The developers of OPNsense have made available version 18.1 – Groovy Gecko. This version includes FreeBSD 11.1 base operating system, PHP 7.1 and jQuery 3 updates, more driver support, OpenVPN multi-remote support for clients, plugin-capable firewall NAT rules, and much more. See the link below for the full list of changes. Download the IMG file here.
The developers of pfSense have made available version 2.3.5-RELEASE. As mentioned below, 2.3.5 is a security and stability focused release (KRACK issue, updated base system packages, WebGUI improvements, etc) while they will continue to work on version 2.4.X. You can download the ISO/image file here.
pfSense® software version 2.3.5 is now available for upgrades!
As we have promised, will will continue to deliver security and stability fixes to the pfSense 2.3.x line even after we have released pfSense 2.4.0, since i386 and NanoBSD were deprecated in pfSense 2.4.0. These updates will continue for a minimum of one year after the pfSense 2.4.0 release date, which means they will continue through at least October 2018.
At this time, pfSense 2.3.x is a Security and Errata maintenance branch only. pfSense 2.4.x is the primary stable supported branch. If the firewall hardware is capable of running pfSense 2.4.x, consider upgrading to that release instead.
Original announcement: https://www.netgate.com/blog/pfsense-2-3-5-release-now-available.html
The developers of pfSense have made available 2.4.1-RELEASE, just a few weeks shy of 2.4.0. This version includes security patches and various stability fixes, including WPA2 Key Reinstallation Attack issues, VT console race condition panic, bsnmpd, and more. See the full list of changes at the link below. You can download the ISO/image files here.
We are excited to announce the release of pfSense® software version 2.4.1, now available for new installations and upgrades!
pfSense software version 2.4.1 is a maintenance release bringing security patches and stability fixes for issues discovered in pfSense 2.4.0-RELEASE.
pfSense 2.4.1-RELEASE updates and installation images are available now!
Security advisories from upstream projects announced after pfSense 2.4.0-RELEASE made this additional release necessary, soon after 2.4.0, to keep firewalls safe and secure. We used this opportunity to also include some platform fixes for new hardware we are offering and to deliver important stability fixes for issues that some users encountered with pfSense 2.4.0-RELEASE. Even with the rapid turnaround, we feel the set of changes merits a version number bump rather than a patch release.
Original announcement: https://www.netgate.com/blog/pfsense-2-4-1-release-now-available.html
User Cliff Robinson did some compatibility testing for the Gigabyte MA10-ST0 server motherboard with the latest pfSense 2.4 and FreeNAS 11.0. The article also discusses Intel Atom C3000 compatibility with the FreeBSD operating system. You may view the full report below.
Why Compatibility Testing is Important
Whenever a new generation of server hardware comes out, there is a lag before the OSes support the new hardware. This is normal. FreeBSD is a popular OS for embedded networking appliances as well as storage appliances. There are many commercial offerings that build upon FreeBSD based on the licensing. Along with these commercial offerings, FreeNAS and pfSense are popular storage and networking offerings based on FreeBSD so we wanted to try them out with the new hardware. The onboard eMMC storage of the Gigabyte MA10-ST0 is intended for embedded OS installs like both pfSense and FreeNAS use.
The developers of pfSense have made available version 2.4.0-RELEASE! Notable changes are FreeBSD 11.1 as the base operating system, new pfSense installer with ZFS/UEFI + others support, support for Netgate ARM devices (SG-1000), support for OpenVPN 2.4.X, GUI support for 13 different languages, and more. For a detailed list of changes, see the link below. You can download the latest ISO/image files here.
We are excited to announce the release of pfSense® software version 2.4, now available for new installations and upgrades!
pfSense software version 2.4.0 was a herculean effort! It is the culmination of 18 months of hard work by Netgate and community contributors, with over 290 items resolved. According to git, 671 files were changed with a total 1651680 lines added, and 185727 lines deleted. Most of those added lines are from translated strings for multiple language support!
pfSense 2.4.0-RELEASE updates and installation images are available now!
Original announcement: https://www.netgate.com/blog/pfsense-2-4-0-release-now-available.html
In this tutorial, user eerielinux shows us how to set up a BSD home router with pfSense and OPNsense, both open-source router/firewall OS based on FreeBSD. Follow the links below for each part of the 8 part tutorial series.
Part 1 of this article series was about why you want to build your own router, and how to assemble the APU2 that I chose as the hardware to build this on. Part 2 gave some Unix history and explained what a serial console is. Part 3 demonstrated serial access to the APU and showed how to update its firmware.
This post is about the serial installation of pfSense, one of two FreeBSD-based router/firewall operating systems that we’re going to explore in this series (the other being OPNsense). As pfSense is the older and more established product, we’re beginning with that one.
This post will show how to install OPNsense, a great alternative to pfSense.
OPNsense was forked from pfSense (more on than in the next post) and thus you will find lots of similarities if you have read the post on installing pfSense. The OPNsense team decided to move forward more quickly and did lots of interesting but invasive changes. One strong point for example is that it is already based on FreeBSD 11.0. There is one drawback to this, however: a problem with the XHCI (USB3) driver can lead to the installation media not being able to mount the filesystem and boot up. This makes installing OPNsense a little bit more complicated since the APU2 only has UBS3 ports.
A little overview: In this post I will give you some background information, compare the appearance / usability of both products and then take a look at some special features before giving a conclusion.
pfSense vs. OPNsense: Who wins?
This article is about comparing both products and helping you to make a decision. It is not terribly in-depth, because that task would require its own series of articles (and a lot more free time for me to dig much deeper into the topic). But still there’s a lot you may want to know to get a first impression on which one you should probably choose. If you do some more research and write about it, please let me know and I will happily link to your work!
Revisiting the initial question
In the first post I asked the question “Why would you want to build your own router?” and the answer was “because the stock ones are known to totally suck”. I have since stumbled across this news: Mcafee claims: Every router in the US is compromised. Now Mcafee is a rather flamboyant personality and every is a pretty strong statement. But I’m not such a nit-picker and in general he’s definitely right. If you have a couple of minutes, read the article and/or watch the short Youtube interview that it has embedded.
This is the last part of this series of building a BSD home router. In the previous article we did an advanced setup of OPNsense that works but is currently wasting valuable disk space. We also configured OPNsense for SSH access. Now let’s SSH in and su – to root and continue! Choose shell (menu point 8) so that we can have a look around.
The developers of pfSense have announced version 2.3.4. This release mainly contains stability and bug fixes. See the official announcement for a full list of changes. Download the ISO here.
We are happy to announce the release of pfSense® software version 2.3.4!
This is a maintenance release in the 2.3.x series, bringing stability and bug fixes, fixes for a few security issues, and a handful of new features. The full list of changes is on the 2.3.4 New Features and Changes page, including a list of FreeBSD and internal security advisories addressed by this release.
This release includes fixes for 24 bugs and 11 Features.
Read on for more details. May the 4th be with you.
On the 2.3.4-RELEASE Dashboard you’ll find a few additional pieces of information: The BIOS vendor, version, and release date – if the firewall can determine them – and a Netgate Unique ID. The Netgate Unique ID is similar to a serial number, it is used to uniquely identify an instance of pfSense software for customers who want to purchase support services. For hardware sold in our store, it also allows us to tie units to our manufacturing records. This ID is consistent across all platforms (bare metal, virtual machines, and hosted/cloud instances such as AWS/Azure). We had originally intended to use the hardware serial number or the UUID generated by the operating system, but we found that these were unreliable, inconsistent, and they could change unexpectedly when the operating system was reinstalled.
Official announcement: https://www.netgate.com/blog/pfsense-2-3-4-release-now-available.html
The developers of pfSense have announced the official version 2.3.3 RELEASE. See the link below for the full release notes. Download here.
We are happy to announce the release of pfSense® software version 2.3.3!
This is a maintenance release in the 2.3.x series, bringing numerous stability and bug fixes, fixes for a handful of security issues in the GUI, and a handful of new features. The full list of changes is on the 2.3.3 New Features and Changes page, including a list of FreeBSD and internal security advisories addressed by this release.
This release includes fixes for 101 bugs, 14 Features, and 3 Todo items.
If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
Official announcement: https://blog.pfsense.org/?p=2325
The developers of of OPNsense have made available the official release of version 17.1, dubbed “Eclectic Eagle”. You can see the full list of feature additions and changes at the official announcement below.
The OPNsense team is proud to announce the final availability of version 17.1, nicknamed “Eclectic Eagle”. This major release features FreeBSD 11.0, the SSH remote installer, new languages Italian / Czech / Portuguese, state-of-the-art HardenedBSD security features, PHP 7.0, new plugins for FTP Proxy / Tinc VPN / Let’s Encrypt, native PAM authentication against e.g. 2FA (TOTP), as well a rewritten Nano-style card images that adapt to media size to name only a few.
We would like to encourage everyone to supervise this major upgrade physically. As such, it cannot be performed from the GUI. Instead, go to the root console menu, choose option 12 and type “17.1” at the prompt. The process will download a full set of updates and reboot multiple. All operating system files and packages will be reinstalled as a consequence. This process can also be remotely triggered via SSH.
For fresh installations, images are provided with OpenSSL for 32 and 64 bit Intel architectures. The new SSH installer feature will be listening on the LAN port 192.168.1.1, give out DHCP leases to clients and can connect using the user “root” (console menu) or “installer” (the installer, of course) with the default password “opnsense”.
The respective checksums for the images can be found below this announcement and the direct download links from our capable mirror providers are as follows:
http://mirrors.nycbug.org/pub/opnsense/releases/17.1/ (US East Coast)
http://mirror.sfo12.us.leaseweb.net/opnsense/releases/17.1/ (US West Coast)
The developers of OPNsense have released their BETA of version 17.1. OPNsense is an open source firewall based on FreeBSD and is also forked from pfSense. Follow the link below to try out their latest BETA release.
Dear friends and followers,
With the best wishes for the holiday season attached we hereby humbly present our 17.1-BETA images and thank everyone for their early input, valid questions and generally keeping us on our toes throughout the past months. The next major release features FreeBSD 11.0, the SSH remote installer, new languages Italian and Czech, state-of-the-art HardenedBSD security features, PHP 7.0, native PAM authentication against e.g. 2FA (TOTP), as well a rewritten Nano-style card images that adapt to the media size to name only a few.
These will be the only beta images. They are not suitable for production environments. Release candidate builds will start in January in order to provide production-ready images. Checksums can be found below this announcement. Direct download links from our capable mirror providers are as follows: