A ƙarshen Yuli, masu haɓaka hanyar WireGuard VPN sun ba da shawarar , wanda zai mayar da software na tunnelling na VPN wani bangare na kernel Linux. Duk da haka, ainihin ranar aiwatar da "ra'ayin" ya kasance ba a sani ba. A ƙasa yanke za mu yi magana game da wannan kayan aiki daki-daki.
/ hoto
A takaice game da aikin
WireGuard ramin VPN ne na gaba mai zuwa wanda Jason A. Donenfeld, Shugaba na Edge Security ya kirkira. An bunkasa aikin kamar yadda da madadin sauri zuwa OpenVPN da IPsec. Sigar farko ta samfurin ta ƙunshi layin lamba 4 kawai. Don kwatanta, OpenVPN yana da kusan layi 120, kuma IPSec yana da 420 dubu.
By masu haɓakawa, WireGuard yana da sauƙin daidaitawa kuma ana samun tsaro na yarjejeniya . : Wi-Fi, LTE ko Ethernet suna buƙatar sake haɗawa zuwa uwar garken VPN kowane lokaci. Sabar WireGuard ba sa ƙare haɗin, ko da mai amfani ya karɓi sabon adireshin IP.
Duk da cewa WireGuard an tsara shi ne don Linux kernel, masu haɓakawa kuma game da sigar kayan aiki mai ɗaukar nauyi don na'urorin Android. Har yanzu aikace-aikacen bai cika cikakke ba, amma kuna iya gwada shi yanzu. Don wannan kuna buƙatar .
Gabaɗaya, WireGuard ya shahara sosai kuma har ma ya kasance masu samar da VPN da yawa, kamar Mullvad da AzireVPN. An buga akan layi wannan shawarar. Misali, , waɗanda masu amfani suka ƙirƙira, kuma akwai jagororin, .
Bayanan fasaha
В (shafi na 18) an lura cewa kayan aikin WireGuard ya ninka na OpenVPN sau huɗu sama da na OpenVPN: 1011 Mbit/s da 258 Mbit/s, bi da bi. WireGuard kuma yana gaba da daidaitaccen bayani na Linux IPsec - yana da 881 Mbit/s. Hakanan ya zarce ta cikin sauƙi na saiti.
Bayan an musanya maɓallan (haɗin VPN an fara farawa kamar SSH) kuma an kafa haɗin kai, WireGuard yana ɗaukar duk sauran ayyuka da kansa: babu buƙatar damuwa game da hanyar sadarwa, sarrafa jihar, da sauransu. Ƙarin ƙoƙarin daidaitawa zai kasance kawai. ake buƙata idan kuna son yin amfani da ɓoyayyen ɓoye-ɓoye.
/ hoto
Don shigarwa, kuna buƙatar rarraba tare da kernel Linux wanda ya girmi 4.1. Ana iya samun shi a cikin ma'ajiyar manyan rabawa na Linux.
$ sudo add-apt-repository ppa:hda-me/wireguard
$ sudo apt update
$ sudo apt install wireguard-dkms wireguard-tools
Kamar yadda masu gyara na xakep.ru bayanin kula, haɗa kai daga rubutun tushe shima yana da sauƙi. Ya isa buɗe hanyar sadarwa da samar da maɓallan jama'a da na sirri:
$ sudo ip link add dev wg0 type wireguard
$ wg genkey | tee privatekey | wg pubkey > publickey
WireGuard dubawa don aiki tare da mai samar da crypto . Madadin haka, ana amfani da sifar rafi , rubutun kalmomi Poly1305 da ayyukan hash na sirri na sirri.
Ana samar da maɓallin sirri ta amfani da shi bisa lankwasa elliptical . Lokacin hashing, ana amfani da su и . Saboda tsarin tambarin lokaci Yarjejeniyar tana watsar da fakiti tare da ƙaramin ƙimar tambarin lokaci, ta haka и .
A wannan yanayin, WireGuard yana amfani da aikin ioctl don sarrafa I/O (wanda aka yi amfani da shi a baya ), wanda ke sa lambar ta zama mafi tsabta da sauƙi. Kuna iya tabbatar da hakan ta hanyar dubawa .
Shirye-shiryen masu haɓakawa
A yanzu, WireGuard ƙirar kernel ce wacce ba ta da itace. Amma marubucin aikin shine Jason Donenfeld , cewa lokaci ya yi don aiwatar da cikakken aiki a cikin Linux kernel. Domin yana da sauƙi kuma mafi aminci fiye da sauran mafita. Jason a wannan batun har ma Linus Torvalds da kansa ya kira lambar WireGuard "aikin fasaha."
Amma babu wanda ke magana game da ainihin kwanakin gabatarwar WireGuard a cikin kwaya. KUMA wannan zai faru tare da sakin kernel Linux na Agusta 4.18. Koyaya, akwai yuwuwar hakan zai faru nan gaba kaɗan: a cikin sigar 4.19 ko 5.0.
Lokacin da aka ƙara WireGuard zuwa kernel, masu haɓakawa kammala aikace-aikacen don na'urorin Android kuma fara rubuta aikace-aikacen don iOS. Hakanan akwai shirye-shiryen kammala aiwatarwa a cikin Go da Rust da jigilar su zuwa macOS, Windows da BSD. Hakanan ana shirin aiwatar da WireGuard don ƙarin “tsari masu ban mamaki”: , , da sauran abubuwa masu ban sha'awa da yawa. Dukkansu an jera su a ciki marubutan aikin.
PS Wasu ƙarin labarai daga rukunin yanar gizon mu:
Babban jagorar ayyukanmu shine samar da sabis na girgije:
| | | | | |
source: www.habr.com