OPNsense 19.1.9 released, FreeBSD based firewall and routing platform


OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.

OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining  familiar aspects of both m0n0wall and pfSense. A strong focus on security and code quality drives the development of the project.

OPNsense offers weekly security updates with small increments to react on new emerging threats within in a fashionable time.  A fixed release cycle of 2 major releases each year offers businesses the opportunity to plan upgrades ahead. For each major release a roadmap is put in place to guide development and set out clear goals.


  • Dashboard
    OPNsense offers a dashboard feature to quickly check the status of your OPNsense Firewall.Shown is the latest version with drag and drop multi collumn support.
  • Modern User Interface
  • Stateful Firewall
  • Aliases & GeoLite Country Database
  • Traffic Shaper
  • Two-factor authentication
    Supported 2FA services include:

    • OPNsense Graphical User Interface
    • Captive Portal
    • Virtual Private Networking – OpenVPN & IPsec
    • Caching Proxy
    • OPNsense Captive Portal
  • Captive Portal
  • Virtual Private Network – IPsec & OpenVPN GUI
  • High Availability / Hardware Failover (CARP)
  • Caching Proxy
  • Intrusion Detection & Prevention
  • Integrated support for ET Open rules.
  • Integrated SSL Blacklist (SSLBL)
  • Intergrated Feodo Tracker
  • SSL Finger Printing
  • Backup & Restore
  • Reporting & Monitoring
  • Firmware & Plugins
  • Free Up-to-Date Online Manual


Changelog OPNsense 19.1.9

o system: add LDAP group synchronisation feature
o system: allow an arbitrary group for sudo like ssh login
o system: stop using a lock around resolv.conf handling
o system: rename a number of service-related functions
o system: login not using cache-safe image yet
o system: add pluginctl -s support
o system: restyle config backup page
o system: fix log split view regression of 19.1.8
o interfaces: remove DHCPv6 on delete and clear config on IPsec assignment
o interfaces: small VIP restructure and IPv6 alias to IPv6 device
o interfaces: subtle changes in IPv6 and variable naming
o interfaces: add missing does_interface_exist() checks
o firewall: support multiple interfaces per NAT port forward rule
o captive portal: use “onestop” to stop service
o intrusion detection: missing header ID in alerts tab
o ipsec: remove remnants of gateway group interface selection
o ipsec: use indirect plugin calls in interface code
o openvpn: add live-search to longer lists in server page
o openvpn: support –cryptoapicert export (sponsored by m.a.x it)
o opnevpn: correctly check for translation in get_carp_interface_status()
o openvpn: use waitforpid() to properly wait for instanes to come up
o openvpn: translate GUI error values when returning them
o openvpn: revamp status page
o unbound: leases watcher file rotation issue
o web proxy: squid log in readable date format (contributed by nhirokinet)
o web proxy: fix non-local authentication regression of 19.1.7
o plugins: os-bind 1.5[1]
o plugins: os-clamav 1.7[2]
o plugins: os-dnscrypt-proxy 1.4[3]
o plugins: os-dyndns clouldflare wildcard domain support
o plugins: os-nginx 1.13[4]
o plugins: os-openconnect 1.4.0[5]
o plugins: os-redis 1.1[6]
o plugins: os-rspamd 1.6[7]
o plugins: os-theme-cicada 1.18 (contributed by Team Rebellion)
o plugins: os-theme-tukan 1.18 (contributed by Team Rebellion)
o ports: curl 7.65.0[8]
o ports: lighttpd 1.4.54[9]
o ports: python 3.7.3[10]
o ports: openssl 1.0.2s[11]
o ports: php 7.2.19[12]