Howdy partners,
With Meltdown and Spectre just behind us here comes another round of security advisories and assorted changes.
Three mentionable changes are included: We are switching back to single-source automatic outbound NAT on the primary IP instead of using all additional VIPs on the interface as was the case with OPNsense 17.7 and earlier. The hardware-assisted VLAN capability check was removed from the system enabling e.g. XEN users to create VLANs. And the multi-WAN traffic shaping experience has been corrected for non-default interfaces within the scope of shared forwarding.
Expected is an image release based on this version some time within the next week for completeness.
Here are the full patch notes:
We are also happy to announce the immediate availability of the renewed OPNsense 18.1 images based on version 18.1.6. Apart from the numerous improvements since the initial release, the images contain three relevant fixes:
The full list of changes of the OPNsense 18.1 series can be reviewed using their original announcements:
Download links, an installation guide[9] and the checksums for the images can be found below as well.
All images are provided with SHA-256 signatures, which can be verified against the distributed public key:
openssl base64 -d -in image.bz2.sig -out /tmp/image.sig openssl dgst -sha256 -verify rsa.pub -signature /tmp/image.sig image.bz2
The public key for the 18.1 series is:
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5kMyxEWUoyY3y8JLlOnz j2dE1QPYmWspn5Diqf1T6uSh0/HA8TwnRvI4m82dC2kgnafVB85zIS+rXQLiyJZI JEqmBS5f54kVcyJPVORe7NepJq372amAMTcpPwH4b0SS9ZETebAOyuHjdG/lCjKD yt5W5ZvaMiDMWLVuw1ZlTIxLgkRuCHsk66E1bdoiIMdZPoyk2Q9WQd3PynLRBVHC iT32cJ/NlHiLEALp0wcNr+FllmFQXahQ5R1uBcsE/IXa7Tg0QXlW7s5+d6NTwQ/d 7NVnfZzH8IiO0A/9O5jbBsD6HLmity5nMI+RBwFQ9OQoBNxl5aakkusizT6diMYb PG+zPZsWo/ADqsbg1U/MMLJXD8CDFjcerhIDrrWSIVlSmQKw97nMK/TdUsqnVl7N uDLl0RHe+N6ndmNGTQGg5HbrTmYKSEGBdS4xFtO60JCxubzfpvnkDnPCIJtxWukf TzhORJHj2vkGLDA5FocTSOY76lWUO4qJQBA2bB3GtGbCm/nM4TlHpL4Kbf10IUJk j1tRFi8gXNOhrdplFAR+lV/yy58/+ZOg61Yz7UvYG/A9rxGkyVmIjzB/4S6Wstye IA6vpfzHwHq82hMqafCSB2KJciuKVEgVO6DHLV03VLTPqkJVsCbWXHgNjK2fQCFX JeXNX68TcObIJzqbiegZYo8CAwEAAQ== -----END PUBLIC KEY-----
Stay safe,
Your OPNsense team
SHA256 (OPNsense-18.1.6-OpenSSL-dvd-amd64.iso.bz2) = ee296edf026abd23b01d04c2aee7b9a0578ad4b3aa039e50eb40f720f13eac58 SHA256 (OPNsense-18.1.6-OpenSSL-nano-amd64.img.bz2) = 204e87a93b5bd0f7742e90bef8ae20bfd7c362a73ee29054a96356e9649572b3 SHA256 (OPNsense-18.1.6-OpenSSL-serial-amd64.img.bz2) = 063dc97b4177a932ba0bb243bec54b6b568ed84e515445b3eae7ba54f087478f SHA256 (OPNsense-18.1.6-OpenSSL-vga-amd64.img.bz2) = 9be03dccce94705c35c476ea7ca0e2f42c70049ecc5c681a6dfe92b7f21d7c34
SHA256 (OPNsense-18.1.6-OpenSSL-dvd-i386.iso.bz2) = 06883a48295529bb7fae9fff4a77bbb95df9fcb08554f4c73aa3e0b894a4158b SHA256 (OPNsense-18.1.6-OpenSSL-nano-i386.img.bz2) = ea87270fb5c83943c7cccae12ae9579f4f3a82489a901881cd4a786b7e09009d SHA256 (OPNsense-18.1.6-OpenSSL-serial-i386.img.bz2) = 3ccbdf4fd31913afc93b0b51b4784df01d22ec03156659efe78d36ab2dcf222f SHA256 (OPNsense-18.1.6-OpenSSL-vga-i386.img.bz2) = 252b16aae7592faf3d5912b5394124e494db7797ebeec7d6b7fae9a52ad28cd4