Niaj hnub no Linus tau tsiv mus rau net-tom ntej ceg nrog VPN cuam tshuam rau nws tus kheej . Hais txog qhov xwm txheej no ntawm daim ntawv xa ntawv WireGuard.
Kev sau cov lej rau lub kernel tshiab tam sim no tseem tab tom ua. Linux 5.6. WireGuard — ib qho VPN ceev ceev, tiam tom ntej uas siv cov cryptography niaj hnub. Nws tau tsim thawj zaug ua ib qho yooj yim dua thiab yooj yim dua rau lwm cov VPNs uas twb muaj lawm. Nws tau tsim los ntawm tus kws tshaj lij kev ruaj ntseg ntawm cov ntaub ntawv hauv Canada Jason A. Donenfeld. Thaum Lub Yim Hli 2018, WireGuard Los ntawm Linus Torvalds. Nyob ib ncig ntawm lub sijhawm ntawd, kev ua haujlwm tau pib los ntawm kev koom ua ke VPN rau hauv lub kernel. LinuxCov txheej txheem siv sijhawm ntev me ntsis.
Kuv pom Jason ua ib qho kev thov rub kom suav nrog WireGuard "mus rau hauv lub kernel," Linus sau rau lub Yim Hli 2, 2018. "Kuv puas tuaj yeem rov hais dua kuv txoj kev hlub rau VPN no thiab vam tias yuav muaj kev sib koom ua ke sai? Cov lej yuav tsis zoo tag nrho, tab sis kuv tau saib nws, thiab piv rau qhov txaus ntshai OpenVPN thiab IPSec, nws yog ib daim duab kos tiag tiag.
Txawm hais tias Linus 'xav tau, kev sib koom ua ke tau rub mus rau ib xyoos thiab ib nrab. Qhov teeb meem tseem ceeb tau muab khi rau kev ua tswv cuab ntawm kev ua haujlwm cryptographic, uas tau siv los txhim kho kev ua haujlwm. Tom qab kev sib tham ntev hauv lub Cuaj Hli 2019 nws yog txhais cov patches rau Crypto API functions muaj nyob rau hauv lub kernel, uas cov neeg tsim khoom muaj kev nkag mus rau WireGuard Muaj qee qhov kev tsis txaus siab txog kev ua tau zoo thiab kev ruaj ntseg tag nrho. Tab sis cov haujlwm crypto hauv zos tau daws qhov teeb meem. WireGuard cais cov Zinc APIs qib qis thiab xa lawv mus rau lub kernel dhau sijhawm. Thaum Lub Kaum Ib Hlis, cov neeg tsim khoom kernel tau ua raws li lawv cov lus cog tseg thiab hloov ib feem ntawm cov cai los ntawm Zinc mus rau lub ntsiab kernel. Piv txwv li, hauv Crypto API npaj rau hauv WireGuard Kev siv cov algorithms ChaCha20 thiab Poly1305 sai.
Thaum kawg, thaum Lub Kaum Ob Hlis 9, 2019, David S. Miller, uas yog tus saib xyuas lub kernel networking subsystem, Linux, mus rau net-tom ntej ceg nrog rau kev siv ntawm VPN interface los ntawm qhov project WireGuard.
Thiab hnub no, Lub Ib Hlis 29, 2020, cov kev hloov pauv tau mus rau Linus kom suav nrog hauv cov ntsiav.
Cov txiaj ntsig tau thov WireGuard dua li lwm cov kev daws teeb meem VPN:
- Siv tau yooj yim.
- Siv niaj hnub cryptography: Suab nrov raws tu qauv, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, thiab lwm yam.
- Compact, nyeem tau code, yooj yim rau kev soj ntsuam rau qhov tsis zoo.
- Kev ua haujlwm siab.
- Ntshiab thiab nthuav dav .
Tag nrho cov logic yooj yim WireGuard siv tsawg dua 4000 kab ntawm cov lej, thaum OpenVPN thiab IPSec yog pua pua txhiab kab.
"AT WireGuard Lub tswv yim ntawm kev siv cov yuam sij encryption routing yog siv, uas cuam tshuam nrog kev khi tus yuam sij ntiag tug rau txhua lub network interface thiab siv nws rau kev khi tus yuam sij pej xeem. Cov yuam sij pej xeem raug pauv los tsim kom muaj kev sib txuas zoo ib yam li SSH. Txhawm rau sib tham cov yuam sij thiab tsim kom muaj kev sib txuas yam tsis tau khiav ib lub daemon sib cais hauv qhov chaw neeg siv, Noise_IK mechanism los ntawm zoo ib yam li kev tswj hwm authorized_keys hauv SSH. Kev xa cov ntaub ntawv yog ua los ntawm encapsulation hauv UDP pob ntawv. Nws txhawb hloov qhov chaw nyob IP ntawm VPN server (roaming) yam tsis muaj kev cuam tshuam kev sib txuas nrog kev hloov kho tsis siv neeg ntawm tus neeg siv khoom, - Opennet.
Rau encryption kwj cipher thiab lus authentication algorithm (MAC) , tsim los ntawm Daniel Bernstein (), Tanja Lange thiab Peter Schwabe. ChaCha20 thiab Poly1305 yog positioned raws li sai thiab muaj kev nyab xeeb analogues ntawm AES-256-CTR thiab HMAC, kev siv software uas tso cai rau ua tiav lub sijhawm ua tiav yam tsis muaj kev siv tshwj xeeb kho vajtse. Txhawm rau tsim kom muaj tus yuam sij zais cia, elliptic nkhaus Diffie-Hellman raws tu qauv yog siv hauv kev siv , kuj tau thov los ntawm Daniel Bernstein. Lub algorithm siv rau hashing yog ".
Результаты los ntawm official lub website:
Bandwidth (megabit / s)
Ping (ms)
Test configuration:
- Intel Core i7-3820QM thiab Intel Core i7-5200U
- Gigabit cards Intel 82579LM thiab Intel I218LM
- Linux 4.6.1
- Configuration WireGuard256-ntsis ChaCha20 nrog Poly1305 rau MAC
- Thawj IPsec configuration: 256-ntsis ChaCha20 nrog Poly1305 rau MAC
- Qhov thib ob IPsec configuration: AES-256-GCM-128 (nrog AES-NI)
- Configuration OpenVPN: sib npaug cipher suite ntawm 256-ntsis AES nrog HMAC-SHA2-256, UDP hom
- Kev ua tau zoo tau ntsuas siv
iperf3, qhia qhov nruab nrab qhov tshwm sim tshaj 30 feeb.
Hauv kev xav, tom qab kev koom ua ke rau hauv lub network stack WireGuard yuav tsum ua haujlwm sai dua. Tab sis qhov tseeb, qhov no yuav tsis yog qhov teeb meem vim yog kev hloov mus rau Crypto API cov haujlwm cryptographic uas tau teeb tsa. Nws muaj peev xwm hais tias tsis yog txhua tus ntawm lawv tseem tau kho kom zoo rau qib kev ua tau zoo ntawm cov qauv ib txwm muaj. WireGuard.
"Los ntawm kuv qhov kev xav, WireGuard Nws zoo tagnrho rau tus neeg siv. Txhua qhov kev txiav txim siab qis qis raug coj los xav txog hauv cov lus qhia tshwj xeeb, yog li kev teeb tsa lub hauv paus VPN ib txwm siv sijhawm ob peb feeb xwb. Nws yuav luag tsis yooj yim sua kom ua txhaum qhov kev teeb tsa. ntawm Habre hauv 2018. - Cov txheej txheem installation nyob rau hauv lub official lub website, kuv xav cais cov zoo heev . Qhov yooj yim ntawm kev siv thiab compactness ntawm lub hauv paus code tau ua tiav los ntawm kev tshem tawm cov kev faib cov yuam sij. Tsis muaj daim ntawv pov thawj nyuaj thiab tag nrho cov neeg ua lag luam ntshai heev; luv luv encryption yuam sij raug faib ntau npaum li SSH yuam sij. "
Qhov project WireGuard tau tsim kho txij li xyoo 2015, nws tau raug tshuaj xyuas thiab . Pоддержка WireGuard kev koom ua ke rau hauv NetworkManager thiab systemd, thiab cov kernel patches suav nrog hauv cov kev faib tawm hauv paus Debian Tsis ruaj khov, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph thiab ALT.
Tau qhov twg los: www.hab.com
