WireGuard tau txais kev saib xyuas ntau tsis ntev los no, qhov tseeb nws yog lub hnub qub tshiab ntawm VPNs. Tab sis nws puas zoo li nws zoo li? Kuv xav tham txog qee qhov kev soj ntsuam thiab tshuaj xyuas kev siv WireGuard los piav qhia vim li cas nws tsis yog qhov kev daws teeb meem los hloov IPsec lossis OpenVPN.
Hauv tsab xov xwm no, kuv xav debunk qee qhov lus dab neeg [nyob ib puag ncig WireGuard]. Yog, nws yuav siv sijhawm ntev los nyeem, yog li yog tias koj tsis tau ua koj tus kheej ib khob tshuaj yej lossis kas fes, ces nws yog lub sijhawm ua nws. Kuv kuj xav hais ua tsaug rau Peter rau kev kho kuv cov kev xav chaotic.
Kuv tsis tau teeb tsa kuv tus kheej lub hom phiaj ntawm kev tsis lees paub cov neeg tsim khoom ntawm WireGuard, ntsuas lawv cov kev siv zog lossis cov tswv yim. Lawv cov khoom ua haujlwm, tab sis tus kheej kuv xav tias nws tau nthuav tawm txawv ntawm qhov nws tiag tiag - nws tau nthuav tawm los hloov IPsec thiab OpenVPN, uas qhov tseeb tsuas yog tsis muaj tam sim no.
Raws li kev sau tseg, kuv xav ntxiv tias lub luag haujlwm rau kev tso npe ntawm WireGuard yog nyob nrog cov xov xwm uas tau tham txog nws, thiab tsis yog qhov project nws tus kheej lossis nws tus tsim.
Tsis tau muaj xov xwm zoo txog Linux ntsiav tsis ntev los no. Yog li, peb tau hais txog qhov tsis muaj peev xwm loj heev ntawm cov txheej txheem, uas tau ua tiav los ntawm software, thiab Linus Torvalds tau tham txog nws dhau lawm rudly thiab boringly, nyob rau hauv cov lus utilitarian ntawm tus tsim tawm. Ib lub sijhawm teem sijhawm lossis xoom-theem kev sib tham pawg kuj tsis yog cov ntsiab lus meej rau cov ntawv xov xwm glossy. Thiab ntawm no los WireGuard.
Nyob rau hauv daim ntawv, nws tag nrho cov suab zoo: ib tug exciting tshiab technology.
Tab sis cia saib nws me ntsis ze ze.
WireGuard daim ntawv dawb
Kab lus no yog raws li sau los ntawm Jason Donenfeld. Nyob ntawd nws piav qhia txog lub tswv yim, lub hom phiaj thiab kev ua haujlwm ntawm [WireGuard] hauv Linux kernel.
Thawj kab lus nyeem:
WireGuard [...] lub hom phiaj los hloov ob IPsec hauv feem ntau cov neeg siv thiab lwm qhov chaw siv nrov thiab / lossis TLS raws li kev daws teeb meem xws li OpenVPN thaum muaj kev nyab xeeb dua, ua tau zoo thiab siv tau yooj yim dua [lub cuab yeej].
Ntawm chav kawm, lub ntsiab kom zoo dua ntawm tag nrho cov tshiab technologies yog lawv yooj yim [piv rau predecessors]. Tab sis VPN yuav tsum yog siv tau thiab nyab xeeb.
Yog li, tom ntej no yog dab tsi?
Yog tias koj hais tias qhov no tsis yog qhov koj xav tau [los ntawm VPN], koj tuaj yeem xaus qhov kev nyeem ntawm no. Txawm li cas los xij, kuv yuav nco ntsoov tias cov haujlwm zoo li no tau teeb tsa rau lwm lub tshuab tunneling.
Qhov nthuav tshaj plaws ntawm cov lus hais saum toj no yog nyob rau hauv cov lus "feem ntau", uas, ntawm chav kawm, raug ignored los ntawm xovxwm. Thiab yog li ntawd, peb yog qhov uas peb tau xaus vim qhov kev ntxhov siab tsim los ntawm qhov kev tsis saib xyuas no - hauv kab lus no.
Puas yuav WireGuard hloov kuv [IPsec] site-to-site VPN?
Tsis muaj. Nws tsis muaj caij nyoog uas cov neeg muag khoom loj xws li Cisco, Juniper thiab lwm tus yuav yuav WireGuard rau lawv cov khoom. Lawv tsis "dhia hla lub tsheb ciav hlau" ntawm kev txav tshwj tsis yog tias muaj qee qhov xav tau ua. Tom qab ntawd, kuv yuav hla qee qhov laj thawj vim li cas lawv tej zaum yuav tsis tuaj yeem tau txais lawv cov khoom siv WireGuard rau ntawm lub nkoj txawm tias lawv xav tau.
Puas yuav WireGuard coj kuv RoadWarrior ntawm kuv lub laptop mus rau qhov chaw khaws ntaub ntawv?
Tsis muaj. Tam sim no, WireGuard tsis muaj tus lej loj ntawm cov yam ntxwv tseem ceeb siv rau nws kom muaj peev xwm ua tau qee yam zoo li no. Piv txwv li, nws tsis tuaj yeem siv dynamic IP chaw nyob ntawm qhov chaw server sab, thiab qhov no ib leeg ua rau tag nrho cov xwm txheej ntawm kev siv cov khoom.
IPFire feem ntau yog siv rau pheej yig Internet txuas, xws li DSL lossis cable sib txuas. Qhov no ua rau kev nkag siab zoo rau cov lag luam me lossis nruab nrab uas tsis xav tau fiber ntau. [Ceeb toom los ntawm tus neeg txhais lus: tsis txhob hnov ββββqab tias nyob rau hauv cov nqe lus ntawm kev sib txuas lus, Russia thiab ib co CIS lub teb chaws nyob deb ua ntej ntawm cov teb chaws Europe thiab lub tebchaws United States, vim hais tias peb pib tsim peb tes hauj lwm ntau tom qab thiab nrog lub advent ntawm Ethernet thiab fiber optic tes hauj lwm raws li ib tug. txheem, nws yooj yim dua rau peb rov tsim dua. Hauv tib lub teb chaws ntawm EU lossis Asmeskas, xDSL broadband nkag ntawm qhov ceev ntawm 3-5 Mbps tseem yog cov qauv dav dav, thiab kev sib txuas fiber ntau raug nqi qee cov nyiaj tsis muaj tseeb los ntawm peb cov qauv. Yog li ntawd, tus sau ntawm tsab xov xwm hais txog DSL los yog cable txuas raws li tus qauv, thiab tsis yog thaum ub.] Txawm li cas los xij, DSL, cable, LTE (thiab lwm yam kev siv wireless) muaj qhov chaw nyob IP dynamic. Tau kawg, qee zaum lawv tsis hloov ntau zaus, tab sis lawv hloov.
Muaj ib qhov project sub hu ua , uas ntxiv ib tus userspace daemon kom kov yeej qhov tsis txaus no. Ib qho teeb meem loj nrog cov neeg siv scenario tau piav qhia saum toj no yog qhov ua rau muaj kev kub ntxhov ntawm IPv6 chaw nyob.
Los ntawm qhov pom ntawm tus neeg muag khoom, tag nrho cov no tsis zoo heev. Ib qho ntawm cov hom phiaj tsim yog ua kom cov txheej txheem yooj yim thiab huv si.
Hmoov tsis zoo, tag nrho cov no tau dhau los ua qhov yooj yim thiab qub, yog li peb yuav tsum siv software ntxiv txhawm rau txhawm rau tsim tag nrho cov qauv no kom siv tau tiag tiag.
Puas yog WireGuard yooj yim siv?
Tsis tau. Kuv tsis tau hais tias WireGuard yuav tsis yog lwm txoj hauv kev zoo rau tunneling ntawm ob lub ntsiab lus, tab sis tam sim no nws tsuas yog alpha version ntawm cov khoom nws yuav tsum yog.
Tiamsis yog nws ua dabtsi tiag? Puas yog IPsec tiag tiag nyuaj dua los tswj?
Obviously tsis. Tus neeg muag khoom IPsec tau xav txog qhov no thiab xa lawv cov khoom nrog rau kev sib txuas, xws li nrog IPFire.
Txhawm rau teeb tsa VPN qhov hla IPsec, koj yuav xav tau tsib pawg ntawm cov ntaub ntawv uas koj yuav tsum tau nkag mus rau hauv kev teeb tsa: koj tus kheej IP chaw nyob, pej xeem IP chaw nyob ntawm tog txais, cov subnets uas koj xav kom pej xeem dhau los. qhov kev sib txuas VPN no thiab qhov tseem ceeb sib koom ua ntej. Yog li, VPN tau teeb tsa hauv feeb thiab sib haum nrog txhua tus neeg muag khoom.
Hmoov tsis zoo, muaj qee qhov kev zam rau zaj dab neeg no. Txhua tus neeg uas tau sim tunnel hla IPsec rau lub tshuab OpenBSD paub qhov kuv tab tom tham txog. Muaj ob peb tus piv txwv mob ntxiv, tab sis qhov tseeb, muaj ntau, ntau qhov kev coj ua zoo dua rau kev siv IPsec.
Hais txog kev complexity
Cov neeg siv kawg tsis tas yuav txhawj xeeb txog qhov nyuaj ntawm cov txheej txheem.
Yog tias peb nyob hauv lub ntiaj teb uas qhov no yog qhov kev txhawj xeeb tiag tiag ntawm cov neeg siv, ces peb yuav tau tshem ntawm SIP, H.323, FTP thiab lwm yam kev cai tsim ntau tshaj kaum xyoo dhau los uas tsis ua haujlwm zoo nrog NAT.
Muaj cov laj thawj vim li cas IPsec yog qhov nyuaj dua li WireGuard: nws ua ntau yam ntxiv. Piv txwv li, tus neeg siv authentication siv tus ID nkag mus / password lossis SIM daim npav nrog EAP. Nws muaj peev xwm txuas ntxiv ntxiv tshiab .
Thiab WireGuard tsis muaj qhov ntawd.
Thiab qhov no txhais tau hais tias WireGuard yuav tawg rau qee lub sijhawm, vim tias ib qho ntawm cov cryptographic primitives yuav tsis muaj zog lossis raug cuam tshuam tag nrho. Tus sau ntawm cov ntaub ntawv technical hais tias:
Nws yog tsim nyog sau cia tias WireGuard yog cryptographically xav. Nws txhob txwm tsis muaj qhov hloov pauv ntawm ciphers thiab cov txheej txheem. Yog tias muaj qhov hnyav nyob hauv cov hauv paus ntsiab lus, txhua qhov kawg yuav tsum tau hloov kho. Raws li koj tuaj yeem pom los ntawm cov kwj tsis tu ncua ntawm SLL / TLS qhov tsis zoo, qhov hloov pauv ntawm kev nkag mus tau tam sim no tau nce ntau heev.
Cov kab lus kawg no tiag tiag.
Tau txais kev pom zoo ntawm dab tsi encryption siv ua cov txheej txheem xws li IKE thiab TLS ntau complex. nyuaj dhau? Yog lawm, qhov tsis zoo no feem ntau tshwm sim hauv TLS / SSL, thiab tsis muaj lwm txoj hauv kev rau lawv.
Ntawm ignoring tiag tiag teeb meem
Xav txog tias koj muaj VPN server nrog 200 tus neeg siv sib ntaus sib tua nyob ib puag ncig ntiaj teb. Qhov no yog ib qho zoo nkauj siv rooj plaub. Yog tias koj yuav tsum hloov qhov encryption, koj yuav tsum xa qhov hloov tshiab rau txhua daim ntawv theej ntawm WireGuard ntawm cov laptops, smartphones, thiab lwm yam. Ib txhij xa. Nws yog qhov tsis yooj yim sua. Cov thawj coj sim ua qhov no yuav siv sij hawm ntau lub hlis los siv cov kev teeb tsa uas xav tau, thiab nws yuav siv lub tuam txhab nruab nrab xyoo los rub tawm cov xwm txheej zoo li no.
IPsec thiab OpenVPN muab kev sib tham cipher feature. Yog li ntawd, rau qee lub sijhawm tom qab koj qhib qhov tshiab encryption, qhov qub yuav ua haujlwm. Qhov no yuav cia cov neeg siv khoom tam sim no hloov kho mus rau qhov tshiab version. Tom qab qhov hloov tshiab tau dov tawm, koj tsuas yog tua qhov tsis zoo encryption. Thiab yog nws! Npaj txhij! koj zoo nkauj! Cov neeg siv khoom yuav tsis pom nws.
Qhov no yog qhov tseeb heev rau kev xa tawm loj, thiab txawm tias OpenVPN muaj qee qhov nyuaj rau qhov no. Backward compatibility yog ib qho tseem ceeb, thiab txawm hais tias koj siv tsis muaj zog encryption, rau ntau, qhov no tsis yog vim li cas kaw ib lub lag luam. Vim tias nws yuav ua rau tuag tes tuag taw kev ua haujlwm ntawm ntau pua tus neeg siv khoom vim tsis muaj peev xwm ua lawv txoj haujlwm.
Pab pawg WireGuard tau ua rau lawv cov txheej txheem yooj yim dua, tab sis siv tsis tau kiag li rau cov neeg uas tsis muaj kev tswj xyuas tas li ntawm ob tus phooj ywg hauv lawv lub qhov. Hauv kuv qhov kev paub, qhov no yog qhov xwm txheej tshaj plaws.
Cryptography!
Tab sis dab tsi yog qhov nthuav tshiab encryption uas WireGuard siv?
WireGuard siv Curve25519 rau kev sib pauv tseem ceeb, ChaCha20 rau encryption thiab Poly1305 rau kev txheeb xyuas cov ntaub ntawv. Nws kuj ua haujlwm nrog SipHash rau hash yuam sij thiab BLAKE2 rau hashing.
ChaCha20-Poly1305 yog tus qauv rau IPsec thiab OpenVPN (tshaj TLS).
Nws yog qhov pom tseeb tias kev txhim kho ntawm Daniel Bernstein siv ntau zaus. BLAKE2 yog tus successor rau BLAKE, SHA-3 zaum kawg uas tsis yeej vim nws zoo sib xws rau SHA-2. Yog tias SHA-2 tau tawg, muaj lub sijhawm zoo uas BLAKE yuav raug cuam tshuam thiab.
IPsec thiab OpenVPN tsis xav tau SipHash vim lawv tsim. Yog li tsuas yog qhov uas tsis tuaj yeem siv nrog lawv tam sim no yog BLAKE2, thiab tsuas yog kom txog thaum nws ua qauv. Qhov no tsis yog qhov teeb meem loj, vim tias VPNs siv HMAC los tsim kev ncaj ncees, uas yog suav tias yog ib qho kev daws teeb meem zoo txawm tias ua ke nrog MD5.
Yog li kuv tuaj rau qhov xaus tias yuav luag tib cov txheej txheem cryptographic siv hauv txhua VPNs. Yog li ntawd, WireGuard tsis muaj kev nyab xeeb ntau dua lossis tsawg dua li lwm yam khoom siv tam sim no thaum nws los txog rau encryption lossis kev ncaj ncees ntawm cov ntaub ntawv xa mus.
Tab sis txawm tias qhov no tsis yog qhov tseem ceeb tshaj plaws, uas tsim nyog yuav tsum tau them sai sai rau raws li cov ntaub ntawv raug cai ntawm qhov project. Tom qab tag nrho, qhov tseem ceeb tshaj plaws yog ceev.
Puas yog WireGuard sai dua lwm qhov kev daws teeb meem VPN?
Hauv luv: tsis yog, tsis nrawm dua.
ChaCha20 yog cov kwj cipher uas yooj yim rau kev siv hauv software. Nws encrypts ib me ntsis ntawm ib lub sij hawm. Thaiv cov txheej txheem zoo li AES encrypt ib qho thaiv 128 khoom ib zaug. Ntau ntau cov transistors yuav tsum tau siv cov kev txhawb nqa kho vajtse, yog li cov txheej txheem loj tuaj nrog AES-NI, cov lus qhia txuas ntxiv uas ua qee yam haujlwm ntawm cov txheej txheem encryption kom ceev nws.
Nws tau xav tias AES-NI yuav tsis nkag mus rau hauv smartphones [tab sis nws tau ua - kwv yees li. per.]. Rau qhov no, ChaCha20 tau tsim los ua lub teeb yuag, kev txuag roj teeb. Yog li ntawd, nws yuav tuaj raws li xov xwm rau koj tias txhua lub xov tooj smartphone uas koj tuaj yeem yuav hnub no muaj qee yam ntawm AES acceleration thiab khiav nrawm dua thiab nrog qis zog siv nrog qhov encryption no dua li ChaCha20.
Pom tseeb, tsuas yog hais txog txhua lub desktop / server processor yuav hauv ob peb xyoos dhau los muaj AES-NI.
Yog li, kuv cia siab tias AES yuav ua tau zoo dua ChaCha20 hauv txhua qhov xwm txheej. WireGuard cov ntaub ntawv tseem ceeb tau hais tias nrog AVX512, ChaCha20-Poly1305 yuav ua tau zoo dua AES-NI, tab sis cov lus qhia txuas ntxiv no tsuas yog muaj nyob rau ntawm CPUs loj dua, uas dua yuav tsis pab nrog cov khoom siv me me thiab ntau lub xov tooj ntawm tes, uas yuav nrawm dua nrog AES. - N.I.
Kuv tsis paub meej tias qhov no tuaj yeem tau pom thaum lub sijhawm kev txhim kho ntawm WireGuard, tab sis hnub no qhov tseeb tias nws tau raug ntsia rau encryption ib leeg twb yog qhov tsis zoo uas yuav tsis cuam tshuam rau nws txoj haujlwm zoo heev.
IPsec tso cai rau koj xaiv qhov twg encryption yog qhov zoo tshaj plaws rau koj rooj plaub. Thiab tau kawg, qhov no yog qhov tsim nyog yog tias, piv txwv li, koj xav hloov 10 lossis ntau dua gigabytes ntawm cov ntaub ntawv los ntawm kev sib txuas VPN.
Cov teeb meem kev koom ua ke hauv Linux
Txawm hais tias WireGuard tau xaiv cov txheej txheem encryption niaj hnub, qhov no twb ua rau muaj teeb meem ntau. Thiab yog li ntawd, es tsis txhob siv qhov kev txhawb nqa los ntawm cov ntsiav tawm ntawm lub thawv, kev sib koom ua ke ntawm WireGuard tau ncua sij hawm ntau xyoo vim tsis muaj cov txheej txheem no hauv Linux.
Kuv tsis paub meej tias qhov xwm txheej yog dab tsi ntawm lwm lub operating system, tab sis nws yuav tsis txawv ntau li ntawm Linux.
Qhov kev muaj tiag zoo li cas?
Hmoov tsis zoo, txhua zaus tus neeg siv khoom thov kom kuv teeb tsa VPN txuas rau lawv, Kuv tau khiav mus rau qhov teeb meem uas lawv siv cov ntawv pov thawj tsis tu ncua thiab kev nkag mus. 3DES ua ke nrog MD5 tseem muaj kev coj ua, xws li AES-256 thiab SHA1. Thiab txawm hais tias tom kawg zoo dua me ntsis, qhov no tsis yog ib yam uas yuav tsum tau siv rau xyoo 2020.
Rau kev sib pauv tseem ceeb yeej ib txwm RSA yog siv - lub cuab yeej qeeb tab sis muaj kev nyab xeeb.
Kuv cov neeg siv khoom muaj feem cuam tshuam nrog cov cai tswj hwm kev lis kev cai thiab lwm lub koom haum tsoomfwv thiab cov koom haum, nrog rau cov tuam txhab loj uas nws cov npe tau paub thoob plaws ntiaj teb. Lawv txhua tus siv daim ntawv thov uas tau tsim ntau xyoo dhau los, thiab muaj peev xwm siv SHA-512 tsuas yog tsis tau ntxiv. Kuv tsis tuaj yeem hais tias nws ua li cas kom meej meej cuam tshuam txog kev ua haujlwm thev naus laus zis, tab sis pom tseeb tias nws ua rau cov txheej txheem koom nrog qeeb.
Nws mob kuv pom qhov no vim tias IPsec tau txhawb nqa elliptic curves offhand txij thaum 2005. Curve25519 kuj yog tshiab dua thiab muaj rau siv. Kuj tseem muaj lwm txoj hauv kev rau AES xws li Camellia thiab ChaCha20, tab sis tsis yog txhua tus ntawm lawv tau txais kev txhawb nqa los ntawm cov neeg muag khoom loj xws li Cisco thiab lwm tus.
Thiab tib neeg siv qhov zoo ntawm nws. Muaj ntau yam khoom siv Cisco, muaj ntau yam khoom siv tsim los ua haujlwm nrog Cisco. Lawv yog cov thawj coj hauv kev lag luam hauv ntu no thiab tsis txaus siab rau txhua yam kev tsim kho tshiab.
Yog lawm, qhov xwm txheej [hauv ntu kev lag luam] yog qhov txaus ntshai, tab sis peb yuav tsis pom qhov hloov pauv vim yog WireGuard. Cov neeg muag khoom tej zaum yuav tsis pom muaj teeb meem kev ua tau zoo nrog cov cuab yeej thiab kev encryption uas lawv twb siv lawm, yuav tsis pom muaj teeb meem nrog IKEv2, thiab yog li lawv tsis nrhiav lwm txoj hauv kev.
Feem ntau, koj puas tau xav txog kev tso tseg Cisco?
Benchmarks
Thiab tam sim no cia peb mus rau qhov ntsuas ntsuas los ntawm WireGuard cov ntaub ntawv. Txawm hais tias qhov no [cov ntaub ntawv] tsis yog tsab xov xwm tshawb fawb, kuv tseem xav kom cov neeg tsim khoom siv txoj hauv kev tshawb fawb ntxiv, lossis siv txoj hauv kev tshawb fawb raws li kev siv. Txhua qhov kev ntsuas yuav tsis muaj txiaj ntsig yog tias lawv tsis tuaj yeem tsim dua tshiab, thiab tseem tsis muaj txiaj ntsig ntau dua thaum lawv tau txais hauv chav kuaj.
Hauv Linux tsim ntawm WireGuard, nws siv qhov zoo ntawm kev siv GSO - Generic Segmentation Offloading. Ua tsaug rau nws, tus neeg siv khoom tsim ib pob ntawv loj ntawm 64 kilobytes thiab encrypts / decrypts nws hauv ib qho mus. Yog li, tus nqi ntawm invoking thiab siv cryptographic ua haujlwm raug txo. Yog tias koj xav ua kom muaj qhov siab tshaj plaws ntawm koj qhov kev sib txuas VPN, qhov no yog lub tswv yim zoo.
Tab sis, raws li niaj zaus, qhov kev muaj tiag tsis yog li ntawd yooj yim. Kev xa cov pob ntawv loj li no mus rau lub network adapter yuav tsum tau txiav rau ntau pob ntawv me. Qhov loj xa tuaj yog 1500 bytes. Ntawd yog, peb qhov loj ntawm 64 kilobytes yuav muab faib ua 45 pob ntawv (1240 bytes ntawm cov ntaub ntawv thiab 20 bytes ntawm IP header). Tom qab ntawd, ib pliag, lawv yuav thaiv tag nrho cov haujlwm ntawm lub network adapter, vim tias lawv yuav tsum raug xa mus ua ke thiab ib zaug. Raws li qhov tshwm sim, qhov no yuav ua rau muaj qhov tseem ceeb dhia, thiab cov pob ntawv xws li VoIP, piv txwv li, yuav raug queued.
Yog li, qhov kev nkag siab siab uas WireGuard thiaj li ua siab tawv thov tau ua tiav ntawm tus nqi qeeb ntawm kev sib txuas ntawm lwm cov ntawv thov. Thiab pab pawg WireGuard twb yog lawm qhov no yog kuv qhov xaus.
Tab sis cia peb mus ntxiv.
Raws li cov qauv ntsuas hauv cov ntaub ntawv thev naus laus zis, kev sib txuas qhia tau hais tias muaj kev sib tw ntawm 1011 Mbps.
Txaus siab heev.
Qhov no yog qhov tshwj xeeb tshaj yog vim qhov tseeb tias qhov siab tshaj plaws theoretical throughput ntawm ib qho kev sib txuas Gigabit Ethernet yog 966 Mbps nrog pob ntawv loj ntawm 1500 bytes rho tawm 20 bytes rau IP header, 8 bytes rau UDP header thiab 16 bytes rau header ntawm WireGuard nws tus kheej. Muaj ib qho ntxiv IP header hauv pob ntawv encapsulated thiab lwm qhov hauv TCP rau 20 bytes. Yog li no qhov bandwidth ntxiv tuaj qhov twg?
Nrog cov thav duab loj loj thiab cov txiaj ntsig ntawm GSO peb tau tham txog saum toj no, qhov kev xav siab tshaj plaws rau tus ncej loj ntawm 9000 bytes yuav yog 1014 Mbps. Feem ntau xws li kev hla dhau yog qhov tsis tuaj yeem nyob hauv qhov tseeb, vim tias nws cuam tshuam nrog cov teeb meem loj. Yog li, kuv tsuas tuaj yeem xav tias qhov kev ntsuam xyuas tau ua los ntawm kev siv txawm tias fatter oversized thav duab ntawm 64 kilobytes nrog qhov theoretical siab tshaj plaws ntawm 1023 Mbps, uas tsuas yog txhawb nqa los ntawm qee lub network adapters. Tab sis qhov no yog qhov siv tsis tau tiag tiag hauv cov xwm txheej tiag tiag, lossis tsuas yog siv tau ntawm ob qhov chaw txuas ncaj qha, tshwj xeeb hauv lub rooj sib tw xeem.
Tab sis txij li thaum VPN qhov txuas tau xa mus ntawm ob tus tswv siv kev sib txuas hauv Is Taws Nem uas tsis txhawb nqa jumbo thav duab txhua, qhov tshwm sim ua tiav ntawm lub rooj ntev zaum tsis tuaj yeem coj los ua qhov ntsuas. Qhov no tsuas yog ib qho kev ua tiav hauv chav kuaj tsis muaj tseeb uas ua tsis tau thiab siv tsis tau hauv kev sib ntaus sib tua tiag tiag.
Txawm tias zaum hauv qhov chaw khaws ntaub ntawv, kuv tsis tuaj yeem hloov cov ncej loj dua 9000 bytes.
Cov txheej txheem ntawm kev siv tau hauv lub neej tiag tiag yog ua txhaum cai thiab, raws li kuv xav, tus sau ntawm "kev ntsuas" tau ua rau nws tus kheej tsis txaus ntseeg rau qhov laj thawj pom tseeb.
Kawg glimmer ntawm kev cia siab
Lub vev xaib WireGuard tham ntau txog cov thawv ntim khoom thiab nws paub meej tias nws yog dab tsi tiag tiag rau.
Ib qho yooj yim thiab ceev VPN uas yuav tsum tsis muaj kev teeb tsa thiab tuaj yeem siv tau thiab teeb tsa nrog cov cuab yeej orchestration loj xws li Amazon muaj hauv lawv huab. Tshwj xeeb, Amazon siv cov cuab yeej kho vajtse tshiab kawg uas kuv tau hais ua ntej, xws li AVX512. Qhov no yog ua tiav txhawm rau txhawm rau txhawm rau ua haujlwm sai thiab tsis raug khi rau x86 lossis lwm yam qauv tsim.
Lawv ua kom zoo dua cov khoom siv thiab cov pob ntawv loj dua 9000 bytes - cov no yuav yog cov thawv loj loj rau cov thawv sib txuas lus, lossis rau kev ua haujlwm thaub qab, tsim snapshots lossis siv cov ntim tib yam. Txawm tias qhov chaw nyob IP dynamic yuav tsis cuam tshuam rau kev khiav hauj lwm ntawm WireGuard nyob rau hauv txhua txoj kev nyob rau hauv cov ntaub ntawv ntawm qhov scenario kuv piav.
Ua si zoo. Kev siv ci ntsa iab thiab nyias heev, yuav luag siv raws tu qauv.
Tab sis nws tsuas yog tsis haum nyob rau hauv lub ntiaj teb sab nraud ntawm lub chaw zov me nyuam uas koj tswj tau tag nrho. Yog tias koj muaj kev pheej hmoo thiab pib siv WireGuard, koj yuav tsum ua kom muaj kev cuam tshuam tsis tu ncua hauv kev tsim thiab siv cov txheej txheem encryption.
xaus
Nws yooj yim rau kuv los xaus tias WireGuard tseem tsis tau npaj.
Nws tau xeeb los ua ib lub teeb yuag thiab kev daws teeb meem ceev rau ntau qhov teeb meem nrog cov kev daws teeb meem uas twb muaj lawm. Hmoov tsis zoo, rau lub hom phiaj ntawm cov kev daws teeb meem no, nws tau txi ntau yam uas yuav cuam tshuam rau cov neeg siv feem ntau. Tias yog vim li cas nws tsis tuaj yeem hloov IPsec lossis OpenVPN.
Txhawm rau WireGuard los ua kev sib tw, nws yuav tsum tau ntxiv yam tsawg kawg yog qhov chaw nyob IP thiab kev teeb tsa thiab DNS teeb tsa. Obviously, qhov no yog dab tsi encrypted channel yog rau.
Kev ruaj ntseg yog kuv qhov tseem ceeb tshaj plaws, thiab tam sim no kuv tsis muaj laj thawj ntseeg tias IKE lossis TLS yog qee yam cuam tshuam lossis tawg. Niaj hnub nimno encryption tau txais kev txhawb nqa hauv ob qho tib si, thiab lawv tau raug pov thawj los ntawm kev ua haujlwm ntau xyoo. Tsuas yog vim qee yam tshiab tsis tau txhais hais tias nws zoo dua.
Kev sib koom tes yog qhov tseem ceeb heev thaum koj sib txuas lus nrog cov neeg thib peb uas nws cov chaw nres tsheb koj tsis tswj. IPsec yog tus qauv de facto thiab tau txais kev txhawb nqa yuav luag txhua qhov chaw. Thiab nws ua haujlwm. Thiab txawm tias nws zoo li cas, hauv txoj kev xav, WireGuard yav tom ntej yuav tsis sib xws txawm tias muaj ntau qhov sib txawv ntawm nws tus kheej.
Ib qho kev tiv thaiv cryptographic tawg sai lossis tom qab thiab, raws li, yuav tsum tau hloov lossis hloov kho.
Tsis lees paub tag nrho cov lus tseeb no thiab qhov muag tsis pom kev xav siv WireGuard txuas koj lub iPhone rau koj lub chaw ua haujlwm hauv tsev tsuas yog chav kawm master hauv kev lo koj lub taub hau hauv cov xuab zeb.
Tau qhov twg los: www.hab.com