pfSense
pfSense è un distribuzione BSD derivata da m0n0wall, perciò basata su FreeBSD, nata per essere usata come firewall o router sui PC. Utilizza Packet Filter, FreeBSD 6.x e ALTQ.
Versione 2.5.0
Questa versione contiene (in Inglese):
The new versions include a long list of significant changes.
Notably, pfSense Plus adds:
- Support for Intel® QuickAssist Technology, also known as QAT.
- QAT accelerates cryptographic and hashing operations on supported hardware, and can be used to accelerate IPsec, OpenVPN, and other OpenCrypto Framework-aware software.
- Supported hardware includes many C3000 and C2000 systems sold by Netgate and some other types of built-in QAT support and add-on cards.
- Improved SafeXcel cryptographic accelerator support for the Netgate SG-2100 and Netgate SG-1100 which can improve IPsec performance.
- Updated IPsec profile export
- Exports Apple profiles compatible with current iOS and OS X versions
- New export function for Windows clients to configure tunnels using PowerShell
Both pfSense Plus and pfSense CE include:
- Base OS upgraded to FreeBSD 12.2-STABLE
- OpenSSL upgraded to 1.1.1
- Performance improvements
- Kernel WireGuard implementation, as mentioned in a previous WireGuard blog post
- WireGuard is a new VPN Layer 3 protocol designed for speed and simplicity
- The pfSense documentation site includes information on how to configure WireGuard as well as example configuration recipes
- IPsec enhancements
- Configuration for the strongSwan IPsec backend was changed from the deprecated ipsec.conf/stroke format to the new swanctl/VICI format
- Various improvements to tunnel configuration, including better options for lifetime and rekey to avoid duplicate security associations
- OpenVPN upgraded to 2.5.0
- OpenVPN 2.5.0 now mandates data cipher negotiation, but also tries to be friendly to older clients
- ChaCha20-Poly1305 is now supported, which is the same cipher used by WireGuard and may offer speed improvements on some platforms
- OpenVPN now disables compression by default because it is insecure, but it can still decompress traffic received from clients while not transmitting compressed packets
- Certificate Manager updates
- The GUI now supports renewing certificate manager entries (certificate authorities and certificates)
- Notifications are generated for expiring certificate entries
- Certificate keys and PKCS #12 archives can now be exported with password protection
- Support was added for elliptic curve (ECDSA) certificates
- Internal and imported CA entries can be added to the system-wide trust store
- Significant changes in Captive Portal backend and HA behavior
For more details, see the Release Notes and Redmine.
Risorse
La distribuzione può essere scaricata da:
Il sito web della distribuzione è: http://www.pfsense.org/
Screenshot
Conclusioni
La versione ha 32 bit è stata deprecata.
12 Marzo 2021
pfSense