ProHoster > Блог > ozi ịntanetị > NetBSD kernel na-agbakwunye nkwado maka VPN WireGuard

NetBSD kernel na-agbakwunye nkwado maka VPN WireGuard

Ndị nrụpụta ọrụ NetBSD kọrọ banyere nsonye nke wg ọkwọ ụgbọ ala na mmejuputa iwu WireGuard na isi NetBSD kernel. NetBSD ghọrọ OS nke atọ ka Linux na OpenBSD nwere nkwado agbakwunyere maka WireGuard. A na-enyekwa iwu ndị metụtara maka ịhazi VPN - wg-keygen na wgconfig. Na nhazi kernel ndabara (GENERIC), onye ọkwọ ụgbọ ala arụbeghị ọrụ ma chọọ ihe ngosi doro anya nke "pseudo-device wg" na ntọala.

Ọzọkwa, enwere ike ịdeba ya mbipụta nwelite mmezi na ngwugwu wireguard-ngwaọrụ 1.0.20200820, nke gụnyere ngwa ọrụ-ohere dị ka wg na wg-ngwa ngwa. Ntọhapụ ọhụrụ a na-akwado IPC maka nkwado WireGuard na-abịa na sistemụ arụmọrụ FreeBSD. E kewara koodu ahụ kpọmkwem na nyiwe dị iche iche ka ọ bụrụ faịlụ dị iche iche. Agbakwunyela nkwado maka iwu “nbugharị” na faịlụ sistemụ sistemu, nke na-enye gị ohere ịme ihe nrụpụta dịka “systemctl reload wg-quick at wgnet0”.

Ka anyị na-echetara gị na VPN WireGuard na-emejuputa atumatu na ndabere nke ọgbara ọhụrụ ụzọ ezoro ezo, na-enye nnọọ elu arụmọrụ, dị mfe iji, free nke nsogbu na-egosikwa onwe ya na a ọnụ ọgụgụ nke nnukwu deployments na-ahazi nnukwu mpịakọta nke okporo ụzọ. Ihe oru ngo a na-emepe emepe kemgbe 2015, enyochala ya na nkwenye nkịtị eji ụzọ ezoro ezo. abanyelarị nkwado WireGuard na NetworkManager na sistemu, yana patches kernel gụnyere na nkesa ntọala. Debian akwụghị ike, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Isiokwu и ALT.

WireGuard na-eji echiche nke ntụgharị igodo nzuzo, nke gụnyere itinye igodo nzuzo na interface netwọk ọ bụla yana iji ya kechie igodo ọha. A na-agbanwe igodo ọha iji guzobe njikọ n'otu aka ahụ na SSH. Iji kparịta igodo na jikọọ na-enweghị iji daemon dị iche na oghere onye ọrụ, usoro Noise_IK sitere na Usoro usoro mkpọtụ mkpọtụdị ka idowe igodo ikike na SSH. A na-eme nnyefe data site na mkpuchi na ngwugwu UDP. Ọ na-akwado ịgbanwe adreesị IP nke ihe nkesa VPN (na-agagharị) na-ewepụghị njikọ ahụ na nhazigharị ndị ahịa akpaka.

Maka izo ya ezo jiri cipher iyi ChaCha20 na nyocha algorithm (MAC) Poly1305, nke Daniel Bernstein mere (Daniel J. Bernstein), Tanya Lange
(Tanja Lange) na Peter Schwabe. A na-edobe ChaCha20 na Poly1305 dị ka ngwa ngwa na nchekwa dị mma nke AES-256-CTR na HMAC, mmemme ngwanrọ nke na-enye ohere ịnweta oge igbu oge na-enweghị iji nkwado ngwaike pụrụ iche. Iji wepụta igodo nzuzo nkekọrịta, a na-eji usoro elliptical curve Diffie-Hellman na mmejuputa ya. Curve25519, nke Daniel Bernstein tụkwara aro ya. Algọridim eji eme hashing bụ BLAKE2s (RFC7693).

isi: opennet.ru

Tinye a comment