How are you doing?
This is the second release candidate for your consideration. A kernel update was included to keep up with FreeBSD stable/14. A few nice things have been added to Dnsmasq as well. This is an online update only.
Here are the development highlights since version 25.1 came out:
- Replace the setup wizard with a modern MVC/API variant
- Switch to reusable frontend code
- ChartJS 4 update and related functionality migrations
- User manager CSV export and import option
- New plugin for SFTP configuration backups
- Move frontend grid from Bootgrid to Tabulator
- Optional privilege separation for the web GUI (running as non-root)
- User/group manager adds optional source network constraint
- JSON container support for aliases
- Firewall automation GUI revamp
- Performance improvements when using large amounts of aliases
- Dnsmasq DHCP support for small and medium sized setups
- Support advanced (manual) configurations in Kea
- Add IPv6 support (including prefix delegation) to Kea
- Bridges MVC migration
- Migrate IPsec mobile page to MVC
- Greek as a new language
- FreeBSD 14.3
And these are the full patch notes against 25.7-RC1:
- system: fix passing "arguments" as parameters for cron jobs
- firewall: code cleanup and performance improvements for alias diagnostics page
- dnsmasq: add CNAME configuration option to host overrides
- dnsmasq: add optional subnet mask to "dhcp-range" to satisfy DHCP relay requirements
- dnsmasq: fix empty DHCP option value spawning stray comma
- lang: make more strings translate-able (contributed by Tobias Degen)
- lang: further updates
- isc-dhcp: add static mapping CSV export
- backend: trigger boot template reload without using configd
- mvc: use getNodeContent to gather grid data
- ui: adjusted grid command column sizes appropriately where needed
- ui: exclude container fields from search functionality for now
- src: bnxt: fix BASE-T, 40G AOC, 1G-CX, autoneg and unknown media lists
- src: net80211: in ieee80211_sta_join() only do_ht if HT is avail
- src: linuxkpi: assorted changes from stable/14
- src: iwlwifi: compile in ACPI support
- src: rtw89: enable ACPI support on FreeBSD
- src: ifconfig: optimise non-listing case with netlink
- src: pf: fix ICMP ECHO handling of ID conflicts
Migration notes, known issues and limitations:
- Deprecated Google Drive backups due to upstream policy changes and moved to plugins for existing users.
- API URLs registered in the default ACLs have been switched from "camleCase" to "snake_case".
- API grid return values now offer "%field" for a value description when available. "field" will now always be the literal value from the configuration. The API previously returned a display value for some field types, but not all.
- Reverted tunables "hw.ibrs_disable" and "vm.pmap.pti" to FreeBSD defaults.
- The new wizard still has bugs relating to disabling LAN configuration.
- Moved OpenVPN legacy to plugins as a first step to deprecation.
- Moved IPsec legacy to plugins as a first step to deprecation.
Stay safe,
Your OPNsense team