ProHoster > Блог > Nchịkwa > N'ime isi ihe Linux VPN 5.6 enyere aka WireGuard

N'ime isi ihe Linux VPN 5.6 enyere aka WireGuard

Taa Linus bufere ngalaba netwọkụ na-esote nwere oghere VPN n'onwe ya WireGuard. Banyere ihe omume a kọrọ na ndepụta nzipu ozi WireGuard.

N'ime isi ihe Linux VPN 5.6 enyere aka WireGuard

Nchịkọta koodu maka kernel ọhụrụ a na-aga n'ihu ugbu a. Linux 5.6. WireGuard — VPN dị ngwa, nke na-abịa n'ọgbọ ọzọ nke na-etinye usoro nzuzo nke oge a. E mepụtara ya na mbụ dị ka ihe ọzọ dị mfe ma dịkwa mfe karịa VPN ndị dị adị. Ọkachamara nchekwa ozi nke Canada bụ Jason A. Donenfeld mepụtara ya. Na Ọgọst 2018, WireGuard natara otuto Site n'aka Linus Torvalds. N'oge ahụ, ọrụ malitere itinye VPN n'ime kernel. LinuxUsoro ahụ were obere oge karịa.

"Ahụrụ m na Jason rịọrọ arịrịọ ka ọ tinye WireGuard "n'ime kernel," Linus dere na Ọgọst 2, 2018. "Enwere m ike ikwughachi ịhụnanya m nwere maka VPN a ma nwee olileanya maka njikọta ngwa ngwa? Koodu ahụ nwere ike ọ gaghị ezu oke, mana eleela m ya anya, ma tụnyere ya na ihe egwu ndị ahụ. OpenVPN na IPSec, ọ bụ ezigbo ọrụ nka."

N'agbanyeghị ọchịchọ Linus, njikọ ahụ gara n'ihu otu afọ na ọkara. Isi nsogbu tụgharịrị na-ejikọta ya na mmejuputa ikike nke ọrụ cryptographic, nke ejiri mee ka arụmọrụ dịkwuo mma. Mgbe ogologo mkparịta ụka gachara na Septemba 2019 ọ bụ e mere mkpebi nkwekọrịta tụgharịa patches na ọrụ Crypto API dị na kernel, nke ndị mmepe nwere ike ịnweta WireGuard E nwere mkpesa ụfọdụ gbasara arụmọrụ na nchekwa zuru oke. Mana ọrụ crypto nke obodo doziri nsogbu ahụ. WireGuard kewapụ obere Zinc APIs ma tinye ha na kernel ka oge na-aga. Na Nọvemba, ndị mmepe kernel mezuru nkwa ha ma kwetara nyefee akụkụ nke koodu site na Zinc gaa na isi kernel. Dịka ọmụmaatụ, na Crypto API gụnyere kwadebere na WireGuard Mmejuputa ngwa ngwa nke algọridim ChaCha20 na Poly1305.

N'ikpeazụ, na Disemba 9, 2019, David S. Miller, onye na-ahụ maka sistemụ kernel network, Linux, nabatara gaa n'alaka netwọk na-esote patches na mmejuputa VPN interface site na oru ngo WireGuard.

Ma taa, Jenụwarị 29, 2020, mgbanwe ndị ahụ gara Linus maka ntinye na kernel.

N'ime isi ihe Linux VPN 5.6 enyere aka WireGuard

Uru Ekwuru WireGuard ihe ndị ọzọ gbasara VPN dị mfe:

  • Ọ dị mfe iji.
  • Na-eji cryptography ọgbara ọhụrụ: ụkpụrụ usoro mkpọtụ mkpọtụ, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, wdg.
  • Kọmpat, koodu enwere ike ịgụ, dị mfe nyocha maka adịghị ike.
  • Arụmọrụ dị elu.
  • Kpochapụ ma gbasaa nkọwapụta.

Usoro isi niile WireGuard na-ewe ihe na-erughị ahịrị koodu 4000, ebe OpenVPN na IPSec bụ ọtụtụ narị puku ahịrị.

"V WireGuard A na-eji echiche nke nhazi igodo nzuzo eme ihe, nke gụnyere ijikọ igodo nzuzo na njikọ netwọk ọ bụla ma jiri ya maka njikọ igodo ọha. A na-agbanwe igodo ọha iji guzobe njikọ n'ụzọ yiri SSH. Iji kparịta igodo ma guzobe njikọ na-enweghị ịgba ọsọ daemon dị iche na oghere onye ọrụ, usoro Noise_IK sitere na Usoro usoro mkpọtụ mkpọtụdị ka idowe igodo ikike na SSH. A na-ebufe data site na mkpuchi mkpuchi na ngwugwu UDP. Ọ na-akwado ịgbanwe adreesị IP nke ihe nkesa VPN (na-agagharị) na-ewepụghị njikọ ya na nhazigharị akpaaka nke onye ahịa, - ọ na-ede Netwọk mepere emepe.

Maka izo ya ezo jiri cipher iyi ChaCha20 na nyocha algorithm (MAC) Poly1305, nke Daniel Bernstein mere (Daniel J. Bernstein), Tanja Lange na Peter Schwabe. A na-edobe ChaCha20 na Poly1305 dị ka ngwa ngwa na nchekwa dị mma nke AES-256-CTR na HMAC, mmemme ngwanrọ nke na-enye ohere ịnweta oge igbu oge na-enweghị iji nkwado ngwaike pụrụ iche. Iji wepụta igodo nzuzo nkekọrịta, a na-eji usoro elliptical curve Diffie-Hellman na mmejuputa ya. Curve25519, nke Daniel Bernstein tụkwara aro ya. Algọridim eji eme hashing bụ BLAKE2s (RFC7693)".

Результаты ule arụmọrụ site na webụsaịtị gọọmentị:

Bandwit (megabit/s)
N'ime isi ihe Linux VPN 5.6 enyere aka WireGuard

Ping (ms)
N'ime isi ihe Linux VPN 5.6 enyere aka WireGuard

Nhazi nwale:

  • Intel Core i7-3820QM na Intel Core i7-5200U
  • Kaadị Gigabit Intel 82579LM na Intel I218LM
  • Linux 4.6.1
  • Nhazi WireGuard: 256-bit ChaCha20 yana Poly1305 maka MAC
  • Nhazi IPsec mbụ: 256-bit ChaCha20 nwere Poly1305 maka MAC
  • Nhazi IPsec nke abụọ: AES-256-GCM-128 (ya na AES-NI)
  • Nhazi OpenVPN: ihe ndekọ nke dabara adaba nke 256-bit AES na HMAC-SHA2-256, ụdị UDP
  • A tụrụ arụmọrụ ya site na iji iperf3, na-egosi nkezi nsonaazụ karịrị nkeji iri atọ.

N'usoro ihe atụ, mgbe ejikọtara ya na netwọk ahụ WireGuard kwesịrị ịrụ ọrụ ngwa ngwa karịa. Mana n'eziokwu, nke a agaghị adị mkpa n'ihi mgbanwe gaa na ọrụ nzuzo arụnyere n'ime Crypto API. O kwere omume na ọ bụghị ha niile ka emelitere ka ha ruo ọkwa arụmọrụ nke ụdị obodo ahụ. WireGuard.

"Site n'echiche m, WireGuard Ọ dị mma nke ukwuu maka onye ọrụ. A na-atụle mkpebi niile dị ala na nkọwapụta ahụ, yabụ ịtọlite ​​akụrụngwa VPN nkịtị na-ewe naanị nkeji ole na ole. Ọ fọrọ nke nta ka ọ ghara ikwe omume imebi nhazi ahụ. dere na Habré na 2018. - Nwụnye usoro kọwara n'ụzọ zuru ezu na webụsaịtị gọọmentị, ọ ga-amasị m ịkọwapụta nke ọma Nkwado OpenWRT. Emere nke a dị mfe iji na mkpirisi nke ntọala koodu site na iwepụ nkesa igodo. Enweghị usoro asambodo dị mgbagwoju anya yana egwu ụlọ ọrụ a niile na-ekesa igodo nzuzo dị mkpụmkpụ dị ka igodo SSH."

Ọrụ ahụ WireGuard kemgbe afọ 2015, a na-enyocha ya ma na-eme ya nkwenye nkịtị. Nkwado WireGuard etinyere na NetworkManager na systemd, a na-etinyekwa patches kernel na nkesa ntọala Debian Enweghị ike, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph na ALT.

isi: www.habr.com

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster