distribution kit for creating firewalls , which is an offshoot of the pfSense project, designed to provide a completely open source distribution that could provide functionality at the level of commercial solutions for deploying firewalls and network gateways. Unlike pfSense, the project is positioned as not controlled by one company, developed with the direct participation of the community and has a completely transparent development process, as well as providing the opportunity to use any of its developments in third-party products, including commercial ones. The source texts of the distribution kit components, as well as the tools used for building, under the BSD license. Assemblies in the form of a LiveCD and a system image for writing to Flash drives (280 MB).
The basic stuffing of the distribution is based on the code , which supports a synchronized fork of FreeBSD that integrates additional security mechanisms and techniques to counter exploitation techniques. Among OPNsense can be distinguished by a completely open assembly toolkit, the ability to install in the form of packages over regular FreeBSD, load balancing tools, a web interface for organizing user connection to the network (Captive portal), availability of mechanisms for tracking connection states (stateful firewall based on pf), setting restrictions bandwidth, traffic filtering, creating a VPN based on IPsec, OpenVPN and PPTP, integration with LDAP and RADIUS, support for DDNS (Dynamic DNS), a system of visual reports and graphs.
In addition, the distribution provides tools for creating fault-tolerant configurations based on the use of the CARP protocol and allowing you to run a spare node in addition to the main firewall, which will be automatically synchronized at the configuration level and take over the load in case of failure of the primary node. For the administrator, a modern and simple interface for setting up a firewall is offered, built using the Bootstrap web framework.
In the new version:
- Increased performance of the web interface for connecting users to a wireless network (Captive portal);
- Support for public key authentication has been implemented for IPsec;
- Added the ability to create certificates using algorithms based on elliptic curves;
- Added support for VXLAN and Loopback devices;
- Enhanced firmware health checks;
- In the rules bound to the network interface, it is possible to set binding to the direction of packets (incoming/outgoing) and work in non-quick mode (the last rule that satisfies the conditions is triggered, not the first one);
- The logging frontend has been rewritten using the MVC framework and now supports API management;
- The default Python version is 3.7;
- Updated software versions, including LibreSSL 3.0, OpenSSL 1.1.1, php 7.2.27, isc-dhcp 4.4.2, zabbix4-proxy 1.2 and jQuery 3.4.1;
- Added support for Google Backup API 2.4.
Source: opennet.ru