+49 8431 - 536737-0 info@datazone.de WhatsApp DE
Remote Support Start download

OPNsense 21.1 Release

OPNsenseNetworkingSecurity
OPNsense 21.1 Release

OPNsense 21.1, codenamed “Marvelous Meerkat”, has been released and brings extensive innovations to the open-source firewall platform.

Key New Features

HardenedBSD 12.1

OPNsense 21.1 is based on HardenedBSD 12.1, a security-hardened FreeBSD variant:

  • Updated kernel with security improvements
  • ASLR (Address Space Layout Randomization)
  • Improved exploit mitigation
  • Updated drivers and hardware support

Firmware Health Check

A new firmware health check system has been introduced:

  • Automatic firmware integrity verification
  • Detection of damaged packages
  • Proactive warnings for issues
  • Simplified troubleshooting

WireGuard Improvements

The WireGuard integration has been significantly improved:

  • Kernel-based WireGuard for better performance
  • Simplified configuration
  • Improved status display
  • Multi-peer support
  • Extended routing options

Firewall Updates

  • Redesigned alias management
  • Improved GeoIP filtering with automatic updates
  • Extended logging functionality
  • Optimized rule processing
  • Improved NAT configuration

DNS Improvements

  • Updated Unbound DNS with DNSSEC improvements
  • Improved DNS-over-TLS support
  • Optimized DNS resolution
  • Extended blocklist management

Intrusion Detection and Prevention

  • Updated Suricata engine
  • Improved rulesets
  • Optimized performance
  • Extended alert categorization

Web Interface

The web interface received extensive updates:

  • Modernized design
  • Improved dashboard widgets
  • Faster navigation
  • Extended search functionality
  • Improved mobile view

Plugins

Numerous plugins have been updated:

  • HAProxy with new features
  • Nginx plugin improvements
  • Updated Zabbix agent plugin
  • New Crowdsec plugin

Migration from 20.7

The upgrade from OPNsense 20.7 to 21.1 can be performed via the web interface. As always, a backup of the configuration before the upgrade is recommended.

Important: Some plugin APIs have changed. Please review the release notes for possible breaking changes before upgrading.

Conclusion

OPNsense 21.1 is a solid major release with a focus on security and performance. The migration to HardenedBSD and the improved WireGuard integration make the platform even more attractive for security-conscious enterprises. We are happy to support you with the migration and operation of your OPNsense firewall.

More on these topics:

OPNsense Firewall

More articles

Backup Strategy for SMBs: Proxmox PBS + TrueNAS as a Reliable Backup Solution

Backup strategy for SMBs with Proxmox PBS and TrueNAS: implement the 3-2-1 rule, PBS as primary backup target, TrueNAS replication as offsite copy, retention policies, and automated restore tests.

OPNsense Suricata Custom Rules: Write and Optimize Your Own IDS/IPS Signatures

Suricata custom rules on OPNsense: rule syntax, custom signatures for internal services, performance tuning, suppress lists, and EVE JSON logging.

Systemd Security: Hardening and Securing Linux Services

Systemd security hardening: unit hardening with ProtectSystem, PrivateTmp, NoNewPrivileges, CapabilityBoundingSet, systemd-analyze security, sandboxing, resource limits, and creating custom timers.

Back to overview

Need IT consulting?

Contact us for a no-obligation consultation on Proxmox, OPNsense, TrueNAS and more.

Get in touch