OPNsense 24.1 “Savvy Shark” has already been released and these are its new features

The launch of the new OPNsense 24.1 version codenamed “Savvy Shark”, version in which the OpenSSL 3, Suricata 7 updates, various MVC/API conversions, a new ARP/NDP configuration feature, major inclusion of os-firewall and os-wireguard plugins, CARP VHID tracking for OpenVPN and WireGuard, Functional Kea DHCPv4 server with HA support and more.

For those unfamiliar with OPNsense, they should know that is a fork of the pfSense project, created with the objective of forming a completely open distribution kit that could have functionality at the level of commercial solutions for the deployment of firewalls and network gateways.

Unlike pfSense, the project is positioned as not controlled by a single company, since it is developed with the direct participation of the community and has a completely transparent development process, in addition to providing the opportunity to use any of its developments in third-party products, including commercial ones.

Main new features of OPNsense 24.1 “Savvy Shark”

OPNsense version 24.1, dubbed “Savvy Shark,” continues to drive innovation in the open source firewall with several important updates and improvements. Here is a summary of the most notable features and changes, we can find:

1. OpenSSL 3 based on ports: The new version includes Open SSL 3, providing improvements in security and performance. This version of OpenSSL 3.0 has the FIPS module and OpenSSL has also changed to the Apache 2.0 license.

1. Meerkat 7: Suricata has been updated to version 7, with support for the Landlock application isolation mechanism, which allows a process to create secure isolated environments, and the ability to detect and save client TLS certificates in the registry, among others.
2. MVC/API Conversions: The overview page and components for configuring the gateway, NPTv6, ARP and NDP were moved to the MVC framework, allowing support for API management to be implemented in them.
3. New neighbor configuration feature for ARP/NDP: A new feature has been added that allows you to configure neighbors for ARP/NDP more efficiently.
4. os-firewall and os-wireguard plugins: The os-firewall and os-wireguard plugins have been included to improve firewall functionality and security.
5. OpenVPN and WireGuard improvements: Added support for CARP VHID tracking on OpenVPN and WireGuard connections. Additionally, OpenVPN now allows optional OCSP verification per instance, also outputs the device name, added a workaround for net30/p2p networks smaller than /29, as well as an optional route-metric push option for instances. server. The WireGuard module installed by default uses the included FreeBSD 13.2 kernel module and adds experimental support for network maps.
6. Functional Kea DHCPv4 Server with HA Support: The Kea DHCPv4 server has been enhanced to provide high availability (HA) support and allows you to centrally manage the configuration of multiple DHCPv4 and DHCPv6 servers.
7. Minor fixes and updates: Various third-party fixes and updates have been made to ensure system reliability and security.

Some Fixes and updates include system improvements, UI, Firewall, WireGuard, DHCP, IPsec, OpenVPN, os-haproxy 4.2, os-nrpe updated to NRPE 4.1.x, os-postfix updated to Postfix 3.8.x, php 8.2.15, py-duckdb 0.9.2 .XNUMX and optimizations in the backend. Additionally, several plugins and ports have been updated to keep the system up to date and secure.

Finally if you are interested in knowing more about it About this new release, you can check the details In the following link.

Download the new version of OPNsense 24.1 “Savvy Shark”

Si do you want to get this new version only You must go to its official website and in the download section where you can find the compiled image in the form of a LiveCD and a system image to write to Flash drives in the following link.

The source code of the components of the distribution, as well as the tools used for the construction, are distributed under the BSD license.