-
Notifications
You must be signed in to change notification settings - Fork 24
/
19.7.r1
134 lines (117 loc) · 6.97 KB
/
19.7.r1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
@ July 09, 2019
Hi there,
For four and a half years now, OPNsense is driving innovation through
modularising and hardening the open source firewall, with simple
and reliable firmware upgrades, multi-language support, HardenedBSD
security, fast adoption of upstream software updates as well as clear
and stable 2-Clause BSD licensing.
We thank all of you for helping test, shape and contribute to the project!
We know it would not be the same without you.
Download links, an installation guide[1] and the checksums for the images
can be found below as well.
o Europe: https://opnsense.c0urier.net/releases/19.7/
o US East Coast: http://mirrors.nycbug.org/pub/opnsense/releases/19.7/
o US West Coast: https://mirror.sfo12.us.leaseweb.net/opnsense/releases/19.7/
o South America: http://mirror.upb.edu.co/opnsense/releases/19.7/
o South-East Asia: https://ftp.yzu.edu.tw/opnsense/releases/19.7/
o Full mirror list: https://opnsense.org/download/
Here are the full changes against version 19.1.10:
o system: new remote syslog setup via Syslog-ng
o system: gateway handling rewrite
o system: default gateway switching priority control (sponsored by m.a.x it[2])
o system: dpinger ported to plugin framework
o system: bring back PHP warning log level
o system: use authentication factory for user import
o interfaces: VLAN, bridge, LAGG, GRE, GIF setup refactor
o interfaces: improve load sequence to allow DHCPv6 on bridges
o interfaces: GIF, GRE, IPsec and OpenVPN will no longer accept IP configuration
o interfaces: speed up get_real_interface() by assuming interfaces exist
o interfaces: sort interface groups and require rules apply if necessary (contributed by Robin Schneider)
o interfaces: background PPPoE connect and disconnect
o interfaces: only IP-address allowed in PPP gateway (contributed by Smart-Soft)
o interfaces: simplified linking VIPs to interfaces
o interfaces: removed interface_has_gateway()
o interfaces: removed interface_has_gatewayv6()
o interfaces: removed get_failover_interface()
o interfaces: removed rc.kill_states
o firewall: ability to view automatic rules
o firewall: rule origin locator in live log and automatic rules listing
o firewall: show statistics for all active rules including automatic ones
o firewall: optional statistics for alias tables
o firewall: fix translation of shaper mask "none" value
o firewall: add ipv6-icmp type selection
o firewall: rule listing layout update
o reporting: new NetFlow reader in Python 3
o reporting: validate that NetFlow WAN interfaces are also added to listening interfaces
o dhcp: ported to plugin framework
o dhcp: added failover split to DHCPv4 (contributed by Wolfgang Pedot)
o dhcp: fix ddnsdomainprimary setting validation
o dhcp: added advanced options for router advertisements
o dhcp: removed remove rasend/ranosend checkbox
o dhcp: simplify DHCPv4 interface lookup on lease page
o dhcp: use AdvDefaultLifetime 0 when default route shall not be advertised
o firmware: support reading package repository and origin
o firmware: warn on third party package installation
o firmware: synchronise update checks to avoid "not responding" errors
o firmware: fix empty update list on release type change
o installer: support password reset in opnsense-importer
o intrusion detection: allow rule action bulk changes
o intrusion detection: minor usability improvements
o intrusion detection: support eve system log output
o openvpn: removed gateway group listening support
o openvpn: no longer restart servers on CARP events
o openvpn: reduced complexity in service handling
o web proxy: replace proxy login privilege "user-proxy-auth" with group selector
o backend: ported remaining scripts to Python 3
o backend: add helpers.glob() to enable template traversal
o backend: new "monitor" hook for rc.syshook
o mvc: do not add "none" in AuthGroupField if multiple select
o mvc: allow sorting JsonKeyValueStoreField by value
o ui: remember previous selected columns and row count on several MVC pages
o ui: apply alert reminders for several MVC pages
o ui: add failed callback to saveFormToEndpoint()
o ui: core theme color update
o ui: fix file size suffix (contributed by Fabian Franz)
o ui: add useRequestHandlerOnGet option
o ui: bootstrap 3.4.1[3]
o src: netmap VirtIO, VLAN child and vmxnet support
o src: fix races in tun(4)/tap(4) drivers
o ports: squid 4.7[4]
o ports: syslog-ng 3.21.1[5]
Known issues and limitations:
o Filterlog spamming console due to new Syslog-ng integration. Temporary workaround is stopping filterlog via "pkill filterlog".
o OpenVPN no longer supports listening on gateway groups. Use localhost paired with port forwards instead.
o The web proxy login privilege is no longer available. Access may be restricted by a group selector instead.
o Web proxy squid update from version 3 to 4 breaks the cache database. To repair go to "Services: Web Proxy: Administration" tab "Support" and click "Reset".
The public key for the 19.7 series is:
# -----BEGIN PUBLIC KEY-----
# MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2syLqN/IMuADI42aTXx
# HRbX3YljURN1dhhjYoqOc/7uZKVc7UJk79q49x8VZmC0edhHiNKfrhj5g3htsPgu
# N/eFsc1MZv+J2rfSF7L5NV3D5dU9nuBc75wb9SRIXm7XiiiuInMNRBlJsiFeiuJm
# oaE/zqgr75m+cc7sdNQnQQk9+APr4LdksX0bllRmxfhLjDKgiSVe+Yq9kje/JHyf
# je5i3MI9WT80o46IZc/oN4q9RG7n6gaIFBVckCwCKsnNZlDCvb1Sr0tdKs58fswj
# fxMvouMBf+Jk/0dOEZnoIFYb436H2CUfabiPX3Vm4r3MU4dr5m41WlCH/984cBKy
# QSM8h4nSAs/naj5c5YDe4qmwUBxwPIvJPVC/vuWLusyg1gYbloj3EIc1uv2YCkKw
# 0ra7Hocln3+7Jf2Yn/yn6yaCNdoJY2Blvo84giuklDqdBIKggDHSxGrLKDBshSR3
# hapkFRoR7BhnoT14E8DMgD23g9tcwce1AJJ6mZ/DraBx5l11P1ZXLqnyCpvOt5oV
# HmMZ9/Xu0naPUC8IxVSNew8j3liPbc5oKV0kQ/TRQTevOBLJ8QA7Y5YdPu0cS4qw
# Jq3fGnsRt/0+i1Vs7q51KJLNECHyhWm6zYAfST22ohTUgo2ByoM8r0aRslmiG6JS
# +ancHD4lnnHRd+4ybevUft0CAwEAAQ==
# -----END PUBLIC KEY-----
Please let us know about your experience!
Stay safe,
Your OPNsense team
--
[1] https://docs.opnsense.org/manual/install.html
[2] https://www.max-it.de/
[3] https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
[4] http://squid.mirror.colo-serv.net/archive/4/squid-4.0.7-RELEASENOTES.html
[5] https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.21.1
# SHA256 (OPNsense-19.7.r1-OpenSSL-dvd-amd64.iso.bz2) = 5014dba896a425d15fbedcb44f2deec7fb5aee6a1b7c95833b819f8d352de6a1
# SHA256 (OPNsense-19.7.r1-OpenSSL-nano-amd64.img.bz2) = b9d6ccbfdcb88f813a6494efb13647d1715500551c7dc51f632766b19189c6bc
# SHA256 (OPNsense-19.7.r1-OpenSSL-serial-amd64.img.bz2) = 86050bffa626247cfe0374d28994a52f9e10490b20a81539f5d2784676280c17
# SHA256 (OPNsense-19.7.r1-OpenSSL-vga-amd64.img.bz2) = 3a7ae31f6429e519060a717b6248d13620a1e5caba43f44afaf4a7dd4e6634e6
# SHA256 (OPNsense-19.7.r1-OpenSSL-dvd-i386.iso.bz2) = 4c0e54982d92279e7273c74cac183290e89219f75b4c1f55a42bad0331bdf321
# SHA256 (OPNsense-19.7.r1-OpenSSL-nano-i386.img.bz2) = 5db5dfc0bfb15a593dae689b58e65d556e935c326741729ad37507a952a51426
# SHA256 (OPNsense-19.7.r1-OpenSSL-serial-i386.img.bz2) = a20422c81c62c79264aec2cf83cb8734e2e0c954881200e6bc46d372f2432cf9
# SHA256 (OPNsense-19.7.r1-OpenSSL-vga-i386.img.bz2) = f6ba92f987c024697e6599b72d905ac9a4fdcfe61c71e3f060dccf1efccd6d82