ProHoster > Блог > labaran intanet > Sakin OpenIKED 7.3, aiwatar da ƙa'idar IKEv2 mai ɗaukar hoto don IPsec

Sakin OpenIKED 7.3, aiwatar da ƙa'idar IKEv2 mai ɗaukar hoto don IPsec

Aikin OpenBSD ya fitar da OpenIKED 7.3, wani ci gaban yarjejeniyar IKEv2. Da farko, sassan IKEv2 muhimmin bangare ne na OpenBSD IPsec stack, amma daga baya aka raba su zuwa wani fakiti daban kuma yanzu ana iya amfani da su akan wasu tsarin aiki. An gwada OpenIKED akan FreeBSD, NetBSD, macOS da kuma rarrabawa daban-daban Linux, har da Arch, Debian, Fedora da UbuntuAn rubuta lambar a cikin C kuma an rarraba ta a ƙarƙashin lasisin ISC.

OpenIKED yana ba ku damar tura cibiyoyin sadarwa masu zaman kansu na tushen IPsec. Tarin IPsec an yi shi ne da manyan ka'idoji guda biyu: Maɓallin Musayar Maɓalli (IKE) da Ka'idar Transport Protocol (ESP). OpenIKED yana aiwatar da abubuwa na tantancewa, daidaitawa, musanya maɓalli, da kiyaye manufofin tsaro, kuma ƙa'idar rufaffen zirga-zirgar ESP galibi ana samar da ita ta tsarin aiki. Hanyoyin tabbatarwa a cikin OpenIKED na iya amfani da maɓallan da aka riga aka raba, EAP MSCHAPv2 tare da takardar shaidar X.509, da RSA da maɓallan jama'a na ECDSA.

A cikin sabon sigar:

  • An ƙara tallafi ga ramukan sec da aka ƙirƙira a cikin OpenBSD don jagorantar zirga-zirgar IPsec ta hanyar hanyar sadarwar sec, maimakon amfani da ƙa'idodin SPD (IPsec Security Policy Database) lokacin ƙirƙirar ramuka masu tsaro. VPN a yanayin maki-zuwa-maki.
  • An ƙara tallafi don ƙayyade abubuwa da yawa sabobin sunaye masu hanyar sadarwa ɗaya a cikin Linux.
  • An ƙara ikon amfani da ɗakin karatu na libssytemd don saita DNS ta hanyar DBUS a cikin Linux, maimakon kiran mai amfani da resolvectl.
  • A kan dandalin Linux An cire ɗakin karatu na libapparmor daga abubuwan da suka dogara da shi, kuma maimakon haka, yanzu ana amfani da damar shiga kai tsaye zuwa /proc pseudo-FS don canza manufofin AppArmor, wanda ke ba da damar buɗe bayanin fayil kafin a sake saita gata.
  • An ba da ikon aiwatar da cikakkun sarƙoƙin takaddun shaida na x509 a cikin nauyin biyan kuɗi na CERT.
  • Don inganta keɓewar tsari, ana sake kunna tsarin yara bayan kiran cokali mai yatsa().
  • An sake fasalin API na ibuf na ciki don OpenBSD 7.4.
  • An daidaita Layer ɗin karfin aiki tare da sabuwar OpenBSD codebase.
  • An yi gyare-gyare ga tsarin OpenSSL da ikectl ke amfani da shi don tabbatar da sabunta takaddun takaddun da suka ƙare.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster