VPN WireGuard suav nrog hauv Linux ntsiav 5.6

Niaj hnub no Linus tau tsiv mus rau net-tom ntej ceg nrog VPN cuam tshuam rau nws tus kheej WireGuard. Hais txog qhov xwm txheej no qhia ntawm WireGuard daim ntawv xa ntawv.

Code sau rau lub tshiab Linux 5.6 kernel yog tam sim no tsis tu ncua. WireGuard yog lub VPN tiam tom ntej nrawm uas siv cov crypto txiaj niaj hnub no. Nws yog Ameslikas tsim los ua ib qho yooj yim thiab yooj yim dua lwm txoj rau VPNs uas twb muaj lawm. Tus sau yog Canadian cov ntaub ntawv kev ruaj ntseg tshwj xeeb Jason A. Donenfeld. Thaum Lub Yim Hli 2018, WireGuard tau txais kev qhuas los ntawm Linus Torvalds. Nyob rau lub sijhawm ntawd, kev ua haujlwm tau pib suav nrog VPN hauv Linux ntsiav. Cov txheej txheem siv sij hawm ntev me ntsis.

"Kuv pom tias Jason tau thov rub kom suav nrog WireGuard hauv cov ntsiav," Linus tau sau rau lub Yim Hli 2, 2018. - Kuv puas tuaj yeem tshaj tawm kuv txoj kev hlub rau VPN no thiab vam tias yuav muaj kev sib koom ua ke sai sai? Cov cai yuav tsis zoo tag nrho, tab sis kuv saib nws, thiab piv rau qhov txaus ntshai ntawm OpenVPN thiab IPSec, nws yog ib qho haujlwm tiag tiag ntawm kev kos duab. "

Txawm hais tias Linus 'xav tau, kev sib koom ua ke tau rub mus rau ib xyoos thiab ib nrab. Qhov teeb meem tseem ceeb tau muab khi rau kev ua tswv cuab ntawm kev ua haujlwm cryptographic, uas tau siv los txhim kho kev ua haujlwm. Tom qab kev sib tham ntev hauv lub Cuaj Hli 2019 nws yog tau txiav txim siab sib haum xeeb txhais thaj ua rau thaj rau Crypto API ua haujlwm muaj nyob rau hauv cov ntsiav, uas cov neeg tsim khoom WireGuard muaj kev tsis txaus siab hauv kev ua haujlwm thiab kev nyab xeeb dav dav. Tab sis lawv tau txiav txim siab cais cov haiv neeg WireGuard crypto ua haujlwm rau hauv ib qho qis-qib Zinc API thiab nws thiaj li xa lawv mus rau lub ntsiav. Thaum lub Kaum Ib Hlis, cov neeg tsim tawm kernel khaws lawv cov lus cog tseg thiab pom zoo hloov ib feem ntawm cov cai los ntawm Zinc mus rau lub ntsiab kernel. Piv txwv li, hauv Crypto API suav nrog Kev siv ceev ceev ntawm ChaCha20 thiab Poly1305 algorithms npaj hauv WireGuard.

Thaum kawg, Lub Kaum Ob Hlis 9, 2019, David S. Miller, lub luag haujlwm rau kev sib txuas lus sib txuas ntawm Linux ntsiav, pab mus rau net-tom ntej ceg thaj ua rau thaj nrog rau kev siv ntawm VPN interface los ntawm WireGuard qhov project.

Thiab hnub no, Lub Ib Hlis 29, 2020, cov kev hloov pauv tau mus rau Linus kom suav nrog hauv cov ntsiav.

Kev lees paub qhov zoo ntawm WireGuard dhau lwm qhov kev daws teeb meem VPN:

• Siv tau yooj yim.
• Siv niaj hnub cryptography: Suab nrov raws tu qauv, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, thiab lwm yam.
• Compact, nyeem tau code, yooj yim rau kev soj ntsuam rau qhov tsis zoo.
• Kev ua haujlwm siab.
• Ntshiab thiab nthuav dav specification.

Tag nrho ntawm WireGuard cov ntsiab lus tseem ceeb yuav siv tsawg dua 4000 kab ntawm cov lej, thaum OpenVPN thiab IPSec xav tau ntau pua txhiab kab.

"WireGuard siv lub tswv yim ntawm encryption key routing, uas koom nrog kev txuas tus yuam sij ntiag tug rau txhua lub network interface thiab siv cov yuam sij pej xeem los khi nws. Cov yuam sij pej xeem raug pauv los tsim kom muaj kev sib txuas zoo ib yam li SSH. Txhawm rau sib tham cov yuam sij thiab txuas yam tsis tau khiav ib tus daemon cais hauv cov neeg siv qhov chaw, Noise_IK mechanism los ntawm Noise Protocol Frameworkzoo ib yam li kev tswj hwm authorized_keys hauv SSH. Kev xa cov ntaub ntawv yog ua los ntawm encapsulation hauv UDP pob ntawv. Nws txhawb hloov qhov chaw nyob IP ntawm VPN server (roaming) yam tsis muaj kev cuam tshuam kev sib txuas nrog kev hloov kho tsis siv neeg ntawm tus neeg siv khoom, - nws sau hais tias Opennet.

Rau encryption yog siv kwj cipher Chaw 20 thiab lus authentication algorithm (MAC) Poly1305, tsim los ntawm Daniel Bernstein (Daniel J. Bernstein), Tanja Lange thiab Peter Schwabe. ChaCha20 thiab Poly1305 yog positioned raws li sai thiab muaj kev nyab xeeb analogues ntawm AES-256-CTR thiab HMAC, kev siv software uas tso cai rau ua tiav lub sijhawm ua tiav yam tsis muaj kev siv tshwj xeeb kho vajtse. Txhawm rau tsim kom muaj tus yuam sij zais cia, elliptic nkhaus Diffie-Hellman raws tu qauv yog siv hauv kev siv Nkhaus25519, kuj tau thov los ntawm Daniel Bernstein. Lub algorithm siv rau hashing yog BLAKE2s (RFC7693)".

Результаты kev xeem ua haujlwm los ntawm official lub website:

Bandwidth (megabit / s)


Ping (ms)

Test configuration:

• Intel Core i7-3820QM thiab Intel Core i7-5200U
• Gigabit cards Intel 82579LM thiab Intel I218LM
• Linux 4.6.1
• WireGuard Configuration: 256-ntsis ChaCha20 nrog Poly1305 rau MAC
• Thawj IPsec configuration: 256-ntsis ChaCha20 nrog Poly1305 rau MAC
• Qhov thib ob IPsec configuration: AES-256-GCM-128 (nrog AES-NI)
• OpenVPN Configuration: AES 256-ntsis sib npaug cipher suite nrog HMAC-SHA2-256, UDP hom
• Kev ua tau zoo tau ntsuas siv iperf3, qhia qhov nruab nrab qhov tshwm sim tshaj 30 feeb.

Hauv txoj kev xav, ib zaug ua ke rau hauv pawg network, WireGuard yuav tsum ua haujlwm sai dua. Tab sis qhov tseeb, qhov no yuav tsis tas yuav yog vim muaj kev hloov pauv mus rau Crypto API cryptographic functions ua rau hauv lub ntsiav. Tej zaum tsis yog txhua tus ntawm lawv tseem tau ua kom zoo rau qib kev ua haujlwm ntawm WireGuard haiv neeg.

"Los ntawm kuv qhov kev xav, WireGuard feem ntau zoo tagnrho rau cov neeg siv. Txhua qhov kev txiav txim siab qis yog ua nyob rau hauv qhov tshwj xeeb, yog li cov txheej txheem ntawm kev npaj cov txheej txheem VPN raug siv tsuas yog ob peb feeb xwb. Nws yuav luag tsis yooj yim sua rau kev teeb tsa - sau tau ntawm Habre hauv 2018. - Cov txheej txheem installation piav qhia ntxaws nyob rau hauv lub official lub website, kuv xav cais cov zoo heev Kev them nyiaj yug OpenWRT. Qhov yooj yim ntawm kev siv thiab compactness ntawm lub hauv paus code tau ua tiav los ntawm kev tshem tawm cov kev faib cov yuam sij. Tsis muaj daim ntawv pov thawj nyuaj thiab tag nrho cov neeg ua lag luam ntshai heev; luv luv encryption yuam sij raug faib ntau npaum li SSH yuam sij. "

Txoj haujlwm WireGuard tau tsim txij li xyoo 2015, nws tau raug tshuaj xyuas thiab kev pov thawj. Kev txhawb nqa WireGuard tau koom ua ke rau hauv NetworkManager thiab systemd, thiab cov kernel thaj ua rau thaj yog suav nrog hauv cov kev faib tawm ntawm Debian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph thiab ALT.

Tau qhov twg los: www.hab.com