Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: yeraycito on January 27, 2020, 03:00:18 PM

Title: No comment?
Post by: yeraycito on January 27, 2020, 03:00:18 PM
After using pfsense and now 1 year using opnsense I have to thank the developers for the work and effort they do to maintain and improve this program which I consider better than pfsense. From the few comments I see we seem to have been disappointed that it hasn't been updated to Freebsd 12 and instead it has been updated to a relase candidate. I have installed it and I have to say that it works just as well as the previous one 19.7. I was also expecting an update to Suricata 5 : https://svnweb.freebsd.org/ports/head/security/suricata/  who looks like she's ready. Looking forward to these changes I again thank the immense work of the developers of opnsense. Thank you. Sorry about my English.
Title: Re: No comment?
Post by: franco on January 27, 2020, 03:24:41 PM
Hi yeraycito,

12.1 had three major setbacks:

1. FreeBSD 12.1 was released beginning of November 2019 which gave us only an overall of 3 months to migrate and 12.0 wasn't suitable for upgrade with 12.1 almost out (basically all major upgrades are a lot of work):

https://www.freebsd.org/releases/12.1R/schedule.html

2. HardenedBSD went through a transition at the same time which left us in limbo waiting for their 12.1 cut. We did solve this in a co-effort with HBSD in late November:

https://github.com/HardenedBSD/hardenedBSD/pull/382#issuecomment-557860012

3. We built internal BETA images in December and adapted our required shared forwarding patch, but early testing indicated a firewall log issue that was a bit too elusive so that we had to discuss a way forward with 20.1 without jeopardizing the major release cycle and the bulk of the features to be shipped.

https://github.com/opnsense/src/issues/49

In the end, the compromise is staying on HardenedBSD 11.2 but pulling off all the other roadmap items...

https://opnsense.org/about/road-map/

As for Suricata 5: we maintain Suricata for FreeBSD and updated it to version 5 over there already. We are waiting for ET-Pro Telemetry to support Suricata 5 rules and then we will be migrating to that as well.


Cheers,
Franco
Title: Re: No comment?
Post by: franco on January 27, 2020, 03:31:45 PM
PS: The flip side of disappointment over missing 12.1 is that i386 is still in 20.1 and not removed as indicated before. :)
Title: Re: No comment?
Post by: yeraycito on January 27, 2020, 03:59:35 PM
Thank you very much for the long and excellent explanation. I remain confident in your excellent work. Thank you also for the explanation of Suricata ( I'm currently using the ET PRO TELEMETRY ).
Text only | Text with Images