OPNsense 24.1.4 Release Notes

Die Community Edition der Open-Source Firewall OPNsense erhielt das Bugfix Release 24.1.4. Das Update behebt Fehler und aktualisiert Suricata und Unbound auf die neuste Version. Weiterhin wurde der Support für dynamic DNS VTI Verbindungen hinzugefügt. Das Caddy Plugin von Cedrik Pischem (Monviech) ist nun im offiziellen Paketstore, installierte Pakete können bleiben und sollten automatisch aktualisiert werden.

Aus der Beschreibung des Plugins: Was ist Caddy?

Easy to configure Reverse Proxy based on Caddy with Automatic HTTPS and Dynamic DNS

Caddy – The Ultimate Server – makes your sites more secure, more reliable, and more scalable than any other solution.
By default, Caddy automatically obtains and renews TLS certificates for all your sites.
It’s the most advanced HTTPS server in the world.

Reverse Proxy HTTP, HTTPS, FastCGI, WebSockets, gRPC, FastCGI (usually PHP), and more!

WWW: https://caddyserver.com/

Main features of this plugin:

• Easy to configure and reliable! Reverse Proxy any HTTP/HTTPS or WebSocket application in minutes.
• Hard to break! Extensive validations of the configuration on each save and apply.
• Automatic Let’s Encrypt and ZeroSSL Certificates with HTTP-01 and TLS-ALPN-01 challenge
• DNS-01 challenge and Dynamic DNS with supported DNS Providers built right in
• Use custom certificates from OPNsense certificate store
• Wildcard Domain and Subdomain support
• Access Lists to restrict access based on static networks
• Basic Auth to restrict access by username and password
• Syslog-ng integration and HTTP Access Log
• NTLM Transport

OPNsense 24.1.4 Release Notes

• system: allow 0 length voucher passwords in authentication server
• system: merge static logging settings into existing MVC page
• system: fix handling of empty “serialusb” node set during import
• system: prevent empty “user” node to crash during boot
• interfaces: prevent modal x-axis overflow on packet capture page
• firewall: refactor schedule matching and fix an end-of-the-month bug
• firewall: fix incorrect packet counters statistics collection
• intrusion detection: align performValidation()->count() to use count() instead
• ipsec: optionally hook VTI tunnel configuration to connection up event to support dynamic DNS
• isc-dhcp: do not add interfaces for non-Ethernet types to relaying
• kea-dhcp: add domain-search, time-servers and static-routes client options to subnet configuration
• openvpn: various improvements for TAP servers
• wireguard: migrate non-netmask allowed IP entries and enforce them in validation
• wireguard: show proper names when public keys overlap between instances
• mvc: fix PHP_FLOAT_MIN being unreliable
• mvc: Add simple Message class and remove the previous Phalcon dependency
• mvc: refactor HostnameField, remove HostValidator dependency and add unit test
• mvc: add new static Autoconf class to access information collected by ifctl
• mvc: fix rewind() stream not supporting seeking error
• mvc: add copy of our html_safe() and use it in the translator
• ui: adjust margin of hr elements to match __mX helpers
• ui: add a button to allow textarea style edits of free-form tokenizers
• ui: when an error is raised make sure it is always visible
• ui: fix copy/paste buttons not showing for tokenizers in some situations
• plugins: os-bind 1.30[1]
• plugins: os-caddy 1.5.2[2] (contributed by Monviech)
• ports: expat 2.6.1[3]
• ports: libpfctl 0.10
• ports: nss 3.98[4]
• ports: phalcon 5.6.2[5]
• ports: sqlite 3.45.1[6]
• ports: suricata 7.0.4[7]
• ports: unbound 1.19.3[8]