OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: franco on April 12, 2017, 08:33:31 am
-
Hi all,
Here is a list of items tackled for the development track of 17.7, frequently updated:
o Session-based CSRF
o HardenedBSD procfs hardening
o Replace Realtek re(4) driver with vendor version 1.93
o Plugins now support a development package alongside the release package
o Switch to MIT Kerberos version 5
o Move RFC 2136 and Dynamic DNS services to plugins
o IPsec and OpenVPN backend restructuring
o 100% completed translation for Chinese (Simplified)
o 100% completed translation for Portuguese (Brazil)
o 100% completed translation for Portuguese (Portugal)
o 100% completed translation for German
o 100% completed translation for Czech
o Virtual terminal driver vt(4) as the default
o VLAN PCP support and firewall rule priority configuration settings
o Embedded versioning of kernel and base sets for improved authenticity
o Router Advertisements can now advertise optionally configurable routes
o Allow individual plugins to fail without causing fatal errors on the firewall
o Early installer replaced by lightweight config importer utility
o Cleanup of the backend rule generation code
o HardenedBSD SafeStack for base applications and ports
o CARP preempt and defer modifications
o Interface code speedup
o Major upgrade support via GUI
o Unbound as default DNS resolver for new installations
o Solved UEFI VGA boot with USB written from Windows
o Improved the set IP menu option with far gateway selection, DHCP, DNS, track6, etc.
o Several web GUI hardening changes
o Allow reversal of token order in TOTP authenticator
o Optional swap file for SSD deployments (better than a fixed partition swap)
o Firmware can now do major upgrades via the GUI
o Firmware cron job can optionally run major upgrades
o Fixed the leakage of a socket from DHCPv6 client to OpenVPN et al., which previously prevented proper reloading if the interface
o Code reparations for the PHP 7.1 switch
o Host-Uniq configuration option for PPPoE connections (e.g. VodafoneStation router replacement in Italy)
o Installer now prompts for a password change after a successful installation
o Improved LAGG interface reconfiguration handling
o Fixed 17.1 IPsec kernel regression to restore fine-grained filtering of inbound IPsec packets under NAT-T
o New plugins: Quagga (OSPF, OSPFv3, RIP and BGP), Zabbix-Agent, Monit, FreeRADIUS
Some of these changes have already been added to 17.1.x, others can be previewed in the development package:
https://forum.opnsense.org/index.php?topic=3479.0
If you have questions, please let us know.
Cheers,
Franco
-
o Replace Realtek re(4) driver with vendor version 1.93
as a user of zotac ci323, can this be added to 17.1.x?
-
Sure, it was added to 17.1.2 in February:
https://github.com/opnsense/changelog/blob/master/doc/17.1/17.1.2#L54
-
oh. Yeah, I checked and driver is 1.93. too bad that under long upload saturating my connection network dies and only reset helps. So it is intel 4port card and different build :)
-
Plugins:
* Quagga Routing Plugin: Configure OSPF, OSPFv3, RIP and BGP as well as diagnostics pages
* zabbix-agent: Monitoring of the appliance
* monit: Monitoring of the appliance
-
Hi, is it possible to "nominate" this PPPOE issue for inclusion in 17.7?
https://github.com/opnsense/core/issues/1352
reviewing the original thread: https://forum.opnsense.org/index.php?topic=4328.0 and IRC, it seems to impact many others, and may not be limited to MAC address setting, but at least that one we know for sure causes instabilities, maybe fixing/updating that area will resolve other issues.
-
Please port the new pf of openbsd6.1 to opnsense version 17.7! I need the founction af-to!
-
Porting OpenBSD pf(4) changes is out of scope. A better approach would be if somebody wanted to fork OPNsense to migrate it to OpenBSD to get these features natively. :)
-
Any effort to complete the API? (Firewall rules, networking)
-
At least for dynamic routing (OSPF, BGP, RIP) there is an API (quagga plugin).
-
Any progress on resolving IPs in Insight?
Even my AdvancedTomato can do it! :D
Please guys, It´s heavy needed!
Thanks.
-
We have at least one ticket for it. It's not very high in priority, but if someone is interested in helping write the feature we always offer review and guidance. :)
https://github.com/opnsense/core/issues/1034
-
建议 system:access:server:voucher 添加一个全数字帐号和密码全数字密码选项,这样更人性化
services:captive portal:vouchers 这样数字加字母输入太麻烦了
-
It is recommended that system:access:server:voucher add a full digital account number and password, all digital password options, so that more humane
-
You can already set a simple character set in the voucher server settings as well as the length of password and user name. Note that vouchers are account credentials, so the less characters used will reduce the amount of vouchers that can be generated. That means if you use a simpler character set, increase the user name length...
-
Hello,
The OPNsense project is fantastic !!!! Congratulations on a great job !
It is foreseen the development of some kind of plugin to generate reports of squid , or the use of the SARG, FREE-SA or any other ?
It would be perfect if OPNsense possess this feature.
Congratulations for the project.
-
Hi mbrigagao,
We have a few packages available for this purpose, but no plugin. I'm not aware anyone is working on it currently and it's not part of our core mission / road map.
So for the moment that answer is no. :/
Cheers,
Franco