Oge abịala mgbe VPN abụghịzi ngwá ọrụ pụrụ iche nke ndị na-ahụ maka sistemụ ajị agba. Ndị ọrụ nwere ọrụ dị iche iche, mana nke bụ eziokwu bụ na onye ọ bụla chọrọ VPN.
Nsogbu dị na ngwọta VPN ugbu a bụ na ha siri ike ịhazi nke ọma, dị oke ọnụ iji nọgide na-enwe, ma juputara na koodu ihe nketa nke àgwà a na-enyo enyo.
Ọtụtụ afọ gara aga, ọkachamara na nchekwa ozi Canada bụ Jason A. Donenfeld kpebiri na ya ezuola ya wee malite ịrụ ọrụ na ya. Ugbu a WireGuard a na-akwado maka itinye n'ime isi ihe dị mkpa Linux, o nwetara otuto site n'aka na na .
Uru Ekwuru WireGuard ihe ndị ọzọ gbasara VPN dị mfe:
- Ọ dị mfe iji.
- Na-eji cryptography ọgbara ọhụrụ: ụkpụrụ usoro mkpọtụ mkpọtụ, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, wdg.
- Kọmpat, koodu enwere ike ịgụ, dị mfe nyocha maka adịghị ike.
- Arụmọrụ dị elu.
- Kọwaa ma kọwaa .
A hụla mgbọ ọlaọcha ahụ? OpenVPN Oge eruola ka e lie IPSec? Ekpebiri m ịchọpụta nke a, n'otu oge ahụ m mere ya. .
Ụkpụrụ ọrụ
Enwere ike ịkọwa ụkpụrụ ọrụ dịka nke a:
- A na-emepụta ya WireGuard A na-enye interface igodo nkeonwe na adreesị IP. A na-ebugo ntọala nke ndị ọgbọ ndị ọzọ: igodo ọha ha, adreesị IP, wdg.
- Ngwugwu IP niile na-abịa WireGuard a na-etinye interface ahụ na UDP na ndị ọgbọ ọzọ.
- Ndị ahịa ezipụta adreesị IP ọha nke ihe nkesa na ntọala. Ihe nkesa ahụ na-amata adreesị mpụga nke ndị ahịa na-akpaghị aka mgbe enwetara data enwetara nke ọma n'aka ha.
- Ihe nkesa ahụ nwere ike ịgbanwe adreesị IP ọha na-akwụsịghị ọrụ ya. N'otu oge ahụ, ọ ga-ezitere ndị ahịa ejikọrọ ihe ngosi na ha ga-emelite nhazi ha na ofufe.
- A na-eji echiche nke okporo ụzọ eme ihe . WireGuard Na-anata ma na-eziga ngwugwu dabere na igodo ọha nke ndị ọgbọ. Mgbe sava ahụ depụtachara ngwugwu akwadoro nke ọma, a na-enyocha mpaghara src ya. Ọ bụrụ na ọ dabara na nhazi ahụ,
allowed-ipsonye ọgbọ akwadoro, mgbe ahụ, interface ahụ na-anabata ngwugwu ahụ WireGuardMgbe ị na-eziga ngwugwu na-apụ apụ, usoro a na-eme: a na-ewere ubi dst nke ngwugwu ahụ, dabere na ya, a na-ahọrọ peer kwekọrọ na ya. A na-eji igodo nke ya bịanye aka na ngwugwu ahụ, jiri igodo peer zoo ya, ma ziga ya na njedebe dịpụrụ adịpụ.
Usoro isi niile WireGuard na-ewe ihe na-erughị ahịrị koodu puku anọ, ebe ọ bụ na ọ na-ewe ihe na-erughị ahịrị koodu puku anọ. OpenVPN IPSec nwekwara ọtụtụ narị puku ahịrị koodu. Iji kwado algọridim nzuzo nke oge a, a na-atụ aro ka etinye ha na kernel. Linux API nzuzo ọhụrụ . A na-enwe mkparịta ụka ugbu a gbasara ma nke a ọ dị mma.
Ubu oke
Uru arụmọrụ kachasị elu (ma e jiri ya tụnyere OpenVPN na IPSec) ga-apụta ìhè na Linux sistemụ, n'ihi na e nwere WireGuard etinyere ya dị ka modulu kernel. Na mgbakwunye, ọ na-akwado ya macOS, Android, iOS, FreeBSD na OpenBSD, mana n'ime ha WireGuard A na-arụ ọrụ na oghere ọrụ yana ihe niile metụtara arụmọrụ ya. Windows Ha kwere nkwa na ha ga-agbakwụnye ya n'oge na-adịghị anya.
Nsonaazụ Benchmark na :
Ahụmahụ ojiji m
Abụghị m ọkachamara n'ịhazi VPN. Emere m otu ugboro. OpenVPN Emere m ya aka, ọ bụ ihe mgbu n'ezie, echeghịkwa m ịnwale IPSec. Enwere ọtụtụ mkpebi ime, ọ dịkwa mfe ịgba onwe gị n'ụkwụ. Ọ bụ ya mere m ji eji edemede emebere eme ihe mgbe niile iji hazie sava ahụ.
Ugbu a, WireGuardN'uche m, ọ dị mma nke ukwuu maka onye ọrụ. A na-atụle mkpebi niile dị ala na nkọwapụta ahụ, yabụ ịtọlite akụrụngwa VPN nkịtị na-ewe naanị nkeji ole na ole. Ọ fọrọ nke nta ka ọ ghara ikwe omume imebi nhazi ahụ.
Echichi usoro na webụsaịtị gọọmentị, ọ ga-amasị m ịkọwapụta nke ọma .
Ndị ọrụ na-emepụta igodo nzuzo wg:
SERVER_PRIVKEY=$( wg genkey )
SERVER_PUBKEY=$( echo $SERVER_PRIVKEY | wg pubkey )
CLIENT_PRIVKEY=$( wg genkey )
CLIENT_PUBKEY=$( echo $CLIENT_PRIVKEY | wg pubkey )Na-esote, ịkwesịrị ịmepụta nhazi ihe nkesa /etc/wireguard/wg0.conf ya na ọdịnaya ndị a:
[Interface]
Address = 10.9.0.1/24
PrivateKey = $SERVER_PRIVKEY
[Peer]
PublicKey = $CLIENT_PUBKEY
AllowedIPs = 10.9.0.2/32ma were edemede bulie ọwara ahụ wg-quick:
sudo wg-quick up /etc/wireguard/wg0.confNa sistemụ nwere sistemu ị nwere ike iji nke a kama sudo systemctl start wg-quick@wg0.service.
Na igwe ahịa, mepụta nhazi /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = $CLIENT_PRIVKEY
Address = 10.9.0.2/24
[Peer]
PublicKey = $SERVER_PUBKEY
AllowedIPs = 0.0.0.0/0
Endpoint = 1.2.3.4:51820 # Внешний IP сервера
PersistentKeepalive = 25 Ma welie ọwara ahụ n'otu ụzọ ahụ:
sudo wg-quick up /etc/wireguard/wg0.confNaanị ihe fọdụrụ bụ ịhazi NAT na sava ka ndị ahịa nwee ike ịnweta ịntanetị, ị mechara!
E nwetara mfe ojiji a na obere koodu site na iwepụ ọrụ nkesa isi. Enweghị sistemụ asambodo dị mgbagwoju anya ma ọ bụ isi ọwụwa ụlọ ọrụ; a na-ekesa igodo nzuzo dị mkpirikpi dị ka igodo SSH. Agbanyeghị, nke a na-eweta nsogbu: WireGuard Ọ gaghị adị mfe itinye n'ọrụ na ụfọdụ netwọk dị adị.
N'ime ihe ndị na-adịghị mma, ọ dị mkpa ịmara na WireGuard Ọ gaghị arụ ọrụ site na proxy HTTP, ebe ọ bụ na naanị protocol njem bụ UDP. Ajụjụ na-ebilite: ọ ga-ekwe omume igbochi protocol ahụ? N'ezie, nke a abụghị ọrụ kpọmkwem maka VPN, mana maka OpenVPNDịka ọmụmaatụ, e nwere ụzọ isi zoo onwe gị dị ka HTTPS, nke na-enyere ndị bi na mba ndị ọchịchị aka ike aka iji Intanet eme ihe nke ọma.
Nchoputa
N'ịchịkọta ya, ọrụ a bụ ọrụ na-adọrọ mmasị ma na-ekwe nkwa nke ukwuu; ị nwere ike iji ya na sava nkeonwe. Kedu uru ya? Arụmọrụ dị elu na Linux sistemụ, ịdị mfe nke ntọala na nkwado, obere koodu ntọala na nke a pụrụ ịgụ. Agbanyeghị, na-agba ọsọ iji bufee akụrụngwa dị mgbagwoju anya na WireGuard Ọ ka dị n'oge, ọ bara uru ichere ka e tinye ya n'ime isi ihe dị mkpa Linux.
Iji chekwaa oge m (na gị), azụlitere m . Site n'enyemaka ya, ị nwere ike ịmepụta VPN nkeonwe maka onwe gị na ndị enyi gị n'enweghị ọbụna ịghọta ihe ọ bụla gbasara ya.
isi: www.habr.com
