+49 8431 - 536737-0 info@datazone.de WhatsApp DE
Remote Support Start download

OPNsense 21.1 Release

OPNsenseNetworkingSecurity
OPNsense 21.1 Release

OPNsense 21.1, codenamed “Marvelous Meerkat”, has been released and brings extensive innovations to the open-source firewall platform.

Key New Features

HardenedBSD 12.1

OPNsense 21.1 is based on HardenedBSD 12.1, a security-hardened FreeBSD variant:

  • Updated kernel with security improvements
  • ASLR (Address Space Layout Randomization)
  • Improved exploit mitigation
  • Updated drivers and hardware support

Firmware Health Check

A new firmware health check system has been introduced:

  • Automatic firmware integrity verification
  • Detection of damaged packages
  • Proactive warnings for issues
  • Simplified troubleshooting

WireGuard Improvements

The WireGuard integration has been significantly improved:

  • Kernel-based WireGuard for better performance
  • Simplified configuration
  • Improved status display
  • Multi-peer support
  • Extended routing options

Firewall Updates

  • Redesigned alias management
  • Improved GeoIP filtering with automatic updates
  • Extended logging functionality
  • Optimized rule processing
  • Improved NAT configuration

DNS Improvements

  • Updated Unbound DNS with DNSSEC improvements
  • Improved DNS-over-TLS support
  • Optimized DNS resolution
  • Extended blocklist management

Intrusion Detection and Prevention

  • Updated Suricata engine
  • Improved rulesets
  • Optimized performance
  • Extended alert categorization

Web Interface

The web interface received extensive updates:

  • Modernized design
  • Improved dashboard widgets
  • Faster navigation
  • Extended search functionality
  • Improved mobile view

Plugins

Numerous plugins have been updated:

  • HAProxy with new features
  • Nginx plugin improvements
  • Updated Zabbix agent plugin
  • New Crowdsec plugin

Migration from 20.7

The upgrade from OPNsense 20.7 to 21.1 can be performed via the web interface. As always, a backup of the configuration before the upgrade is recommended.

Important: Some plugin APIs have changed. Please review the release notes for possible breaking changes before upgrading.

Conclusion

OPNsense 21.1 is a solid major release with a focus on security and performance. The migration to HardenedBSD and the improved WireGuard integration make the platform even more attractive for security-conscious enterprises. We are happy to support you with the migration and operation of your OPNsense firewall.

More on these topics:

OPNsense Firewall

More articles

OPNsense VLAN Routing: 6 Best Practices for SMB Networks

Plan OPNsense VLAN routing right: management isolation, per-VLAN DHCP, default-deny, MAC tracking, Unbound views and IoT segmentation explained.

OPNsense HAProxy plus Lets Encrypt: Multi-Domain Setup

OPNsense HAProxy with Lets Encrypt as a central reverse proxy: SNI routing, ACME plugin, DNS-01 challenge and automated certificate renewal for SMB setups.

GDPR Logging Requirements 2026: What to Log and What Not To

GDPR-compliant logging in 2026: mandatory security and PII access logs, forbidden fields, retention periods, and pseudonymization in ELK and Loki.

Back to overview

Need IT consulting?

Contact us for a no-obligation consultation on Proxmox, OPNsense, TrueNAS and more.

Get in touch