pfSense

pfSense è un distribuzione BSD derivata da m0n0wall, perciò basata su FreeBSD, nata per essere usata come firewall o router sui PC. Utilizza Packet Filter, FreeBSD 6.x e  ALTQ.

Versione 2.5.0

Questa versione contiene (in Inglese):

The new versions include a long list of significant changes.

Notably, pfSense Plus adds:

• Support for Intel® QuickAssist Technology, also known as QAT.
  • QAT accelerates cryptographic and hashing operations on supported hardware, and can be used to accelerate IPsec, OpenVPN, and other OpenCrypto Framework-aware software.
  • Supported hardware includes many C3000 and C2000 systems sold by Netgate and some other types of built-in QAT support and add-on cards.
• Improved SafeXcel cryptographic accelerator support for the Netgate SG-2100 and Netgate SG-1100 which can improve IPsec performance.
• Updated IPsec profile export
  • Exports Apple profiles compatible with current iOS and OS X versions
  • New export function for Windows clients to configure tunnels using PowerShell

Both pfSense Plus and pfSense CE include:

• Base OS upgraded to FreeBSD 12.2-STABLE
• OpenSSL upgraded to 1.1.1
• Performance improvements
• Kernel WireGuard implementation, as mentioned in a previous WireGuard blog post
  • WireGuard is a new VPN Layer 3 protocol designed for speed and simplicity
  • The pfSense documentation site includes information on how to configure WireGuard as well as example configuration recipes
• IPsec enhancements
  • Configuration for the strongSwan IPsec backend was changed from the deprecated ipsec.conf/stroke format to the new swanctl/VICI format
  • Various improvements to tunnel configuration, including better options for lifetime and rekey to avoid duplicate security associations
• OpenVPN upgraded to 2.5.0
  • OpenVPN 2.5.0 now mandates data cipher negotiation, but also tries to be friendly to older clients
  • ChaCha20-Poly1305 is now supported, which is the same cipher used by WireGuard and may offer speed improvements on some platforms
  • OpenVPN now disables compression by default because it is insecure, but it can still decompress traffic received from clients while not transmitting compressed packets
• Certificate Manager updates
  • The GUI now supports renewing certificate manager entries (certificate authorities and certificates)
  • Notifications are generated for expiring certificate entries
  • Certificate keys and PKCS #12 archives can now be exported with password protection
  • Support was added for elliptic curve (ECDSA) certificates
  • Internal and imported CA entries can be added to the system-wide trust store
• Significant changes in Captive Portal backend and HA behavior

For more details, see the Release Notes and Redmine.

Risorse

La distribuzione può essere scaricata da:

• 64 bit (359MB): https://atxfiles.netgate.com/mirror/downloads/pfSense-CE-2.5.0-RELEASE-amd64.iso.gz

Il sito web della distribuzione è: http://www.pfsense.org/

Screenshot

pfSense 2.0.2

Conclusioni

La versione ha 32 bit è stata deprecata.