[vc_row full_width=”stretch_row” css=”.vc_custom_1522399710116{margin-top: 60px !important;}”][vc_column width=”2/3″ css=”.vc_custom_1522399700630{margin-bottom: 30px !important;}”][vc_column_text]

pfSense® CE 2.3.2 note di rilascio

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]pfSenseLa release Open Source di pfSense® CE 2.3.2 è ora disponibile e pronta per il download. Qui di seguito, potete analizzare le caratteristiche salienti.
Qualora decidiate di utilizzarla, potete riportare la vostra esperienza sul forum di pfSense® CE[/vc_column_text][vc_raw_html]JTVCYWRyb3RhdGUlMjBiYW5uZXIlM0QlMjIyJTIyJTVE[/vc_raw_html][vc_column_text]

SSH DAEMON

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]NOTE: Le chiavi host SSH sono più sicure, e se un cliente si ricorda una chiave più datata, più debole, i client ssh possono rifiutarsi di connettersi .E’ dunque necessario rimuovere la chiave più vecchia e quindi permettere all’ssh di memorizzare la nuova chiave.

  • Sshd cambiato utilizzando un algoritmo Key Exchange Changed più forte, disabilitati algoritmi più datati.
    • Key Exchange Algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  • Rimosso l’ECDSA host key dalla configurazione sshd
  • Aggiunto ED22519 host key alla configurazione sshd
  • Cambiata la lista dei cifrari disponibili.
    • Cifrari attualmente permessi: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  • Cambiata la lista degli available Message Authentication Code methods,
    • Attuale MAC list: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com

[/vc_column_text][vc_column_text]

Backup/Restore

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Non permette di applicare I cambiamenti nel interface mismatch post-config restore fino a che il ri-assegnamento non è stato salvato. #6613

[/vc_column_text][vc_column_text]

Dashboard

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • La Dashboard ha ora per-user configuration options, documentate in “User Manager”. #6388

[/vc_column_text][vc_column_text]

DHCP Server

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Disabilitato il dhcp-cache-threshold per evitare bug in ISC dhcpd 4.3.x omettendo il client-hostname dal leases file, che genera errori di registrazione dinamica dell’hostname in diversi casi. #6589
  • Notare che il DDNS key deve essere HMAC-MD5. #6622

[/vc_column_text][vc_column_text]

DHCP Relay

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Importato il fix for dhcrelay relaying requests nell’interfaccia in cui risiede il target DHCP. #6355

[/vc_column_text][vc_column_text]

Dynamic DNS

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Permesso * per gli hostname con NamecheapAllow. #6260

[/vc_column_text][vc_column_text]

Interfaces

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Fix “can’t assign requested address” during boot with track6 interfaces. #6317
  • Remove deprecated link options from GRE and gif. #6586#6587
  • Obey “Reject leases from” when DHCP “Advanced options” is checked. #6595
  • Protect enclosed delimiters in DHCP client advanced configuration, so commas can be used there. #6548
  • Fix default route on PPPoE interfaces missing in some edge cases. #6495

[/vc_column_text][vc_column_text]

IPsec

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • strongSwan upgraded to 5.5.0.
  • Include aggressive in ipsec.conf where IKE mode auto is selected. #6513

[/vc_column_text][vc_column_text]

Gateway Monitoring

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Fixed “socket name too large” making gateway monitoring fail on long interface names and IPv6 addresses. #6505

[/vc_column_text][vc_column_text]

Limiters

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Set pipe_slot_limit automatically to maximum configured qlimit value. #6553

[/vc_column_text][vc_column_text]

Monitoring

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Fixed no data periods being reported as 0, skewing averages. #6334
  • Fix tooltip showing as “none” for some values. #6044
  • Fix saving of some default configuration options. #6402
  • Fix X axis ticks not responding to resolution for custom time periods. #6464

[/vc_column_text][vc_column_text]

OpenVPN

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Re-sync client specific configurations after save of OpenVPN server instances to ensure their settings reflect the current server configuration. #6139

[/vc_column_text][vc_column_text]

Operating System

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Fixed pf fragment states not being purged, triggering “PF frag entries limit reached”. #6499
  • Set core file location so they can’t end up in /var/run and exhaust its available space. #6510
  • Fixed “runtime went backwards” log spam in Hyper-V. #6446
  • Fixed traceroute6 hang with non-responding hop in path. #3069
  • Added symlink /var/run/dmesg.boot for vm-bhyve. #6573
  • Set net.isr.dispatch=direct on 32 bit systems with IPsec enabled to prevent crash when accessing services on the host itself via VPN. #4754

[/vc_column_text][vc_column_text]

Router Advertisements

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Added configuration fields for minimum and maximum router advertisement intervals and router lifetime. #6533

[/vc_column_text][vc_column_text]

Routing

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Fixed static routes with IPv6 link local target router to include interface scope. #6506

[/vc_column_text][vc_column_text]

Rules/NAT

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Fixed “PPPoE Clients” placeholder in rules and NAT, and ruleset error when using floating rules specifying PPPoE server. #6597
  • Fixed failure to load ruleset with URL Table aliases where empty file specified. #6181
  • Fixed TFTP proxy with xinetd. #6315

[/vc_column_text][vc_column_text]

Upgrade

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Fixed nanobsd upgrade failures where DNS Forwarder/Resolver not bound to localhost. #6557

[/vc_column_text][vc_column_text]

Virtual IPs

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Fixed performance problems with large numbers of virtual IPs. #6515
  • Fixed PHP memory exhaustion on CARP status page with large state tables. #6364

[/vc_column_text][vc_column_text]

Web Interface

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Added sorting to DHCP static mappings table. #6504
  • Fixed file upload of NTP leap seconds. #6590
  • Added IPv6 support to diag_dns.php. #6561
  • Added IPv6 support to filter logs reverse lookup. #6585
  • Package system – retain field data on input error. #6577
  • Fixed multiple IPv6 input validation issues allowing invalid IPv6 IPs. #6551#6552
  • Fixed some DHCPv6 leases missing from GUI leases display. #6543
  • Fixed state killing for ‘in’ direction and states with translated destination. #6530#6531
  • Restore input validation of captive portal zone names to prevent invalid XML. #6514
  • Replaced calendar date picker in the user manager with one that works in browsers other than Chrome and Opera. #6516
  • Restored proxy port field to OpenVPN client. #6372
  • Clarify description of ports aliases. #6523
  • Fixed translation output where gettext passed an empty string. #6394
  • Fixed speed selection for 9600 in NTP GPS configuration. #6416
  • Only allow IPv6 IPs on NPT screen. #6498
  • Add alias import support for networks and ports. #6582
  • Fixed sortable table header wrap oddities. #6074
  • Clean up Network Booting section of DHCP Server screen. #6050
  • Fix “UNKNOWN” links in package manager. #6617
  • Fix missing bandwidth field for traffic shaper CBQ queues. #6437

[/vc_column_text][vc_column_text]

UPnP

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • UPnP presentation URL and model number now configurable. #6002

[/vc_column_text][vc_column_text]

User Manager

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Prohibit admins from deleting their own accounts in the user manager. #6450

[/vc_column_text][vc_column_text]

Other

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522399775754{margin-top: -20px !important;}”][vc_column_text]

  • Added PHP shell sessions to enable and disable persistent CARP maintenance mode. “playback enablecarpmaint” and “playback disablecarpmaint”. #6560
  • Exposed serial console configuration for nanobsd VGA. #6291

[/vc_column_text][vc_column_text css=”.vc_custom_1522399728074{padding-top: 10px !important;padding-right: 10px !important;padding-bottom: 10px !important;padding-left: 10px !important;background-color: #f4f4f4 !important;}”]

Questo documento è stato preso dal sito pfSense® CE e l’originale si trova
a questo indirizzo.

[/vc_column_text][/vc_column][vc_column width=”1/3″][vc_tta_accordion c_icon=”” active_section=”1″][vc_tta_section i_icon_fontawesome=”fa fa-check” add_icon=”true” title=”Tutte le versioni” tab_id=”1e176-0b7ea534-a5bf969a-50a5eeb3-efc952c2-aab6″][vc_column_text]

[/vc_column_text][/vc_tta_section][vc_tta_section i_icon_fontawesome=”fa fa-external-link” add_icon=”true” title=”Link utili” tab_id=”2e176-0b7ea534-a5bf969a-50a5eeb3-efc952c2-aab6″][vc_column_text]

[/vc_column_text][/vc_tta_section][/vc_tta_accordion][vc_widget_sidebar sidebar_id=”sidebar-17″][/vc_column][/vc_row]