Completed release of a compact distribution kit for creating firewalls and network gateways pfSense 2.5.0 . The distribution is based on the FreeBSD codebase with the use of the m0n0wall project and the active use of pf and ALTQ. To download prepared iso image for amd64 architecture, size 360 MB.
The distribution package is managed through the web interface. Captive Portal, NAT, VPN (IPsec, OpenVPN) and PPPoE can be used to organize user exit in wired and wireless networks. A wide range of capabilities are supported for limiting bandwidth, limiting the number of concurrent connections, filtering traffic and creating fault-tolerant configurations based on CARP. Work statistics are displayed in the form of graphs or in tabular form. Authorization by local user base, as well as through RADIUS and LDAP is supported.
Key changes:
- Updated base system components to FreeBSD 12.2 (previous branch used FreeBSD 11).
- Migrated to OpenSSL 1.1.1 and OpenVPN 2.5.0 with ChaCha20-Poly1305 support.
- Added implementation Kernel VPN WireGuard.
- strongSwan IPsec backend configuration moved from ipsec.conf to use swanctl and VICI format. Tunnel settings improved.
- The interface for managing certificates has been improved. Added the ability to update entries in the certificate manager. The output of notifications about the expiration of the certificate validity period is provided. Provided the ability to export keys and PKCS # 12 archives with password protection. Added support for Elliptic Curve Certificates (ECDSA).
- The backend for connecting to a wireless network via the Captive Portal has been significantly changed.
- Improved resiliency tools.
