alamar alama ta VPN , wanda ke nuna alamar isar da abubuwan WireGuard a cikin babban mahimmanci da kuma tabbatar da ci gaba. An haɗa lambar a cikin kernel na Linux ƙarin binciken tsaro wanda wani kamfani mai zaman kansa ya ƙware a irin waɗannan binciken. Binciken bai nuna wata matsala ba.
Tun da yanzu ana haɓaka WireGuard a cikin babban kwaya na Linux, an shirya wurin ajiya don rarrabawa kuma masu amfani suna ci gaba da amfani da tsoffin juzu'in kernel. . Ma'ajiyar ajiyar ta ƙunshi lambar WireGuard da aka dawo da baya da ma'aunin compat.h don tabbatar da dacewa da tsofaffin kernels. An lura cewa idan dai masu haɓakawa sun sami dama kuma masu amfani suna buƙatar shi, za a tallafa wa wani nau'in faci na daban a cikin tsarin aiki. A cikin sigar sa na yanzu, ana iya amfani da sigar WireGuard ta tsaye tare da kernels daga и , kuma ana samun su azaman faci don kernels na Linux и . Rarraba ta amfani da sabbin kernels kamar Arch, Gentoo da
Fedora 32 zai iya amfani da WireGuard tare da sabunta kwaya ta 5.6.
Babban tsarin ci gaba yanzu ana aiwatar da shi a cikin ma'ajin , wanda ya haɗa da cikakken bishiyar kernel na Linux tare da canje-canje daga aikin Wireguard. Za a sake duba faci daga wannan ma'ajiyar don haɗawa a cikin babban kwaya kuma a kai a kai a tura zuwa rassan yanar gizo/net-na gaba. Haɓaka abubuwan amfani da rubutun da ke gudana a cikin sararin mai amfani, kamar wg da wg-sauri, ana aiwatar da su a cikin ma'ajin. , wanda za'a iya amfani dashi don ƙirƙirar fakiti a cikin rarrabawa.
Bari mu tunatar da ku cewa VPN WireGuard ana aiwatar da shi bisa ga hanyoyin ɓoye na zamani, yana ba da babban aiki sosai, yana da sauƙin amfani, ba tare da rikitarwa ba kuma ya tabbatar da kansa a cikin manyan abubuwan jigilar kayayyaki waɗanda ke aiwatar da manyan hanyoyin zirga-zirga. Aikin yana tasowa tun 2015, an duba shi kuma hanyoyin ɓoyewa da aka yi amfani da su. An riga an haɗa tallafin WireGuard a cikin NetworkManager da tsarin, kuma an haɗa facin kernel a cikin rarraba tushe. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, и .
WireGuard yana amfani da manufar kewayawa maɓallin ɓoyewa, wanda ya haɗa da haɗa maɓalli na sirri zuwa kowane cibiyar sadarwa da amfani da shi don ɗaure maɓallan jama'a. Ana musayar maɓallai na jama'a don kafa haɗi ta hanya mai kama da SSH. Don yin shawarwari da maɓallai da haɗawa ba tare da gudanar da wani daemon daban ba a cikin sarari mai amfani, hanyar Noise_IK daga kama da kiyaye maɓallai masu izini a cikin SSH. Ana yin watsa bayanai ta hanyar ɓoyewa a cikin fakitin UDP. Yana goyan bayan canza adireshin IP na uwar garken VPN (yawo) ba tare da cire haɗin haɗin tare da sake daidaita abokin ciniki ta atomatik ba.
Don boye-boye magudanar ruwa da kuma tabbatar da saƙon algorithm (MAC) , wanda Daniel Bernstein ya tsara (), Tanya Lange
(Tanja Lange) da kuma Peter Schwabe. ChaCha20 da Poly1305 an sanya su azaman mafi sauri da aminci analogues na AES-256-CTR da HMAC, aiwatar da software wanda ke ba da damar cimma ƙayyadadden lokacin aiwatarwa ba tare da amfani da tallafin kayan aiki na musamman ba. Don samar da maɓallin sirrin da aka raba, ana amfani da ka'idar Diffie-Hellman a cikin aiwatarwa. , kuma Daniel Bernstein ya gabatar. Algorithm da ake amfani dashi don hashing shine .
Karkashin tsoho Performance WireGuard ya nuna sau 3.9 mafi girma kayan aiki da kuma sau 3.8 mafi girma amsa idan aka kwatanta da OpenVPN (256-bit AES tare da HMAC-SHA2-256). Idan aka kwatanta da IPsec (256-bit ChaCha20 + Poly1305 da AES-256-GCM-128), WireGuard yana nuna ƙaramin haɓaka aikin (13-18%) da ƙananan latency (21-23%). Sakamakon gwajin da aka buga akan gidan yanar gizon aikin yana rufe tsohuwar aiwatar da WireGuard kuma an yi masa alama mara inganci. Tun da gwaji, WireGuard da lambar IPsec an ƙara inganta kuma yanzu yana da sauri. Har yanzu ba a gudanar da ƙarin cikakken gwaji da ke rufe aiwatar da haɗa cikin kwaya ba. Duk da haka, an lura cewa WireGuard har yanzu ya fi IPsec a wasu yanayi saboda Multi-threading, yayin da OpenVPN ya kasance a hankali.
source: budenet.ru