Software:OPNsense

From HandWiki
Short description: Firewall distribution


OPNsense
Opnsense-logo.svg
ScreenShot OPNSense.png
DeveloperDeciso B.V.
OS familyFreeBSD (13.2-RELEASE)
Working stateCurrent
Source modelOpen source
Initial release5 January 2015; 9 years ago (2015-01-05)
|Final release|Latest release}}24.1 ("Savvy Shark") / January 30, 2024; 5 months ago (2024-01-30)[1]
Platformsx86-64
Kernel typeMonolithic kernel
Influenced byM0n0wall. pfSense
LicenseSimplified BSD / FreeBSD License[2]
Official websiteopnsense.org
Support status
Community & Commercial

OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso, a company in the Netherlands that makes hardware and sells support packages for OPNsense. It is a fork of pfSense, which in turn was forked from m0n0wall built on FreeBSD.[3] It was launched in January 2015.[2] When m0n0wall closed down in February 2015 its creator, Manuel Kasper, referred its developer community to OPNsense.[4]

OPNsense has a web-based interface and can be used on the x86-64 platform.[5] Along with acting as a firewall, it has traffic shaping, load balancing, and virtual private network capabilities, and others can be added via plugins.[6] OPNsense offers next-generation firewall capabilities utilizing Zenarmor, a NGFW plugin developed by OPNsense partner[7] Sunny Valley Networks.[8]

Domain dispute

In November 2017, a World Intellectual Property Organization panel found that Netgate, the copyright holder of pfSense, used the domain opnsense.com in bad faith to discredit OPNsense, and obligated Netgate to transfer domain ownership to Deciso.[9]

Releases

The OPNsense version naming system consists of year.month, since the first release took place in January 2015, it was named release 15.1. OPNsense typically uses a 6 month major release cycle with new releases in January and July of each year.[10]

OPNsense Release History
Version Code name General availability Latest minor version Latest release date Notes
15.1[11] Ascending Albatross 2015-01-05 15.1.12 2015-06-17
  • Initial release
15.7[12] Brave Badger 2015-07-02 15.7.25[13] 2016-01-18
  • Base proxy and IDS support
  • pfSense config importer
  • FreeBSD 10.1
16.1[14] Crafty Coyote 2016-01-28 16.1.18[15] 2016-06-30
  • Firmware mirror location and crypto selection
  • IPS
  • FreeBSD 10.2
16.7[16] Dancing Dolphin 2016-07-28 16.7.14[17] 2017-01-25
  • RFC 4638 support (MTU > 1492 in PPPoE)
  • HTTPS proxy support
  • Active Queue Management (AQM): Controlled delay (CoDel) and FlowQueue-CoDel
  • Two factor authentication using RFC 6238
  • HardenedBSD's ASLR implementation
  • UEFI/GPT boot
  • FreeBSD 10.3
17.1[18] Eclectic Eagle 2017-01-31 17.1.11 2017-07-25
  • PHP 7.0
  • Lets Encrypt plugin
  • Pluggable firewall rules
  • Load Balancer, UPnP, SNMP, IGMP, WOL as plugins
  • FreeBSD 11
17.7[19] Free Fox 2017-07-31 17.7.12[20] 2018-01-18
  • HardenedBSD SafeStack for base applications and selected ports
  • HardenedBSD procfs hardening
  • Interface code speedup
18.1[21] Groovy Gecko 2018-01-29 18.1.13[22] 2018-07-24
  • Debug kernel support
  • PHP 7.1
  • pluggable NAT rules
  • FreeBSD 11.1
18.7[23] Happy Hippo 2018-07-31 18.7.10[24] 2019-01-07
  • Meltdown and Spectre V2 mitigations
  • Intel NIC driver updates
  • IDS/IPS application detection rules
  • FreeBSD 11.2
19.1[25] Inspiring Iguana 2019-01-31 19.1.10[26] 2019-07-03
  • Firewall NAT rule logging support
  • WPAD / PAC and parent proxy support in the web proxy
  • 2FA via LDAP-TOTP combination
  • Dnsmasq DNSSEC support
  • HardenedBSD 11.2
19.7[27] Jazzy Jaguar 2019-07-17 19.7.10[28] 2020-01-09
  • PHP 7.2
  • LibreSSL 2.9
  • WireGuard plugin
  • Firewall rule statistics
20.1[29] Keen Kingfisher 2020-01-30 20.1.9[30] 2020-07-23
  • Google backup API 2.4.0
  • LibreSSL 3.0
  • Support elliptic curve TLS certificate creation
  • VXLAN support
  • Support for additional loopback interfaces
20.7[31] Legendary Lion 2020-07-30 20.7.8[32] 2021-01-19
  • Basic firewall API support (via additional plugin)
  • Suricata 5
  • Unbound + DHCPDv4: Properly support expired leases
  • PHP expand code styling to PSR-12
  • HardenedBSD 12.1
21.1[33] Marvelous Meerkat 2021-01-28 21.1.9[34] 2021-07-27
  • Fix stability and reliability issues with regard to vmx(4), vtnet(4), ixl(4), ix(4) and em(4) ethernet drivers
  • LibreSSL 3.2
  • New and improved live traffic report
  • IDPS: New policy definition using metadata tags (e.g. drop all critical events aimed at the perimeter)
21.7[35] Noble Nightingale 2021-07-28 21.7.8[36] 2022-01-27
  • Migrate bsdinstaller to bsdinstall
  • AXGBE 10Gbps network card driver inclusion
  • PHP 7.4
  • NTPD client mode
  • Firmware Update Revamp
  • Firewall states diagnostic API/GUI
22.1[37] Observant Owl 2022-01-27 22.1.10[38] 2022-07-07
  • Authentication / LDAP automatic user creation on login
  • Improve alias hostname resolve performance
  • Improved firewall statistics
  • Support overload table on max new connections
  • FreeBSD 13
22.7[39] Powerful Panther 2022-07-28 22.7.11[40] 2023-01-18
  • Intel QuickAssist (QAT) support
  • Add stacked VLAN support (IEEE 802.1ad / QinQ)
  • Advanced DDoS protection using syncookies
  • PHP 8.0
  • FreeBSD 13.1
23.1[41] Quintessential Quail 2023-01-13 23.1.11[42] 2023-06-28
  • Firewall alias BGP ASN type support
  • DNS insights dashboard
  • PHP 8.1
  • WireGuard kernel module
  • LibreSSL discontinued
23.7[43] Restless Roadrunner 2023-07-31 23.7.12[44] 2024-01-16
  • Support for Importing Encrypted Configuration Files During OPNsense Installation
  • RADIUS Authentication - Add MSCHAPv2 support
  • Intrusion Detection: Suricata Netmap API version 14 enabled
  • PHP 8.2
  • FreeBSD 13.2
24.1[45] Savvy Shark 2024-01-30 24.1[45] 2024-01-30
  • Suricata 7
  • OpenSSL 3 ports migration
  • NPTv6 migrate to MVC
  • VXLAN: add support for non standard port numbers
  • os-firewall plugin inclusion to ease API usage
  • Improve WireGuard kernel plugin and implement it in core
  • Add Kea DHCP server option as an alternative to ISC DHCP which will eventually be deprecated
Legend:   No longer supported versions   Latest supported release

See also

References

  1. "OPNsense Forums". https://forum.opnsense.org/index.php?topic=38427.0. 
  2. 2.0 2.1 "Press release: Deciso Launches OPNsense, a New Open Source Firewall Initiative" (in en). Deciso via PRNewsWire. January 2, 2015. https://www.prnewswire.com/news-releases/deciso-launches-opnsense-a-new-open-source-firewall-initiative-287334371.html. 
  3. "Review: 6 slick open source routers". https://www.cio.com/article/3107989/networking/review-6-slick-open-source-routers.html. 
  4. "MOnOwall comes tumbling down". Wayback Machine. 16 Feb 2015. https://www.theregister.co.uk/2015/02/16/m0n0wall_coming_down/. 
  5. "DistroWatch.com: OPNsense". DistroWatch. February 12, 2021. https://distrowatch.com/table.php?distribution=opnsense. 
  6. Sharma, Mayank; Drake, Nate (September 26, 2017). "What's the best Linux firewall distro?" (in en). Linux Format via TechRadar. http://www.techradar.com/news/whats-the-best-linux-firewall-distro-of-2017. 
  7. "Partners" (in en). https://www.sunnyvalley.io/partners. 
  8. "Zenarmor (Sensei): Overview — OPNsense documentation". https://docs.opnsense.org/vendor/sunnyvalley/zenarmor.html. 
  9. "WIPO Domain Name Decision: D2017-1828". WIPO. November 12, 2017. http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-1828. 
  10. "OPNsense Roadmap - Planned enhancements and innovations". https://opnsense.org/about/road-map/. 
  11. "OPNsense version 15.1.1 Released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-version-15-1-1-released/. 
  12. "OPNsense version 15.7 Released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-version-15-7-released/. 
  13. "OPNsense 15.7.25 Released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-15-7-25-released/. 
  14. "OPNsense 16.1 Released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-16-1-released/. 
  15. "OPNsense 16.1.18 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-16-1-18-released/. 
  16. "OPNsense 16.7 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-16-7-released/. 
  17. "OPNsense 16.7.14 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-16-7-14-released/. 
  18. "OPNsense 17.1 Released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-17-1-released/. 
  19. "OPNsense 17.7 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-17-7-released/. 
  20. "OPNsense 17.7.12 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-17-7-12-released/. 
  21. "OPNsense 18.1 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-18-1-released/. 
  22. "OPNsense 18.1.13 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-18-1-13-released/. 
  23. "OPNsense 18.7 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-18-7-released/. 
  24. "OPNsense 18.7.10 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-18-7-10-released/. 
  25. "OPNsense 19.1 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-19-1-released/. 
  26. "OPNsense 19.1.10 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-19-1-10-released/. 
  27. "OPNsense 19.7 "Jazzy Jaguar" released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-19-7-jazzy-jaguar-released/. 
  28. "OPNsense 19.7.10 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-19-7-10-released/. 
  29. "OPNsense 20.1 "Keen Kingfisher" released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-20-1-keen-kingfisher-released/. 
  30. "OPNsense 20.1.9 released". https://forum.opnsense.org/index.php?topic=18227.0. 
  31. "OPNsense 20.7 - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-20-7/. 
  32. "OPNsense 20.7.8 released". https://forum.opnsense.org/index.php?topic=20984.0. 
  33. "OPNsense 21.1 Released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-21-1-marvelous-meerkat-released/. 
  34. "OPNsense 21.1.9 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-21-1-9-released/. 
  35. "OPNsense 21.7 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-21-7-released/. 
  36. "OPNsense 21.7.8 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-21-7-8-released/. 
  37. "OPNsense 22.1 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-22-1-released/. 
  38. "OPNsense 22.1.10 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-22-1-10-released/. 
  39. "OPNsense 22.7 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-22-7-released/. 
  40. "OPNsense 22.7.11 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-22-7-11-released/. 
  41. "OPNsense 23.1 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-23-1-released/. 
  42. "OPNsense 23.1.11 released". https://forum.opnsense.org/index.php?topic=34621.0. 
  43. "OPNsense 23.7 released - OPNsense® is a true open source firewall and more". https://opnsense.org/opnsense-23-7-released/. 
  44. "OPNsense 23.7.12 released". https://forum.opnsense.org/index.php?topic=38147.0. 
  45. 45.0 45.1 "OPNsense 24.1 released". https://forum.opnsense.org/index.php?topic=38427.0. 

Further reading

External links