Posts on Security, Cloud, DevOps, Citrix, VMware and others.
Words and views are my own and do not reflect on my companies views.
Disclaimer: some of the links on this site are affiliate links, if you click on them and make a purchase, I make a commission.
For over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
20.1, nicknamed "Keen Kingfisher", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.
Download links, an installation guide and the checksums for the images can be found below as well.
These are the most prominent changes since version 19.7:
o Captive portal performance improvements o IPsec public key authentication support o Elliptic curve TLS certificate creation o CARP service demotion hook o VXLAN device support o Loopback device support o Extended firmware health audit checks o Support direction and non-quick on interface rules o Logging frontend migrated to MVC / API o PSR 12 coding style o Documentation for all core components o Python 3.7 is now the default Python version o LibreSSL 3.0 and OpenSSL 1.1.1 o Google Backup API 2.4 o jQuery 3.4.1
And here are the full patch notes against version 20.1-RC1:
o installer: welcome users as genuine 20.1 installer o rc: revert growfs change since Nano does not grow anymore o plugins: os-mail-backup 1.1 o plugins: os-nrpe 1.0 (contributed by Michael Muenz) o plugins: os-theme-rebellion 1.8.3 (contributed by Team Rebellion) o plugins: os-vnstat 1.2 o plugins: zabbix4-proxy 1.2 o ports: ca_root_nss 3.49.2 o ports: curl 7.68.0 o ports: isc-dhcp 4.4.2 o ports: php 7.2.27 o ports: urllib3 1.27.7
Known issues and limitations:
o HardenedBSD 12.1 has been postponed to the next major release o Legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates o To prevent stale configuration files for remote syslog we advise to setup the new targets first and disable the old ones under System: Settings: Logging o i386 has not been deprecated for the time being
The public key for the 20.1 series is:
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0oYxXjva1d2TC/jQ/ygT GNB2QM2Flhq1CKwYKioT6kuKCelmG/vDRVYGs2VwBeshl53qnnob3rrCVtuS84VG C8n0i7bWsVWuOCaPzVCOua7MyxQNDItwA5D18SrmDbs07JE9XD30cX36Lvyq8GvZ bjk3AnHHqefR6F7fMGjDNPE3JofyLXEXN7TiH/Wk1MmBm3TXMJ4q63qa/clbY5zT jd2k1dtKWy23CcBKfxplu8HycqdQLCRl4o9+qdq7OQ8v9VT5dPIJcJodCvX9hAf7 AUAMqsP3e6AyDM7iQcEkJiwAiytFAawyEIVOECxhEA+NpXHykd4G/00f5jGB259X /A8ARhjyT3zadjgXTIcEEBe5YTmxZrrKvWud4PguBTQOo9+XpI0H8A+IcoZ9AXQT J/IDBZJjsdSLspLPzLiwVQk9JrVylMLeyXCbtGCBZ8FOXyffceNQQl119ubkAZkx +NvioMIYQ+8rX0vn0njJfot+GQh0ezadlzuAmBBsGD8EtMCj92l/7zOyGucG+dCW kIv1yX0IOKeaNBZR3GDJJoyj5hFnoxkj2aNbuWjetg5MvpjBMl/h44brjL93m8PK GUhwcEPqcwu4ngu12O6vEeJW4vAbFlEznvgxmwJhMQf1/R8SUmKmAiprWKnY/w0E VHzlx7aRoGcRnnPs71DeloMCAwEAAQ== -----END PUBLIC KEY-----