Hi there,

For over a decade now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

25.7, nicknamed "Visionary Viper", features reusable and thoroughly revamped frontend code, an SFTP backup plugin, experimental privilege separation for the GUI, JSON container support for aliases, a new and improved firewall automation GUI, performance enhancements especially for numerous aliases being used at once, Dnsmasq DHCP support, Kea DHCPv6 support, Greek as a new language, FreeBSD 14.3 plus much more.

Download links, an installation guide[1] and the checksums for the images can be found below as well.

Here are the full patch notes:

Migration notes, known issues and limitations:

The public key for the 25.7 series is:

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAn9lXekbm5KcktbiWpmQf
drRC8LmAOTV9Cbdd3em6iDFFcw8vmRS7Rbo2/exxYiPCqEPxxPtUsW+g/a6fqPJp
pof5D1EHWqzPfkjRQV6ipQjm+ocJGkfbeHsp5I77L+w7om5TbPYBkOjg+iMd442d
VYxgqXmMZy+6v78ofVM+wyba0GkRymFt0qf5k5uk3Auztcfanc2Ymsc+PDdjGHQd
c9H8T0T6To8Z0xrbEXzY00IqSRkLto9Cl+xEmEAz/AiEu2WtEadOqSpDy9dsJfQg
HpBQVlGQdphj5zmkqG6JSL1Uw+02OeIXOfFWRtqgW7vMyU0IbER3hLpvh6BlsqNJ
LCPfD7F/dzDPU5LniDRRb4MrTlVpJk2h8pk7GbmJCqAyWJJZ6n3a+InPtUfl9gP5
T0d15N7myh8RLssP+TIy8hiBHtc/yK89dUahGei1xDuh0HdytRLLLWVXqgWwgXhd
9it8l8AJ/D2BtuyExpJOWx3sYvmhJiPN8phCaR2G2E+QRA2X5nHGyUw5jYpKI8Om
Q2khz1PBYcA/T5lKhM3HRFCu2HZsPKT5CEevZfUuPDXIqwx+LMFs6qqbzbGrdn1F
H6ZSlG0BWuokeyjhN2mB0Fr6kdLobmfVgZHUS7KOwcI9BdftSDbEk8kMxrQlwugh
4I1hTrAycMERbjeUKg1plx8CAwEAAQ==
-----END PUBLIC KEY-----


Stay safe and keep believing,
Your OPNsense team

SHA256 (OPNsense-25.7-dvd-amd64.iso.bz2) = fa4b30df3f5fd7a2b1a1b2bdfaecfe02337ee42f77e2d0ae8a60753ea7eb153e
SHA256 (OPNsense-25.7-nano-amd64.img.bz2) = f58f57da42a2a6d445b6e04780572d6e2d6d9ceaff8a9e5f7bbefd0fedeaa3c0
SHA256 (OPNsense-25.7-serial-amd64.img.bz2) = 889d81fa738d472b996008c35718278e2076d19b7bbc108f2dc04353e01766fd
SHA256 (OPNsense-25.7-vga-amd64.img.bz2) = 705e112e3c0566e6e568605173a8353a51d48074d48facf5c5831d2a0f7fb175