landmark VPN tso tawm , uas cim kev xa khoom ntawm WireGuard cov khoom hauv lub ntsiab tseem ceeb thiab stabilization ntawm kev loj hlob. Code suav nrog hauv Linux kernel ntxiv kev soj ntsuam kev ruaj ntseg ua los ntawm ib lub tuam txhab ywj pheej tshwj xeeb hauv cov kev tshuaj xyuas zoo li no. Kev tshuaj xyuas tsis tau qhia txog teeb meem.
Txij li thaum WireGuard tam sim no tau tsim nyob rau hauv lub ntsiab Linux kernel, lub chaw cia khoom tau npaj rau kev faib tawm thiab cov neeg siv txuas ntxiv siv cov laus ntawm cov ntsiav. . Lub chaw khaws cia suav nrog cov lej xa rov qab WireGuard thiab txheej txheej compat.h kom ntseeg tau tias muaj kev sib raug zoo nrog cov laus laus. Nws tau raug sau tseg tias ntev npaum li cov neeg tsim khoom muaj lub sijhawm thiab cov neeg siv xav tau, ib qho kev sib cais ntawm thaj ua rau thaj yuav raug txhawb rau hauv daim ntawv ua haujlwm. Nyob rau hauv nws daim ntawv tam sim no, ib tug standalone version ntawm WireGuard yuav siv tau nrog kernels los ntawm ΠΈ , thiab kuj muaj raws li thaj ua rau thaj rau Linux kernels ΠΈ . Kev faib tawm siv cov kernels tshiab xws li Arch, Gentoo thiab
Fedora 32 yuav tuaj yeem siv WireGuard nrog 5.6 kernel hloov tshiab.
Txoj kev loj hlob tseem ceeb yog tam sim no ua nyob rau hauv lub repository , uas suav nrog tag nrho Linux kernel ntoo nrog kev hloov pauv los ntawm Wireguard project. Patches los ntawm qhov chaw khaws cia no yuav raug tshuaj xyuas kom suav nrog hauv cov ntsiav tseem ceeb thiab tsis tu ncua thawb mus rau net / net-tom ntej ceg. Kev txhim kho cov khoom siv hluav taws xob thiab cov ntawv sau ua haujlwm hauv cov neeg siv qhov chaw, xws li wg thiab wg-ceev, yog ua tiav hauv qhov chaw cia khoom. , uas tuaj yeem siv los tsim cov pob khoom hauv kev faib khoom.
Cia peb nco ntsoov koj tias VPN WireGuard tau ua raws li cov txheej txheem encryption niaj hnub no, muab kev ua haujlwm siab heev, siv tau yooj yim, tsis muaj teeb meem thiab tau ua pov thawj nws tus kheej hauv ntau qhov kev xa tawm loj uas ua haujlwm ntau ntawm cov tsheb. Qhov project tau tsim txij li xyoo 2015, tau raug tshuaj xyuas thiab txoj kev encryption siv. Kev them nyiaj yug WireGuard twb tau muab tso rau hauv NetworkManager thiab systemd, thiab cov kab ke thaj ua rau thaj yog suav nrog hauv cov kev faib tawm. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, ΠΈ .
WireGuard siv lub tswv yim ntawm encryption key routing, uas koom nrog kev txuas tus yuam sij ntiag tug rau txhua lub network interface thiab siv nws los khi cov yuam sij pej xeem. Cov yuam sij pej xeem raug pauv los tsim kom muaj kev sib txuas zoo ib yam li SSH. Txhawm rau sib tham cov yuam sij thiab txuas yam tsis tau khiav ib tus daemon cais hauv cov neeg siv qhov chaw, Noise_IK mechanism los ntawm zoo ib yam li kev tswj hwm authorized_keys hauv SSH. Kev xa cov ntaub ntawv yog ua los ntawm encapsulation hauv UDP pob ntawv. Nws txhawb kev hloov pauv tus IP chaw nyob ntawm VPN server (roaming) yam tsis muaj kev cuam tshuam kev sib txuas nrog cov neeg siv tsis siv neeg rov teeb tsa.
Rau encryption kwj cipher thiab lus authentication algorithm (MAC) , tsim los ntawm Daniel Bernstein (), Tanya Lange
(Tanja Lange) thiab Peter Schwabe. ChaCha20 thiab Poly1305 yog positioned raws li sai thiab muaj kev ruaj ntseg analogues ntawm AES-256-CTR thiab HMAC, qhov kev siv software uas tso cai rau ua tiav lub sijhawm ua tiav yam tsis muaj kev siv tshwj xeeb kho vajtse. Txhawm rau tsim kom muaj tus yuam sij zais cia, elliptic nkhaus Diffie-Hellman raws tu qauv yog siv rau hauv kev siv , kuj tau thov los ntawm Daniel Bernstein. Lub algorithm siv rau hashing yog .
Hauv qab qub Kev ua tau zoo WireGuard tau pom 3.9 npaug ntau dua qhov kev xa tawm thiab 3.8 lub sijhawm ua haujlwm siab dua piv rau OpenVPN (256-ntsis AES nrog HMAC-SHA2-256). Piv rau IPsec (256-ntsis ChaCha20+Poly1305 thiab AES-256-GCM-128), WireGuard qhia txog kev txhim kho me ntsis (13-18%) thiab qis dua latency (21-23%). Cov txiaj ntsig kev xeem tau tshaj tawm hauv qhov project website npog qhov qub kev ua haujlwm ib leeg ntawm WireGuard thiab raug cim tias tsis muaj txiaj ntsig zoo. Txij li thaum kev sim, WireGuard thiab IPsec code tau ua kom zoo dua ntxiv thiab tam sim no sai dua. Kev sim ua kom tiav ntxiv uas suav nrog kev siv ua ke rau hauv cov ntsiav tseem tsis tau ua tiav. Txawm li cas los xij, nws tau sau tseg tias WireGuard tseem ua tau zoo dua IPsec hauv qee qhov xwm txheej vim muaj ntau txoj xov, thaum OpenVPN tseem qeeb heev.
Tau qhov twg los: opennet.ru