+49 8431 - 536737-0 info@datazone.de WhatsApp DE
Remote Support Start download

OPNsense 22.1 Release

OPNsenseNetworkingSecurity
OPNsense 22.1 Release

OPNsense 22.1, codenamed “Observant Owl”, has been released. This major release brings fundamental changes to the logging system and numerous improvements for network operations.

Release Highlights

New Logging with Syslog-ng

The most important change in OPNsense 22.1 is the switch of the logging system:

  • Syslog-ng replaces the previous syslog system
  • Significantly more flexible log filtering and forwarding
  • Improved remote logging options
  • Structured log output
  • Better integration with SIEM systems

Unbound DNS Improvements

The integrated DNS resolver has been comprehensively improved:

  • Updated Unbound DNS with performance optimizations
  • Improved DNS-over-TLS support
  • Extended DNSSEC functionality
  • Optimized cache management
  • Improved DNS blocklist integration

Firewall Improvements

  • Redesigned alias management with improved performance
  • Extended GeoIP database updates
  • Optimized rule processing for large rulesets
  • Improved live log with real-time filtering

VPN Updates

  • Updated WireGuard kernel module
  • Improved OpenVPN client and server
  • Optimized IPsec management
  • Extended VPN status overview with throughput display

Intrusion Detection

  • Updated Suricata IDS/IPS
  • Improved ruleset management
  • Optimized performance at high throughput
  • Extended alert categorization

Web Interface

  • Modernized design
  • Improved MVC-based pages
  • Faster loading times
  • Extended diagnostics tools
  • Improved API documentation

Security Updates

  • Updated base to FreeBSD 13.0-p6
  • OpenSSL security updates
  • PHP updates
  • Various CVE fixes

Migration from 21.7

The upgrade from OPNsense 21.7 to 22.1 can be performed via the web interface. Due to the switch to Syslog-ng, existing log configurations should be reviewed after the upgrade.

Conclusion

OPNsense 22.1 is an important release that brings significant progress with the new Syslog-ng-based logging and the Unbound DNS improvements. As an experienced OPNsense integrator, we are happy to advise you on planning and implementing your firewall infrastructure.

More on these topics:

OPNsense Firewall

More articles

Backup Strategy for SMBs: Proxmox PBS + TrueNAS as a Reliable Backup Solution

Backup strategy for SMBs with Proxmox PBS and TrueNAS: implement the 3-2-1 rule, PBS as primary backup target, TrueNAS replication as offsite copy, retention policies, and automated restore tests.

OPNsense Suricata Custom Rules: Write and Optimize Your Own IDS/IPS Signatures

Suricata custom rules on OPNsense: rule syntax, custom signatures for internal services, performance tuning, suppress lists, and EVE JSON logging.

Systemd Security: Hardening and Securing Linux Services

Systemd security hardening: unit hardening with ProtectSystem, PrivateTmp, NoNewPrivileges, CapabilityBoundingSet, systemd-analyze security, sandboxing, resource limits, and creating custom timers.

Back to overview

Need IT consulting?

Contact us for a no-obligation consultation on Proxmox, OPNsense, TrueNAS and more.

Get in touch