Kwenziwe ukukhishwa kwekhithi yokusabalalisa yokudala izindonga zomlilo ze-OPNsense 23.1, okuyigatsha lephrojekthi ye-pfSense, edalwe ngenhloso yokwakha ikhithi yokusabalalisa evuleke ngokuphelele engase ibe nokusebenza ezingeni lezixazululo zezentengiselwano zokuthumela izindonga zomlilo kanye nenethiwekhi. amasango. Ngokungafani ne-pfSense, iphrojekthi ibekwe njengengalawulwa yinkampani eyodwa, ithuthukiswe ngokubamba iqhaza okuqondile komphakathi futhi inenqubo yentuthuko esobala ngokuphelele, kanye nokunikeza ithuba lokusebenzisa noma yikuphi ukuthuthukiswa kwayo emikhiqizweni yezinkampani zangaphandle, okuhlanganisa nezohwebo. eyodwa. Ikhodi yomthombo yezingxenye zokusabalalisa, kanye namathuluzi asetshenziselwa ukuhlanganisa, asatshalaliswa ngaphansi kwelayisensi ye-BSD. Imihlangano ilungiswa ngendlela ye-LiveCD kanye nesithombe sohlelo sokuqoshwa kuma-Flash drives (399 MB).
Okuqukethwe okuyisisekelo kokusabalalisa kusekelwe kukhodi ye-FreeBSD. Phakathi kwezici ze-OPNsense kukhona ikhithi yamathuluzi yokwakha evuleke ngokuphelele, ikhono lokufaka ngendlela yamaphakheji ngaphezulu kwe-FreeBSD evamile, amathuluzi okulinganisa umthwalo, isixhumi esibonakalayo sewebhu sokuhlela ukuxhumana kwabasebenzisi kunethiwekhi (ingosi yokuthunjwa), ukuba khona kwezinqubo. ukulandelela izifundazwe zokuxhumanisa (i-firewall esemthethweni esekelwe ku-pf), ukubeka imingcele yomkhawulokudonsa, ukuhlunga kwethrafikhi, ukudala i-VPN esekelwe ku-IPsec, i-OpenVPN ne-PPTP, ukuhlanganiswa ne-LDAP ne-RADIUS, ukusekelwa kwe-DDNS (Dynamic DNS), uhlelo lwemibiko ebonakalayo kanye amagrafu.
Ukusabalalisa kunikeza amathuluzi okudala ukucushwa okubekezelela amaphutha okusekelwe ekusetshenzisweni kwephrothokholi ye-CARP futhi kukuvumela ukuthi uqalise, ngaphezu kwe-firewall eyinhloko, i-node yokusekelayo ezovumelaniswa ngokuzenzakalelayo ezingeni lokumisa futhi izothatha umthwalo isenzakalo sokuhluleka kwe-node eyinhloko. Umlawuli unikezwa isixhumi esibonakalayo sesimanje nesilula sokumisa i-firewall, eyakhiwe kusetshenziswa uhlaka lwewebhu lwe-Bootstrap.
Phakathi kwezinguquko:
- Izinguquko ezisuka egatsheni le-FreeBSD 13-STABLE zidlulisiwe.
- Izinguqulo ezibuyekeziwe zezinhlelo ezengeziwe ezivela kumachweba, isibonelo, php 8.1.14 kanye ne-sudo 1.9.12p2.
- Ukuqaliswa kohlu olusha olusekelwe ku-DNS lwe-blocklist lwengeziwe, lwabhalwa kabusha nge-Python futhi lusekela izikhangiso ezihlukahlukene nohlu lokuvinjwa kokuqukethwe okunonya.
- Ukuqoqwa nokuboniswa kwezibalo zokusebenza kweseva ye-DNS Engaboshiwe kunikezwa, okukuvumela ukuthi ulandelele ithrafikhi ye-DNS ngokuphathelene nabasebenzisi.
- Kwengezwe uhlobo olusha lwe-firewall ye-BGP ASN.
- Kwengezwe imodi ehlukile ye-PPPoEv6 ukuze unike amandla i-IPv6 Control Protocol.
- Usekelo olungeziwe lwezixhumanisi ze-SLAAC WAN ngaphandle kwe-DHCPv6.
- Izingxenye zokuthwebula iphakethe kanye nokuphathwa kwe-IPsec zidluliselwe kuhlaka lwe-MVC, okwenze kwaba nokwenzeka ukusebenzisa ukwesekwa kokuphathwa kwe-API kuzo.
- Izilungiselelo ze-IPsec zihanjiswe kufayela le-swanctl.conf.
- I-plugin ye-os-sslh ifakiwe, ekuvumela ukuthi uphindaphinde i-HTTPS, i-SSH, i-OpenVPN, i-tinc ne-XMPP ukuxhumana ngembobo eyodwa yenethiwekhi engu-443.
- I-plugin ye-os-ddclient (Dynamic DNS Client) manje inikeza amandla okusebenzisa okwakho okungemuva, okuhlanganisa i-Azure.
- I-plugin ye-os-wireguard ene-VPN WireGuard ishintshwe ngokuzenzakalelayo ukuze isebenzise imojuli ye-kernel (imodi endala yokusebenza kuleveli yomsebenzisi ihanjiswe ku-plugin ehlukile ye-os-wireguard-go).
Source: opennet.ru