OPNsense 22.1, codenamed “Observant Owl”, has been released. This major release brings fundamental changes to the logging system and numerous improvements for network operations.
Release Highlights
New Logging with Syslog-ng
The most important change in OPNsense 22.1 is the switch of the logging system:
- Syslog-ng replaces the previous syslog system
- Significantly more flexible log filtering and forwarding
- Improved remote logging options
- Structured log output
- Better integration with SIEM systems
Unbound DNS Improvements
The integrated DNS resolver has been comprehensively improved:
- Updated Unbound DNS with performance optimizations
- Improved DNS-over-TLS support
- Extended DNSSEC functionality
- Optimized cache management
- Improved DNS blocklist integration
Firewall Improvements
- Redesigned alias management with improved performance
- Extended GeoIP database updates
- Optimized rule processing for large rulesets
- Improved live log with real-time filtering
VPN Updates
- Updated WireGuard kernel module
- Improved OpenVPN client and server
- Optimized IPsec management
- Extended VPN status overview with throughput display
Intrusion Detection
- Updated Suricata IDS/IPS
- Improved ruleset management
- Optimized performance at high throughput
- Extended alert categorization
Web Interface
- Modernized design
- Improved MVC-based pages
- Faster loading times
- Extended diagnostics tools
- Improved API documentation
Security Updates
- Updated base to FreeBSD 13.0-p6
- OpenSSL security updates
- PHP updates
- Various CVE fixes
Migration from 21.7
The upgrade from OPNsense 21.7 to 22.1 can be performed via the web interface. Due to the switch to Syslog-ng, existing log configurations should be reviewed after the upgrade.
Conclusion
OPNsense 22.1 is an important release that brings significant progress with the new Syslog-ng-based logging and the Unbound DNS improvements. As an experienced OPNsense integrator, we are happy to advise you on planning and implementing your firewall infrastructure.
More on these topics:
More articles
Linux Server Hardening: 15-Minute Checklist
Ten concrete hardening steps for a freshly installed Debian, Ubuntu or Rocky Linux server — SSH, updates, firewall, auditing, sudo, limits, services, NTP, logging, kernel sysctl. With commands, doable in a quarter of an hour.
Backup Encryption: Key Management Done Right
Encrypted backups are useless if key management is sloppy. Symmetric vs. asymmetric, vault options, rotation, recovery scenarios and the tool-level practice for PBS, Restic and TrueNAS.
OPNsense 26.7 Release: What's Coming
OPNsense 26.7 is due: what to expect from the traditional July major release — HardenedBSD/FreeBSD update, plugin refresh, GUI improvements. An honest look at the public roadmap.