OPNsense 17.7.6

OPNsense 17.7.6 : Nouveautés et changements

Dear all,

What a KRACKing week it has been! In order to move past the WPA2 KRACK attacks we have updated hostapd and wpa_supplicant to their latest version 2.6 including the released security fixes. If you use wireless devices you are advised to reboot to properly reload all wireless services.

In more positive news, plugins for Web Proxy SSO support and Siproxd have been publicly released with this version. Additionally, multi-remote OpenVPN client configurations are now easily possible via the GUI. We also thank Fabian Abplanalp and HiHo.ch for providing a mirror in Switzerland.

Here are the full patch notes:

  • interfaces: mitigate KRACK attacks[1] by using patched hostapd and wpa_supplicant from ports
  • interfaces: added ARP flush to diagnostics page (contributed by Giuseppe De Marco)
  • firmware: opnsense-revert man page examples (contributed by Marco Woitschitzky)
  • firmware: opnsense-update provides locks for the kernel and base sets
  • firmware: opnsense-update provides remote size of kernel and base sets
  • firmware: new mirror in Switzerland via HiHo.ch (contributed by Fabian Abplanalp)
  • firmware: preparations for upcoming page and user-facing feature improvements
  • reporting: traffic mini-graphs switch places with their plain throughput values
  • reporting: return empty file when parameters are missing from insight data export
  • captive portal: improved column header texts in session view
  • ipsec: hide mode selection in phase 1 under IKEv2
  • openvpn: multi-remote support for clients
  • web proxy: allow plugin reload through pluginctl
  • ui: bootgrid tweaks (contributed by Fabian Franz)
  • ui: info command addition to bootgrid (contributed by David Harrigan)
  • rc: pluggable /var MFS support and micromanaging of boot tasks
  • configd: parameter handling rework
  • plugins: os-c-icap 1.3 adds server log view (contributed by Michael Muenz)
  • plugins: os-clamav 1.1 adds version info display and /var MFS support (contributed by Alexander Shursha)
  • plugins: os-freeradius 1.1 (contributed by Michael Muenz)
  • plugins: os-monit 1.4 M/Monit support and fixes (contributed by Frank Brendel)
  • plugins: os-siproxd: 1.0 (contributed by Michael Muenz)
  • plugins: os-web-proxy-sso 2.0 (contributed by Smart-Soft)
  • plugins: os-zerotier 1.3 adds remote network info and local.conf setting (contributed by David Harrigan)
  • ports: curl 7.56.0[2]
  • ports: hostapd 2.6_1[3]
  • ports: phalcon 3.2.3[4]
  • ports: unbound 1.6.7[5]
  • ports: wpa_supplicant 2.6_2[3]

Stay safe,
Your OPNsense team

[1] https://www.krackattacks.com/
[2] https://curl.haxx.se/changes.html
[3] https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
[4] https://github.com/phalcon/cphalcon/releases/tag/v3.2.3
[5] http://www.unbound.net/download.html

Source: OPNsense