Hey everyone,
Now that we got the chance to ship not one, but two OpenSSL bumps at the same time we barely missed the LibreSSL updates. That is life. But we still have a few great things to offer this week.
First and foremost, users noted that the captive portal did not work with the transparent proxy. This lead to internal investigation into the operating system kernel itself, where a number of issues with using several packet filters in a row can lead to shortcuts in packet paths through the networking stack.
This circled back to a simple fix for the captive portal: you can now edit each zone to enable the proxy for HTTP (port 3128) or HTTPS (port 3129) for captive portal use without requiring the firewall redirect. You only have to make sure you actually have your captive portal interface set up as an interface in the proxy.
We will continue to look into the remaining kernel issues and give updates and calls for testing when we reach new milestones.
In other news, both OpenVPN and IPsec received several improvements for interoperability and the occasional bug with the missing firewall rules tab for their respective interfaces.
Here are the full patch notes:
Stay safe,
Your OPNsense team