OPNsense Celebrates 10 Years with the 25.1 “Ultimate Unicorn” Release

OPNsense 25.1 open-source firewall and routing platform rolls out powered by FreeBSD 14.2, with a revamped UI, ZFS snapshot support, and more.
OPNsense Celebrates 10 Years with the 25.1 "Ultimate Unicorn" Release

OPNsense, a renowned free and open-source firewall and routing software, is celebrating its tenth anniversary with the release of v25.1, “Ultimate Unicorn,” now available to download, bringing in some new features and improvements, with the most notable being:

  • The foundation of OPNsense 25.1 now relies on FreeBSD 14.2, PHP 8.3, and updated ports such as OpenVPN 2.6.13, Lighttpd 1.4.77, and radvd 2.20.
  • The user, group, and privilege management sections have been migrated to MVC/API, removing older legacy features such as the manual LDAP importer. In addition, support for custom additions to sshd_config has been added, and administrators are now able to receive persistent notifications.
  • The release brings refined configuration steps for PPP devices, consolidation of various network logs, and new support for RFC 5549 routes.
  • With better bridging features, refined rule creation, and multi-select options for source and destination addresses, administrators can expect a more intuitive firewall management experience. Notably, an inline shaper support option has also been introduced.
  • The user interface sports a fresh look in this release, featuring updated Font Awesome 6 icons as well as a light and dark theme. For instance, the redesigned default theme now accommodates more responsive search and edit functions throughout the dashboard.
OPNsense 25.1 open-source firewall default dark theme.
OPNsense 25.1 open-source firewall default dark theme.

While upgrading to OPNsense 25.1, administrators should be aware of a few structural and behavioral changes:

  • Access management has been rewritten in MVC, dropping older functionality (e.g., the manual LDAP importer) in favor of on-demand user creation and default group setup. The privilege editor has been consolidated, and certain deprecated privileges have been removed.
  • PPP devices can no longer be set up on the standard interface configuration page. Instead, these settings now reside under a dedicated PPP device edit page.
  • The stock pf behavior in FreeBSD 14.2 now includes state tracking for ICMPv6 neighbor discovery, which some 24.7.x users had previously avoided.
  • Finally, keep in mind that Let’s Encrypt is discontinuing support for the OCSP Must Staple extension after January 30, 2025. Any issuance requests with this extension still enabled beyond that date will fail.

Visit the release announcement for detailed information about all changes in the latest version. The full changelog is here. You can get OPNsense 25.1 from the project site’s download section.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Related Posts