OPNsense Forum
Archive => 15.7 Legacy Series => Topic started by: franco on July 02, 2015, 03:19:54 pm
-
Hi everyone,
as promised, here are the achievements of the last 6 months of work, ever since we've released 15.1 in January. The MVC work as well as the frontend/backend split is progressing at a reasonable pace, eventually leading to an architecture that has true privilege separation. The Bootstrap GUI received initial tweaks, but hasn't been the focus of this iteration. Our biggest additions are the Proxy, Intrusion Detection and Traffic Shaper, which have been rewritten from scratch using standard components of the FreeBSD ecosystem.
Here is a full list of key points:
o Added i386 and NanoBSD images
o OpenSSL and LibreSSL production-ready flavours
o Introduced opnsense-update utility for base system, kernel and package updates
o Completely rewrote of the firmware backend code and rebuilt its GUI in MVC
o Moved from FreeBSD 10.0 to 10.1, managing to lose the majority of custom patches
o Replaced the legacy backend daemon with a Python rewrite including a template engine
o Bsdinstaller can adapt its installation parameters for embedded devices
o Added OpenDNS support in the GUI (impeccable timing on that one)
o Stripped the legacy code for platform awareness and NanoBSD images
o Brought back the crash reporter
o Added GoogleDrive backup option for the configuration history
o Rewrote server-side parts of the XMLRPC service
o Unused ports in ports.git are now kept fully in sync with FreeBSD ports
o Kickstart of user-contributed translation projects with e.g. Simplified Chinese at 49% completed and German at 30%
o Config.xml handling code was refactored to enable simultaneous operation of the legacy PHP pages and the new MVC features
o Removed the unmaintained and dysfunctional Layer 7 filtering code
o Traffic shaper feature was rewritten using IPFW/MVC instead of ALTQ
o Upgrade package are now signed and verified for authenticity
o The GUI menu has been converted to MVC and enables legacy and new GUI components to coexist peacefully
o The bulk of custom kernel patches has been stripped to minimise the code distance to FreeBSD
o Proxy server implementation in MVC using squid
o IDS implementation in MVC using suricata
o Cron implementation in MVC
o HTTP API support for firmware updates, proxy server, intrusion detection and traffic shaper
o Reworked the port assignment section also support non-interactive setups for headless systems
Feel free to discuss, comment or ask questions. There's always room for improvement. :)
Cheers,
Ad, Franco and Jos
-
as promised, here are the achievements of the last 6 months of work, ever since we've released 15.1 in January
Thank you very much, and "Hipp hipp huray!"
Do you have scheduled a release date so far?
-
We are testing the final images now. Hopefully in two hours. We have the doubled amount of testing because we are also releasing official LibreSSL images. :)
-
Looking forward to trying IDS. Wonder if I can manage to set it up properly.
There is a nice topic from Zedestructor over at pfsense forums I've been meaning to give a proper go.
Which requires suricata :-)
-
There is a nice topic from Zedestructor over at pfsense forums I've been meaning to give a proper go.
Which requires suricata :-)
Weust, would you mind giving the hyperlink?
We are testing the final images now. Hopefully in two hours. We have the doubled amount of testing because we are also releasing official LibreSSL images. :)
Thumbs up, Franco! Brave!
-
Chol, apparently it's not written by Zedestructor. Thought he was someone else on the pfsense forums, but on IRC last night he said he didn't write it.
No clue how I got the link then, I know it's from IRC though.
Anyway, https://forum.pfsense.org/index.php?topic=78062.0
-
I like this new section in the forum!
Chol, apparently it's not written by Zedestructor. Thought he was someone else on the pfsense forums, but on IRC last night he said he didn't write it.
No clue how I got the link then, I know it's from IRC though.
Anyway, https://forum.pfsense.org/index.php?topic=78062.0
Well, actually, thank you for the link!
-
After upgrading to the 15.7.4 from the 15.7.3, you have a warning message on the login page :
Warning: Illegal string offset 'vip' in /usr/local/etc/inc/authgui.inc on line 340
-
That one is fixed for 15.7.5 (scheduled for tomorrow).