Ikhithi yokusabalalisa i-compact yokudala i-firewall kunye ne-network gateways pfSense 2.5.0 ikhululiwe. Ukuhanjiswa kusekelwe kwisiseko sekhowudi ye-FreeBSD usebenzisa uphuhliso lweprojekthi ye-m0n0wall kunye nokusetyenziswa okusebenzayo kwe-pf kunye ne-ALTQ. Umfanekiso we-iso we-amd64 woyilo, 360 MB ngobukhulu, ulungiselelwe ukukhutshelwa.
Unikezelo lulawulwa kusetyenziswa ujongano lwewebhu. Ukulungelelanisa ukufikelela komsebenzisi kwinethiwekhi enentambo kunye ne-wireless, i-Captive Portal, i-NAT, i-VPN (IPsec, i-OpenVPN) kunye ne-PPPoE ingasetyenziswa. Uluhlu olubanzi lwezakhono luxhaswa ukukhawulela umda we-bandwidth, ukunciphisa inani loxhulumaniso lwangaxeshanye, ukucoca i-traffic kunye nokudala ukucwangciswa kokunyamezela okusekelwe kwi-CARP. Izibalo zokusebenza ziboniswa ngendlela yeegrafu okanye kwifom yetheyibhile. Ugunyaziso luxhaswa kusetyenziswa isiseko somsebenzisi wendawo, kunye neRADIUS kunye neLDAP.
Utshintsho oluphambili:
- Amacandelo enkqubo yesiseko ahlaziywe kwi-FreeBSD 12.2 (i-FreeBSD 11 isetyenziswe kwisebe langaphambili).
- Ukutshintshwa kwi-OpenSSL 1.1.1 kunye ne-OpenVPN 2.5.0 ngenkxaso ye-ChaCha20-Poly1305 yenziwe.
- Ukuphunyezwa kwe-VPN WireGuard esebenzayo kwinqanaba le-kernel.
- Uqwalaselo olungasemva lwe-Swan IPsec lususiwe kwi-ipsec.conf ukuze kusetyenziswe i-swanctl kunye nefomathi ye-VICI. Iisetingi eziphuculweyo zetonela.
- Ujongano lolawulo lwesatifikethi oluphuculweyo. Kongezwe ukukwazi ukuhlaziya amangeniso kumphathi wesatifikethi. Ukubonelela ngezaziso malunga nokuphelelwa kwezatifikethi. Ukukwazi ukuthumela ngaphandle i-PKCS #12 izitshixo kunye nogcino olunokhuseleko lokugqitha lunikezelwe. Inkxaso eyongeziweyo kwi-Elliptic Curve Certificates (ECDSA).
- I-backend yokuxhuma kwinethiwekhi engenazintambo nge-Captive Portal iye yatshintshwa kakhulu.
- Izixhobo eziphuculweyo zokuqinisekisa ukunyamezela iimpazamo.
umthombo: opennet.ru