Hi there,

For more than 7 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

22.1, nicknamed "Observant Owl", features the upgrade to FreeBSD 13, switch to logging supporting RFC 5424 with severity filtering, improved tunable sysctl value integration, faster boot sequence and interface initiation and dynamic IPv6 host alias support amongst others.

On the flip side major operating system changes bear risk for regression and feature removal, e.g. no longer supporting insecure cryptography in the kernel for IPsec and switching the Realtek vendor driver back to its FreeBSD counterpart which does not yet support the newer 2.5G models. Circular logging support has also been removed. Make sure to read the known issues and limitations below before attempting to upgrade.

Download links, an installation guide[1] and the checksums for the images can be found below as well.

Here are the full patch notes against version 21.7.7:

Known issues and limitations:

The public key for the 22.1 series is:

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1o1Bk31AcX5xsqgVAoWQ
1fTDznz22ojsK+qCkhW7MKSWlCyEZYEueUtq7hOt/gqttc3qT0WgHjhjI/WE2RQ4
53yfSw/2DDdt3v2WRoupaMzu2Px6I0A+dzo/DM0UWHHsjUaa1HnTvrC14W2vy9wY
rdotDpp6vSA3WoBmpz+6cpAOlOMTboJouaZy2gSAAcFUmnmP6KDE+lQEqudENTpr
wb/tIILTE3s6HMBrnmyTNz3Oyy77qH0Xq4mU0r+GS3If0LN+zIr3evt/hhS80otG
4WA2ifFeoZVUC//ArAqRiuOJKWvDe5455W1tOuoLkVKVwWMUd1YjaLq8/SRNtTVT
jRWO6znUHJa7LKtwY7SJvJ8bl8kR8QnrEBRLqT3IA+FcRH+8RaeCivPV7oS1tMiV
7hUmu4yXkiMU9c/RrUj7UGZfPKa6K1yP2p3pRvHwCpMclhlVdaiAGNQ8X1GmUAmg
3hsoay1ximpj0Yzs+ynDdT1WPkjx8+mDWI08qTuVX+KN3xiohzjxUyD6kBbw2N4z
EkKTu36KLxo+Hs2iHh4iPWV+EZ5pBn/BseUeHha+V76xM/fPU3H2htwF6/lAz3KH
J6cevsMenCaYBAqpUsQMBjxhDgMmpCcjiZRPijFpe5zsNSUD1NJ8QMpecBZCE6Vt
YHWiWxZTN13z4mPqA4uebakCAwEAAQ==
-----END PUBLIC KEY-----


Stay safe,
Your OPNsense team

SHA256 (OPNsense-22.1-OpenSSL-dvd-amd64.iso.bz2) = 72146dd3a8e57774ad12dbaa503c19111e5f1c43db63a32ad2dab6b3ea6f12f1
SHA256 (OPNsense-22.1-OpenSSL-nano-amd64.img.bz2) = ec3b3c5fafc39e9d67c500a31d6c0be99566a130a158a2ae60904e6a6854bf1f
SHA256 (OPNsense-22.1-OpenSSL-serial-amd64.img.bz2) = 418e4abc233a89c11e296f7e510e2074242dc2a285a042592171d45b257c4857
SHA256 (OPNsense-22.1-OpenSSL-vga-amd64.img.bz2) = f791e9024888f5f668175a78cbbcd9eb96b36ba523f38d00cad9dd4d64243b4f