OPNsense 25.1 - 基于 FreeBSD 的开源防火墙和路由平台

OPNsense 25.1 - 基于 FreeBSD 的开源防火墙和路由平台

请访问原文链接：https://sysin.org/blog/opnsense/ 查看最新版。原创作品，转载请保留出处。

作者主页：sysin.org

关于 OPNsense

OPNsense 是一个开源、易于使用且易于构建的基于 FreeBSD 的防火墙和路由平台。OPNsense 包括昂贵的商业防火墙中可用的大部分功能，在许多情况下甚至更多。它带来了丰富的商业产品功能集以及开放和可验证资源的优势。

OPNsense 于 2014 年作为 pfSense® 和 m0n0wall 的分支开始 (sysin)，于 2015 年 1 月首次正式发布。该项目发展非常迅速，同时仍保留了 m0n0wall 和 pfSense 的熟悉方面。对安全性和代码质量的高度关注推动了项目的发展。

OPNsense 每周提供少量安全更新，以在流行时间内对新出现的威胁做出反应。每年有 2 个主要版本的固定发布周期为企业提供了提前计划升级的机会。对于每个主要版本，都会制定一个路线图以指导开发并设定明确的目标。

功能 Features

OPNsense 的功能集包括高端功能，例如前向缓存代理、流量整形、入侵检测和简单的 OpenVPN 客户端设置。最新版本基于 FreeBSD 以获得长期支持，并使用新开发的基于 Phalcon 的 MVC 框架。

OPNsense 对安全性的关注带来了独特的功能，例如使用 LibreSSL 而不是 OpenSSL 的选项（可在 GUI 中选择）和基于 FreeBSD 的自定义版本。

强大可靠的更新机制使 OPNsense 能够及时提供重要的安全更新。

OPNsense Core Features:

• Traffic Shaper
• Two-factor Authentication throughout the system
• Captive portal
• Forward Caching Proxy (transparent) with Blacklist support
• Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
• High Availability & Hardware Failover (with configuration synchronization & synchronized state tables)
• Intrusion Detection and Prevention
• Build-in reporting and monitoring tools including RRD Graphs
• Netflow Exporter
• Network Flow Monitoring
• Support for plugins
• DNS Server & DNS Forwarder
• DHCP Server and Relay
• Dynamic DNS
• Encrypted configuration backup to Google Drive
• Stateful inspection firewall
• Granular control over state table
• 802.1Q VLAN support
• and more.. see features

许可证 LICENSE

OPNsense 已获得 Open Source Initiative approved license 的许可。OPNsense 现在和将来都将提供简单的 2 条款 BSD 许可证。我们认为，一个开源项目应提供构建它的资源和工具。

新增功能

25.1

Ultimate Unicorn

29th January 2025

Base system

• FreeBSD 14.2
• PHP 8.3
• Restructure PPP to allow complex IPv6-only deployments with all implications
• Notification improvements: banner persistent notifications
• Dashboard widget for certificates: expiration hints and delete and renew possibilities
• System: High Availability: Status MVC conversion
• Snapshot functionality for easy recovery
• API enable User and Group administration
• Theme update with new styling and add official dark theme
• System: Settings: Tunables MVC conversion adding API support

Firewall

• Improved security zone support and documentation

Reporting

• RRD statistics refactoring, increases performance and maintainability

Trust

• OpenSSL legacy mode toggle, defaults to off
• Add trust settings module

Services

• Unbound: merge domain overrides into query forwarding

VPN

• VPN: IPsec: Advanced Settings - move to MVC and add some options

下载地址

OPNsense 24.1

• 百度网盘直链：https://pan.baidu.com/s/1WDqEFoziZ5hTUFyomUdF1w?pwd=9qia

• dvd: ISO installer image with live system capabilities running in VGA mode. On amd64, UEFI boot is supported as well.

  • OPNsense-24.1-dvd-amd64.iso.bz2 (SHA256) : 6d1e22713bf031d0a36a73b3820cd1564f426cae9c67a6ade4b7fa6518afa2d5

• vga: USB installer image with live system capabilities running in VGA mode as GPT boot. On amd64, UEFI boot is supported as well.

  • OPNsense-24.1-vga-amd64.img.bz2 (SHA256) : ec08755245017cd449a8d174b6ea7c4e2038c454a8abecfad0d0378729d8b331

• serial: USB installer image with live system capabilities running in serial console (115200) including UEFI support.

  • OPNsense-24.1-serial-amd64.img.bz2 (SHA256) : c4c53e5dd80660cc67b349fa588b3ca11efd9f45d09f6cb391d8e19b48dd7fcc

• nano: a preinstalled serial image for USB sticks, SD or CF cards as MBR boot. These images are 3G in size and automatically adapt to the installed media size after first boot.

  • OPNsense-24.1-nano-amd64.img.bz2 (SHA256) : 6bc86a13bda81702382383b1e9b31550177bafe88fa599e0c2ed8064040461b1

OPNsense 25.1

• 百度网盘直链：https://pan.baidu.com/s/1ZA-DkBMTcA4iN9uN97x-sg?pwd=bciy

• dvd: ISO installer image with live system capabilities running in VGA mode. On amd64, UEFI boot is supported as well.

  • OPNsense-25.1-dvd-amd64.iso.bz2 (SHA256) : 68efe0e5c20bd5fbe42918f000685ec10a1756126e37ca28f187b2ad7e5889ca

• vga: USB installer image with live system capabilities running in VGA mode as GPT boot. On amd64, UEFI boot is supported as well.

  • OPNsense-25.1-vga-amd64.img.bz2 (SHA256) : 89fcf5bdb1d2ea2ea6ba4cdc1268ea0a1e22b944330d7bee0711c8630cc905af

• serial: USB installer image with live system capabilities running in serial console (115200) including UEFI support.

  • OPNsense-25.1-serial-amd64.img.bz2 (SHA256) : 57c05e935790f9b2b800a19374948284889988741cfbaf6fae7600f7a4451022

• nano: a preinstalled serial image for USB sticks, SD or CF cards as MBR boot. These images are 3G in size and automatically adapt to the installed media size after first boot.

  • OPNsense-25.1-nano-amd64.img.bz2 (SHA256) : a51e4499df6394042ad804daa8e376c291e8475860343a0a44d93d8c8cf4636e

更多：Firewall 产品链接汇总