Hello friends,

after an extended low profile period we are back in business with the latest and greatest 15.1.8. You’ll notice that we have incorporated the recent OpenSSL security advisories along with a larger number of fixes and cleanups. But there’s more. We have pushed the bulk load of our new configuration handling code which is intended to bridge the gap between the old and the new front-end code. And since we don’t like to stop there just yet, we’ve also added support for backing up your configs on your private Google Drive.

We encourage our users running or later to try the root console menu option “12” for a fully automatic system upgrade. Otherwise, it’s either installing from scratch using install media and the installer’s config import feature, or running the GUI firmware update and dropping to a root shell to run `opnsense-update && reboot’ to fully benefit from the base system security updates. Please let us know about your upgrade experience. We are still adding and tweaking code to complement and simplify the upgrade process.

Here is the full list of changes:

  • src: applied FreeBSD-SA-15:06.openssl
  • src: updated to tzdata2015b
  • src: add missing max-packets parsing for pf(4)
  • src: OPNsense branding for boot loader
  • bsdinstaller: speed up SD card writes using async mode and assorted cleanups
  • opnsense-update: don’t trigger a spurious update after a fresh install when invoked for the first time
  • notable port updates: isc-dhcp42 4.2.8, libressl 2.1.6, openssl 1.0.1m, ca_root_nss 3.18
  • core: removed obsolete conf_mount_ro() and conf_mount_rw() usage
  • core: removed platform awareness with a more appropriate probe for install media
  • core: removed all remnants of the old firmware update code
  • core: completely rewrote the config.xml handling to unify old and new GUI components
  • core: added support for config backup to Google Drive
  • packages: removed the legacy package system
  • upnp: transformed the preinstalled package into a standard feature
  • openvpn: added the client export package as a standard feature
  • dyndns: minor follow-ups for Duck DNS support
  • firewall log: fix bug that would prevent the filter from working correctly
  • ntp: added numerous config form tweaks and fixed daemon startup
  • igmpproxy: fixed daemon startup
  • dns: properly regenerate hosts file on reload
  • ssh: fix sshd reload on save in system admin access page
  • rc: avoid invoke of FreeBSD’s rc system on halt and reboot
  • dhcp: improve compatibility with IPv6 deployments

The install media images can be found here:


Stay safe,
Your OPNsense team