Kuburitswa kwekiti yekugovera yekugadzira OPNsense 23.1 firewall yakagadzirwa, inova bazi reiyo pfSense purojekiti, yakagadzirwa nechinangwa chekugadzira yakavhurika yakazara yekugovera kit inogona kuve nekushanda padanho rekutengesa zvigadziriso zvekuisa firewalls uye network. magedhi. Kusiyana nepfSense, chirongwa ichi chakamisikidzwa sechisiri kudzorwa nekambani imwe chete, yakagadziridzwa nekutora chikamu kwakananga munharaunda uye ine hurongwa hwekuvandudza hwakajeka, pamwe nekupa mukana wekushandisa chero chayakaitika muzvigadzirwa zvebato rechitatu, kusanganisira zvekutengesa. zvimwe. Iko kunobva kodhi yezvikamu zvekugovera, pamwe nemidziyo inoshandiswa pakuungana, inogoverwa pasi perezinesi reBSD. Magungano akagadzirirwa ari muchimiro cheLiveCD uye system image yekurekodha paFlash drives (399 MB).
Izvo zvakakosha zvemukati zvekugovera zvakavakirwa paFreeBSD kodhi. Pakati pezvinhu zveOPNsense ndeye yakavhurika yekuvaka toolkit, kugona kuisa muchimiro chemapakeji pamusoro penguva dzose FreeBSD, maturusi ekuyera maturusi, webhu interface yekuronga mushandisi kubatana kune network (Captive portal), kuvapo kwemaitiro. yekutevera yekubatanidza nyika (yakajeka firewall yakavakirwa pf), kuseta bandwidth miganhu, traffic kusefa, kugadzira VPN yakavakirwa paIPsec, OpenVPN uye PPTP, kubatanidzwa neLDAP neRADIUS, rutsigiro rweDDNS (Dynamic DNS), hurongwa hwekuona mishumo uye magirafu.
Kugovera kunopa maturusi ekugadzira kukanganisa-kushivirira zvigadziriso zvichibva pakushandiswa kweCARP protocol uye kukubvumira kuti utange, mukuwedzera kune main firewall, iyo backup node iyo inozongoenderana otomatiki padanho rekugadzirisa uye inotora mutoro mukati. chiitiko chekukundikana kwenheyo yekutanga. Iyo maneja inopihwa yemazuva ano uye yakapusa interface yekumisikidza firewall, yakavakwa uchishandisa iyo Bootstrap web framework.
Pakati pekuchinja:
- Shanduko kubva kuFreeBSD 13-STABLE bazi dzatamiswa.
- Yakagadziridzwa shanduro dzemamwe mapurogiramu kubva kumadoko, semuenzaniso, php 8.1.14 uye sudo 1.9.12p2.
- Iyo nyowani DNS-yakavakirwa blocklist kuisirwa yawedzerwa, yakanyorwazve muPython uye inotsigira akasiyana ad uye zvakashata zvinyorwa zvinovharira zvinyorwa.
- Iko kuunganidza uye kuratidzwa kwehuwandu hwekushanda kweUnbound DNS server inopihwa, iyo inokutendera kuti utarise DNS traffic maererano nevashandisi.
- Yakawedzera rudzi rutsva rweBGP ASN firewalls.
- Yakawedzera PPPoEv6 yakasarudzika modhi yekugonesa kugonesa IPv6 Kudzora Protocol.
- Yakawedzerwa rutsigiro rweSLAAC WAN inopindirana isina DHCPv6.
- Zvikamu zvekutora packet uye IPsec manejimendi zvakaendeswa kune iyo MVC chimiro, izvo zvakaita kuti zvikwanise kuita API manejimendi rutsigiro mavari.
- IPsec marongero aendeswa kune iyo swanctl.conf faira.
- Iyo os-sslh plugin inosanganisirwa, ichikubvumidza kuti uwedzere HTTPS, SSH, OpenVPN, tinc uye XMPP yekubatanidza kuburikidza netiweki chiteshi 443.
- Iyo os-ddclient (Dynamic DNS Client) plugin ikozvino inopa kugona kushandisa yako yekumashure, kusanganisira Azure.
- Iyo os-wireguard plugin ine VPN WireGuard yakashandurwa nekukasira kushandisa kernel module (iyo yekare maitiro ekushanda padanho revashandisi yakaendeswa kune yakaparadzana os-wireguard-go plugin).
Source: opennet.ru