Archive > 17.7 Legacy Series

17.7 development milestones

(1/4) > >>

franco:
Hi all,

Here is a list of items tackled for the development track of 17.7, frequently updated:

o Session-based CSRF
o HardenedBSD procfs hardening
o Replace Realtek re(4) driver with vendor version 1.93
o Plugins now support a development package alongside the release package
o Switch to MIT Kerberos version 5
o Move RFC 2136 and Dynamic DNS services to plugins
o IPsec and OpenVPN backend restructuring
o 100% completed translation for Chinese (Simplified)
o 100% completed translation for Portuguese (Brazil)
o 100% completed translation for Portuguese (Portugal)
o 100% completed translation for German
o 100% completed translation for Czech
o Virtual terminal driver vt(4) as the default
o VLAN PCP support and firewall rule priority configuration settings
o Embedded versioning of kernel and base sets for improved authenticity
o Router Advertisements can now advertise optionally configurable routes
o Allow individual plugins to fail without causing fatal errors on the firewall
o Early installer replaced by lightweight config importer utility
o Cleanup of the backend rule generation code
o HardenedBSD SafeStack for base applications and ports
o CARP preempt and defer modifications
o Interface code speedup
o Major upgrade support via GUI
o Unbound as default DNS resolver for new installations
o Solved UEFI VGA boot with USB written from Windows
o Improved the set IP menu option with far gateway selection, DHCP, DNS, track6, etc.
o Several web GUI hardening changes
o Allow reversal of token order in TOTP authenticator
o Optional swap file for SSD deployments (better than a fixed partition swap)
o Firmware can now do major upgrades via the GUI
o Firmware cron job can optionally run major upgrades
o Fixed the leakage of a socket from DHCPv6 client to OpenVPN et al., which previously prevented proper reloading if the interface
o Code reparations for the PHP 7.1 switch
o Host-Uniq configuration option for PPPoE connections (e.g. VodafoneStation router replacement in Italy)
o Installer now prompts for a password change after a successful installation
o Improved LAGG interface reconfiguration handling
o Fixed 17.1 IPsec kernel regression to restore fine-grained filtering of inbound IPsec packets under NAT-T
o New plugins: Quagga (OSPF, OSPFv3, RIP and BGP), Zabbix-Agent, Monit, FreeRADIUS


Some of these changes have already been added to 17.1.x, others can be previewed in the development package:

https://forum.opnsense.org/index.php?topic=3479.0

If you have questions, please let us know.


Cheers,
Franco

btd:
o Replace Realtek re(4) driver with vendor version 1.93

as a user of zotac ci323, can this be added to 17.1.x?

franco:
Sure, it was added to 17.1.2 in February:

https://github.com/opnsense/changelog/blob/master/doc/17.1/17.1.2#L54

btd:
oh. Yeah, I checked and driver is 1.93. too bad that under long upload saturating my connection network dies and only reset helps. So it is intel 4port card and different build :)

fabian:
Plugins:
* Quagga Routing Plugin: Configure OSPF, OSPFv3, RIP and BGP as well as diagnostics pages
* zabbix-agent: Monitoring of the appliance
* monit: Monitoring of the appliance

Navigation

[0] Message Index

[#] Next page

Go to full version