Ikhithi yokusabalalisa ehlangene yokudala ama-firewall namasango enethiwekhi pfSense 2.5.0 isikhishiwe. Ukusabalalisa kusekelwe kusisekelo sekhodi ye-FreeBSD kusetshenziswa ukuthuthukiswa kwephrojekthi ye-m0n0wall kanye nokusetshenziswa okusebenzayo kwe-pf ne-ALTQ. Isithombe se-iso se-amd64 architecture, 360 MB ngosayizi, silungiselelwe ukudawuniloda.
Ukusabalalisa kulawulwa ngesixhumi esibonakalayo sewebhu. Ukuze uhlele ukufinyelela komsebenzisi kunethiwekhi enezintambo nezintambo, i-Captive Portal, i-NAT, i-VPN (IPsec, i-OpenVPN) ne-PPPoE ingasetshenziswa. Amakhono anhlobonhlobo asekelwa ukukhawulela umkhawulokudonsa, ukukhawulela inombolo yokuxhumeka ngesikhathi esisodwa, ukuhlunga ithrafikhi nokudala ukucushwa okubekezelela amaphutha okusekelwe ku-CARP. Izibalo zokusebenza ziboniswa ngendlela yamagrafu noma ngendlela yethebula. Ukugunyazwa kusekelwa kusetshenziswa isizinda somsebenzisi wendawo, kanye ne-RADIUS ne-LDAP.
Izinguquko ezibalulekile:
- Izingxenye zesistimu eyisisekelo zibuyekezelwe ku-FreeBSD 12.2 (I-FreeBSD 11 isetshenziswe egatsheni langaphambilini).
- Ukushintshela ku-OpenSSL 1.1.1 kanye ne-OpenVPN 2.5.0 ngokusekelwa kwe-ChaCha20-Poly1305 kwenziwe.
- Kungezwe ukuqaliswa kwe-VPN WireGuard esebenza ezingeni le-kernel.
- I-strongSwan IPsec backend configuration isusiwe ku-ipsec.conf ukuze kusetshenziswe i-swanctl kanye nefomethi ye-VICI. Izilungiselelo zomhubhe ezithuthukisiwe.
- Isixhumi esibonakalayo sokuphathwa kwesitifiketi esithuthukisiwe. Kwengezwe amandla okubuyekeza okufakiwe kumphathi wesitifiketi. Ukunikeza izaziso mayelana nokuphelelwa yisikhathi kwezitifiketi. Ikhono lokuthekelisa okhiye be-PKCS #12 nezingobo zomlando ezinokuvikelwa kwephasiwedi linikeziwe. Kungezwe usekelo lwe-Elliptic Curve Certificates (ECDSA).
- Ingemuva lokuxhuma kunethiwekhi engenantambo nge-Captive Portal ishintshe kakhulu.
- Amathuluzi athuthukisiwe okuqinisekisa ukubekezelelana kwamaphutha.
Source: opennet.ru