We are excited to formally announce teaming up with OPNSense to provide HardenedBSD-backed builds of OPNSense. For the past little while, we have been investigating OPNSense for our own purposes. We have been talking with Franco Fichtner, a core OPNSense developer, about the process of building customized builds. He has provided a lot of great input and feedback, answering all our questions.
Last week, we backported our work from the hardened/current/master branch (11-CURRENT) to 10-STABLE. This opened the door to HardenedBSD-based builds of OPNSense. The OPNSense team is already working on using LibreSSL instead of OpenSSL in their distribution. Franco has received multiple requests for HardenedBSD + LibreSSL. OPNSense is working towards using FreeBSD 10.1-RELEASE then will investigate rebasing with HardenedBSD.
We will provide periodic automated builds. The builds will have ASLR, PAGEEXEC/NOEXEC, and all our other various hardening features baked in.
Having an expertly hardened version of OPNSense will create a solid and secure experience. Work is moving at a fast pace. We are looking forward to this new relationship and are excited to see what it brings to the world.