Published: in Videos
OPNsense 25.7.5 Update: GeoIP Migration, Network Driver Fixes, and OpenSSL Security Updates
The latest OPNsense release, version 25.7.5, has arrived, bringing a mix of feature changes, system refinements, and important security patches. The headline change in this version is the migration of the GeoIP database from MaxMind to IPinfo, following MaxMind’s recent pricing updates.
Watch the full video walkthrough here:
Highlights of OPNsense 25.7.5
- GeoIP database now uses IPinfo as the data source
- Stability fixes for several network drivers
- OpenSSL security update
- Updated FreeBSD base and ports (curl, NSS, OpenSSL, etc.)
- Kea DHCP improvements including DHCP option 121 support
- General bug fixes and backend clean-ups
GeoIP Migration to IPinfo
This update replaces the MaxMind GeoIP database source with IPinfo due to recent pricing and access changes from MaxMind.
Firewall rules using GeoIP filtering will continue to work normally, but OPNsense now uses the new IPinfo format. Administrators should check any custom GeoIP configurations or automated update scripts to ensure compatibility.
Network Driver and System Fixes
- bnxt: fixed request length handling in the backing store configuration
- iflib: set counter routines before interface attachment
- ifnet: adjusted detaching of address-family data
- ixgbe and ixl: fixed link status logging and interrupt handling
- re driver: added PNP info and ensured correct net epoch context
- vfs: fixed copy_file_range() output parameter handling
These fixes improve reliability for Intel and Broadcom NICs, particularly in high-availability or high-throughput deployments.
Security and Library Updates
OPNsense 25.7.5 includes the latest OpenSSL 3.0.18 update, which patches multiple security vulnerabilities.
Other updated libraries and ports include:
- curl 8.16.0
- expat 2.7.3
- NSS 3.117
- pcre2 10.46
- phpseclib 3.0.47
It's recommended to apply this update promptly to stay protected against the latest vulnerabilities.
Firewall, Captive Portal, and DHCP Improvements
- Added support for IPinfo format in GeoIP configuration
- Improved alias table sizing logic
- Fixed missing flags in GeoIP selection UI
- Captive portal now parses MAC addresses case-insensitively
- Kea DHCP now supports DHCP option 121 (classless static routes) and exposes lease expiration settings in the GUI
These refinements continue to make OPNsense’s configuration tools more flexible and robust for advanced network setups.
Additional System and Plugin Changes
- Added pfsync “defer” option to high availability configuration
- Improved system calls for returning both interfaces in get_nameservers()
- Safeguards added to legacy account sync functions
- Business firmware mirror layout switched
Plugins Updated
- os-etpro-telemetry 1.8 (improved status widget)
- os-shadowsocks 1.3 (update and fixes)
Final Thoughts
OPNsense 25.7.5 is a solid maintenance release that delivers important under-the-hood fixes, security patches, and the transition to IPinfo for GeoIP data. It’s a recommended update for all users, especially those using GeoIP-based firewall rules or running on hardware with Intel or Broadcom NICs.