OPNsense neues Release 18.7

      Keine Kommentare zu OPNsense neues Release 18.7

OPNsense 18.1 “Groovy Gecko” ist End of Life und wurde durch OPNsense 18.7 “Happy Hippo” abgelöst. Die neue Version erscheint nach ca. 3.5 Jahren nach dem ersten Release.

Damit diese Version installiert werden kann, muss sie über die WebGUI, SSH oder per Installer freigeschaltet werden. Zuvor solltest du unbedingt die Release Notes mit den Änderungen und Anpassungen lesen.

OPNSense 18.7 Release Notes

  • improved WAN DHCPv6 and SLAAC connectivity and tracking
  • functional IPv6 Rapid Deployment (6RD) support
  • improved default route handling and gateway switching
  • OpenVPN default setup improvements for IPv6 and RADIUS attribute support
  • Dpinger gateway monitoring integration
  • password policies for local authentication and coupled TOTP
  • Monit core integration to eventually replace the legacy notifications
  • OpenSSH access via group and shell selection instead of privilege
  • pluggable backup framework with new Nextcloud option
  • sytem tunables are now also used as loader tunables
  • unrestricted VLAN usage for e.g. Xen
  • QinQ interface removal
  • firmware GUI speedup, improved error parsing and console reboot hint
  • ZFS on root boot support (installer support is pending, but opnsense-bootstrap works)
  • ZFS and MSDOS config import support
  • ISC DHCP version moves from 4.3 to 4.4
  • RRDtool version moves from 1.2 to 1.7
  • rework rc.syshook facility to use drop-in directories instead of suffixes
  • backports of FreeBSD 11.2 Intel NIC drivers
  • stand-alone frontend UI development tools
  • language updates for Czech, French, German, Portuguese (Brazil)
  • UI header security and SSL cipher hardening
  • extensive UI cleanups and menu consolidation
  • new and rewritten plugins: os-cache, os-lcdproc-sdeclcd, os-net-snmp,
    os-nut, os-openconnect, os-relayd 2.0, os-shadowsocks, os-theme-cicada,
    os-theme-rebellion, os-theme-tukan, os-wol 2.0

Migration notes and minor incomatibilities to look out for:

  • SSH access is now bound to the “wheel” group which is automatically
    added to “admins” group, which “root” is a member of. “root” is the
    only user that has a default shell, namely opnsense-shell, which is the
    root console menu.
  • SSH access can be set for an arbitrary group as well under System:
    Administration for non-members of “admins” group. However, in both
    cases only SCP works due to a request in the forum to be more proactive
    regarding yielding of shell access rights. If you want a user to gain
    true SSH access you need to change their shell from “nologin” to an
    installed shell in their respective settings.
  • Web GUI HTTPS ciphers have been hardened. To gain access please use a
    recent browser.
  • The authentication fallback for the GUI/system has been removed in
    favour of selecting multiple authentication servers at once. Reassign
    your fallback as a primary authentication method or now use more than
    two methods.
  • It has been found that although WAN interfaces require gateways to
    function, they do not necessarily have to be assigned in single-WAN
    scenarios to avoid interfering with WAN reply behaviour. The “none”
    selection was therefore changed to “auto-detect” to reflect this and
    now is the recommended setting unless multi-WAN is used.
  • In preparation for the firewall alias API the per-item descriptions have
    been removed along with support for the deprecated types urltable_ports
    and url_ports.
  • OpenVPN /31 tunnel network calculation changed to use the first and last
    address as network address and broadcast address do not exist. If you
    are affected, adjust your clients or export their configuration again
    which includes the configuration fix. Additionally, /32 tunnel networks
    are now prohibited.

All images are provided with SHA-256 signatures, which can be verified
against the distributed public key:

# openssl base64 -d -in image.bz2.sig -out /tmp/image.sig
# openssl dgst -sha256 -verify rsa.pub -signature /tmp/image.sig image.bz2

The public key for the 18.7 series is:

—–BEGIN PUBLIC KEY—–
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvkEFA2+DAhWXfucsgdvZ
8xxkuzNt0nYttTmbRtLVJRKREysOj3/nqBcFWtvLr3ooVhkbxVY7HPLEoicqFdG/
+m5lLR2kI7hnZ2mpkl+/NKSixJaZkqXi5cQCp8KUlE7oOu3d6O5ZtTg4g40Ms8Dp
bQw8oZo3NpBrQK3gEEEzNYgChkZwTrEZ1Y8v8+/3zggh44sqg4vA1j5g9jq3Ldms
3KnulBgettpHIapeAmbtCokaLaXxf4lgQxyUsy077aeNRptDpGG3D5ZQgtIjaYeE
h3u51PaVTL5OY/2uvcTnxR/ZrrHpppkIutUGzGJo9KK0gfrXLi31r9e+xtBJYBdC
FtdefujlV3Cfw1OFpUY/Y1p921xgHftNnrVDk+C9kl+FKf3qvFeyGCbd9V2k1JM2
uXHDwbsjZNPhbxbqtCoCDMbsUjBsfWyAOIoZfXOSmqJQt3jBUvwXKwLKncVh4Tvu
wxJGXNZXk/OCHVQYlx/uzwf5/ly/ApIwMKqr66E7mo0OVkPaME0uCCUJolugu9lI
tW8TJVZryBCQMQ4XhPZkcny22I2oRI5nCu7baRrFNJ8gB8UYUnrIPTIJIhrjrVOg
pFOxSb/tZAqtutFOE8F5+KwcgGlOBOKXPaNrdQ79X4kH7egChPrhm283rfW1oEG6
8rHzvP45S09L8o7OXUddo8UCAwEAAQ==
—–END PUBLIC KEY—–

Quelle: https://opnsense.org/opnsense-18-7-released/

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.