Ntọhapụ VPN ala , nke akara nnyefe nke WireGuard components na isi isi na nkwụsi ike nke mmepe. Koodu etinyere na kernel Linux nyocha nchekwa agbakwunyere nke ụlọ ọrụ nọọrọ onwe ya na-ahụ maka nyocha dị otú ahụ. Nyocha ahụ ekpugheghị nsogbu ọ bụla.
Ebe ọ bụ na a na-emepụta WireGuard ugbu a na kernel Linux bụ isi, edozila ebe nchekwa maka nkesa yana ndị ọrụ na-aga n'ihu na-eji ụdị kernel ochie. . Ebe nchekwa ahụ gụnyere koodu WireGuard azụghachi azụ yana oyi akwa compat.h iji hụ na ndakọrịta na mkpụrụ ndụ ochie. A na-achọpụta na ọ bụrụhaala na ndị mmepe nwere ohere na ndị ọrụ chọrọ ya, a ga-akwado ụdị patches dị iche iche n'ụdị ọrụ. N'ụdị ya ugbu a, enwere ike iji ụdị WireGuard kwụ ọtọ na mkpụrụ sitere na и , ma dịkwa ka patches maka Linux kernels и . Nkesa site na iji kernel kachasị ọhụrụ dịka Arch, Gentoo na
Fedora 32 ga-enwe ike iji WireGuard na mmelite kernel 5.6.
A na-eme usoro mmepe bụ isi ugbu a na ebe nchekwa , nke gụnyere osisi kernel Linux zuru oke yana mgbanwe sitere na ọrụ Wireguard. A ga-enyocha patches sitere na ebe nchekwa a maka itinye ya na kernel bụ isi ma na-atụgharị ya mgbe niile na net/net na-esote alaka. A na-eme mmepe nke akụrụngwa na scripts na-agba ọsọ na oghere onye ọrụ, dị ka wg na wg-ngwa ngwa, na ebe nchekwa. , nke enwere ike iji mepụta ngwugwu na nkesa.
Ka anyị na-echetara gị na VPN WireGuard na-emejuputa atumatu na ndabere nke ọgbara ọhụrụ ụzọ ezoro ezo, na-enye nnọọ elu arụmọrụ, dị mfe iji, free nke nsogbu na-egosikwa onwe ya na a ọnụ ọgụgụ nke nnukwu deployments na-ahazi nnukwu mpịakọta nke okporo ụzọ. Ihe oru ngo a na-emepe emepe kemgbe 2015, enyochala ya na eji ụzọ ezoro ezo. abanyelarị nkwado WireGuard na NetworkManager na sistemu, yana patches kernel gụnyere na nkesa ntọala. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, и .
WireGuard na-eji echiche nke ntụgharị igodo nzuzo, nke gụnyere itinye igodo nzuzo na interface netwọk ọ bụla yana iji ya kechie igodo ọha. A na-agbanwe igodo ọha iji guzobe njikọ n'otu aka ahụ na SSH. Iji kparịta igodo na jikọọ na-enweghị iji daemon dị iche na oghere onye ọrụ, usoro Noise_IK sitere na dị ka idowe igodo ikike na SSH. A na-eme nnyefe data site na mkpuchi na ngwugwu UDP. Ọ na-akwado ịgbanwe adreesị IP nke ihe nkesa VPN (na-agagharị) na-ewepụghị njikọ ahụ na nhazigharị ndị ahịa akpaka.
Maka izo ya ezo cipher iyi na nyocha algorithm (MAC) , nke Daniel Bernstein mere (), Tanya Lange
(Tanja Lange) na Peter Schwabe. A na-edobe ChaCha20 na Poly1305 dị ka ngwa ngwa na nchekwa dị mma nke AES-256-CTR na HMAC, mmemme ngwanrọ nke na-enye ohere ịnweta oge igbu oge na-enweghị iji nkwado ngwaike pụrụ iche. Iji wepụta igodo nzuzo nkekọrịta, a na-eji usoro elliptical curve Diffie-Hellman na mmejuputa ya. , nke Daniel Bernstein tụkwara aro ya. Algọridim eji eme hashing bụ .
N'okpuru ochie WireGuard arụmọrụ gosipụtara ugboro 3.9 dị elu yana nzaghachi dị elu ugboro 3.8 ma e jiri ya tụnyere OpenVPN (256-bit AES na HMAC-SHA2-256). E jiri ya tụnyere IPsec (256-bit ChaCha20 + Poly1305 na AES-256-GCM-128), WireGuard na-egosi ntakịrị nkwalite arụmọrụ (13-18%) na nkwụsị ala (21-23%). Nsonaazụ ule ezigara na webụsaịtị ọrụ ahụ na-ekpuchi mmejuputa iwu nke WireGuard ochie yana akara dị ka ezughị oke oke. Kemgbe nnwale, WireGuard na koodu IPsec ka emeziwanyewanye ma dị ugbu a ngwa ngwa. Emebebeghị nnwale zuru oke na-ekpuchi mmejuputa a ga-etinye n'ime kernel. Otú ọ dị, a chọpụtara na WireGuard ka na-eme IPsec n'ọnọdụ ụfọdụ n'ihi multi-threading, ebe OpenVPN na-anọgide na-adị nwayọọ.
isi: opennet.ru