+49 8431 - 536737-0 info@datazone.de WhatsApp DE
Remote Support Start download

OPNsense 21.7 Release

OPNsenseNetworkingSecurity
OPNsense 21.7 Release

OPNsense 21.7, codenamed “Noble Nightingale”, has been released and brings significant improvements to the open-source firewall. This release is based on FreeBSD 13 for the first time and delivers numerous new features.

Release Highlights

FreeBSD 13 as the Base

The switch to FreeBSD 13 is the most important change in this release:

  • Updated network stack with improved performance
  • Better hardware support
  • Updated cryptography libraries
  • Optimized memory management

WireGuard Kernel Module

OPNsense 21.7 integrates a native WireGuard kernel module:

  • Significantly better performance compared to the previous userspace implementation
  • Easier configuration via the web interface
  • Stable operation for site-to-site and road warrior VPN
  • Support for multiple tunnels simultaneously

Improved Firmware Update System

The update system has been fundamentally redesigned:

  • Faster and more reliable updates
  • Better error handling for update issues
  • Easy rollback capability
  • Improved progress display

Firewall Improvements

  • Redesigned alias management
  • Improved GeoIP filtering
  • Optimized rule processing
  • Extended logging capabilities

IPsec Updates

  • Updated strongSwan VPN stack
  • Improved IKEv2 support
  • Extended cipher options
  • Optimized tunnel management

Web Interface

The user interface received various improvements:

  • Modernized dashboard
  • Faster page loading times
  • Improved firmware status widget
  • Extended diagnostics tools

Security Updates

  • Updated OpenSSL
  • Suricata IDS/IPS updates
  • Unbound DNS resolver update
  • Numerous CVE fixes

Migration from 21.1

The upgrade from OPNsense 21.1 to 21.7 can be performed via the web interface under System > Firmware. A prior backup of the configuration is strongly recommended.

Conclusion

OPNsense 21.7 is an important release that brings significant performance improvements with FreeBSD 13 as the base and the native WireGuard kernel module. As an experienced OPNsense integrator, we are happy to advise you on planning and implementing your firewall infrastructure.

More on these topics:

OPNsense Firewall

More articles

Backup Strategy for SMBs: Proxmox PBS + TrueNAS as a Reliable Backup Solution

Backup strategy for SMBs with Proxmox PBS and TrueNAS: implement the 3-2-1 rule, PBS as primary backup target, TrueNAS replication as offsite copy, retention policies, and automated restore tests.

OPNsense Suricata Custom Rules: Write and Optimize Your Own IDS/IPS Signatures

Suricata custom rules on OPNsense: rule syntax, custom signatures for internal services, performance tuning, suppress lists, and EVE JSON logging.

Systemd Security: Hardening and Securing Linux Services

Systemd security hardening: unit hardening with ProtectSystem, PrivateTmp, NoNewPrivileges, CapabilityBoundingSet, systemd-analyze security, sandboxing, resource limits, and creating custom timers.

Back to overview

Need IT consulting?

Contact us for a no-obligation consultation on Proxmox, OPNsense, TrueNAS and more.

Get in touch