Ho entsoe tokollo ea setsi sa kabo bakeng sa ho theha li-firewall tsa OPNsense 23.1, e leng lekala la projeke ea pfSense, e entsoeng ka sepheo sa ho theha lisebelisoa tse bulehileng ka ho felletseng tse ka bang le ts'ebetso maemong a tharollo ea khoebo bakeng sa ho tsamaisa li-firewall le marang-rang. dikgoro. Ho fapana le pfSense, morero ona o behiloe ha o sa laoloe ke k'hamphani e le 'ngoe, e ntlafalitsoeng ka ho kenya letsoho ka ho toba sechabeng' me e na le ts'ebetso ea nts'etsopele e hlakileng ka ho feletseng, hammoho le ho fana ka monyetla oa ho sebelisa leha e le efe ea tsoelo-pele ea eona lihlahisoa tsa batho ba bang, ho kenyelletsa le khoebo. tse ling. Khoutu ea mohloli oa likarolo tsa kabo, hammoho le lisebelisoa tse sebelisoang bakeng sa kopano, li ajoa tlasa laesense ea BSD. Likopano li lokiselitsoe ka mokhoa oa LiveCD le setšoantšo sa sistimi bakeng sa ho rekota ho li-flash drives (399 MB).
Litaba tsa mantlha tsa kabo li thehiloe ho khoutu ea FreeBSD. Har'a likarolo tsa OPNsense ke sesebelisoa sa ho haha se bulehileng ka ho feletseng, bokhoni ba ho kenya ka mokhoa oa liphutheloana ka holim'a FreeBSD e tloaelehileng, lisebelisoa tsa ho leka-lekanya thepa, sebopeho sa websaete bakeng sa ho hlophisa likhokahano tsa basebelisi ho marang-rang (Captive portal), boteng ba mekhoa. bakeng sa ho latela melao ea khokahano (firewall e hlakileng e thehiloeng ho pf), ho beha meeli ea bandwidth, ho sefa sephethephethe, ho theha VPN e thehiloeng ho IPsec, OpenVPN le PPTP, ho kopanngoa le LDAP le RADIUS, tšehetso bakeng sa DDNS (Dynamic DNS), tsamaiso ea litlaleho tsa pono le kerafo.
Kabo e fana ka lisebelisoa tsa ho theha litlhophiso tse mamellang liphoso tse thehiloeng ts'ebelisong ea protocol ea CARP le ho u lumella ho qala, ntle le firewall e kholo, node ea "backup" e tla hokahanngoa ka bo eona boemong ba tlhophiso mme e tla nka mojaro ho. ketsahalo ya ho hloleha hoa node ya mantlha. Mookameli o fuoa sebopeho sa morao-rao le se bonolo bakeng sa ho lokisa firewall, e hahiloeng ho sebelisoa Bootstrap web framework.
Har'a liphetoho:
- Liphetoho tse tsoang lekaleng la FreeBSD 13-STABLE li fetisitsoe.
- Liphetolelo tse ntlafalitsoeng tsa mananeo a eketsehileng a tsoang likoung, mohlala, php 8.1.14 le sudo 1.9.12p2.
- Ho kentsoe ts'ebetsong e ncha ea lethathamo la li-blocklist tse thehiloeng ho DNS, e ngotsoe hape ho Python mme e ts'ehetsa lipapatso tse fapaneng le manane a thibelang litaba tse mpe.
- Ho bokelloa le ho bonts'a lipalo-palo mabapi le ts'ebetso ea seva sa Unbound DNS ho fanoa, e leng se u lumellang hore u latele sephethephethe sa DNS mabapi le basebelisi.
- E kentse mofuta o mocha oa li-firewall tsa BGP ASN.
- E kenyellelitsoe mokhoa o ikhethileng oa PPPoEv6 ho khetha ka mokhoa o ikhethileng IPv6 Control Protocol.
- Tšehetso e ekelitsoeng bakeng sa li-interface tsa SLAAC WAN ntle le DHCPv6.
- Likarolo tsa ho ts'oaroa ha lipakete le tsamaiso ea IPsec li fetiselitsoe ho moralo oa MVC, o entseng hore ho khonehe ho kenya ts'ehetso ea taolo ea API ho tsona.
- Litlhophiso tsa IPsec li isitsoe faeleng ea swanctl.conf.
- Os-sslh plugin e kenyellelitsoe, e u lumellang ho multiplex HTTPS, SSH, OpenVPN, tinc le XMPP likhokahano ka boema-kepe bo le bong ba marang-rang 443.
- Plugin ea os-ddclient (Dynamic DNS Client) joale e fana ka bokhoni ba ho sebelisa li-backend tsa hau, ho kenyeletsoa Azure.
- Plugin ea os-wireguard e nang le VPN WireGuard e fetotsoe ka mokhoa oa kamehla ho sebelisa kernel module (mokhoa oa khale oa ts'ebetso boemong ba mosebedisi o fetiselitsoe ho os-wireguard-go plugin e arohaneng).
Source: opennet.ru