Dear all,

the new release is finally here! Yet before we begin, we’d like to stress this part: please read the notes enclosed; they are important for the future of OPNsense.

We are now about two thirds into what is going to be 15.7. On this path, we’ve always released cutting edge snapshot releases and 15.1.10 is no different. However, what is different is the fact that this release marks a larger departure from what is considered a mere fork: we are leaving behind numerous kernel patches and two major features to better align with FreeBSD’s code base and to rebuild these features on more maintainable fundament. In this case we’re talking about the layer 7 shaper and FAIRQ/CODEL support.

But we not only delete all the things. No, we have added NanoBSD images to the release bundle. Reengineered the process to keep completely in sync with the FreeBSD ports collection. Replaced the GUI menu and ACL with MVC-based rewrites. We’ve switched on the fingerprint verification to finally enforce the (previously introduced) package repository signing.

It’s very likely that most of these additions and removals are not visible from a usage perspective and we do believe that is a good thing. For some these changes will spark criticism, but then again they are a chance to better distinguish between projects and individual requirements. We believe in choice. We believe in the choices we make for the benefit of our users. And we intend to keep it that way for a long time. Talk to us and let us know what we can achieve together. 🙂

Important notes on the live upgrade:

The recommended way to upgrade is the root shell menu option “12”. The box will require an immediate reboot. No further steps will be necessary.

The GUI firmware upgrade has never been perfect due to wanting to upgrade itself through running the update. The GUI update is still safe to run, but it will not let you know when it is finished. The update window will go blank, which is your queue to refresh the page. The login window will reappear. After login, the GUI update will already be finished. To wrap up the full upgrade cycle, drop to the root shell and type:

# opnsense-update && reboot

But then again, simply use the root shell menu option “12”. It works seamlessly via SSH, too.

The full change log of 15.1.10 is as follows:

  • kernel: cleaned up the custom legacy patches to move the underlying FreeBSD back to more standard behaviour
  • kernel: removed dysfunctional dummynet patches and traffic shaper / limiter GUI feature (ETA for a replacement is 15.7)
  • kernel: stripped FAIRQ and CODELQ disciplines as they are no longer supported by FreeBSD
  • kernel: isolated MPD (Multi-link PPP daemon) alteration patches (will be dropped in a future release)
  • kernel: fixed IPSec dropping connections in some scenarios
  • images: a new NanoBSD-based image has been added to the release bundle (directly written to SD or HD)
  • notable ports updates: curl 7.42.1, ca_root_nss: 3.18.1
  • installer: omit swap and add noatime to root partition in quick/easy install when available space is under 30GB, fixed faulty exit on importer cancel
  • development: the ports tree is now kept fully in sync with FreeBSD
  • development: improved the ports build script in terms of error reporting and rebuilding speed
  • development: simplified file system path handling in most files to make the code easier to maintain
  • development: fixed a bug that prevented extracting our packages on ZFS
  • core: replaced most of the legacy PHP module usage with more portable (and maintainable) scripting code
  • dashboard: fixed the main link to always land on the dashboard to not confuse a restricted ACL setup
  • traffic shaper: layer 7 filter removed as the project has been abandoned (ETA for a replacement is 16.1)
  • system/settings: added an FTP proxy feature for clients trying to do active transfers
  • menu: replaced the old one with the new MVC equivalent plus assorted improvements
  • ACL: replaced the old one with the new MVC equivalent
  • login: polished the login screen behaviour
  • backend: don’t try to send a signal to non-existing process
  • user: can now change the password via “User: Change Password” from the menu
  • firmware: enforce signed packages on upgrade for our mirrors
  • rrd: fixed directory create-after-use

The images can be acquired from here:

Last but not least, checksums are:

SHA256 (OPNsense-15.1.10-cdrom-amd64.iso.bz2) = 27deac90b9e2e43fa71ff68c30b5fb28d3afcfb12483e01ff52ea40e8ca6f4a8
SHA256 (OPNsense-15.1.10-nano-amd64.img.bz2) = e61007bd2a735cdc8301d90431b6bb23dc425dfe3d7cdae162b16bd6f0dfd4a3
SHA256 (OPNsense-15.1.10-serial-amd64.img.bz2) = c7a412b1cc74331ebf13c8e95316c4c11ee56a331d7992a3bb27e80e0ce9a127
SHA256 (OPNsense-15.1.10-vga-amd64.img.bz2) = 1d9449b6bc61904995189cf264ec9c071a7effb4c203579778c827262bb88654
SHA256 (OPNsense-15.1.10-cdrom-i386.iso.bz2) = f6e7e4953cdb155490136134393892e92414e3a70baf419ba6c5319e58d45620
SHA256 (OPNsense-15.1.10-nano-i386.img.bz2) = 4e85700f4c491529f8ec60da09283674f29bfdbede83e372a95fc3719f20a661
SHA256 (OPNsense-15.1.10-serial-i386.img.bz2) = 786a5d831e37ac4d55618b5fc1ae0af1a5bfde52b048f185c5ce16f4f18821b9
SHA256 (OPNsense-15.1.10-vga-i386.img.bz2) = 6cf6c88bfa910da402e96a883bef7766570b9500941d7c5549e050bc8d74818c

MD5 (OPNsense-15.1.10-cdrom-amd64.iso.bz2) = d6f9f4736c911157067b47b8e1793a0e
MD5 (OPNsense-15.1.10-nano-amd64.img.bz2) = a4a6ed4a51cf501d5a27041f9255694a
MD5 (OPNsense-15.1.10-serial-amd64.img.bz2) = 719665d9b5e9e8d48f88b8e2b6cf177b
MD5 (OPNsense-15.1.10-vga-amd64.img.bz2) = 4f1f9a2d5fdc176e7516660ea34c6564
MD5 (OPNsense-15.1.10-cdrom-i386.iso.bz2) = 7a7bbabc27d596b0da8874ca4e31714d
MD5 (OPNsense-15.1.10-nano-i386.img.bz2) = a3a6d4d96217e6c86e430e9766971049
MD5 (OPNsense-15.1.10-serial-i386.img.bz2) = 6d3a5c3dbe02d6012d50219aaab4b7c6
MD5 (OPNsense-15.1.10-vga-i386.img.bz2) = 5ec2c602a8e3f31ad78c2f63c2d266b9

May the force be with you,
Your OPNsense team