Skip to main content

Published: in Videos

OPNsense 25.7.7 Released – Key Improvements, Fixes, and Why You Should Upgrade

By Sam Sheridan - 9th November, 2025

The latest update to OPNsense, version 25.7.7, has landed, bringing with it a strong focus on security hardening, performance enhancements, and several welcome user interface refinements.

It follows closely on the heels of version 25.7.6, which was released only a few weeks ago. If you’re already running 25.7.6, this update is well worth applying, as it addresses a number of issues introduced in that release.

Whether you’re using OPNsense at home, in a lab environment, or in production, you’ll find this update valuable. However, as I’ve mentioned in previous videos, those running production environments should always wait a week or two before deploying fresh updates — just to make sure any early kinks are ironed out.

Let’s dive into what’s new and improved in OPNsense 25.7.7.

System & Security Updates

One of the biggest focuses in this release is eliminating unsafe shell usage in backend code — a crucial step in reducing the system’s attack surface.

The RID backup mechanism has been simplified to avoid unsafe shell calls that could have previously been used to execute system commands with unsanitised parameters. This change is part of a broader collaboration with the Zero Day Initiative, underscoring the importance of this security enhancement.

Recovery scripts now also use safer command execution methods, improving reliability during recovery scenarios.

A wide range of third-party components have been updated to their latest stable releases — many of which include important security fixes:

  • Suricata → 8.0.2

  • StrongSwan → 6.0.3

  • PHP → 8.3.27

  • Plus updates for libxml2, SQLite, Unbound DNS Resolver, and more.

There’s also a handy factory reset page rewrite, now integrated into the MVC framework. This allows users to reset individual configuration components rather than having to reset the entire system — a great addition for troubleshooting and maintenance.

All in all, OPNsense 25.7.7 makes the platform more secure, resilient, and maintainable.

Firewall & Networking Improvements

For anyone managing firewall rules, aliases, or VPNs, this release delivers several useful upgrades.

  • Alias handling has been improved — fixing IP address search issues and Unicode alias name bugs.

  • The firewall API now accepts lists of interfaces in batches, which is a huge time-saver for automation and multi-interface deployments.

  • OpenVPN certificate revocation handling has been hardened.

  • DHCP via Dnsmasq now exposes additional DHCPv4 options in the UI, giving finer control over network behaviour.

  • The Dynamic Routing plugin (OSPF, BGP, etc.) is updated to version 1.48.

  • The Tayga NAT64 plugin moves to version 1.3, keeping routing and NAT features current.

These changes collectively make your network and firewall more reliable, while improving automation and visibility.

Live Firewall Log Enhancements

The live firewall log viewer has seen significant attention in this release — addressing several browser performance issues introduced in 25.7.6.

It’s now smarter and faster:

  • The log viewer no longer redraws entries when the log pane isn’t visible, improving browser responsiveness.

  • Hostname resolution now happens only for visible entries, saving unnecessary lookups.

  • Event ordering and data display have been corrected, ensuring entries appear in proper sequence.

  • New settings allow you to control table and history limits, which is particularly handy in high-traffic environments.

  • The familiar badge-style indicators for allow/block have returned, making the log easier to scan visually.

These changes also resolve issues where the live log viewer could cause browser crashes (notably in Chrome, Firefox, and Brave).

The developers note that more improvements to the live log viewer are planned — such as a cleaner, less cluttered header display — in future versions.

User Interface Enhancements

The OPNsense team continues to refine the interface for a smoother, more intuitive experience.

  • Data grids across rules, routes, and logs now handle window resizing better, with improved minimum column widths for cleaner layouts.

  • Action buttons (add, delete, etc.) now use icons for better visual clarity.

  • Keyboard shortcuts have been introduced — e.g., A for Advanced, H for Help — improving navigation for power users.

  • GUI theme files have been recompiled using the latest Dart Sass engine, ensuring consistent styling across browsers.

  • A previously broken “Details” button on the interface overview page has been fixed.

A small hotfix was released shortly after 25.7.7 to resolve configuration sync issues and polish up a few remaining UI bugs.

Backup & Snapshots – Don’t Skip This Step

Before upgrading, take a backup — or better yet, if you’re using ZFS, create a snapshot.

This lets you roll back instantly if something goes wrong during or after the update. It’s a feature I use regularly before making any major configuration changes or upgrades.

Once you’ve upgraded, it’s worth checking the core service logs after rebooting to ensure everything has restarted cleanly.

And if you haven’t already, consider signing up to the OPNsense forums. You can subscribe to the Announcements section to stay up to date on the latest releases and security updates.

Upgrading from 25.7.6 to 25.7.7

The upgrade process is straightforward.

After taking a snapshot, head to Firmware → Updates → Check for updates. You’ll see the 25.7.7 release notes listed — apply the update and let the process complete.

Highlights of the included updates:

  • Tailscale → 1.90.4

  • KeePass plugin updated

  • PHP 8.3 improvements

  • No reboot is strictly necessary, but I always recommend doing one after upgrading — just to be safe.

Once complete, you should see your system updated to OPNsense 25.7.7 (Patch 4).

OPNsense Consulting from Sheridan Computers

If your business needs help with OPNsense — whether it’s deployment, configuration, licensing, or hardware — we’re here to help.

As an official OPNsense partner, Sheridan Computers provides consulting, support, and hardware solutions tailored to your environment. Visit SheridanComputers.com to learn more.

If you found this update useful, give the video a like — it helps others find it and lets me know to keep producing these guides.

And of course, subscribe to the channel for future OPNsense release overviews and tutorials.

Thanks for reading, and happy upgrading!

— Sheridan Computers

Would you like me to optimise this for your blog’s SEO (for example: adding meta description, keywords, and excerpt formatting)? I can tailor it for WordPress or Markdown.

Tags:

opnsense firewalls

Got Questions?

Find quick answers to common IT support questions

How quickly can you respond to IT issues?

While many companies claim a 15-minute response, we guarantee a one-hour response time for urgent issues. This realistic timeframe allows our expert team to mobilise properly and arrive fully prepared to diagnose and resolve the problem efficiently - ensuring quality support rather than a rushed service.

How long has Sheridan Computers been established?

We've proudly been established for over 15 years. Our enduring presence in the IT industry is a testament to our commitment to quality, innovation, and reliable service. We’re here for the long haul, continuously evolving to meet the needs of our customers today - and in the future.

IT Emergency?

24/7 emergency IT support available for existing clients

Call Emergency Support
Help & Support
Standard Support Hours

Monday - Friday 8:00 - 17:00
Saturday Closed
Sunday Closed
Client Access
Remote Support Tool Client Portal Login
Other Ways to Reach Us
Email Support
24/7 Emergency Support

Critical issues? Our emergency team is available 24/7 for existing clients.

Emergency Support Line