An fito da ƙaramin kayan rarraba don ƙirƙirar bangon wuta da ƙofofin hanyar sadarwa pfSense 2.5.0 an saki. Rarraba ya dogara ne akan tushen lambar FreeBSD ta amfani da ci gaban aikin m0n0wall da kuma amfani da PF da ALTQ mai aiki. Hoton iso don gine-ginen amd64, girman 360 MB, an shirya don saukewa.
Ana sarrafa kayan rarrabawa ta hanyar haɗin yanar gizo. Ana iya amfani da Portal Captive, NAT, VPN (IPsec, OpenVPN) da PPPoE don tsara ficewar masu amfani a cikin hanyar sadarwa mai waya da mara waya. Yana goyan bayan zaɓuɓɓuka masu yawa don iyakance bandwidth, iyakance adadin haɗin kai lokaci guda, tace zirga-zirga da ƙirƙirar jeri-haƙuri na kuskure dangane da CARP. Ana nuna kididdigar aiki a cikin nau'i na jadawali ko a cikin tsari na tebur. Ana samun goyan bayan izini daga bayanan mai amfani na gida, haka kuma ta RADIUS da LDAP.
Canje-canje masu mahimmanci:
- An sabunta abubuwan tsarin tushe zuwa FreeBSD 12.2 (An yi amfani da FreeBSD 11 a reshe na baya).
- Canji zuwa OpenSSL 1.1.1 da OpenVPN 2.5.0 tare da tallafi ga ChaCha20-Poly1305 an yi.
- Ƙara aikin WireGuard VPN yana gudana a matakin kernel.
- An ƙaura ƙaƙƙarfan saitin baya na Swan IPsec daga ipsec.conf don amfani da swanctl da tsarin VICI. Ingantattun saitunan rami.
- Ingantacciyar hanyar sarrafa takaddun shaida. Ƙara ikon sabunta shigarwar a cikin mai sarrafa takaddun shaida. Bayar da sanarwa game da ƙarewar takaddun shaida. An bayar da ikon fitar da maɓallan PKCS #12 da ma'ajiyar bayanai tare da kariyar kalmar sirri. Ƙara goyon baya don Takaddun Takaddun Kwamfuta na Elliptic (ECDSA).
- An canza ƙarshen baya don haɗawa zuwa cibiyar sadarwar mara waya ta hanyar Portal Captive an canza sosai.
- Ingantattun kayan aikin don tabbatar da haƙurin kuskure.
source: budenet.ru