Distribution Release to create firewalls opnsense 22.1 , which is a branch from the PfSense project, created in order to form a fully open distribution, which could have functionality at the level of commercial solutions to deploy firewalls and network gateways. Unlike PfSense, the project is positioned as an uncompripal one company, which has been developing with the direct participation of the community and has a fully transparent development process, as well as providing the possibility of using any of its workflows in third-party products, including commercial. The source texts of the distribution components, as well as the tools used to build, distributed under the BSD license. Assembling Prepared in the form of a LiveCD and system image for recording on Flash drives (339 MB).
The basic distribution filling is based on the FreeBSD code. Among Opportunities OPNSense You can select a fully open assembly toolkit, the ability to install packages on top of normal FreeBSD, load balancing tools, web-interface for organization Connecting users to the network (Captive Portal), the presence of mechanisms to track the states of connections (Stateful Firewall based on PF), setting bandwidth restrictions, traffic filtering, creating a VPN based on IPsec, OpenVPN and PPTP, integration with LDAP and RADIUS, DDNS support (dynamic DNS), a system of visual reports and graphs.
The distribution is provided to create fault-tolerant configurations based on the use of the CARP protocol and allow you to start in addition to the main firewall, the spare node that will be automatically synchronized at the configuration level and takes on the load in case of a primary node failure. For the administrator, a modern and simple interface is offered for configuring a firewall, built using WEB-framework Bootstrap.
Among the changes:
- Transport to the FreeBSD 13-Stable branch (last version was based on HardenedBSD 12.1).
- is provided with an indication of the information about the level of importance of the message ( severity ) to filter logs for this value.
- The composition includes OPNSense-Log utility for log inspection.
- In Fremvork Tunables added tools to override SYSCTL.
- is accelerated the process of downloading and setting up network interfaces. Implemented to use Lua bootloader.
- updated versions of additional programs from ports, for example,
Filterlog 0.6,
HOSTAPD 2.10,
Lighttpd 1.4.63,
NSS 3.74,
OpenSSL 1.1.1m,
OpenVPN 2.5.5,
PHP 7.4.27,
SQLITE 3.37.2,
syslog-ng 3.35.1,
UNBOUND 1.14.0,
WPA_SUPPLICANT 2.10.
