17.7 development milestones

Started by franco, April 12, 2017, 08:33:31 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
April 12, 2017, 08:33:31 AM Last Edit: July 28, 2017, 12:57:02 PM by franco
Hi all,

Here is a list of items tackled for the development track of 17.7, frequently updated:

o Session-based CSRF
o HardenedBSD procfs hardening
o Replace Realtek re(4) driver with vendor version 1.93
o Plugins now support a development package alongside the release package
o Switch to MIT Kerberos version 5
o Move RFC 2136 and Dynamic DNS services to plugins
o IPsec and OpenVPN backend restructuring
o 100% completed translation for Chinese (Simplified)
o 100% completed translation for Portuguese (Brazil)
o 100% completed translation for Portuguese (Portugal)
o 100% completed translation for German
o 100% completed translation for Czech
o Virtual terminal driver vt(4) as the default
o VLAN PCP support and firewall rule priority configuration settings
o Embedded versioning of kernel and base sets for improved authenticity
o Router Advertisements can now advertise optionally configurable routes
o Allow individual plugins to fail without causing fatal errors on the firewall
o Early installer replaced by lightweight config importer utility
o Cleanup of the backend rule generation code
o HardenedBSD SafeStack for base applications and ports
o CARP preempt and defer modifications
o Interface code speedup
o Major upgrade support via GUI
o Unbound as default DNS resolver for new installations
o Solved UEFI VGA boot with USB written from Windows
o Improved the set IP menu option with far gateway selection, DHCP, DNS, track6, etc.
o Several web GUI hardening changes
o Allow reversal of token order in TOTP authenticator
o Optional swap file for SSD deployments (better than a fixed partition swap)
o Firmware can now do major upgrades via the GUI
o Firmware cron job can optionally run major upgrades
o Fixed the leakage of a socket from DHCPv6 client to OpenVPN et al., which previously prevented proper reloading if the interface
o Code reparations for the PHP 7.1 switch
o Host-Uniq configuration option for PPPoE connections (e.g. VodafoneStation router replacement in Italy)
o Installer now prompts for a password change after a successful installation
o Improved LAGG interface reconfiguration handling
o Fixed 17.1 IPsec kernel regression to restore fine-grained filtering of inbound IPsec packets under NAT-T
o New plugins: Quagga (OSPF, OSPFv3, RIP and BGP), Zabbix-Agent, Monit, FreeRADIUS


Some of these changes have already been added to 17.1.x, others can be previewed in the development package:

https://forum.opnsense.org/index.php?topic=3479.0

If you have questions, please let us know.


Cheers,
Franco
April 12, 2017, 12:04:17 PM #1
o Replace Realtek re(4) driver with vendor version 1.93

as a user of zotac ci323, can this be added to 17.1.x?
April 12, 2017, 12:25:00 PM #2
April 12, 2017, 06:07:32 PM #3
oh. Yeah, I checked and driver is 1.93. too bad that under long upload saturating my connection network dies and only reset helps. So it is intel 4port card and different build :)
April 14, 2017, 05:28:58 PM #4 Last Edit: May 11, 2017, 10:48:02 PM by fabian
Plugins:
* Quagga Routing Plugin: Configure OSPF, OSPFv3, RIP and BGP as well as diagnostics pages
* zabbix-agent: Monitoring of the appliance
* monit: Monitoring of the appliance
April 17, 2017, 12:31:45 PM #5
Hi, is it possible to "nominate" this PPPOE issue for inclusion in 17.7?

https://github.com/opnsense/core/issues/1352

reviewing the original thread: https://forum.opnsense.org/index.php?topic=4328.0 and IRC, it seems to impact many others, and may not be limited to MAC address setting, but at least that one we know for sure causes instabilities, maybe fixing/updating that area will resolve other issues.

April 22, 2017, 11:02:02 AM #6
Please port the new pf of openbsd6.1 to opnsense version 17.7! I need the founction af-to!
April 24, 2017, 02:31:59 PM #7
Porting OpenBSD pf(4) changes is out of scope. A better approach would be if somebody wanted to fork OPNsense to migrate it to OpenBSD to get these features natively. :)
April 24, 2017, 02:57:34 PM #8
Any effort to complete the API? (Firewall rules, networking)


May 11, 2017, 10:59:14 PM #9
At least for dynamic routing (OSPF, BGP, RIP) there is an API (quagga plugin).
August 29, 2017, 03:19:06 PM #10
Any progress on resolving IPs in Insight?
Even my AdvancedTomato can do it!  :D
Please guys, It´s heavy needed!
Thanks.
August 29, 2017, 04:02:05 PM #11
We have at least one ticket for it. It's not very high in priority, but if someone is interested in helping write the feature we always offer review and guidance. :)

https://github.com/opnsense/core/issues/1034
September 12, 2017, 04:52:10 AM #12
建议 system:access:server:voucher  添加一个全数字帐号和密码全数字密码选项,这样更人性化

services:captive portal:vouchers    这样数字加字母输入太麻烦了
September 30, 2017, 05:37:07 AM #13
It is recommended that system:access:server:voucher add a full digital account number and password, all digital password options, so that more humane
October 18, 2017, 09:22:38 AM #14
You can already set a simple character set in the voucher server settings as well as the length of password and user name. Note that vouchers are account credentials, so the less characters used will reduce the amount of vouchers that can be generated. That means if you use a simpler character set, increase the user name length...
Print
Go Up Pages1 2
User actions