RC1 now !

Direct download links from our capable mirror providers (checksums below this announcement) are as follows:

https://opnsense.c0urier.net/releases/17.1.r1/ (Europe)
http://mirrors.nycbug.org/pub/opnsense/releases/17.1.r1/ (US East Coast)
http://mirror.sfo12.us.leaseweb.net/opnsense/releases/17.1.r1/ (US West Coast)

More mirrors for OPNsense 17.1-RC1 are available on our website:
https://opnsense.org/download/ (full mirror list)


Upgrading from 17.1-BETA

If you have been running 17.1-BETA and want to switch to the stable upgrade path simply upgrade to OPNsense 17.1-RC1 and run the following from the shell:

# opnsense-update -t opnsense


 

Full change list 
Here is the full list of changes since 17.1-BETA:

core: default to integrated authentication (PAM) for su, login et al
 core: lock down UNIX accounts for active integrated authentication
core: console option 11 now reloads all instead of only the web GUI
core: removed unused translations from console features
core: load AESNI by default
core: remove restrictions to not run DNS resolver and forwarder in parallel
core: use the sc console driver instead of vt
core: consolidate anti-lockout behaviour
core: optionally limit ciphers for web GUI
✓ core: move individual XMLRPC sync options to their respective services
core: use rc.shutdown hook for graceful ACPI shutdown
core: fix locale setting in MVC (contributed by Alexander Shursha)
core: add translations to the wizard (contributed by Alexander Shursha)
core: fix several crash reports
core: use the ddb.conf that FreeBSD already provides
core: configure ddb even if no dump device was found
core: move bogon rules to fix DHCPv6 WAN scenarios
web proxy: allow to disable caching by zeroing cache_mem
plugins: the os-intel-em driver has been removed
plugins: configuration additions for os-tinc
plugins: exported several base features to plugins (os-snmp, os-igmp-proxy, os-wol, os-upnp, os-relayd)
lang: added Portuguese/Portugal (contributed by Carlos Meireles)
lang: added Portuguese/Brazil (contributed by Thiago Basilio)
src: wireless firmware now only available via kernel modules
src: the EM_MULTIQUEUE kernel option has been removed
src: HardenedBSD SEGVGUARD improvements
src: HardenedBSD force -fPIC when building PIEs
src: do not initialize the adapter on MTU change when ix status is down
src fix panic during lagg destruction with simultaneous status check
src: restore link state probing for e1000 82574 chipsets
src: IP cooperative forwarding rework, fixes IPv4 in pf
src: avoid deadlocks during lagg configuration
src: multiple fixes for netmap to repair emulation panics

Known issues in OPNsense 17.1-RC1

o The inherited 6rd kernel patches are not included in standard FreeBSD 11.0. The impact on 6rd setups is currently unknown.
o Fundamental WiFi stack changes in FreeBDS 11.0 could still affect operability.
o Insight and Health statistics import from the early installer may not work.
o Due to a Python 2.7.13 incompatibility the NetFlow connector may not work. A workaround is to revert to the Python 2.7.12 release. See the forum for details[1].
o The LibreSSL version will not be available until the final release.
o The console settings received a non-backwards compatible change. If the VGA console is not working, simply reconfigure it from System: Settings: Administration as it was likely set to Serial due to a wrong GUI default.

Help appreciated

Any help in making 17.1 the best it could possibly be for its final release January 31 is highly appreciated.  Please do not hesitate to contact us through any of the known channels:

✓ Twitter: https://twitter.com/opnsense
✓ Forum: https://forum.opnsense.org/
✓ GitHub: https://github.com/opnsense
✓ IRC: Freenode #OPNsense

Stay safe,
Your OPNsense team


[1] https://forum.opnsense.org/index.php?topic=4235.0

# SHA256 (OPNsense-17.1.r1-OpenSSL-cdrom-amd64.iso.bz2) = 96bc814644c89128baa8afc7a4f057bd02b364ada4c33ac1d98129a0a2f2dd50
# SHA256 (OPNsense-17.1.r1-OpenSSL-nano-amd64.img.bz2) = c777f3adea1621253a846bbd78c82993801e40085d1c9cab03a71d01e5c6d0a8
# SHA256 (OPNsense-17.1.r1-OpenSSL-serial-amd64.img.bz2) = 0e87555296c58a51e905e4fac97ea6fac397d748b1369bab9f4c108d6adf9993
# SHA256 (OPNsense-17.1.r1-OpenSSL-vga-amd64.img.bz2) = 08af040390230bffc2ac6e4eceb884c390e0058a0b8027f003eeaf601b38b909
# SHA256 (OPNsense-17.1.r1-OpenSSL-cdrom-i386.iso.bz2) = 3ef78129e57414cd765cfbe903b747e6efa1222f799cc1d2e8331a68279a7c87
# SHA256 (OPNsense-17.1.r1-OpenSSL-nano-i386.img.bz2) = 6a8040bf3b8a9c2bc9bb49b214c6a7612dca5235fa0314b474524e2ccdf38caf
# SHA256 (OPNsense-17.1.r1-OpenSSL-serial-i386.img.bz2) = 442b774948ae14428a8c76489139644e49c935db61e32055508974fe76686fc0
# SHA256 (OPNsense-17.1.r1-OpenSSL-vga-i386.img.bz2) = 27149d372ded7d069aec3e5aeab7708e53bf3ca8166193480863ace768a333d5

# MD5 (OPNsense-17.1.r1-OpenSSL-cdrom-amd64.iso.bz2) = 680161da68fee3c03904970e7aa89c94
# MD5 (OPNsense-17.1.r1-OpenSSL-nano-amd64.img.bz2) = 989bc7056ebaf08ff3ba06a5b56b2488
# MD5 (OPNsense-17.1.r1-OpenSSL-serial-amd64.img.bz2) = 00d92a840c6180fb87d59b2f6728f10f
# MD5 (OPNsense-17.1.r1-OpenSSL-vga-amd64.img.bz2) = 1574e871a3d64147e1a904074a4ff4b2
# MD5 (OPNsense-17.1.r1-OpenSSL-cdrom-i386.iso.bz2) = 0e409d30009af857b23e67e97451cc81
# MD5 (OPNsense-17.1.r1-OpenSSL-nano-i386.img.bz2) = 051a1072559982fce88fb39ef78aca77
# MD5 (OPNsense-17.1.r1-OpenSSL-serial-i386.img.bz2) = c32106dc7070ae462200e15fa707e19c
# MD5 (OPNsense-17.1.r1-OpenSSL-vga-i386.img.bz2) = 5ec394d7c2b331390d92baec41e3aece