Ikhithi yokusabalalisa ehlangene yokudala ama-firewall namasango enethiwekhi pfSense 2.5.0 isikhishiwe. Ukusabalalisa kusekelwe kusisekelo sekhodi ye-FreeBSD kusetshenziswa ukuthuthukiswa kwephrojekthi ye-m0n0wall kanye nokusetshenziswa okusebenzayo kwe-pf ne-ALTQ. Isithombe se-iso se-amd64 architecture, 360 MB ngosayizi, silungiselelwe ukudawuniloda.
Ukusatshalaliswa kuphathwa nge-interface yewebhu. I-Captive Portal kanye ne-NAT zingasetshenziswa ukuphatha ukufinyelela komsebenzisi kumanethiwekhi anezintambo nangenantambo. i-VPN (IPsec, OpenVPN) kanye ne-PPPoE. Izinketho eziningi zokunciphisa i-bandwidth, ukunciphisa inani lokuxhumeka ngasikhathi sinye, ukuhlunga ithrafikhi, kanye nokudala ukucushwa kwe-failover okusekelwe ku-CARP kuyasekelwa. Izibalo zokusebenza ziboniswa njengamagrafu noma amathebula. Ukugunyazwa ngesizindalwazi somsebenzisi sendawo, kanye nange-RADIUS kanye ne-LDAP, kuyasekelwa.
Izinguquko ezibalulekile:
- Izingxenye zesistimu eyisisekelo zibuyekezelwe ku-FreeBSD 12.2 (I-FreeBSD 11 isetshenziswe egatsheni langaphambilini).
- Ukushintshela ku-OpenSSL 1.1.1 sekuqediwe futhi OpenVPN 2.5.0 ngokusekelwa kwe-ChaCha20-Poly1305.
- Ukuqaliswa kwe-VPN kungeziwe WireGuard, esebenza ezingeni le-kernel.
- I-strongSwan IPsec backend configuration isusiwe ku-ipsec.conf ukuze kusetshenziswe i-swanctl kanye nefomethi ye-VICI. Izilungiselelo zomhubhe ezithuthukisiwe.
- Isixhumi esibonakalayo sokuphathwa kwesitifiketi esithuthukisiwe. Kwengezwe amandla okubuyekeza okufakiwe kumphathi wesitifiketi. Ukunikeza izaziso mayelana nokuphelelwa yisikhathi kwezitifiketi. Ikhono lokuthekelisa okhiye be-PKCS #12 nezingobo zomlando ezinokuvikelwa kwephasiwedi linikeziwe. Kungezwe usekelo lwe-Elliptic Curve Certificates (ECDSA).
- Ingemuva lokuxhuma kunethiwekhi engenantambo nge-Captive Portal ishintshe kakhulu.
- Amathuluzi athuthukisiwe okuqinisekisa ukubekezelelana kwamaphutha.
Source: opennet.ru
