19/6/23, 11:43 How to Update OPNsense? - zenarmor.

com

Network Security Tutorials Firewalls OPNsense How to Update OPNsense?

How to Update OPNsense?

OPNsense update is critical for cyber security. The sooner you update, the sooner you'll be able to rest assured that your
network is more secure. Keeping your systems up-to-date by regular updates has the following benefits:

Updates may provide new or improved features, as well as improved compatibility with various devices or
applications. They may also improve the stability of the system and remove outdated features.

They frequently include critical security patches. So that, you may keep hackers out and protect your network
infrastructure against cyber attacks.

They generally fix or remove software bugs.

The update schedule for OPNsense consists of two major releases per year, which are updated every two weeks. In
addition to scheduled major updates, OPNsense is updated weekly to act quickly on known security threats. The version
number of major releases consists of the year and month of release (e.g., 21.7 for the July 2021 release), with fortnightly
updates adding a third number (e.g. 21.7.2 for the second update to 21.7).

Version Release Date

23.1 January 13th 2023

21.7.2 September 8th 2021

21.7.1 August 4th 2021

21.7 July 28th 2021

21.1.9 July 27, 2021

21.1.8 July 7, 2021

21.1.7 June 17, 2021

21.1.6 Mayy 27, 2021

21.1.5 April 21, 2021

21.1.4 March 30, 2021

21.1.3 March 10, 2021

21.1.2 February 23, 2021

21.1.1 February 09, 2021

21.1 January 28, 2021

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 1/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

Version Release Date

21.1.r1 January 13, 2021

Table 1. OPNsense 21.x Community Edition relase dates

You may follow the announcements on the OPNsense forum (https://forum.opnsense.org/index.php?board=11.0) for all
OPNsense releases. Also, major releases are announced on the OPNsense blog posts (https://opnsense.org/blog/). Full
patch notes, fix notes, known issues, and limitations are shared on these announcements. Some updates may require a
system reboot. Also, there may be issues or limitations that cause service interruptions on your system. Therefore, It is
strongly recommended to read the release notes before upgrading the OPNsense system.

When there is an OPNsense release update available, you may see the update reminder on the OPNsense web UI
dashboard.

OPNsense manual update is a straightforward process that can be accomplished via both OPNsense web UI or
console/CLI easily. In this OPNsense update guide, we will cover both methods briefly.

DANGER

OPNsense automatic updates, especially for major releases are not recommended.

How to Update OPNsense Settings?

You may change the OPNsense update settings according to your requirements by doing the following or leave them as
default:

Navigate to the System -> Firmware -> Settings .

Set the next options listed below as you need and then click Save to apply the changes.

1. Firmware Mirror
You can specify the mirror site from which OPNsense attempts to obtain updates. If you're having trouble updating or
searching for updates, or if your current mirror is running slowly, you can switch to another one here.

Figure 1. Selecting OPNsense Mirror

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 2/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

2. Firmware Flavour
OPNsense comes in a variety of firmware cryptography flavours. Currently, these flavours determine whether to use
OpenSSL or LibreSSL. The default setting is OpenSSL.

Figure 2. Selecting OPNsense Flavour.

3. Release Type
There are three options available for the release type of the OPNsense.

Business: OPNsense Business Edition is destined for businesses, enterprises, and professionals seeking a more
selective upgrade path, additional commercial features, and a more commercial way to support the project than
donating.

Community: This release is tested on a fortnightly basis and is suitable for production environments.

Development: This release is the most recent release but untested.

DANGER

Please keep this setting set to Community unless you fully understand the implications of changing it.

Figure 3. Selecting OPNsense Release Type

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 3/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

4. Subscription
If you have a Business license, you should provide your subscription key in this field.

Figure 4. Firmware Status

How to Upgrade OPNsense?

You may update the OPNsense firewall via either OPNsense web GUI or OPNsense console/command line(CLI). However,
major release upgrades should be performed via console which is also known as an offline upgrade. You may find more
information about the offline upgrade of the OPNsense below.

Updating OPNsense on Web GUI

To update the OPNsense node on the web GUI, follow the steps given below.

1. Login OPNsense web GUI as root .

Figure 5. OPNsense web login

2. Navigate to the System -> Firmware -> Updates -> Status .

3. Click Check for updates button under the Status tab.

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 4/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

Figure 6. Checking for OPNsense updates on Web GUI

:::info You may click on the Click to check for updates. link in the System Information pane on the Dashboard
and then click on the Update button. :::

Figure 7. Checking for updates on OPNsense Dashboard

4. When there is an update available, the Update button is displayed at the bottom of the update packages list.

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 5/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

Figure 8. OPNsense available update packages list

When there is a new release available, release notes will be displayed. After reading the notes, you may click the
Close button to close the notification window.

Figure 9. OPNsense 21.1.9 Release notes

5. Click Update button for update. This will fetch and update the packages on the OPNsense system.

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 6/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

Figure 10. Fetching and updating the OPNsense packages

6. When the OPNsense update is completed successfully, DONE message is displayed under the Updates pane.

Figure 11. Updating the OPNsense is completed

7. You may view the installed OPNsense version in the System Information pane on Dashboard .

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 7/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

Figure 12. Viewing the OPNsense version on Dashboard

How to Update OPNsense from Web GUI

8. After updating your OPNsense firewall, you may run the audit by clicking on the Run Audit dropdown menu on the
Status pane of the Systems: Firmware page.

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 8/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

Figure 13. Running Audit on OPNsense

The following options are available for OPNsense audit:

1. Connectivity: Checks the mirror connection and updates the repositories

Figure 14. Connectivity Audit

2. Health: Health audit checks for missing dependencies, missing kernel files, core package consistencies

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 9/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

Figure 15. Health Audit

3. Security: Vulnerabilities on the OPNsense listed on the audit security report.

Figure 16. Audit security report

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 10/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

How to Run Audit on OPNsense

Updating OPNsense on Console/CLI

1. Connect the OPNsense via VGA display or serial port.

2. Login as root . Then, the console menu will be displayed.

3. Select 12) Update from console . Beware that reboot may be necessary. You're asked to proceed to continue. Type y
and press enter. This will automatically fetch all available updates and apply them.

Figure 17. Update OPNsense from console

4. If necessary, OPNsense may reboot. Then, it will be on the desired release.

What is the Offline Upgrade of OPNsense?

Major updates of OPNsense are installed offline. That means no web interface or SSH is available to monitor the upgrade.
If something goes wrong, you'll need a second connection or direct access to revert or repair the VM. Major upgrades of

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 11/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

OPNsense should be performed using a VGA display or serial port so that you can see what is going on.

If there is a major upgrade available for the OPNsense firewall, upgrade instructions are displayed similar to the Figure 18
below when you check for updates on OPNsense web GUI.

Figure 18. OPNsense 21.7 major upgrade instructions

How to connect OPNsense from the serial console?

OPNsense can be controlled via serial in addition to the web user interface, monitor and SSH. Accessing OPNsense via
serial is similar to SSH. You can access your OPNsense node at any time via serial, even when it is not accessible via the
network. This makes it particularly useful for installing OPNsense, performing major system upgrades and performing
emergency troubleshooting when there is a network outage.

Prerequisites
Requirements for the OPNsense serial access are as follows:

A serial interface must be provided as part of the OPNsense installation ( hardware or virtual)

Software that can be used to connect to the serial interface, such as PuTTY, minicom, screen, etc.)

For a bare metal installation, you will also require the following:

a null modem cable

If your computer does not have an RS232 port, you will require a USB to RS232 converter.

Connecting to the serial console

If you previously installed OPNsense using a non-serial installer, serial access must be enabled. To enable serial access on
OPNsense,

1. Login as root via the web interface.

2. Navigate to System -> Settings -> Administration .

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 12/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

3. Scroll down to Console and select Serial console as the primary or secondary console.

4. Click Save button at the bottom of the page.

Figure 19. Console settings on OPNsense

DANGER

Please keep in mind that this is only required if you have already installed OPNsense and did not use the serial
installer. Serial access is already available in all other cases (accessing BIOS, running the serial installer, connecting
to a serial installation).

On Unix-like systems, use the minicom to connect to the serial console at 115200 baud. The device name can differ
depending on the system and serial device. Here are some examples of names:

/dev/cuau0 (serial port, FreeBSD or HardenedBSD)

/dev/cuaU0 (usb-to-serial, FreeBSD or HardenedBSD)

/dev/ttyS0 (serial port, Linux)

/dev/ttyUSB0 (usb-to-serial, Linux)

COM1, COM2, etc. (Windows)

/dev/tty.usbmodem1112421 (usb-to-serial, macOS)

minicom -b 115200 -D /dev/ttyS0

INFO

If you have a number of devices of the same type, as shown here:

ls /dev/ttyUSB*
/dev/ttyUSB0 /dev/ttyUSB1

You may disconnect one of the serial devices to see which one is still active, or you may investigate the dmesg log to
find out the vendor of the device node. To determine which device it is, look for a message that contains the phrase
now attached to ttyUSB1 . Following that, you may compare the previous output to the output of a tool such as
lsusb .

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 13/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

NOTE

Since accessing the serial device is restricted, you should run the command as root on Linux / BSD.

If authentication is enabled and OPNsense is running, you will now be prompted for your username and password.
Otherwise, the menu appears (at least after pressing enter). The credentials are identical to those required for SSH.

NOTE

The screen does not always update automatically. If you connect but receive no output, try pressing Enter first
before looking into the other (more complex) potentials.

Another issue is that when connecting via screen , you may be unable to scroll but you can still pipe the output using
more or less .

Major Upgrade of OPNsense from Console/CLI

To deploy a major upgrade on an OPNsense firewall, you may follow the next instructions given below:

1. Connect the OPNsense via VGA display or serial port.

2. Login as root . Then, the console menu will be displayed.

3. Select 12) Update from console . You're asked whether you want to upgrade to the most recent version or the next
major release.

Figure 20. Update OPNsense from console

4. Type in the major release number (for example 21.7 ) and press enter. All release files will be downloaded for an
offline upgrade (kernel, packages etc.). Then, OPNsense will reboot.

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 14/15
19/6/23, 11:43 How to Update OPNsense? - zenarmor.com

Figure 21. Installing major updates for OPNsense 21.7 on console

5. After a reboot, it will install all updates. Once the installation is completed, it will reboot again, at which point it should
be on the preferred release.

How to Perform Major Upgrade on OPNsense from Console-CLI

https://www.zenarmor.com/docs/network-security-tutorials/how-to-update-opnsense 15/15