Sun. Mar 29th, 2020

OPNsense 20.1.2 released, FreeBSD based firewall and routing platform

3 min read

OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.

OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining  familiar aspects of both m0n0wall and pfSense. A strong focus on security and code quality drives the development of the project.

OPNsense offers weekly security updates with small increments to react on new emerging threats within in a fashionable time.  A fixed release cycle of 2 major releases each year offers businesses the opportunity to plan upgrades ahead. For each major release a roadmap is put in place to guide development and set out clear goals.


  • Dashboard
    OPNsense offers a dashboard feature to quickly check the status of your OPNsense Firewall.Shown is the latest version with drag and drop multi collumn support.
  • Modern User Interface
  • Stateful Firewall
  • Aliases & GeoLite Country Database
  • Traffic Shaper
  • Two-factor authentication
    Supported 2FA services include:

    • OPNsense Graphical User Interface
    • Captive Portal
    • Virtual Private Networking – OpenVPN & IPsec
    • Caching Proxy
    • OPNsense Captive Portal
  • Captive Portal
  • Virtual Private Network – IPsec & OpenVPN GUI
  • High Availability / Hardware Failover (CARP)
  • Caching Proxy
  • Intrusion Detection & Prevention
  • Integrated support for ET Open rules.
  • Integrated SSL Blacklist (SSLBL)
  • Intergrated Feodo Tracker
  • SSL Finger Printing
  • Backup & Restore
  • Reporting & Monitoring
  • Firmware & Plugins
  • Free Up-to-Date Online Manual


Changelog OPNsense 20.1.2

Here are the full patch notes:

o system: fix leap year issue in new log reader
o system: add valid from and to dates to user certs display
o system: drop unused and
o interfaces: make sure descriptions are properly cleansed
o interfaces: introduce interfaces_primary_address6()
o interfaces: validate interface input in packet capture
o firewall: immediately download GeoIP if not already found
o firewall: improve performance when working with large number of aliases
o firewall: fix visibility on internal CARP rules
o captive portal: fix expiry and validity for vouchers (contributed by xx4h)
o dhcp: fix DNS registration for DHCPv6 static mappings (contributed by maurice-w)
o dhcp: add icons next to online/offline lease status (contributed by Tyler Ham)
o ipsec: allow configuration of inactivity parameter (contributed by Marcel Menzel)
o unbound: minor changes while scanning ACL subnets
o web proxy: work around to skip passing additional auth properties
o backend: allow pluginctl to return config.xml values
o console: improve type checks in set address function
o rc: join CARP early startup scripts
o plugins: os-dnscrypt-proxy fix for on reboot
o plugins: os-dyndns 1.20 fixes verify restrictions, GratisDNS and missing break for Linode (contributed by NOYB, Johan Pramming, Andrew Gunnerson)
o plugins: os-maltrail 1.4[1]
o plugins: os-nrpe fix for on reboot
o plugins: os-tinc 1.5 fixes bug in IPv6 support (contributed by vnxme)
o src: fix imprecise ordering of SSP canary initialization[2]
o src: fix nmount invalid pointer dereference[3]
o src: fix libfetch buffer overflow[4]
o src: fix kernel stack data disclosure[5]
o ports: ca_root_nss 3.50
o ports: php 7.2.28[6]
o ports: squid 4.10[7]
o ports: suricata 4.1.7[8]
o ports: syslog-ng 3.25.1[9]
o ports: unbound 1.10.0[10]