Dear friends and followers,

For 3 and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

Another 6 months passed by ever so quickly! The main goal for 18.7 is stability so we have not yet begun to adopt FreeBSD 11.2, but there are several Intel NIC driver updates included to bridge the gap until 19.1 comes out. The upgrade also includes a tremendous amount of IPv6 improvements and authentication framework consolidation. Please also take note that QinQ is no longer included in this release.

We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.

Download links, an installation guide[1] and the checksums for the images can be found below as well.

Here are the full changes against version 18.1.11:

The list of currently known issues with 18.7-RC1:

All images are provided with SHA-256 signatures, which can be verified against the distributed public key:

openssl base64 -d -in image.bz2.sig -out /tmp/image.sig
openssl dgst -sha256 -verify rsa.pub -signature /tmp/image.sig image.bz2

The public key for the 18.7 series is:

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvkEFA2+DAhWXfucsgdvZ
8xxkuzNt0nYttTmbRtLVJRKREysOj3/nqBcFWtvLr3ooVhkbxVY7HPLEoicqFdG/
+m5lLR2kI7hnZ2mpkl+/NKSixJaZkqXi5cQCp8KUlE7oOu3d6O5ZtTg4g40Ms8Dp
bQw8oZo3NpBrQK3gEEEzNYgChkZwTrEZ1Y8v8+/3zggh44sqg4vA1j5g9jq3Ldms
3KnulBgettpHIapeAmbtCokaLaXxf4lgQxyUsy077aeNRptDpGG3D5ZQgtIjaYeE
h3u51PaVTL5OY/2uvcTnxR/ZrrHpppkIutUGzGJo9KK0gfrXLi31r9e+xtBJYBdC
FtdefujlV3Cfw1OFpUY/Y1p921xgHftNnrVDk+C9kl+FKf3qvFeyGCbd9V2k1JM2
uXHDwbsjZNPhbxbqtCoCDMbsUjBsfWyAOIoZfXOSmqJQt3jBUvwXKwLKncVh4Tvu
wxJGXNZXk/OCHVQYlx/uzwf5/ly/ApIwMKqr66E7mo0OVkPaME0uCCUJolugu9lI
tW8TJVZryBCQMQ4XhPZkcny22I2oRI5nCu7baRrFNJ8gB8UYUnrIPTIJIhrjrVOg
pFOxSb/tZAqtutFOE8F5+KwcgGlOBOKXPaNrdQ79X4kH7egChPrhm283rfW1oEG6
8rHzvP45S09L8o7OXUddo8UCAwEAAQ==
-----END PUBLIC KEY-----

As always with our pre-releases, only OpenSSL is provided at this point, but can be switched for LibreSSL as soon as the release is available. This release candidate does update directly into the 18.7 stable track and subsequent release candidates. Please let us know about your experience!


Stay safe,
Your OPNsense team

SHA256 (OPNsense-18.7.r1-OpenSSL-dvd-amd64.iso.bz2) = c5ca07eefde68d16d0fc060fd2fa0be12d77752d5376b5483103c8d1901975ca
SHA256 (OPNsense-18.7.r1-OpenSSL-nano-amd64.img.bz2) = c2252d379c10936f98ed02044dc61eda13b8b3ffe08c0e9e7f0a70a462fcb005
SHA256 (OPNsense-18.7.r1-OpenSSL-serial-amd64.img.bz2) = f48a065e8e6d0ed8f38737d46d991df4c231ef5ce60f022eb2252a41e55842fe
SHA256 (OPNsense-18.7.r1-OpenSSL-vga-amd64.img.bz2) = 4d6237590df8cb918fff580f7cf6fed08a9b1fbd224061870bf7e4cf4e394c18

SHA256 (OPNsense-18.7.r1-OpenSSL-dvd-i386.iso.bz2) = 3fc4405619763cdcf08620a029a1d5270271b2e796af7e4b8869995e28ad4f68
SHA256 (OPNsense-18.7.r1-OpenSSL-nano-i386.img.bz2) = 1efc4695be64cfee87603cea77d6e89b8b09c33fa1a491d15f0b652234c1f21a
SHA256 (OPNsense-18.7.r1-OpenSSL-serial-i386.img.bz2) = f010ca0d33addeb94f436a551a61418f95fde9bd7511c88b75a7131ca65b162f
SHA256 (OPNsense-18.7.r1-OpenSSL-vga-i386.img.bz2) = aba557b88ae27ecd5d301fa32f3910a7e5499491b8263e21a722976c0da714fc