OPNsense logo
Kutanga kwe itsva OPNsense 24.1 shanduro codenamed "Savvy Shark", shanduro iyo OpenSSL 3, Suricata 7 inogadziridza, akasiyana MVC/API shanduko, itsva ARP/NDP yekumisikidza chimiro, yakakura kuisirwa os-firewall uye os-wireguard plugins, CARP VHID yekutevera yeOpenVPN uye WireGuard, Inoshanda Kea DHCPv4 server ine HA rutsigiro uye zvimwe zvakawanda
Kune avo vasingazive OPNsense, iwe unofanirwa kuziva izvo forogo yeiyo pfSense chirongwa, Yakagadzirwa nechinangwa chekuumba kit yakavhurika yekuparadzira kit iyo inogona kuve neanoshanda padanho rekushambadzira mhinduro dzekuendesa kweye firewalls uye network masuo.
Kusiyana pfSense, chirongwa ichi chakaiswa seisingatariswe nekambani imwe chete, sezvo ichivandudzwa nekutora chikamu chaiko kwenharaunda uye iine yakajeka nzira yekusimudzira, pamusoro pekupa mukana wekuti ishandise chero zvazvinoitika mune yechitatu-bato zvigadzirwa, kusanganisira vezvokutengeserana.
Hunhu hutsva hutsva hweOPNsense 24.1 "Savvy Shark"
OPNsense vhezheni 24.1, inodaidzwa kuti "Savvy Shark," inoenderera mberi nekufambisa hunyanzvi mune yakavhurika sosi firewall ine akati wandei akakosha ekugadzirisa uye kuvandudzwa. Heino pfupiso yeanonyanya kuzivikanwa maficha uye shanduko, tinogona kuwana:
- OpenSSL 3 yakavakirwa pamadoko: Shanduro itsva inosanganisira Vhura SSL 3, kupa kuvandudzwa kwekuchengeteka uye kushanda. Iyi vhezheni yeOpenSSL 3.0 ine FIPS module uye OpenSSL yachinjawo kuita rezinesi reApache 2.0.
- Meerkat 7: Suricata yakagadziridzwa kune vhezheni 7, nerutsigiro rweLandlock application yekuzviparadzanisa nevamwe, iyo inobvumira maitiro ekugadzira akachengeteka ari ega nharaunda, uye kugona kuona uye kuchengetedza vatengi TLS zvitupa mune registry, pakati pevamwe.
- MVC/API Shanduko: Peji yekutarisa uye zvikamu zvekugadzirisa gedhi, NPTv6, ARP neNDP zvakaendeswa kune MVC framework, zvichibvumira kutsigirwa kwe API management kuti ishandiswe mazviri.
- Mutsva wekugadzirisa muvakidzani chimiro cheARP/NDP: Chinhu chitsva chakawedzerwa chinokutendera kuti ugadzirise vavakidzani veARP/NDP zvakanyanya.
- os-firewall uye os-wireguard plugins: Iyo os-firewall uye os-wireguard plugins yakaverengerwa kuvandudza firewall mashandiro uye chengetedzo.
- OpenVPN uye WireGuard kuvandudzwa: Yakawedzerwa rutsigiro rweCARP VHID yekutevera paOpenVPN uye WireGuard kubatana. Pamusoro pezvo, OpenVPN ikozvino inobvumira inosarudzika OCSP verification pamuenzaniso, zvakare inoburitsa zita remudziyo, yakawedzera workaround yenet30/p2p network idiki pane / 29, pamwe neinosarudzika nzira-metric push sarudzo yezviitiko. Iyo WireGuard module yakaiswa nekukasira inoshandisa iyo inosanganisirwa FreeBSD 13.2 kernel module uye inowedzera kuyedza tsigiro yemamepu etiweki.
- Inoshanda Kea DHCPv4 Server ine HA Tsigiro: Sevha yeKea DHCPv4 yakagadziridzwa kuti ipe kuwanikwa kwepamusoro (HA) tsigiro uye inokutendera kuti utarise nepakati kurongeka kweakawanda DHCPv4 uye DHCPv6 maseva.
- Zvigadziriso zvidiki uye zvigadziriso: Yakasiyana-siyana yechitatu-bato kugadzirisa uye zvigadziriso zvakaitwa kuti ive nechokwadi chekuvimbika nekuchengetedza system.
Vamwe ve Kugadziriswa uye zvigadziriso zvinosanganisira kuvandudzwa kwehurongwa, UI, Firewall, WireGuard, DHCP, IPsec, OpenVPN, os-haproxy 4.2, os-nrpe yakagadziridzwa kuNRPE 4.1.x, os-postfix yakagadziridzwa kuPostfix 3.8.x, php 8.2.15, py-duckdb 0.9.2 .XNUMX uye optimizations mumashure. Pamusoro pezvo, akati wandei maplugins uye madoko akagadziridzwa kuti achengetedze sisitimu iri kusvika parizvino uye yakachengeteka.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo Nezvekuburitswa kutsva uku, unogona kutarisa ruzivo Mune inotevera chinongedzo.
Dhawunirodha iyo nyowani vhezheni yeOPNsense 24.1 "Savvy Shark"
Si unoda here kuwana iyi nyowani vhezheni solamente Iwe unofanirwa kuenda kune yayo yepamutemo webhusaiti uye muchikamu chekutora kwaunogona kuwana mufananidzo wakabatanidzwa muchimiro cheLiveCD uye system image yekunyora kune Flash drives mune zvinotevera. link
Kodhi yekodhi yezvinhu zvekuparadzira, pamwe nemidziyo inoshandiswa kuvaka, inoparadzirwa pasi pezenisi reBSD.