Iyo compact yekugovera kit yekugadzira firewall uye network magedhi pfSense 2.5.0 yakaburitswa. Iko kugoverwa kunoenderana neiyo FreeBSD kodhi base uchishandisa kuvandudzwa kweiyo m0n0wall purojekiti uye kushandiswa kwekushanda kwe pf uye ALTQ. Iyo iso mufananidzo weamd64 architecture, 360 MB muhukuru, wakagadzirirwa kurodha.
Iyo kit yekugovera inotungamirwa kuburikidza newebhu interface. Yakasungwa Portal, NAT, VPN (IPsec, OpenVPN) uye PPPoE inogona kushandiswa kuronga kubuda kwevashandisi mune wired uye isina waya network. Inotsigira zvakasiyana-siyana zvezvisarudzo zvekudzikamisa bandwidth, kuderedza nhamba yekubatanidza panguva imwe chete, kusefa traffic uye kugadzira kukanganisa-kushivirira zvigadziriso zvinoenderana neCARP. Nhamba dzebasa dzinoratidzwa muchimiro chegirafu kana mune tabular fomu. Mvumo inotsigirwa nedhatabhesi remushandisi wenzvimbo, pamwe neRADIUS uye LDAP.
Kuchinja kukuru:
- Iyo base system zvikamu zvakagadziridzwa kuFreeBSD 12.2 (FreeBSD 11 yakashandiswa mubazi rapfuura).
- Shanduko kuenda kuOpenSSL 1.1.1 uye OpenVPN 2.5.0 nerutsigiro rweChaCha20-Poly1305 yaitwa.
- Yakawedzera VPN WireGuard kuitiswa inomhanya padanho re kernel.
- Iyo yakasimbaSwan IPsec backend configuration yatamiswa kubva ipsec.conf kushandisa swanctl uye VICI fomati. Zvigadziriso zvetunnel zvakavandudzwa.
- Yakavandudzwa setifiketi manejimendi. Yakawedzera kugona kugadzirisa zvinyorwa mumaneja wechitupa. Kupa zviziviso nezve kupera kwezvitupa. Iko kugona kutumira kunze PKCS #12 makiyi uye archives ane password dziviriro inopihwa. Yakawedzerwa rutsigiro rweElliptic Curve Certificates (ECDSA).
- Iyo yekumashure yekubatanidza kune isina waya network kuburikidza neCaptive Portal yakashandurwa zvakanyanya.
- Zvishandiso zvakavandudzwa zvekuvimbisa kukanganisa kushivirira.
Source: opennet.ru