A compact distribution kit for creating firewalls and network gateways pfSense 2.5.0 has been released. The distribution is based on the FreeBSD code base with the m0n0wall project and active use of pf and ALTQ. An iso image for the amd64 architecture has been prepared for download, 360 MB in size.
The distribution kit is managed via the web interface. Captive Portal, NAT, VPN (IPsec, OpenVPN) and PPPoE can be used to organize the exit of users in a wired and wireless network. Supports a wide range of options for limiting bandwidth, limiting the number of simultaneous connections, filtering traffic and creating fault-tolerant configurations based on CARP. Work statistics are displayed in the form of graphs or in tabular form. Authorization is supported by the local user database, as well as via RADIUS and LDAP.
Key changes:
- Base system components updated to FreeBSD 12.2 (last branch used FreeBSD 11).
- Switched to OpenSSL 1.1.1 and OpenVPN 2.5.0 with ChaCha20-Poly1305 support.
- Added implementation of VPN WireGuard, working at the kernel level.
- The strongSwan IPsec backend configuration has been moved from ipsec.conf to use swanctl and the VICI format. Improved tunnel settings.
- Improved interface for managing certificates. Added the ability to update entries in the certificate manager. Provided output of notifications about the expiration of certificates. The ability to export PKCS #12 keys and archives with password protection is provided. Added support for certificates based on elliptic curves (ECDSA).
- The backend for connecting to a wireless network through the Captive Portal has been significantly changed.
- Improved means to ensure fault tolerance.
Source: opennet.ru