formed the release of the distribution for the creation of inter-sewn screens Opnsense 23.1 , which is a branch from the PFSENSE project, created to form a fully open distribution that could have functionality at the level of commercial solutions for the deployment of inter -sewn screens and network gateways. Unlike PFSENSE, the project is positioned as an uncontrolled one company, developed with the direct participation of the community and has a completely transparent development process, as well as providing the possibility of using any of its developments in third -party products, including commercial ones. The initial texts of the components of the distribution, as well as the tools used for assembly, are distributed under the BSD license. Assemblies prepared in the form of LiveCd and a systemic image for recording on Flash-drives (399 MB).
The base filling of the distribution is based on the FreeBSD code. Among the capabilities OPNSENSE you can distinguish a fully open assembly tooling, the possibility of installation on top of the usual FreeBSD, load balancing tools, Web interface for organization Captive Portal Connections, the availability of mechanisms to monitor the states of the PF based on PF), the task restrictions, traffic filtering, creating IPSEC, OpenVPN and PPTP, integration with LDAP and Radius, support for DDNS (Dynamic DNS), a system of visual reports and graphs.
Distribution provides means of creating fault -tolerant configurations based on the use of the CARP protocol and allowed to start in addition to the main inter -grinding screen of the spare knot, which will be automatically synchronized at the configuration level and will take over the load in case of failure of the primary assembly. For the administrator, a modern and simple interface is offered for setting up an inter-grid screen, built using the Bootstrap Web-frame.
Among changes :
- Changes from the branch FreeBSD 13-Stable.
- Updated versions of additional programs from ports, for example, PHP 8.1.14 and Sudo 1.9.12P2.
- added a new implementation of the DNS blocking list, rewritten in Python and supporting various lists of advertising blocking and harmful contents.
- The accumulation and display of statistics on the operation of the Unbound DNS server is ensured, which allows you to track the DNS traffic in binding to users.
- added a new type of inter -grid screens BGP ASN.
- Added isolated PPPOEV6 mode for selective inclusion IPV6 Control Protocol.
- Support for SLAAC WAN-interface without DHCPV6.
- The components for capturing packages and control of the IPSEC are transferred to the MVC framework, which allowed them to support control through the API.
- IPSEC settings were transferred to the Swanctl.conf file