A yau Linus ya matsar da reshe na gaba tare da mu'amalar VPN zuwa kansa . Game da wannan taron akan jerin aikawasiku na WireGuard.
Tarin lambar don sabon Linux 5.6 kwaya yana gudana a halin yanzu. WireGuard mai sauri ne, VPN na gaba mai zuwa wanda ke amfani da fasahar fasahar zamani. An samo asali ne azaman madadin mafi sauƙi kuma mafi dacewa ga VPNs data kasance. Marubucin kwararre ne kan tsaron bayanan Kanada Jason A. Donenfeld. A watan Agusta 2018, WireGuard Linus Torvalds. A wannan lokacin, aikin ya fara haɗawa da VPN a cikin kernel na Linux. Tsarin ya ɗauki ɗan lokaci kaɗan.
"Na ga cewa Jason ya yi buƙatar jawowa don haɗa WireGuard a cikin kwaya," Linus ya rubuta a kan Agusta 2, 2018. - Shin zan iya sake bayyana ƙaunata ga wannan VPN da fatan haɗuwa nan ba da jimawa ba? Lambar bazai zama cikakke ba, amma na dube shi, kuma idan aka kwatanta da abubuwan ban tsoro na OpenVPN da IPSec, ainihin aikin fasaha ne. "
Duk da burin Linus, haɗewar ta ɗauki tsawon shekara guda da rabi. Babban matsalar ta juya ta kasance an ɗaure ta da aiwatar da ayyukan mallaka na ayyukan sirri, waɗanda aka yi amfani da su don haɓaka aiki. Bayan doguwar tattaunawa a watan Satumban 2019 ya kasance fassara faci zuwa ayyukan Crypto API da ke cikin kernel, wanda masu haɓaka WireGuard ke da gunaguni a fagen aiki da tsaro gabaɗaya. Amma sun yanke shawarar raba ayyukan crypto na WireGuard na asali zuwa wani keɓaɓɓen ƙaramin matakin Zinc API kuma a ƙarshe ya tura su zuwa kwaya. A watan Nuwamba, masu haɓaka kernel sun cika alkawarinsu kuma canja wurin wani ɓangare na lambar daga Zinc zuwa babban kernel. Misali, a cikin Crypto API aiwatar da sauri na ChaCha20 da Poly1305 algorithms da aka shirya a cikin WireGuard.
A ƙarshe, a ranar 9 ga Disamba, 2019, David S. Miller, wanda ke da alhakin tsarin sadarwar yanar gizo na Linux kernel, zuwa reshe na gaba tare da aiwatar da haɗin gwiwar VPN daga aikin WireGuard.
Kuma a yau, Janairu 29, 2020, canje-canje sun tafi Linus don haɗawa cikin kwaya.
Fa'idodin WireGuard akan sauran hanyoyin VPN:
- Sauki don amfani.
- Yana amfani da cryptography na zamani: tsarin tsarin amo, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, da sauransu.
- Karamin, lambar da za a iya karantawa, mai sauƙin bincike don lahani.
- Babban aiki.
- Bayyanawa da fayyace .
Duk mahimman dabaru na WireGuard yana ɗaukar ƙasa da layukan lamba 4000, yayin da OpenVPN da IPSec suna buƙatar dubunnan layukan.
"WireGuard yana amfani da manufar hanyar ɓoye hanyar ɓoyewa, wanda ya haɗa da haɗa maɓalli na sirri ga kowane cibiyar sadarwa da amfani da maɓallan jama'a don ɗaure shi. Ana musayar maɓallai na jama'a don kafa haɗi ta hanya mai kama da SSH. Don yin shawarwari da maɓallai da haɗawa ba tare da gudanar da wani daemon daban ba a cikin sarari mai amfani, hanyar Noise_IK daga kama da kiyaye maɓallai masu izini a cikin SSH. Ana yin watsa bayanai ta hanyar ɓoyewa a cikin fakitin UDP. Yana goyan bayan canza adireshin IP na uwar garken VPN (yawo) ba tare da cire haɗin haɗin tare da sake daidaitawa ta atomatik na abokin ciniki ba, - Opennet.
Don boye-boye magudanar ruwa da kuma tabbatar da saƙon algorithm (MAC) , wanda Daniel Bernstein ya tsara (), Tanja Lange da Peter Schwabe. ChaCha20 da Poly1305 an sanya su azaman mafi sauri da aminci analogues na AES-256-CTR da HMAC, aiwatar da software wanda ke ba da damar cimma ƙayyadadden lokacin aiwatarwa ba tare da amfani da tallafin kayan aiki na musamman ba. Don samar da maɓallin sirrin da aka raba, ana amfani da ka'idar Diffie-Hellman a cikin aiwatarwa. , kuma Daniel Bernstein ya gabatar. Algorithm da ake amfani dashi don hashing shine ".
Результаты daga gidan yanar gizon hukuma:
Bandwidth (megabit/s)
Ping (ms)
Gwajin Gwaji:
- Intel Core i7-3820QM da Intel Core i7-5200U
- Gigabit katunan Intel 82579LM da Intel I218LM
- Linux 4.6.1
- Kanfigareshan WireGuard: 256-bit ChaCha20 tare da Poly1305 don MAC
- Tsarin IPsec na farko: 256-bit ChaCha20 tare da Poly1305 don MAC
- Tsarin IPsec na biyu: AES-256-GCM-128 (tare da AES-NI)
- BudeVPN Kanfigareshan: AES 256-bit daidai sifa suite tare da HMAC-SHA2-256, yanayin UDP
- An auna aikin ta amfani da
iperf3, yana nuna matsakaicin sakamako sama da mintuna 30.
A ka'idar, da zarar an haɗa shi cikin tarin cibiyar sadarwa, WireGuard yakamata yayi aiki da sauri. Amma a zahiri wannan ba lallai bane ya zama lamarin saboda sauye-sauye zuwa ayyukan sirri na Crypto API da aka gina a cikin kwaya. Wataƙila ba duka ba har yanzu ba a inganta su zuwa matakin aikin WireGuard na asali ba.
"A ra'ayi na, WireGuard gabaɗaya ya dace da mai amfani. Duk ƙananan yanke shawara ana yin su a cikin ƙayyadaddun bayanai, don haka tsarin shirya kayan aikin VPN na yau da kullun yana ɗaukar mintuna kaɗan kawai. Kusan ba zai yiwu a yi kuskure a cikin tsarin ba - a kan Habre a cikin 2018. - Tsarin shigarwa a kan official website, Ina so in lura dabam dabam da kyau kwarai . An sami wannan sauƙin amfani da ƙaƙƙarfan tushe na lambar ta hanyar kawar da rarraba maɓalli. Babu wani hadadden tsarin takaddun shaida da duk wannan tsoro na kamfani; ana rarraba gajerun maɓallan ɓoye kamar maɓallan SSH. ”
Aikin WireGuard yana tasowa tun daga 2015, an duba shi kuma . An haɗa goyon bayan WireGuard a cikin NetworkManager da tsarin tsarin, kuma an haɗa facin kernel a cikin tushen rarraba Debian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph da ALT.
source: www.habr.com