Home
Help
Search
Login
Register
OPNsense Forum
»
Administrative
»
Announcements
»
OPNsense 17.1.1 released
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense 17.1.1 released (Read 4569 times)
franco
Administrator
Hero Member
Posts: 17485
Karma: 1589
OPNsense 17.1.1 released
«
on:
February 09, 2017, 11:00:34 am »
Hey there,
This week we are introducing a number of reliability fixes especially with regard to our move to FreeBSD 11.0 and PHP 7.0; most prominently a NAT fix for the shared filter forwarding and repairing the CRL generation. You will also find a few interesting IPsec additions.
In case the shared forwarding is still giving you trouble on 17.1.1, run the following command to use the old behaviour and report back to us:
# sysctl net.pf.share_forward=0
Here are the full patch notes:
o system: LDAP picker CSRF error solved by introducing session-based security tokens
o system: fixed CRL generation inside PHP OpenSSL module
o system: fix a typo with Portuguese (Portugal) in language selector
o system: do not interpret passed values in wizard
o system: fix forum link in message of the day
o firewall: direction "any" was not respected in floating rules
o firewall: fix double encoding of NO NAT for NAT addresses (contributed by djGrrr)
o firewall: improve validation between IPv4 and IPv6 to prevent faulty rule generation
o firmware: opnsense-update utility now unlocks packages before performing major upgrades
o firmware: opnsense-revoke utility now retains the automatic flag
o firmware: revoked the 16.7 update fingerprints
o dhcp: change relay text to make it clear multiple servers are supported (contributed by GurliGebis)
o ipsec: add EAP-RADIUS support (contributed by GurliGebis)
o ipsec: set filtertunnel sysctl values to fix TCP teardown
o ipsec: fix hidden interface rules tab
o ipsec: add AES-GCM support
o openvpn: fixed CRL generation inside PHP OpenSSL module
o openvpn: do not escape advanced options on export
o openvpn: fix hidden interface rules tab
o mvc: multiple tab usage CSRF errors solved by introducing session-based security tokens
o mvc: fix HTTP status codes on CSRF errors
o mvc: soft-fail on missing classes in ModelRelationField (contributed by Frank Wall)
o plugins: os-acme-client 1.1[1] (contributed by Frank Wall)
o plugins: os-haproxy 1.12[2] (contributed by Frank Wall)
o src: pf(4) shared forwarding fix during NAT
o src: pf(4) sysctl switch to disable shared forwarding
o src: fix a panic with stf(4) interfaces
o src: unhide hard disks under Hyper-V
o ports: pkg 1.9.4[3][4]
o ports: pcre 8.40[5]
o ports: libressl 2.4.5[6]
o ports. libevent 2.1.8[7]
o ports: squid 3.5.24[8]
Stay safe,
Your OPNsense team
--
[1]
https://github.com/opnsense/plugins/pull/71
[2]
https://github.com/opnsense/plugins/pull/72
[3]
https://github.com/freebsd/freebsd-ports/commit/9602cca88
[4]
https://github.com/freebsd/freebsd-ports/commit/55c9964f3
[5]
http://www.pcre.org/original/changelog.txt
[6]
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.5-relnotes.txt
[7]
https://raw.githubusercontent.com/libevent/libevent/release-2.1.8-stable/ChangeLog
[8]
http://ftp.meisei-u.ac.jp/mirror/squid/squid-3.5.24-RELEASENOTES.html
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Administrative
»
Announcements
»
OPNsense 17.1.1 released