Dear friends and followers,
The update finally addresses one of the larger issues with IPsec in 17.1 where traffic was not properly tracked by the packet filter and therefore causing spurious connection drops in TCP sessions. Another cool addition is the merge of the HardenedBSD SafeStack work to further harden our operating system application binaries.
Last but not least, the switch to the new virtual terminal driver is now fully functional and we intend to release new images based on 17.1.4 on Monday next week. Note this does not affect running installations.
Upgrading from a physical console may abort the firmware update due to an incompatible switch in the TTY settings. Simply log in again and restart the update to continue. Note this does not affect upgrades via GUI or SSH. Should problems arise, force a reinstall of the core package from the shell with the following command:
opnsense-revert opnsense
Here are the full patch notes:
We are also happy to announce the availability of the renewed OPNsense 17.1 images based on this version. Apart from the numerous improvements since the initial release, the images have been switched to use the virtual console driver vt(4) as a default to address boot issues. They also feature a new config importer and fix the serial console display of the installer.
For more than two years now, OPNsense is driving innovation through modularising and hardening the code base, quick and reliable firmware upgrades, multi-language support, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
Download links, an installation guide[8] and the checksums for the images can be found below.
Stay safe,
Your OPNsense team
SHA256 (OPNsense-17.1.4-OpenSSL-cdrom-amd64.iso.bz2) = 911e4b343b0a7721a8c4f306ab0f84934a40d8829adb2fa808c4656a9a2ef7aa SHA256 (OPNsense-17.1.4-OpenSSL-nano-amd64.img.bz2) = ffedac68887b5c0dd619306058471e22c8f7f81c5eb14a566b788feb1d311b16 SHA256 (OPNsense-17.1.4-OpenSSL-serial-amd64.img.bz2) = 53c270a8078f956dbc923962e82ea4bc9b95b7ed9f09f048fd7ad6c86d38c839 SHA256 (OPNsense-17.1.4-OpenSSL-vga-amd64.img.bz2) = f9914405f6ca9f0947ccc63d1dac088ec778112ee3a431d4b44d4b400f991106 SHA256 (OPNsense-17.1.4-OpenSSL-cdrom-i386.iso.bz2) = 23a60c0790848965df1b0596fcdea64fa14a67a8ed8ec9c93ca87b1bc3f6ce03 SHA256 (OPNsense-17.1.4-OpenSSL-nano-i386.img.bz2) = 4ef91cc2f341dc39e356716f6b6d1e9dd646c9a3a30a7149978c79633639bb8f SHA256 (OPNsense-17.1.4-OpenSSL-serial-i386.img.bz2) = ead413845f83d4c112a7c7fbe79047effe78082d1530f1e5502d84d18f41dde0 SHA256 (OPNsense-17.1.4-OpenSSL-vga-i386.img.bz2) = 8c928797fa21025cbb54df4274ba3d61eb37b3978ab5ae66f843fa8c75d829e8
MD5 (OPNsense-17.1.4-OpenSSL-cdrom-amd64.iso.bz2) = 26a6110fad91b2b5105bbb1e9de2c299 MD5 (OPNsense-17.1.4-OpenSSL-nano-amd64.img.bz2) = 7fd648124a6e9b6386174572aab237a8 MD5 (OPNsense-17.1.4-OpenSSL-serial-amd64.img.bz2) = 34b3152ecde10e3869c4a3f0a0bb201d MD5 (OPNsense-17.1.4-OpenSSL-vga-amd64.img.bz2) = 6e1563a155a8715aa73e62be4cf0d542 MD5 (OPNsense-17.1.4-OpenSSL-cdrom-i386.iso.bz2) = e2870d1b63cbca5aeead2b3148841e45 MD5 (OPNsense-17.1.4-OpenSSL-nano-i386.img.bz2) = e7942c3af773f7a991d37b1a8391a60b MD5 (OPNsense-17.1.4-OpenSSL-serial-i386.img.bz2) = e6c3a6629a8c62d4a07d429f446f077a MD5 (OPNsense-17.1.4-OpenSSL-vga-i386.img.bz2) = 70cdb19b808b5b5ac522d02d8db911b9