Ngemuva kwezinyanga eziyi-6 zentuthuko, Abathuthukisi be-OPNsense bamemezele ukukhishwa kwethuluzi lokusabalalisa lokwenza i-OPNsense 19.1 firewalls.
I-OPNsense igatsha lephrojekthi ye-pfSense, yenzelwe ukudala ukusatshalaliswa okuvuleke ngokuphelele okungaba nokusebenza kwezixazululo zentengiso zokuthunyelwa kwezingilazi namasango enethiwekhi.
Izici eziyinhloko ze-OPNsense
Ngokungafani ne-pfSense, le phrojekthi ibekelwe ukungalawulwa yinkampani, uma kungenjalo ukuthi ukuthuthukiswa kwawo kwenziwa ngokubamba iqhaza ngqo komphakathi.
Ngayo kunenqubo yentuthuko esobala ngokuphelele, ngaphezu kokunikeza ithuba lokusebenzisa noma ikuphi ukwenziwa kwayo emikhiqizweni evela eceleni, kufaka phakathi eyokuhweba.
Lapho Umthombo wokusatshalaliswa kwekhodi, kanye nezakhi, kanye namathuluzi asetshenziselwa ukwakha lolu hlelo noma ukunweba alawulwa ngqo ngaphansi kwelayisense le-BSD.
Amathuba we-OPNsense afaka amathuluzi wokuhlanganisa avuleke ngokuphelele, amandla wokufaka amaphakheji ku-FreeBSD, ukulinganisa umthwalo, isikhombimsebenzisi esibonakalayo sewebhu ukuhlela abasebenzisi ukuthi baxhume kunethiwekhi.
Ngakolunye uhlangothi, se uthola ubukhona bezindlela zokuqapha isimo sokuxhuma (i-firewall esekwe ku-pf) umkhawulokudonsa, ukuhlunga ithrafikhi, ukwenziwa kwe-VPN ngokuya nge-IPsec, OpenVPN ne-PPTP, ukuhlanganiswa ne-LDAP ne-RADIUS, ukusekelwa kwe-DDNS (Dynamic Dynamic), uhlelo lokubika olubonakalayo nolunemifanekiso.
Ngaphezu kwalokho, ikhithi yokusabalalisa inikeza izindlela zokwakha ukucupha okubekezelela amaphutha ngokuya ngokusetshenziswa kweprothokholi ye-CARP.
Lokhu kuvumela indawo yokubekisela ukuthi isebenze ngaphezu kwe-firewall eyinhloko, ezovumelanisa ngokuzenzakalela ezingeni lokumisa futhi ithathe umthwalo uma kwenzeka ukwehluleka okuyisisekelo okuyisisekelo.
Umphathi unikezwa isikhombimsebenzisi sesimanjemanje futhi esilula ukumisa i-firewall, eyakhiwe ngohlaka lwewebhu le-Bootstrap.
Mayelana nenguqulo entsha ye-OPNsense 19.1
Njengoba kushiwo ekuqaleni muva nje Lokhu kukhishwa okusha kukhishwe futhi ukushintshela ku-HardenedBSD 11.2 sekuqalisiwe.
Kanye nemfoloko yeFreeBSD 11.2, ehlanganisa izindlela ezengeziwe zokuvikela namasu wokulwa nezindlela zokuxhashazwa kwabantu abasengozini.
Ngale nguqulo entsha singasebenzisa ikhono lokusebenzisa ubuqiniso bezinto ezimbili ngokususelwa enhlanganisweni yokufakazela ubuqiniso ngeseva ye-LDAP yangaphandle kanye nohlelo lwasendaweni lwe-TOTP lwephasiwedi.
Esinye isici esakhelwe ngaphakathi yi-API yokuphatha ama-aliases kwimithetho ye-firewall (ivumela ukusebenzisa okuguqukayo esikhundleni sezingosi, izinombolo zetheku nama-subnet) kanye ne-API ukuthekelisa isisekelo samakhasimende se-OpenVPN.
Imodi ye-bandwidth throttling based on the PIE algorithm (RFC-8033) kanye nekhono lokugcina ithrekhi yemithetho ye-NAT nayo iyasekelwa.
Ukuxhaswa kwe-WPAD / PAC kanye nokuxhuma okuyinhloko kwe-proxy kungeziwe kulowo mmeleli wewebhu, kanye nokukwazi ukuthekelisa izitifiketi ze-P12 ngamaphasiwedi achazwe ngumsebenzisi.
Kwezinye izici ezingatholakala kulokhu kukhishwa yilezi:
- I-Plugin yemithetho ye-ET Pro telemetry.
- Ukwengezwa kweDpinger ukuqapha ukutholakala kwesango
- Ukuxhaswa okwandisiwe kwe-IPv6 DUID.
- Ukusekela iDnsmasq DNSSEC.
- Ukuvuselelwa kwesoftware: LibreSSL 2.7, Unbound 1.8, Suricata 4.1, Phalcon 3.4, Perl 5.28.
- Kubuyekezwe amafayela wokuhumusha isikhombimsebenzisi esi-Russian.
- Itimu yokwakha ezenzakalelayo ye-UI inikeza imenyu eseceleni egoqekayo.
- Kubuyekezwe ama-plugins wokuthumela ngaphandle, i-Bind, i-Nginx, i-Ntopng, i-VnStat, ne-proxy ye-Dnscrypt.
Landa inguqulo entsha ye- I-OPNsense 19.1
Si Ngabe ufuna ukuthola le nguqulo entsha kuphela Kufanele uye kuwebhusayithi yayo esemthethweni kanye nengxenye yokulanda ungathola isixhumanisi sokulanda le nguqulo entsha.
Ama-Assemblies alungiswa ngesimo se-LiveCD nesithombe sohlelo sokubhalela ama-Flash drive, usayizi wesithombe cishe u-265MB.