Lub sijhawm tau los thaum VPN tsis yog ib qho cuab yeej txawv ntawm cov tswj hwm kab ke. Cov neeg siv muaj cov haujlwm sib txawv, tab sis qhov tseeb yog tias txhua tus xav tau VPN.
Qhov teeb meem nrog cov kev daws teeb meem VPN tam sim no yog tias lawv nyuaj rau kev teeb tsa kom raug, kim los tswj, thiab muaj tag nrho cov cai qub qub ntawm cov lus nug zoo.
Ob peb xyoos dhau los, Canadian cov ntaub ntawv kev ruaj ntseg tshwj xeeb Jason A. Donenfeld txiav txim siab tias nws muaj txaus thiab pib ua haujlwm rau . WireGuard tam sim no tau npaj rau kev suav nrog hauv Linux ntsiav thiab txawm tau txais kev qhuas los ntawm thiab nyob rau hauv .
Kev lees paub qhov zoo ntawm WireGuard dhau lwm qhov kev daws teeb meem VPN:
- Siv tau yooj yim.
- Siv niaj hnub cryptography: Suab nrov raws tu qauv, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, thiab lwm yam.
- Compact, nyeem tau code, yooj yim rau kev soj ntsuam rau qhov tsis zoo.
- Kev ua haujlwm siab.
- Ntshiab thiab nthuav dav .
Puas tau pom ib lub mos txwv nyiaj? Puas yog lub sijhawm faus OpenVPN thiab IPSec? Kuv txiav txim siab los daws qhov no, thiab tib lub sijhawm kuv tau ua .
Ua haujlwm qauv
Cov qauv kev khiav haujlwm tuaj yeem piav qhia qee yam zoo li no:
- Lub WireGuard interface yog tsim thiab tus yuam sij ntiag tug thiab IP chaw nyob raug muab rau nws. Cov chaw ntawm lwm cov phooj ywg raug thauj khoom: lawv cov yuam sij pej xeem, chaw nyob IP, thiab lwm yam.
- Txhua pob ntawv IP tuaj txog ntawm WireGuard interface yog encapsulated hauv UDP thiab lwm tus phooj ywg.
- Cov neeg siv khoom qhia cov pej xeem IP chaw nyob ntawm tus neeg rau zaub mov hauv qhov chaw. Tus neeg rau zaub mov yeej lees paub qhov chaw nyob sab nraud ntawm cov neeg siv khoom thaum cov ntaub ntawv raug lees paub raug txais los ntawm lawv.
- Tus neeg rau zaub mov tuaj yeem hloov qhov chaw nyob IP pej xeem yam tsis cuam tshuam nws txoj haujlwm. Nyob rau tib lub sijhawm, nws yuav xa ntawv ceeb toom rau cov neeg siv khoom sib txuas thiab lawv yuav hloov kho lawv cov teeb tsa ntawm ya.
- Lub tswv yim ntawm routing yog siv . WireGuard lees txais thiab xa cov pob ntawv raws li tus phooj ywg tus yuam sij rau pej xeem. Thaum tus neeg rau zaub mov decrypts ib pob ntawv pov thawj kom raug, nws daim teb src raug tshuaj xyuas. Yog hais tias nws phim lub configuration
allowed-ipsauthenticated phooj ywg, pob ntawv tau txais los ntawm WireGuard interface. Thaum xa cov ntawv xa tawm, cov txheej txheem sib thooj tshwm sim: dst teb ntawm pob ntawv raug coj mus thiab, raws li nws, cov neeg sib raug zoo raug xaiv, pob ntawv tau kos npe nrog nws tus yuam sij, encrypted nrog tus phooj ywg tus yuam sij thiab xa mus rau qhov kawg ntawm cov chaw taws teeb. .
Tag nrho ntawm WireGuard cov ntsiab lus tseem ceeb siv tsawg dua 4 txhiab kab ntawm cov lej, thaum OpenVPN thiab IPSec muaj ntau pua txhiab kab. Txhawm rau txhawb kev niaj hnub cryptographic algorithms, nws tau thov kom suav nrog API tshiab cryptographic hauv Linux ntsiav . Tam sim no muaj kev sib tham txog seb qhov no puas yog lub tswv yim zoo.
Tsim tau
Qhov kev ua tau zoo tshaj plaws (piv rau OpenVPN thiab IPSec) yuav pom tau ntawm Linux systems, txij li WireGuard tau siv los ua cov ntsiav module nyob ntawd. Tsis tas li ntawd, macOS, Android, iOS, FreeBSD thiab OpenBSD tau txais kev txhawb nqa, tab sis nyob rau hauv lawv WireGuard khiav hauv userspace nrog tag nrho cov txiaj ntsig kev ua tau zoo. Kev txhawb nqa Windows xav tias yuav ntxiv rau yav tom ntej.
Benchmark cov txiaj ntsig nrog :
Kuv qhov kev paub siv
Kuv tsis yog tus kws tshaj lij VPN. Kuv ib zaug teeb tsa OpenVPN manually thiab nws nyuaj heev, thiab kuv tseem tsis tau sim IPSec. Muaj kev txiav txim siab ntau dhau los ua, nws yooj yim heev los tua koj tus kheej hauv ko taw. Yog li ntawd, kuv ib txwm siv cov ntawv npaj ua tiav los teeb tsa lub server.
Yog li, WireGuard, los ntawm kuv qhov kev xav, feem ntau zoo tagnrho rau cov neeg siv. Txhua qhov kev txiav txim siab qis yog ua nyob rau hauv qhov tshwj xeeb, yog li cov txheej txheem ntawm kev npaj cov txheej txheem VPN raug siv tsuas yog ob peb feeb xwb. Nws yog yuav luag tsis yooj yim sua kom dag nyob rau hauv lub configuration.
Kev Txhim Kho nyob rau hauv lub official lub website, kuv xav cais cov zoo heev .
Cov yuam sij encryption yog tsim los ntawm kev siv hluav taws xob wg:
SERVER_PRIVKEY=$( wg genkey )
SERVER_PUBKEY=$( echo $SERVER_PRIVKEY | wg pubkey )
CLIENT_PRIVKEY=$( wg genkey )
CLIENT_PUBKEY=$( echo $CLIENT_PRIVKEY | wg pubkey )Tom ntej no, koj yuav tsum tsim lub server config /etc/wireguard/wg0.conf nrog cov ntsiab lus hauv qab no:
[Interface]
Address = 10.9.0.1/24
PrivateKey = $SERVER_PRIVKEY
[Peer]
PublicKey = $CLIENT_PUBKEY
AllowedIPs = 10.9.0.2/32thiab tsa lub qhov av nrog ib tsab ntawv wg-quick:
sudo wg-quick up /etc/wireguard/wg0.confHauv cov txheej txheem nrog systemd koj tuaj yeem siv qhov no hloov pauv sudo systemctl start [email protected].
Ntawm tus neeg siv lub tshuab, tsim ib qho kev teeb tsa /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = $CLIENT_PRIVKEY
Address = 10.9.0.2/24
[Peer]
PublicKey = $SERVER_PUBKEY
AllowedIPs = 0.0.0.0/0
Endpoint = 1.2.3.4:51820 # ΠΠ½Π΅ΡΠ½ΠΈΠΉ IP ΡΠ΅ΡΠ²Π΅ΡΠ°
PersistentKeepalive = 25 Thiab tsa lub qhov nyob rau hauv tib txoj kev:
sudo wg-quick up /etc/wireguard/wg0.confTxhua yam uas tseem tshuav yog los teeb tsa NAT ntawm lub server kom cov neeg siv nkag tau hauv Is Taws Nem, thiab koj ua tiav!
Qhov yooj yim ntawm kev siv thiab compactness ntawm lub hauv paus code tau ua tiav los ntawm kev tshem tawm cov kev faib ua haujlwm tseem ceeb. Tsis muaj daim ntawv pov thawj nyuaj thiab tag nrho cov neeg ua haujlwm txaus ntshai; luv luv encryption yuam sij raug faib ntau yam zoo li SSH cov yuam sij. Tab sis qhov no ua rau muaj teeb meem: WireGuard yuav tsis yooj yim rau kev siv ntawm qee lub network uas twb muaj lawm.
Ntawm qhov tsis zoo, nws tsim nyog sau cia tias WireGuard yuav tsis ua haujlwm ntawm HTTP proxy, vim tsuas yog UDP raws tu qauv muaj nyob rau hauv kev thauj mus los. Cov lus nug tshwm sim: nws puas tuaj yeem ua rau obfuscate raws tu qauv? Tau kawg, qhov no tsis yog txoj haujlwm ncaj qha ntawm VPN, tab sis rau OpenVPN, piv txwv li, muaj txoj hauv kev los zais nws tus kheej li HTTPS, uas pab cov neeg nyob hauv lub teb chaws tag nrho siv Is Taws Nem.
tshawb pom
Txhawm rau xaus, qhov no yog qhov kev nthuav dav heev thiab pheej hmoo, koj tuaj yeem siv nws ntawm tus kheej servers. Cov txiaj ntsig yog dab tsi? Kev ua tau zoo ntawm Linux systems, yooj yim ntawm kev teeb tsa thiab kev txhawb nqa, compact thiab nyeem tau code puag. Txawm li cas los xij, nws tseem ntxov dhau los maj mam hloov cov txheej txheem nyuaj rau WireGuard; nws tsim nyog tos rau nws suav nrog hauv Linux ntsiav.
Txhawm rau txuag kuv (thiab koj) sijhawm, kuv tau tsim . Nrog nws cov kev pab, koj tuaj yeem teeb tsa tus kheej VPN rau koj tus kheej thiab koj cov phooj ywg yam tsis tau nkag siab dab tsi txog nws.
Tau qhov twg los: www.hab.com