Mon. Jan 27th, 2020

OPNsense 20.1-RC1 released, FreeBSD based firewall and routing platform

3 min read

OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.

OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining  familiar aspects of both m0n0wall and pfSense. A strong focus on security and code quality drives the development of the project.

OPNsense offers weekly security updates with small increments to react on new emerging threats within in a fashionable time.  A fixed release cycle of 2 major releases each year offers businesses the opportunity to plan upgrades ahead. For each major release a roadmap is put in place to guide development and set out clear goals.


  • Dashboard
    OPNsense offers a dashboard feature to quickly check the status of your OPNsense Firewall.Shown is the latest version with drag and drop multi collumn support.
  • Modern User Interface
  • Stateful Firewall
  • Aliases & GeoLite Country Database
  • Traffic Shaper
  • Two-factor authentication
    Supported 2FA services include:

    • OPNsense Graphical User Interface
    • Captive Portal
    • Virtual Private Networking – OpenVPN & IPsec
    • Caching Proxy
    • OPNsense Captive Portal
  • Captive Portal
  • Virtual Private Network – IPsec & OpenVPN GUI
  • High Availability / Hardware Failover (CARP)
  • Caching Proxy
  • Intrusion Detection & Prevention
  • Integrated support for ET Open rules.
  • Integrated SSL Blacklist (SSLBL)
  • Intergrated Feodo Tracker
  • SSL Finger Printing
  • Backup & Restore
  • Reporting & Monitoring
  • Firmware & Plugins
  • Free Up-to-Date Online Manual


Changelog OPNsense 20.1-RC1

o system: support for manually removing static route entries
o system: migrated logging to MVC
o system: regenerate default DH parameters
o system: randomize session ID in test cookie
o system: remove legacy XMLRPC push on changes
o system: deprecate the use of
o system: opt-out on “Allow DNS server list to be overridden by DHCP/PPP on WAN” for selected interfaces
o system: increase PHP memory limit to 512 MB
o system: opnsense-auth can now respond with extended properties in JSON on successful authentication
o interfaces: loopback device support
o interfaces: VXLAN device support
o interfaces: first steps toward fully pluggable device infrastructure
o interfaces: remove default load of netgraph framework on bootup
o interfaces: interfaces: move description into top block and rename titles
o interfaces: only trigger newwanip event for affected interfaces
o firmware: revoke 19.1, trust 20.1 fingerprint
o firmware: new mirror in Zurich, CH contributed by ServerBase AG
o firmware: add live search to mirror selection
o dhcp: add OMAPI configuration support (contributed by Yuri Moens)
o ipsec: add configurable dpdaction (contributed by  Marcel Menzel)
o ipsec: refactor tunnel settings page
o unbound: add options for logging queries and extended statistics (contributed by Flightkick)
o mvc: BaseListField ignoring empty selected field
o ui: jQuery 3.4.1
o plugins: os-dyndns 1.19 adds dynv6 and Azure DNS support (contributed by Ralf Zerres and martgras)
o plugins: os-haproxy 2.20[2]
o plugins: os-zabbix-agent 1.7[3][4]
o ports: ca_root_nss 3.49.1
o ports: curl 7.68.0[5]
o ports: openssl 1.1.1d[6]

Known issues and limitations:

o HardenedBSD 12.1 has been postponed to the next major release
o Nano growfs does not work on this release candidate, but a fix for 20.1 already exists
o Installer still advertises 19.7, but a fix for 20.1 already exists
o Legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates
o i386 has not been deprecated for the time being 😉