OPNsense released

Franco Fichtner franco at opnsense.org
Wed May 13 10:38:43 CEST 2015

Dear friends and followers,

we are happy to announce OPNsense today following
a rather exciting firmware upgrade bug that prevented the
release yesterday.  We are back to normal now thanks to the
wonderful people of pkgng, and, boy, do we have news to share.

First and foremost, it's time to reveal to all of you the
Proxy Server (based on squid) work we've done under the hood
for a few months now.  The new MVC framework has been plugged
seamlessly into the GUI and can be inspected under “Services:
Proxy Server”.  This is a sneak preview of things to come and
any help in testing and commenting on the feature is going
to be a huge help as we go forward.

The translation project has been kickstarted for Japanese[1]
and Chinese, although the translations are not yet available
in the GUI due to their incompleteness.  We do, however,
think this is a good opportunity to ask for contributions to
the translations and welcome efforts for other languages as

Last but not least HardenedBSD's work[2] to build OPNsense
on top of their code has been a quick success story and will
eventually bring features like ASLR into the project.  The
cooperation also sparked a number of build tools improvements
that will make maintaining the project easier in the future.
Changes also help to unify the OpenSSL/LibreSSL release handling
so that with this announcement you will be enjoying your timely
LibreSSL firmware upgrade.

Here is the full list of changes:

o proxy: basic proxy features on top of our new and shiny
	MVC framework under "Services: Proxy Server"
o proxy: smart tokens for item lists (copy/paste CSV list
	into them and watch the magic happen)
o proxy: help on/off per item or full page
o proxy: hide advanced options and include sane defaults
o proxy: FTP proxy included with same ACL controls as HTTP
o proxy: simple authentication using built-in user database
o openvpn: added Tunnelblick’s version of the OpenVPN XOR
	feature for protocol obfuscation[3]
o core: fixed config.xml section import regression
o core: stripped numerous dynamic strings from gettext()
o ports: added FreeBSD’s 10.1 ifinfo tool to probe for interface
	statistics to replace legacy PHP module code
o ports: bsdinstaller 2.3 no longer uses cpdup utility, plus
	log collection and SONAME fixes
o ports: updated to pkg 1.5.2, phalcon 2.0.0, dnsmasq 2.72_1[4]
o ports: perl5 is now installed by default (5.18)
o development: OpenSSL and LibreSSL branches have been merged
	for a simpler build experience and smaller release times
o development: the package sets are now always kept as a single
	archive that can be reused and recompiled (even
o development: stable translation template file is available[5]
o development: kickstarted Japanese and Chinese translations
o development: language translation files are now automatically
	compiled into the core package
o development: added a persistent build config file for setting
	the version, crypto flavour and release version tag
	(if applicable)

The update is available via the firmware upgrade feature only.
Apologies for missing the 15.1.10 and announcement
to the mailing list last week.  The forum announcements can
be found here:


Stay safe,
Your OPNsense team

[1] http://dotike.github.io/opnsense.core.ja_JP.UTF8/
[2] https://hardenedbsd.org/article/shawn-webb/2015-05-08/hardenedbsd-teams-opnsense
[3] https://code.google.com/p/tunnelblick/wiki/cOpenvpn_xorpatch
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3294
[5] https://raw.githubusercontent.com/opnsense/core/master/src/share/locale/en_US/LC_MESSAGES/OPNsense.pot

More information about the announce mailing list