• system: close boot file after probing to avoid lock inheritance
• system: fix lock() inheriting the lock state
• system: give more context in process kill error case since we operate PID numbers only
• firewall: groups were not correctly parsed for menu post-migration
• firewall: hide row command buttons for internal groups
• firewall: add "ipv6-icmp" to protocol list in shaper
• firewall: fix PHP warnings on the rules pages
• dhcp: check if manufacturer exists for IPv4 lease page to prevent error
• dhcp: use base16 for iaid_duid decode for IPv6 lease page to prevent error
• dhcp: fix validation for static entry requirement
• firmware: revoke 23.1 fingerprint
• network time: support pool directive and maxclock (contributed by Kevin Fason)
• openvpn: fix static key delete
• openvpn: fix "mode" typo and push auth "digest" into export config
• openvpn: fix race condition when using CRLs in instances
• openvpn: remove arbitrary upper bounds on some integer values in instances
• unbound: migration of empty nodes failed from 23.1.11 to 23.7
• unbound: fix regression when disabling first domain override
• mvc: fix empty item selection issue in BaseListField
• plugins: os-ddclient 1.14
• plugins: os-acme-client 3.19
• src: bhyve: fully reset the fwctl state machine if the guest requests a reset
• src: frag6: avoid a possible integer overflow in fragment handling
• src: amdtemp: Fix missing 49 degree offset on current EPYC CPUs
• src: libpfctl: ensure the initial allocation is large enough
• src: pf: handle multiple IPv6 fragment headers
• ports: curl 8.2.1
• ports: nss 3.92
• ports: openssl 1.1.1v
• ports: perl 5.34.1
• ports: py-dnspython 2.4.1
• ports: strongswan 5.9.11
• ports: syslog-ng 4.3.1

Four days ago it was looking on track: https://forum.opnsense.org/index.php?topic=35041.0

As per the roadmap, https://opnsense.org/about/road-map/ it will come soon.

The main points to note about this release (See https://forum.opnsense.org/index.php?topic=34948.0 for everything):

o php8.2 updates

o allow “.” in DNS search override

o extend/modify IPv6 primary address behaviour

o rewrote OpenVPN configuration as “Instances” using MVC/API available as a separate configuration

o move unbound-blocklists.conf to configuration location

Updates to these plugins:

o plugins: os-acme-client 3.18[3]

o plugins: os-dnscrypt-proxy 1.14[4]

o plugins: os-dyndns removed due to unmaintained code base

o plugins: os-frr 1.34[5]

o plugins: os-telegraf 1.12.8[6]

However, there are a lot of known issues and migration considerations:

o The Unbound ACL now defaults to accept all traffic and no longer generates automatic entries. This was done to avoid connectivity issues on dynamic address setups – especially with VPN interfaces. If this is undesirable you can set it to default to block instead and add your manual entries to pass.

o Dpinger no longer triggers alarms on its own as its mechanism is too simplistic for loss and delay detection as provided by apinger a long time ago. Delay and loss triggers have been fixed and logging was improved. The rc.syshook facility “monitor” still exists but is only provided for compatibility reasons with existing user scripts.

o IPsec “tunnel settings” GUI is now deprecated and manual migration to the “connections” GUI is recommended. An appropriate EoL annoucement will be made next year.

o The new OpenVPN instances pages and API create an independent set of instances more closely following the upstream documentation of OpenVPN. Legacy client/server settings cannot be managed from the API and are not migrated, but will continue to work independently.

o The old DynDNS plugin was removed in favor of the newer MVC/API plugin for ddclient. We are aware of the EoL state of ddclient which was unfortunately announced only one year after we started working on the new plugin. We will try to add upstream fixes that have not been released yet and already offer our own ddclient-less Python backend in the same plugin as an alternative.

https://forum.opnsense.org/index.php?topic=34948.msg169272

There is no better feeling in the world

I’ve been using OPNsense for a little over a year now, after migrating from PFsense which I used for many years. I really love it, it’s incredibly powerful and yet easy to use once you wrap your head around things. And the interface is much cleaner than PFsense ever was.

I have a fairly complex setup with several vlans and different outbound routing for different hosts, client vpn (outbound) and server vpn (inbound). I’m no network guru but I’m happy to help with any questions to the best of my ability. More people should be using this!

Update went smoothly as can be. A reboot is required.