Masu haɓaka fakitin sadarwar masu zaman kansu na OpenVPN sun gabatar da ovpn-dco kernel module, wanda zai iya hanzarta aiwatar da VPN. Duk da cewa tsarin har yanzu ana haɓaka shi da ido kawai ga reshe na gaba na Linux kuma yana da matsayi na gwaji, ya riga ya kai matakin kwanciyar hankali wanda ya ba da damar yin amfani da shi don tabbatar da aikin sabis na OpenVPN Cloud.
Idan aka kwatanta da daidaitawa dangane da tuntuɓar tuntuɓar, yin amfani da na'ura a kan abokin ciniki da bangarorin uwar garken ta amfani da cipher AES-256-GCM ya ba da damar samun haɓakar ninki 8 a cikin kayan sarrafawa (daga 370 Mbit/s zuwa 2950 Mbit). /s). Lokacin amfani da tsarin kawai a gefen abokin ciniki, abin da aka samar ya karu sau uku don zirga-zirgar zirga-zirgar zirga-zirga kuma bai canza don zirga-zirga mai shigowa ba. Lokacin amfani da tsarin kawai a gefen uwar garken, kayan aiki ya ƙaru da sau 4 don zirga-zirgar zirga-zirgar shigowa da kuma 35% don zirga-zirga mai fita.
Ana samun haɓakawa ta hanyar motsa duk ayyukan ɓoyewa, sarrafa fakiti da sarrafa tashar sadarwa zuwa gefen kernel na Linux, wanda ke kawar da abin da ke da alaƙa da sauya mahallin, yana ba da damar haɓaka aiki ta hanyar samun dama ga kernel APIs na ciki kai tsaye kuma yana kawar da jinkirin canja wurin bayanai tsakanin kwaya. da sarari mai amfani (rufe-tsare, ɓarnawa da kwatance ana yin su ta hanyar tsarin ba tare da aika zirga-zirga zuwa mai kula da sararin samaniya ba).
An lura cewa mummunan tasiri akan aikin VPN yana faruwa ne ta hanyar ayyukan ɓoyayyen kayan aiki da jinkirin da ke haifar da sauyawar mahallin. An yi amfani da kari na na'ura mai sarrafawa kamar Intel AES-NI don hanzarta ɓoyayyen ɓoyewa, amma maɓallin mahallin ya ci gaba da zama kankara har zuwan ovpn-dco. Baya ga yin amfani da umarnin da na'ura mai sarrafa ya bayar don hanzarta ɓoyayyen ɓoyayyen ɓoyayyiya, tsarin ovpn-dco yana kuma tabbatar da cewa an raba ayyukan ɓoyewa zuwa sassa daban-daban kuma ana sarrafa su ta yanayin zaren da yawa, wanda ke ba da damar yin amfani da duk abubuwan da ke akwai na CPU.
Ƙayyadaddun aiwatarwa na yanzu waɗanda za a magance su a nan gaba sun haɗa da goyan baya ga AEAD da 'babu' yanayin kawai, da AES-GCM da CHACHA20POLY1305 ciphers. Ana shirin haɗa tallafin DCO a cikin sakin OpenVPN 2.6, wanda aka tsara don kwata na 4 na wannan shekara. A halin yanzu ana tallafawa tsarin a cikin abokin ciniki na OpenVPN3 Linux na gwajin beta da ginin gwaji na uwar garken OpenVPN na Linux. Hakanan ana haɓaka irin wannan nau'in, ovpn-dco-win, don kernel na Windows.
source: budenet.ru