Die Open-Source Firewall, OPNsense, erhielt vor wenigen Tagen das Update 20.1 alias Keen Knigfisher. Damit ist ein neues Major Release der beliebten veröffentlicht worden. OPNsense gibt es nunmehr seit 5 Jahren und basiert auf HardenedBSD. Das Alias “Keen Kingfisher” benannte Release bringt VXLAN und zusätzlichen loopback support, IPsec Public Key Autentifizierung und elliptic curve TLS Zertifikate.

OPNsense 20.1 Release Notes

• Captive portal performance improvements
• IPsec public key authentication support
• Elliptic curve TLS certificate creation
• CARP service demotion hook
• VXLAN device support
• Loopback device support
• Extended firmware health audit checks
• Support direction and non-quick on interface rules
• Logging frontend migrated to MVC / API
• PSR 12 coding style
• Documentation for all core components
• Python 3.7 is now the default Python version
• LibreSSL 3.0 and OpenSSL 1.1.1
• Google Backup API 2.4
• jQuery 3.4.1

And here are the full patch notes against version 20.1-RC1:

• installer: welcome users as genuine 20.1 installer
• rc: revert growfs change since Nano does not grow anymore
• plugins: os-mail-backup 1.1[2]
• plugins: os-nrpe 1.0 (contributed by Michael Muenz)
• plugins: os-theme-rebellion 1.8.3 (contributed by Team Rebellion)
• plugins: os-vnstat 1.2[3]
• plugins: zabbix4-proxy 1.2[4]
• ports: ca_root_nss 3.49.2
• ports: curl 7.68.0[5]
• ports: isc-dhcp 4.4.2[6]
• ports: php 7.2.27[7]
• ports: urllib3 1.27.7[8]

Known issues and limitations:

• HardenedBSD 12.1 has been postponed to the next major release
• Legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates
• To prevent stale configuration files for remote syslog we advise to setup the new targets first[9] and disable the old ones under System: Settings: Logging
• i386 has not been deprecated for the time being 

Quelle: https://opnsense.org/opnsense-20-1-keen-kingfisher-released/