ProHoster > Блог > Nchịkwa > WireGuard ọ bụ nnukwu VPN nke ọdịnihu?

WireGuard ọ bụ nnukwu VPN nke ọdịnihu?

WireGuard ọ bụ nnukwu VPN nke ọdịnihu?

Oge abịala mgbe VPN abụghịzi ngwá ọrụ pụrụ iche nke ndị na-ahụ maka sistemụ ajị agba. Ndị ọrụ nwere ọrụ dị iche iche, mana nke bụ eziokwu bụ na onye ọ bụla chọrọ VPN.

Nsogbu dị na ngwọta VPN ugbu a bụ na ha siri ike ịhazi nke ọma, dị oke ọnụ iji nọgide na-enwe, ma juputara na koodu ihe nketa nke àgwà a na-enyo enyo.

Ọtụtụ afọ gara aga, ọkachamara na nchekwa ozi Canada bụ Jason A. Donenfeld kpebiri na ya ezuola ya wee malite ịrụ ọrụ na ya. WireGuard. A na-akwado WireGuard ugbu a maka ntinye na kernel Linux ma nwetakwa otuto site na Linus Torvalds na na Ụlọ omebe iwu US.

Uru nke WireGuard kwuru karịa azịza VPN ndị ọzọ:

  • Ọ dị mfe iji.
  • Na-eji cryptography ọgbara ọhụrụ: ụkpụrụ usoro mkpọtụ mkpọtụ, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, wdg.
  • Kọmpat, koodu enwere ike ịgụ, dị mfe nyocha maka adịghị ike.
  • Arụmọrụ dị elu.
  • Kọwaa ma kọwaa nkọwapụta.

Achọtala mgbọ ọlaọcha? Ọ bụ oge iji lie OpenVPN na IPSec? Ekpebiri m ime nke a, ma n'otu oge ahụ ka m mere script maka ịwụnye sava VPN nkeonwe na-akpaghị aka.

Ụkpụrụ ọrụ

Enwere ike ịkọwa ụkpụrụ ọrụ dịka nke a:

  • A na-emepụta WireGuard interface ma kenye igodo nzuzo na adreesị IP na ya. A na-eburu ntọala nke ndị ọgbọ ndị ọzọ: igodo ọha ha, adreesị IP, wdg.
  • Ihe ngwugwu IP niile na-abata na WireGuard interface ka etinyere na UDP na ewepụtara ya n'enweghị nsogbu ndị ọgbọ ọzọ.
  • Ndị ahịa ezipụta adreesị IP ọha nke ihe nkesa na ntọala. Ihe nkesa ahụ na-amata adreesị mpụga nke ndị ahịa na-akpaghị aka mgbe enwetara data enwetara nke ọma n'aka ha.
  • Ihe nkesa ahụ nwere ike ịgbanwe adreesị IP ọha na-akwụsịghị ọrụ ya. N'otu oge ahụ, ọ ga-ezitere ndị ahịa ejikọrọ ihe ngosi na ha ga-emelite nhazi ha na ofufe.
  • A na-eji echiche nke okporo ụzọ eme ihe Ntugharị Cryptokey. WireGuard na-anabata ma na-eziga ngwugwu dabere na igodo ọha nke ndị ọgbọ. Mgbe ihe nkesa na-ewepụ ngwugwu akwadoro nke ọma, a na-enyocha mpaghara src ya. Ọ bụrụ na ọ dabara na nhazi ahụ allowed-ips ndị ọgbọ ekwenyesiri ike, ngwa WireGuard na-enweta ngwugwu ahụ. Mgbe ị na-ezipụ ngwugwu na-apụ apụ, usoro kwekọrọ na-eme: a na-ewere oghere dst nke ngwugwu ahụ, dabere na ya, a na-ahọrọ ndị ọgbọ kwekọrọ, a na-edebanye aha ngwugwu ahụ na igodo ya, ezoro ya na igodo ndị ọgbọ wee zigara ya na njedebe dịpụrụ adịpụ. .

Isi mgbagha niile nke WireGuard na-ewe ihe na-erughị ahịrị koodu puku anọ, ebe OpenVPN na IPSec nwere ọtụtụ narị puku ahịrị. Iji kwado algọridim cryptographic ọgbara ọhụrụ, a na-atụ aro itinye API cryptographic ọhụrụ na kernel Linux zinc. A na-enwe mkparịta ụka ugbu a gbasara ma nke a ọ dị mma.

Ubu oke

Uru arụmọrụ kachasị (tụnyere OpenVPN na IPSec) ga-apụta ìhè na sistemụ Linux ebe WireGuard na-emejuputa dị ka modul kernel ebe ahụ. Na mgbakwunye, macOS, Android, iOS, FreeBSD na OpenBSD na-akwado, mana n'ime ha WireGuard na-agba ọsọ na oghere ọrụ yana nsonaazụ arụmọrụ niile na-esote. A na-atụ anya ịgbakwunye nkwado Windows n'ọdịnihu dị nso.

Nsonaazụ Benchmark na ukara saịtị:

WireGuard ọ bụ nnukwu VPN nke ọdịnihu?

Ahụmahụ ojiji m

Abụghị m ọkachamara VPN. Ejiri m aka guzobe OpenVPN otu oge ma ọ na-agwụ ike, na anaghị m anwale IPSec. Enwere ọtụtụ mkpebi ịme, ọ dị mfe ịgba onwe gị n'ụkwụ. Ya mere, m na-eji scripts emebere mgbe niile iji hazie ihe nkesa ahụ.

Yabụ, WireGuard, site n'echiche m, dị mma maka onye ọrụ. A na-eme mkpebi niile dị ala na nkọwapụta, yabụ usoro nke ịkwadebe akụrụngwa VPN na-ahụkarị na-ewe naanị nkeji ole na ole. Ọ fọrọ nke nta ka ọ gaghị ekwe omume ịghọ aghụghọ ule na nhazi.

Echichi usoro kọwara n'ụzọ zuru ezu na webụsaịtị gọọmentị, ọ ga-amasị m ịkọwapụta nke ọma Nkwado OpenWRT.

Ndị ọrụ na-emepụta igodo nzuzo wg:

SERVER_PRIVKEY=$( wg genkey )
SERVER_PUBKEY=$( echo $SERVER_PRIVKEY | wg pubkey )
CLIENT_PRIVKEY=$( wg genkey )
CLIENT_PUBKEY=$( echo $CLIENT_PRIVKEY | wg pubkey )

Na-esote, ịkwesịrị ịmepụta nhazi ihe nkesa /etc/wireguard/wg0.conf ya na ọdịnaya ndị a:

[Interface]
Address = 10.9.0.1/24
PrivateKey = $SERVER_PRIVKEY
[Peer]
PublicKey = $CLIENT_PUBKEY
AllowedIPs = 10.9.0.2/32

ma were edemede bulie ọwara ahụ wg-quick:

sudo wg-quick up /etc/wireguard/wg0.conf

Na sistemụ nwere sistemu ị nwere ike iji nke a kama sudo systemctl start [email protected].

Na igwe ahịa, mepụta nhazi /etc/wireguard/wg0.conf:

[Interface]
PrivateKey = $CLIENT_PRIVKEY
Address = 10.9.0.2/24
[Peer]
PublicKey = $SERVER_PUBKEY
AllowedIPs = 0.0.0.0/0
Endpoint = 1.2.3.4:51820 # Внешний IP сервера
PersistentKeepalive = 25

Ma welie ọwara ahụ n'otu ụzọ ahụ:

sudo wg-quick up /etc/wireguard/wg0.conf

Naanị ihe fọdụrụ bụ ịhazi NAT na sava ka ndị ahịa nwee ike ịnweta ịntanetị, ị mechara!

Emere nke a dị mfe iji na mkpirisi nke ntọala koodu site na iwepụ ọrụ nkesa isi. Enweghị usoro asambodo dị mgbagwoju anya yana egwu ụlọ ọrụ a niile; a na-ekesa igodo nzuzo dị mkpụmkpụ dị ka igodo SSH. Mana nke a na-ebute nsogbu: WireGuard agaghị adị mfe itinye ya na ụfọdụ netwọkụ dị adị.

N'ime ihe ndị na-adịghị mma, ọ dị mma ịmara na WireGuard agaghị arụ ọrụ site na proxy HTTP, ebe ọ bụ na naanị UDP protocol dị ka ụgbọ njem. Ajụjụ na-ebilite: ọ ga-ekwe omume imebi ụkpụrụ ahụ? N'ezie, nke a abụghị ọrụ kpọmkwem nke VPN, mana maka OpenVPN, dịka ọmụmaatụ, enwere ụzọ isi gbanwee onwe ya dị ka HTTPS, nke na-enyere ndị bi na mba ndị na-achịkọta aka iji ịntanetị zuru ezu.

Nchoputa

Iji chịkọta, nke a bụ ọrụ na-adọrọ mmasị ma na-ekwe nkwa, ị nwere ike iji ya na sava nkeonwe. Gịnị bụ uru? Ịrụ ọrụ dị elu na sistemụ Linux, ịdị mfe nhazi na nkwado, kọmpat na ntọala koodu nwere ike ịgụ. Agbanyeghị, ọ bụ n'oge iji ngwa ngwa ịnyefe akụrụngwa dị mgbagwoju anya na WireGuard; ọ bara uru ichere nsonye ya na kernel Linux.

Iji chekwaa oge m (na gị), azụlitere m WireGuard ihe nrụnye akpaka. Site n'enyemaka ya, ị nwere ike ịmepụta VPN nkeonwe maka onwe gị na ndị enyi gị n'enweghị ọbụna ịghọta ihe ọ bụla gbasara ya.

isi: www.habr.com

Tinye a comment