Dear friends and followers,

we are happy to announce OPNsense 15.1.10.2 today following a rather exciting firmware upgrade bug that prevented the release yesterday. We are back to normal now thanks to the wonderful people of pkgng, and, boy, do we have news to share.

First and foremost, it’s time to reveal to all of you the Proxy Server (based on squid) work we’ve done under the hood for a few months now. The new MVC framework has been plugged seamlessly into the GUI and can be inspected under “Services: Proxy Server”. This is a sneak preview of things to come and any help in testing and commenting on the feature is going to be a huge help as we go forward.

The translation project has been kickstarted for Japanese[1] and Chinese, although the translations are not yet available in the GUI due to their incompleteness. We do, however, think this is a good opportunity to ask for contributions to the translations and welcome efforts for other languages as well.

Last but not least HardenedBSD’s work[2] to build OPNsense on top of their code has been a quick success story and will eventually bring features like ASLR into the project. The cooperation also sparked a number of build tools improvements that will make maintaining the project easier in the future. Changes also help to unify the OpenSSL/LibreSSL release handling so that with this announcement you will be enjoying your timely LibreSSL firmware upgrade. 😉

Here is the full list of changes:

  • proxy: basic proxy features on top of our new and shiny MVC framework under “Services: Proxy Server”
  • proxy: smart tokens for item lists (copy/paste CSV list into them and watch the magic happen)
  • proxy: help on/off per item or full page
  • proxy: hide advanced options and include sane defaults
  • proxy: FTP proxy included with same ACL controls as HTTP
  • proxy: simple authentication using built-in user database
  • openvpn: added Tunnelblick’s version of the OpenVPN XOR feature for protocol obfuscation[3]
  • core: fixed config.xml section import regression
  • core: stripped numerous dynamic strings from gettext() invokes
  • ports: added FreeBSD’s 10.1 ifinfo tool to probe for interface statistics to replace legacy PHP module code
  • ports: bsdinstaller 2.3 no longer uses cpdup utility, plus log collection and SONAME fixes
  • ports: updated to pkg 1.5.2, phalcon 2.0.0, dnsmasq 2.72_1[4]
  • ports: perl5 is now installed by default (5.18)
  • development: OpenSSL and LibreSSL branches have been merged for a simpler build experience and smaller release times
  • development: the package sets are now always kept as a single archive that can be reused and recompiled (even selectively)
  • development: stable translation template file is available now[5]
  • development: kickstarted Japanese and Chinese translations
  • development: language translation files are now automatically compiled into the core package
  • development: added a persistent build config file for setting the version, crypto flavour and release version tag (if applicable)

The update is available via the firmware upgrade feature only.

Stay safe,
Your OPNsense team

[1] http://dotike.github.io/opnsense.core.ja_JP.UTF8/
[2] https://hardenedbsd.org/article/shawn-webb/2015-05-08/hardenedbsd-teams-opnsense
[3] https://code.google.com/p/tunnelblick/wiki/cOpenvpn_xorpatch
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3294
[5] https://raw.githubusercontent.com/opnsense/core/master/src/share/locale/en_US/LC_MESSAGES/OPNsense.pot