Login
Login

OPNsense

{{Short description|Firewall distribution}}

__NOTOC__

{{Infobox OS

| name = OPNsense

| logo = OPNsenseNewLogo.svg

| screenshot = ScreenShot_OPNSense.png

| developer = Deciso B.V.

| family = FreeBSD (14.2-RELEASE)

| working state = Current

| source model = Open source

| released = {{Start date and age|2015|01|05|df=yes}}

| latest release version = {{wikidata|property|preferred|references|edit|P348|P548=Q2804309}}

| latest release date = {{Start date and age|{{wikidata|qualifier|preferred|single|P348|P548=Q2804309|P577}}|df=yes}}

| influenced by = M0n0wall. pfSense

| preceded by = m0n0wall

| language =

| language count =

| language footnote =

| supported platforms = x86-64

| kernel type = Monolithic kernel

| license = Simplified BSD / FreeBSD License

| website = {{URL|https://opnsense.org}}

| support status = Community & Commercial

}}

OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso, a company in the Netherlands that makes hardware and sells support packages for OPNsense.

Launched in 2015,{{cite web |date=January 2, 2015 |title=Press release: Deciso Launches OPNsense, a New Open Source Firewall Initiative |url=https://www.prnewswire.com/news-releases/deciso-launches-opnsense-a-new-open-source-firewall-initiative-287334371.html |publisher=Deciso via PRNewsWire |language=en}} it is a fork of pfSense, which in turn was forked from m0n0wall built on FreeBSD.{{cite web|author1=Serdar Yegulalp|title=Review: 6 slick open source routers|url=https://www.cio.com/article/3107989/networking/review-6-slick-open-source-routers.html|website=cio.com|access-date=20 December 2017|archive-url=https://web.archive.org/web/20171220061951/https://www.cio.com/article/3107989/networking/review-6-slick-open-source-routers.html|archive-date=20 December 2017}} When m0n0wall closed down in February 2015 its creator, Manuel Kasper, referred its developer community to OPNsense.{{cite web |author1=Richard Chirgwin |title=MOnOwall comes tumbling down |url=https://www.theregister.co.uk/2015/02/16/m0n0wall_coming_down/ |website=The Register |access-date=12 May 2019 |archive-url=https://web.archive.org/web/20190512143932/https://www.theregister.co.uk/2015/02/16/m0n0wall_coming_down/ |archive-date=12 May 2019 |location=Wayback Machine |date=16 Feb 2015}}

Features

OPNsense has a web-based interface and can be used on the x86-64 platform.{{cite web |date=February 12, 2021 |title=DistroWatch.com: OPNsense |url=https://distrowatch.com/table.php?distribution=opnsense |publisher=DistroWatch}} Along with acting as a firewall, it has traffic shaping, load balancing, captive portal and virtual private network capabilities, and others can be added via plugins.{{cite news |last1=Sharma |first1=Mayank |last2=Drake |first2=Nate |date=September 26, 2017 |title=What's the best Linux firewall distro? |url=http://www.techradar.com/news/whats-the-best-linux-firewall-distro-of-2017 |publisher=Linux Format via TechRadar |language=en}}{{Cite web |last=updated |first=Mayank Sharma last |date=2022-05-13 |title=Best Linux firewall of 2024 |url=https://www.techradar.com/best/best-free-linux-firewalls |access-date=2024-10-12 |website=TechRadar |language=en}}

The software also offers next-generation firewall capabilities utilizing Zenarmor, a NGFW plugin developed by OPNsense partner{{cite web |title=Partners |url=https://www.sunnyvalley.io/partners |access-date=29 December 2022 |website=Sunny Valley Networks |language=en}} Sunny Valley Networks.{{cite web |title=Zenarmor (Sensei): Overview — OPNsense documentation |url=https://docs.opnsense.org/vendor/sunnyvalley/zenarmor.html |access-date=29 December 2022 |website=OPNsense Documentation}}

Domain dispute

In November 2017, a World Intellectual Property Organization panel found that Netgate, the copyright holder of pfSense, used the domain opnsense.com in bad faith to discredit OPNsense, and obligated Netgate to transfer domain ownership to Deciso.{{cite web|title=WIPO Domain Name Decision: D2017-1828|url=http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-1828|publisher=WIPO|date=November 12, 2017}}

Releases

The OPNsense version naming system consists of year.month, since the first release took place in January 2015, it was named release 15.1. OPNsense typically uses a 6 month major release cycle with new releases in January and July of each year.{{Cite web |title=OPNsense Roadmap - Planned enhancements and innovations |url=https://opnsense.org/about/road-map/ |access-date=2024-01-17 |website=opnsense.org}}

class="wikitable collapsible"

! colspan="6" |OPNsense Release History

Version

!Code name

!General availability

!Latest minor version

!Latest release date

!Major changes

15.1{{Cite web |title=OPNsense version 15.1.1 Released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-version-15-1-1-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Ascending Albatross

|2015-01-05

|15.1.12

|2015-06-17

|

  • Initial release
15.7{{Cite web |title=OPNsense version 15.7 Released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-version-15-7-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Brave Badger

|2015-07-02

|15.7.25{{Cite web |title=OPNsense 15.7.25 Released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-15-7-25-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2016-01-18

|

  • Base proxy and IDS support
  • pfSense config importer
  • FreeBSD 10.1
16.1{{Cite web |title=OPNsense 16.1 Released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-16-1-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Crafty Coyote

|2016-01-28

|16.1.18{{Cite web |title=OPNsense 16.1.18 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-16-1-18-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2016-06-30

|

  • Firmware mirror location and crypto selection
  • IPS
  • FreeBSD 10.2
16.7{{Cite web |title=OPNsense 16.7 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-16-7-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Dancing Dolphin

|2016-07-28

|16.7.14{{Cite web |title=OPNsense 16.7.14 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-16-7-14-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2017-01-25

|

  • RFC 4638 support (MTU > 1492 in PPPoE)
  • HTTPS proxy support
  • Active Queue Management (AQM): Controlled delay (CoDel) and FlowQueue-CoDel
  • Two factor authentication using RFC 6238
  • HardenedBSD's ASLR implementation
  • UEFI/GPT boot
  • FreeBSD 10.3
17.1{{Cite web |title=OPNsense 17.1 Released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-17-1-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Eclectic Eagle

|2017-01-31

|17.1.11

|2017-07-25

|

  • PHP 7.0
  • Lets Encrypt plugin
  • Pluggable firewall rules
  • Load Balancer, UPnP, SNMP, IGMP, WOL as plugins
  • FreeBSD 11
17.7{{Cite web |title=OPNsense 17.7 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-17-7-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Free Fox

|2017-07-31

|17.7.12{{Cite web |title=OPNsense 17.7.12 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-17-7-12-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2018-01-18

|

  • HardenedBSD SafeStack for base applications and selected ports
  • HardenedBSD procfs hardening
  • Interface code speedup
18.1{{Cite web |title=OPNsense 18.1 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-18-1-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Groovy Gecko

|2018-01-29

|18.1.13{{Cite web |title=OPNsense 18.1.13 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-18-1-13-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2018-07-24

|

  • Debug kernel support
  • PHP 7.1
  • pluggable NAT rules
  • FreeBSD 11.1
18.7{{Cite web |title=OPNsense 18.7 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-18-7-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Happy Hippo

|2018-07-31

|18.7.10{{Cite web |title=OPNsense 18.7.10 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-18-7-10-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2019-01-07

|

  • Meltdown and Spectre V2 mitigations
  • Intel NIC driver updates
  • IDS/IPS application detection rules
  • FreeBSD 11.2
19.1{{Cite web |title=OPNsense 19.1 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-19-1-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Inspiring Iguana

|2019-01-31

|19.1.10{{Cite web |title=OPNsense 19.1.10 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-19-1-10-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2019-07-03

|

  • Firewall NAT rule logging support
  • WPAD / PAC and parent proxy support in the web proxy
  • 2FA via LDAP-TOTP combination
  • Dnsmasq DNSSEC support
  • HardenedBSD 11.2
19.7{{Cite web |title=OPNsense 19.7 "Jazzy Jaguar" released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-19-7-jazzy-jaguar-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Jazzy Jaguar

|2019-07-17

|19.7.10{{Cite web |title=OPNsense 19.7.10 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-19-7-10-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2020-01-09

|

  • PHP 7.2
  • LibreSSL 2.9
  • WireGuard plugin
  • Firewall rule statistics
20.1{{Cite web |title=OPNsense 20.1 "Keen Kingfisher" released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-20-1-keen-kingfisher-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Keen Kingfisher

|2020-01-30

|20.1.9{{Cite web |title=OPNsense 20.1.9 released |url=https://forum.opnsense.org/index.php?topic=18227.0 |access-date=2024-01-17 |website=forum.opnsense.org}}

|2020-07-23

|

  • Google backup API 2.4.0
  • LibreSSL 3.0
  • Support elliptic curve TLS certificate creation
  • VXLAN support
  • Support for additional loopback interfaces
20.7{{Cite web |title=OPNsense 20.7 - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-20-7/ |access-date=2024-01-17 |website=opnsense.org}}

|Legendary Lion

|2020-07-30

|20.7.8{{Cite web |title=OPNsense 20.7.8 released |url=https://forum.opnsense.org/index.php?topic=20984.0 |access-date=2024-01-17 |website=forum.opnsense.org}}

|2021-01-19

|

  • Basic firewall API support (via additional plugin)
  • Suricata 5
  • Unbound + DHCPDv4: Properly support expired leases
  • PHP expand code styling to PSR-12
  • HardenedBSD 12.1
21.1{{Cite web |title=OPNsense 21.1 Released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-21-1-marvelous-meerkat-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Marvelous Meerkat

|2021-01-28

|21.1.9{{Cite web |title=OPNsense 21.1.9 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-21-1-9-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2021-07-27

|

  • Fix stability and reliability issues with regard to vmx(4), vtnet(4), ixl(4), ix(4) and em(4) Ethernet drivers
  • LibreSSL 3.2
  • New and improved live traffic report
  • IDPS: New policy definition using metadata tags (e.g. drop all critical events aimed at the perimeter)
21.7{{Cite web |title=OPNsense 21.7 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-21-7-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Noble Nightingale

|2021-07-28

|21.7.8{{Cite web |title=OPNsense 21.7.8 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-21-7-8-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2022-01-27

|

  • Migrate bsdinstaller to bsdinstall
  • AXGBE 10 Gbps network card driver inclusion
  • PHP 7.4
  • NTPD client mode
  • Firmware Update Revamp
  • Firewall states diagnostic API/GUI
22.1{{Cite web |title=OPNsense 22.1 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-22-1-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Observant Owl

|2022-01-27

|22.1.10{{Cite web |title=OPNsense 22.1.10 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-22-1-10-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2022-07-07

|

  • Authentication / LDAP automatic user creation on login
  • Improve alias hostname resolve performance
  • Improved firewall statistics
  • Support overload table on max new connections
  • FreeBSD 13
22.7{{Cite web |title=OPNsense 22.7 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-22-7-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Powerful Panther

|2022-07-28

|22.7.11{{Cite web |title=OPNsense 22.7.11 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-22-7-11-released/ |access-date=2024-01-17 |website=opnsense.org}}

|2023-01-18

|

  • Intel QuickAssist (QAT) support
  • Add stacked VLAN support (IEEE 802.1ad / QinQ)
  • Advanced DDoS protection using syncookies
  • PHP 8.0
  • FreeBSD 13.1
23.1{{Cite web |title=OPNsense 23.1 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-23-1-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Quintessential Quail

|2023-01-13

|23.1.11{{Cite web |title=OPNsense 23.1.11 released |url=https://forum.opnsense.org/index.php?topic=34621.0 |access-date=2024-01-17 |website=forum.opnsense.org}}

|2023-06-28

|

  • Firewall alias BGP ASN type support
  • DNS insights dashboard
  • PHP 8.1
  • WireGuard kernel module
  • LibreSSL discontinued
23.7{{Cite web |title=OPNsense 23.7 released - OPNsense® is a true open source firewall and more |url=https://opnsense.org/opnsense-23-7-released/ |access-date=2024-01-17 |website=opnsense.org}}

|Restless Roadrunner

|2023-07-31

|23.7.12{{Cite web |title=OPNsense 23.7.12 released |url=https://forum.opnsense.org/index.php?topic=38147.0 |access-date=2024-01-17 |website=forum.opnsense.org}}

|2024-01-16

|

  • Support for Importing Encrypted Configuration Files During OPNsense Installation
  • RADIUS Authentication - Add MSCHAPv2 support
  • Intrusion Detection: Suricata Netmap API version 14 enabled
  • PHP 8.2
  • FreeBSD 13.2
24.1{{Cite web |title=OPNsense 24.1 released |url=https://forum.opnsense.org/index.php?topic=38427.0 |access-date=2024-01-30 |website=forum.opnsense.org}}

|Savvy Shark

|2024-01-30

|24.1.10_8{{Cite web |title=OPNsense 24.1.10 released |url=https://forum.opnsense.org/index.php?topic=41505.0 |access-date=2024-07-12 |website=forum.opnsense.org}}

|2024-07-25

|

  • Suricata 7
  • OpenSSL 3 ports migration
  • NPTv6 migrate to MVC
  • VXLAN: add support for non standard port numbers
  • os-firewall plugin inclusion to ease API usage
  • Improve WireGuard kernel plugin and implement it in core
  • Add Kea DHCP server option as an alternative to ISC DHCP which will eventually be deprecated
24.7{{Cite web |title=OPNsense 24.7 released |url=https://forum.opnsense.org/index.php?topic=41700.0 |access-date=2024-07-31 |website=forum.opnsense.org}}

|Thriving Tiger

|2024-07-25

|24.7.12{{Cite web |title=OPNsense 24.7.12 released |url=https://forum.opnsense.org/index.php?topic=45220.0 |access-date=2025-01-15 |website=OPNsense Forum |language=en-US}}

|2025-01-15

|

  • Python 3.11
  • FreeBSD 14.1
  • PHP 8.3
  • Modern dashboard UI improvements
  • Several MVC migrations (GIF, GRE, NAT, dhcrelay)
  • WireGuard VPN performance improvements
  • WireGuard client QR code generation
  • ISC dhcrelay deprecated
  • Captive portal fixes and improvements
style="background:#a0e75a;" |25.1{{Cite web |title=OPNsense 25.1 released |url=https://forum.opnsense.org/index.php?topic=45460.0 |access-date=2025-01-29 |website=OPNsense Forum |language=en-US}}

|Ultimate Unicorn

|2025-01-29

|25.1.5{{Cite web |title=OPNsense 25.1.5 released |url=https://forum.opnsense.org/index.php?topic=46773.0 |access-date=2025-04-10 |website=OPNsense Forum |language=en-US}}

|2025-04-10

|

  • FreeBSD 14.2
  • PHP 8.3
  • ZFS snapshot support
  • Updated UI with new dark theme
  • Several MVC/API migrations
colspan="6" |Legend: {{legend2No longer supported versions|border=1px solid #AAAAAA}} {{legend2|#a0e75a|Latest supported release|border=1px solid #AAAAAA}}

See also

{{Portal|Free and open-source software}}

References

{{reflist|30em}}

Further reading

  • {{cite news|last1=Upadhyay|first1=Rajneesh|title=How To Install OPNsense Firewall|url=https://www.unixmen.com/install-opnsense-firewall/|work=Unixmen|date=September 30, 2015}}
  • Jack Wallen (18 April, 2019) [https://www.techrepublic.com/article/how-to-install-the-opnsense-firewallrouter-linux-distribution/ "How to install the OPNsense Firewall/Router distribution"]. TechRepublic.
  • {{cite book | last = Stubbig | first = Markus | year = 2025 | title = Practical OPNsense | publisher = Books on Demand | isbn = 978-3-81927-648-4 }}

External links

  • {{official website|https://opnsense.org}}

{{FreeBSD}}

{{Routing software}}

{{Firewall software}}

{{DEFAULTSORT:OPNsense}}

Category:2015 software

Category:BSD software

Category:Free routing software

Category:FreeBSD

Category:Gateway/routing/firewall distribution

Category:Operating system distributions bootable from read-only media

Category:Wireless access points

Category:Software using the BSD license