WireGuard ã¯æè¿å€§ããªæ³šç®ãéããŠãããå®éãVPN ã®æ°æã§ãã ãããã圌ã¯èŠãç®ã»ã©åªç§ãªã®ã§ããããïŒ WireGuard ã IPsec ã OpenVPN ã«ä»£ãããœãªã¥ãŒã·ã§ã³ã§ã¯ãªãçç±ã説æããããã«ãããã€ãã®èŠ³å¯äºé ã«ã€ããŠèª¬æããWireGuard ã®å®è£ ãã¬ãã¥ãŒããããšæããŸãã
ãã®èšäºã§ã¯ã[WireGuard ã«é¢ãã] 誀解ã®ããã€ããæŽããããšæããŸãã ã¯ããèªãã®ã«é·ãæéããããã®ã§ããŸã ãè¶ãã³ãŒããŒãæ·¹ããŠããªãå Žåã¯ãä»ããã«ã§ãèªãã§ãã ããã ç§ã®æ··ä¹±ããèããæ£ããŠãããããŒã¿ãŒã«ãæè¬ããããšæããŸãã
ç§ã¯ãWireGuard éçºè ã®ä¿¡çšãå·ã€ãã圌ãã®åªåãã¢ã€ãã¢ã®äŸ¡å€ãäžãããšããç®æšãèªåèªèº«ã«èšå®ããŠããããã§ã¯ãããŸããã 圌ãã®è£œåã¯æ©èœããŠããŸãããå人çã«ã¯ãå®éã®ãã®ãšã¯ãŸã£ããç°ãªããã®ãšããŠæ瀺ãããŠãããšæããŸããå®éã«ã¯çŸåšååšããŠããªã IPsec ãš OpenVPN ã®ä»£æ¿ãšããŠæ瀺ãããŠããŸãã
泚æãšããŠãWireGuard ã®ãã®ãããªäœçœ®ã¥ãã«å¯Ÿãã責任ã¯ããããžã§ã¯ãèªäœããã®äœæè ã§ã¯ãªãããããåãäžããã¡ãã£ã¢ã«ããããšãä»ãå ããŠãããŸãã
æè¿ãLinux ã«ãŒãã«ã«é¢ããè¯ããã¥ãŒã¹ã¯ããŸããããŸããã ããã§ãç§ãã¡ã¯ããã»ããµã®å·šå€§ãªè匱æ§ã«ã€ããŠç¥ããããããã¯ãœãããŠã§ã¢ã«ãã£ãŠå¹³æºåãããŸãããããªãŒãã¹ã»ããŒãã«ãºã¯éçºè ã®åå©äž»çŸ©çãªèšèªã§ããã«ã€ããŠããŸãã«ãç¡ç€Œã§éå±ã«è©±ããŸããã ã¹ã±ãžã¥ãŒã©ããŒãã¬ãã«ã®ãããã¯ãŒãã³ã° ã¹ã¿ãã¯ããé«çŽéèªã§ã¯ããŸãæ確ãªãããã¯ã§ã¯ãããŸããã ãããŠããã«WireGuardãç»å ŽããŸãã
æºäžã§ã¯ããã¹ãŠãçŽ æŽãããèãããŸãããšããµã€ãã£ã³ã°ãªæ°ãã¯ãããžãŒã§ãã
ããããããå°ã詳ããèŠãŠã¿ãŸãããã
WireGuard ãã¯ã€ãããŒããŒ
ãã®èšäºã¯ä»¥äžã«åºã¥ããŠããŸã
æåã®æã¯æ¬¡ã®ããã«ãªããŸãã
WireGuard [âŠ] ã¯ãã»ãšãã©ã®ãŠãŒã¹ã±ãŒã¹ã«ããã IPsec ãšãä»ã®äžè¬çãªãŠãŒã¶ãŒç©ºéã OpenVPN ãªã©ã® TLS ããŒã¹ã®ãœãªã¥ãŒã·ã§ã³ã®äž¡æ¹ã眮ãæããããšãç®çãšããŠãããããå®å šã§ããã©ãŒãã³ã¹ãé«ãã䜿ãããã [ããŒã«] ã§ãã
ãã¡ããããã¹ãŠã®æ°ãããã¯ãããžãŒã®äž»ãªå©ç¹ã¯ã åçŽã ãå 代ãšã®æ¯èŒãã ããããVPN ãåæ§ã§ããå¿ èŠããããŸãã å¹ççãã€å®å š.
ãããŠæ¬¡ã¯ïŒ
ãã㯠[VPN ã«] å¿ èŠãªãã®ã§ã¯ãªããšããå Žåã¯ãããã§èªã¿çµããŠãæ§ããŸããã ãã ãããã®ãããªã¿ã¹ã¯ã¯ä»ã®ãã³ããªã³ã°æè¡ã«ãèšå®ãããŠããããšã«æ³šæããŠãã ããã
äžèšã®åŒçšæã®äžã§æãèå³æ·±ãã®ã¯ããã»ãšãã©ã®å Žåããšããèšèã«ãããããã¡ãããã¹ã³ãã¯ç¡èŠããã ãããŠããã®èšäºã§ã¯ããã®é倱ã«ãã£ãŠåŒãèµ·ããããæ··ä¹±ã®ããã§ãç§ãã¡ã¯æçµçã«ãã®ãããªç¶æ³ã«é¥ã£ãŠããŸãã
WireGuard 㯠[IPsec] ãµã€ãé VPN ã«ä»£ãããã®ã§ãã?
ãããã CiscoãJuniper ãªã©ã®å€§æãã³ããŒãèªç€Ÿè£œåã®ããã« WireGuard ãè³Œå ¥ããå¯èœæ§ã¯ãŸã£ãããããŸããã ãã»ã©ã®å¿ èŠããªãéãã移åäžã«ãééããé»è»ã«é£ã³ä¹ããããšã¯ãããŸããã åŸã§ã圌ãããããã WireGuard 補åãæèŒããããŠãæèŒã§ããªãçç±ã®ããã€ãã説æããŸãã
WireGuard 㯠RoadWarrior ãã©ãããããããããŒã¿ã»ã³ã¿ãŒã«æã¡éã¹ãŸãã?
ãããã çŸæç¹ã§ã¯ãWireGuard ã«ã¯ããã®ãããªããšãå®è¡ããããã®éèŠãªæ©èœãå€æ°å®è£ ãããŠããŸããã ããšãã°ããã³ãã« ãµãŒããŒåŽã§åç IP ã¢ãã¬ã¹ã䜿çšããããšã¯ã§ããŸããããããã ãã§ãããã®ãããªè£œåã®äœ¿çšã·ããªãªå šäœãç Žç¶»ããŸãã
IPFire ã¯ãDSL æ¥ç¶ãã±ãŒãã«æ¥ç¶ãªã©ã®å®äŸ¡ãªã€ã³ã¿ãŒããã ãªã³ã¯ã«ãã䜿çšãããŸãã ããã¯ãé«éãã¡ã€ããŒãå¿ èŠãšããªãäžå°äŒæ¥ã«ãšã£ãŠã¯çã«ããªã£ãŠããŸãã [翻蚳è ããã®æ³š: éä¿¡ã®ç¹ã§ã¯ããã·ã¢ãšäžéšã® CIS è«žåœã¯ãšãŒããããç±³åœãããã¯ããã«å ãè¡ã£ãŠããããšãå¿ããªãã§ãã ããããªããªããç§ãã¡ããããã¯ãŒã¯ãæ§ç¯ãå§ããã®ã¯ããªãåŸã«ãªã£ãŠããã§ãããã€ãŒãµããããšå ãã¡ã€ã㌠ãããã¯ãŒã¯ã®åºçŸã«ãããæšæºãªã®ã§ãåæ§ç¯ããã®ãç°¡åã§ããã EU ãç±³åœã®åãåœã ã§ã¯ã3 ïœ 5 Mbps ã®é床ã§ã® xDSL ãããŒããã³ã ã¢ã¯ã»ã¹ãäŸç¶ãšããŠäžè¬çã§ãããå ãã¡ã€ããŒæ¥ç¶ã«ã¯ãç§ãã¡ã®åºæºãããããšéçŸå®çãªéé¡ãããããŸãã ãããã£ãŠããã®èšäºã®èè ã¯ãDSL ãŸãã¯ã±ãŒãã«æ¥ç¶ãæã®ããšã§ã¯ãªããæšæºã§ãããšè¿°ã¹ãŠããŸãã] ãã ããDSLãã±ãŒãã«ãLTE (ããã³ãã®ä»ã®ã¯ã€ã€ã¬ã¹ ã¢ã¯ã»ã¹æ¹æ³) ã«ã¯åç IP ã¢ãã¬ã¹ããããŸãã ãã¡ãããé »ç¹ã«å€åããªãããšããããŸãããå€åããããšããããŸãã
ãšãããµããããžã§ã¯ãããããŸã
ãã£ã¹ããªãã¥ãŒã¿ãŒã®èŠ³ç¹ãããããšããããããŸãè¯ãããšã§ã¯ãããŸããã èšèšç®æšã® XNUMX ã€ã¯ããããã³ã«ãã·ã³ãã«ãã€ã¯ãªãŒã³ã«ä¿ã€ããšã§ããã
æ®å¿µãªãããå®éã«ã¯ããããã¹ãŠãããŸãã«ãåçŽãã€åå§çãªãã®ã«ãªã£ãŠããããããã®èšèšå šäœãå®éã«äœ¿çšã§ããããã«ããã«ã¯ãè¿œå ã®ãœãããŠã§ã¢ã䜿çšããå¿ èŠããããŸãã
WireGuard ã¯ãšãŠã䜿ããããã§ãã?
ãŸã ã WireGuard ã XNUMX ç¹éã®ãã³ããªã³ã°ã«æ±ºããŠé©ãã代æ¿æ段ã«ãªããªããšã¯èšããŸããããä»ã®ãšãããããã¯æ¬æ¥ããã¹ã補åã®ã¢ã«ãã¡çã«ãããŸããã
ããããããã§ã¯åœŒã¯å®éã«äœãããŠããã®ã§ããããïŒ IPsec ã®ä¿å®ã¯æ¬åœã«ããã»ã©é£ããã®ã§ãããã?
æããã«éããŸãã IPsec ãã³ããŒã¯ãããèæ ®ããIPFire ãªã©ã®ã€ã³ã¿ãŒãã§ã€ã¹ãåãã補åãåºè·ããŠããŸãã
IPsec çµç±ã§ VPN ãã³ãã«ãèšå®ããã«ã¯ãæ§æã«å ¥åããå¿ èŠããã XNUMX ã€ã®ããŒã¿ ã»ãããå¿ èŠã«ãªããŸããããã¯ãèªåã®ãããªã㯠IP ã¢ãã¬ã¹ãåä¿¡åŽã®ãããªã㯠IP ã¢ãã¬ã¹ããããªãã¯ã«ãããµããããã§ãããã® VPN æ¥ç¶ãšäºåå ±æããŒã ãããã£ãŠãVPN ã¯æ°å以å ã«ã»ããã¢ãããããã©ã®ãã³ããŒãšãäºææ§ããããŸãã
æ®å¿µãªããããã®è©±ã«ã¯ããã€ãã®äŸå€ããããŸãã IPsec çµç±ã§ OpenBSD ãã·ã³ã«ãã³ãã«ãè©Šã¿ãããšããã人ãªããç§ãäœãèšã£ãŠããã®ããããã§ãããã ä»ã«ãããã€ãåä»ãªäŸããããŸãããå®éã«ã¯ãIPsec ã䜿çšããããã®åªããå®è·µæ¹æ³ãããã«ãããããããŸãã
ãããã³ã«ã®è€éãã«ã€ããŠ
ãšã³ããŠãŒã¶ãŒã¯ãããã³ã«ã®è€éããå¿é ããå¿ èŠã¯ãããŸããã
ããããŠãŒã¶ãŒã®çã®é¢å¿äºã§ããäžçã«ç§ãã¡ãäœãã§ãããªãã323 幎以äžåã«äœæããããNAT ã§ã¯ããŸãåäœããªã SIPãH.XNUMXãFTPããã®ä»ã®ãããã³ã«ã¯å»æ¢ãããŠããã§ãããã
IPsec ã WireGuard ãããè€éã§ããã®ã«ã¯çç±ããããŸããIPsec ã¯ããå€ãã®ããšãå®è¡ããŸãã ããšãã°ããã°ã€ã³/ãã¹ã¯ãŒããŸãã¯EAPä»ãSIMã«ãŒãã䜿çšãããŠãŒã¶ãŒèªèšŒã§ãã æ°ãããã®ãè¿œå ããæ¡åŒµæ©èœããããŸã
ãããŠãWireGuard ã«ã¯ããããããŸããã
ããã¯ãæå·åããªããã£ãã® XNUMX ã€ã匱äœåãããå®å šã«äŸµå®³ããããããWireGuard ãããæç¹ã§å£ããããšãæå³ããŸãã æè¡ææžã®èè ã¯æ¬¡ã®ããã«è¿°ã¹ãŠããŸãã
WireGuard ã¯æå·ã«é¢ããŠç¬èªã®èŠè§£ãæã£ãŠããããšã¯æ³šç®ã«å€ããŸãã æå·ããããã³ã«ã®æè»æ§ãæå³çã«æ¬ åŠããŠããŸãã åºç€ãšãªãããªããã£ãã«é倧ãªç©ŽãèŠã€ãã£ãå Žåã¯ããã¹ãŠã®ãšã³ããã€ã³ããæŽæ°ããå¿ èŠããããŸãã SLL/TLS ã®è匱æ§ã次ã ãšçºçããŠããããšãããããããã«ãæå·åã®æè»æ§ã¯çŸåšå€§å¹ ã«åäžããŠããŸãã
æåŸã®æã¯ãŸã£ããæ£ããã§ãã
ã©ã®æå·åã䜿çšãããã«ã€ããŠåæã«éãããšãIKE ã TLS ãªã©ã®ãããã³ã«ãäœæãããŸãã бПлее è€éã è€éãããïŒ ã¯ããTLS/SSL ã§ã¯è匱æ§ãéåžžã«äžè¬çã§ããããããã«ä»£ãããã®ã¯ãããŸããã
çŸå®ã®åé¡ãç¡èŠããããšã«ã€ããŠ
äžçäžã®ã©ããã« 200 ã®æŠéã¯ã©ã€ã¢ã³ããåãã VPN ãµãŒããŒããããšæ³åããŠãã ããã ããã¯ããªãæšæºçãªäœ¿çšäŸã§ãã æå·åãå€æŽããå¿ èŠãããå Žåã¯ãã©ããããããã¹ããŒããã©ã³ãªã©äžã® WireGuard ã®ãã¹ãŠã®ã³ããŒã«æŽæ°ãé ä¿¡ããå¿ èŠããããŸãã åæã« é éã ããã¯æåéãäžå¯èœã§ãã 管çè ããããå®è¡ããããšãããšãå¿ èŠãªæ§æãå±éããã®ã«äœãæãããããäžèŠæš¡ã®äŒæ¥ããã®ãããªã€ãã³ããå®è¡ããã«ã¯æåéãæ°å¹ŽããããŸãã
IPsec ãš OpenVPN ã¯æå·ããŽã·ãšãŒã·ã§ã³æ©èœãæäŸããŸãã ãããã£ãŠãæ°ããæå·åããªã³ã«ããŠãããã°ããã®éã¯ãå€ãæå·åãæ©èœããŸãã ããã«ãããçŸåšã®é¡§å®¢ã¯æ°ããããŒãžã§ã³ã«ã¢ããã°ã¬ãŒãã§ããããã«ãªããŸãã ã¢ããããŒããå±éãããããè匱ãªæå·åãç¡å¹ã«ããã ãã§ãã 以äžã§ãïŒ æºåïŒ ããªãã¯çŽ æŽãããã§ãïŒ ã¯ã©ã€ã¢ã³ããããã«æ°ã¥ããŸããã
ããã¯å®éã«ã¯å€§èŠæš¡ãªå±éã§ã¯éåžžã«äžè¬çãªã±ãŒã¹ã§ãããOpenVPN ã§ãããã«ã¯å€å°ã®å°é£ããããŸãã äžäœäºææ§ã¯éèŠã§ãããããšã匱ãæå·åã䜿çšããŠããŠããå€ãã®å Žåãããã¯ããžãã¹ãééããçç±ã«ã¯ãªããŸããã ãªããªããä»äºãã§ããªããªããäœçŸäººãã®é¡§å®¢ã®ä»äºã麻çºããŠããŸãããã§ãã
WireGuard ããŒã ã¯ãããã³ã«ãããã·ã³ãã«ã«ããŸãããããã³ãã«å ã®äž¡æ¹ã®ãã¢ãåžžã«å¶åŸ¡ã§ããªã人ã«ã¯ãŸã£ãã䜿çšã§ããŸããã ç§ã®çµéšã§ã¯ããããæãäžè¬çãªã·ããªãªã§ãã
æå·ïŒ
ããããWireGuard ã䜿çšãããã®èå³æ·±ãæ°ããæå·åãšã¯äœã§ãããã?
WireGuard ã¯ãããŒäº€æã« Curve25519ãæå·åã« ChaCha20ãããŒã¿èªèšŒã« Poly1305 ã䜿çšããŸãã ãŸããããã·ã¥ ããŒã«ã¯ SipHashãããã·ã¥ã«ã¯ BLAKE2 ã䜿çšã§ããŸãã
ChaCha20-Poly1305 ã¯ãIPsec ããã³ OpenVPN (TLS çµç±) çšã«æšæºåãããŠããŸãã
ãããšã«ã»ããŒã³ã¹ã¿ã€ã³ã®éçºãéåžžã«é »ç¹ã«äœ¿çšãããŠããããšãããããŸãã BLAKE2 ã¯ãSHA-3 ãšã®é¡äŒŒæ§ã®ããã« SHA-2 ãã¡ã€ããªã¹ãã«éžã°ããªãã£ã BLAKE ã®åŸç¶ã§ãã SHA-2 ãç Žãããå ŽåãBLAKE ã䟵害ãããå¯èœæ§ãååã«ãããŸãã
IPsec ãš OpenVPN ã¯ããã®èšèšã«ãã SipHash ãå¿ èŠãšããŸããã ãããã£ãŠãçŸåšäœ¿çšã§ããªãã®ã¯ BLAKE2 ã ãã§ãããããã¯æšæºåããããŸã§ã®éã ãã§ãã VPN ã¯æŽåæ§ã確ä¿ããããã« HMAC ã䜿çšãããããããã¯å€§ããªæ¬ ç¹ã§ã¯ãããŸãããHMAC 㯠MD5 ãšçµã¿åãããŠã匷åãªãœãªã¥ãŒã·ã§ã³ã§ãããšèããããŠããŸãã
ããã§ç§ã¯ãã»ãŒåãæå·åããŒã«ã®ã»ããããã¹ãŠã® VPN ã§äœ¿çšãããŠãããšããçµè«ã«éããŸããã ãããã£ãŠãæå·åãéä¿¡ããŒã¿ã®å®å šæ§ã«é¢ããŠã¯ãWireGuard ã¯ä»ã®çŸè¡è£œåãšæ¯ã¹ãŠå®å šæ§ãé«ãããã§ã¯ãããŸããã
ãããããããããæãéèŠãªããšã§ã¯ãããŸããããããžã§ã¯ãã®å ¬åŒããã¥ã¡ã³ãã«ãããšãããã¯æ³šæãæã䟡å€ããããŸãã çµå±ã®ãšãããéèŠãªã®ã¯ã¹ããŒãã§ãã
WireGuard ã¯ä»ã® VPN ãœãªã¥ãŒã·ã§ã³ãããé«éã§ãã?
èŠããã«ãããããéãã¯ãããŸããã
ChaCha20 ã¯ããœãããŠã§ã¢ãžã®å®è£ ã容æãªã¹ããªãŒã æå·ã§ãã äžåºŠã« 128 ããããã€æå·åããŸãã AES ãªã©ã®ããã㯠ãããã³ã«ã¯ããããã¯ãäžåºŠã« XNUMX ãããæå·åããŸãã ããŒããŠã§ã¢ ãµããŒããå®è£ ããã«ã¯ããã«å€ãã®ãã©ã³ãžã¹ã¿ãå¿ èŠãšãªãããã倧åã®ããã»ããµã«ã¯ãæå·åããã»ã¹ã®ã¿ã¹ã¯ã®äžéšãå®è¡ããŠé«éåããåœä»€ã»ããæ¡åŒµæ©èœã§ãã AES-NI ãæèŒãããŠããŸãã
AES-NI ãã¹ããŒããã©ã³ã«æ¡çšãããããšã¯æ±ºããŠãªããšäºæ³ãããŠããŸããããå®éã«ã¯æ¡çšãããŸããã ãããã]ã ãã®ãããChaCha20 ã¯è»œéã§ããããªãŒç¯çŽã®ä»£æ¿åãšããŠéçºãããŸããã ãããã£ãŠãçŸåšè³Œå ¥ã§ãããã¹ãŠã®ã¹ããŒããã©ã³ã«ã¯äœããã® AES ã¢ã¯ã»ã©ã¬ãŒã·ã§ã³ãæèŒãããŠããããã®æå·åã䜿çšãããš ChaCha20 ãããé«éãã€äœæ¶è²»é»åã§åäœãããšãããã¥ãŒã¹ãå±ããããããŸããã
æããã«ãããæ°å¹Žã§è³Œå ¥ãããã»ãŒãã¹ãŠã®ãã¹ã¯ããã/ãµãŒã㌠ããã»ããµã«ã¯ AES-NI ãæèŒãããŠããŸãã
ãããã£ãŠãç§ã¯ãAES ãããããã·ããªãªã§ ChaCha20 ãäžåãããã©ãŒãã³ã¹ãçºæ®ãããšæåŸ ããŠããŸãã WireGuard ã®å ¬åŒããã¥ã¡ã³ãã«ã¯ãAVX512 ã§ã¯ ChaCha20-Poly1305 ã AES-NI ãããåªããããã©ãŒãã³ã¹ãçºæ®ãããšèšèŒãããŠããŸããããã®åœä»€ã»ããæ¡åŒµã¯å€§åã® CPU ã§ã®ã¿å©çšå¯èœã§ãããå°åã§ã¢ãã€ã«æ§ã®é«ãããŒããŠã§ã¢ã«ã¯åœ¹ã«ç«ã¡ãŸãããAES ã䜿çšãããšåžžã«é«éã«ãªããŸãã - N.I.
WireGuard ã®éçºäžã«ãããäºèŠã§ãããã©ããã¯ããããŸããããçŸåšã§ã¯ãæå·åã®ã¿ã«éä»ãã«ãªã£ãŠãããšããäºå®ããã§ã«æ¬ ç¹ãšãªã£ãŠããããã®åäœã«ã¯ããŸã圱é¿ãåãŒããªãå¯èœæ§ããããŸãã
IPsec ã䜿çšãããšãã±ãŒã¹ã«æé©ãªæå·åãèªç±ã«éžæã§ããŸãã ãã¡ãããããã¯ãããšãã° VPN æ¥ç¶ãéã㊠10 GB 以äžã®ããŒã¿ã転éããå Žåã«å¿ èŠã§ãã
Linux ã§ã®çµ±åã®åé¡
WireGuard ã¯ææ°ã®æå·åãããã³ã«ãéžæããŸããããããã¯ãã§ã«å€ãã®åé¡ãåŒãèµ·ãããŠããŸãã ãã®ãããã«ãŒãã«ã§ãµããŒããããŠãããã®ããã®ãŸãŸäœ¿çšãã代ããã«ãLinux ã«ã¯ãããã®ããªããã£ããæ¬ åŠããŠãããããWireGuard ã®çµ±åã¯äœå¹Žãé ããŠããŸããã
ä»ã®ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã§ã®ç¶æ³ãã©ããªã£ãŠãããã¯å®å šã«ã¯ããããŸãããããããã Linux ã®å Žåãšããã»ã©å€ãããªãã§ãããã
çŸå®ã¯ã©ã®ããã«èŠããŸããïŒ
æ®å¿µãªãããã¯ã©ã€ã¢ã³ããã VPN æ¥ç¶ã®ã»ããã¢ãããäŸé Œããããã³ã«ãå€ãèªèšŒæ å ±ãšæå·åã䜿çšãããŠãããšããåé¡ã«ééããŸãã 3DES ãš MD5 ãçµã¿åããã䜿çšã¯ãAES-256 ã SHA1 ãšåæ§ã«ãäŸç¶ãšããŠäžè¬çã«è¡ãããŠããŸãã åŸè ã®æ¹ãè¥å¹²åªããŠããŸããããã㯠2020 幎ã«äœ¿çšãã¹ããã®ã§ã¯ãããŸããã
éµäº€æã®å Žå åžžã« RSA ã䜿çšãããŸããããã¯é ãã§ããããªãå®å šãªããŒã«ã§ãã
ç§ã®ã¯ã©ã€ã¢ã³ãã¯ãçšé¢ããã®ä»ã®æ¿åºæ©é¢ãæ©é¢ãããã«ã¯äžçäžã§ååãç¥ãããŠãã倧äŒæ¥ãšé¢ä¿ããŠããŸãã ãããã¯ãã¹ãŠãæ°å幎åã«äœæããããªã¯ãšã¹ã ãã©ãŒã ã䜿çšããŠãããSHA-512 ã䜿çšããæ©èœã¯ãŸã£ããè¿œå ãããŠããŸããã§ããã ãããäœããã®åœ¢ã§æè¡ã®é²æ©ã«æããã«åœ±é¿ãäžããŠãããšã¯èšããŸããããæããã«äŒæ¥ããã»ã¹ãé ãããŸãã
IPsec 㯠2005 幎以æ¥ãæ¥åæ²ç·ãçŽæ¥ãµããŒãããŠããããããããèŠããšå¿ãçã¿ãŸããCurve25519 ãæ°ãããªãã䜿çšã§ããããã«ãªããŸãã Camellia ã ChaCha20 ãªã©ã® AES ã®ä»£æ¿æ段ããããŸãããæããã«ããããã¹ãŠã Cisco ãªã©ã®äž»èŠãã³ããŒã«ãã£ãŠãµããŒããããŠããããã§ã¯ãããŸããã
ãããŠäººã ã¯ãããå©çšããŸãã Cisco ãããã¯æ°å€ããããCisco ãšé£æºããããã«èšèšãããããããæ°å€ããããŸãã 圌ãã¯ãã®åéã®åžå ŽãªãŒããŒã§ããããããªãçš®é¡ã®ã€ãããŒã·ã§ã³ã«ãããŸãèå³ããããŸããã
ã¯ããïŒæ³äººéšéã®ïŒç¶æ³ã¯ã²ã©ããã®ã§ãããWireGuard ã®ãããã§å€åã¯èŠãããŸããã ãã³ããŒã¯ããããããã§ã«äœ¿çšããŠããããŒã«ãæå·åã«ããã©ãŒãã³ã¹ã®åé¡ãçºçããããšã¯ãªããIKEv2 ã«ãåé¡ãçºçããªãããã代æ¿æ段ãæ¢ããŠããŸããã
äžè¬çã«ãCisco ããããããšãèããããšã¯ãããŸãã?
ãã³ãããŒã¯
ããã§ã¯ãWireGuard ããã¥ã¡ã³ãã®ãã³ãããŒã¯ã«ç§»ããŸãããã ãã®[ããã¥ã¡ã³ã]ã¯ç§åŠè«æã§ã¯ãããŸããããããã§ãéçºè ãããç§åŠçãªã¢ãããŒããåãããç§åŠçãªã¢ãããŒããåèã«ããããšãæåŸ ããŠããŸããã ã©ã®ãããªãã³ãããŒã¯ãåçŸã§ããªããã°åœ¹ã«ç«ã¡ãŸããããå®éšå®€ã§åŸããããã®ã§ããã°ããã«åœ¹ã«ç«ã¡ãŸããã
WireGuard ã® Linux ãã«ãã§ã¯ãGSO (æ±çšã»ã°ã¡ã³ããŒã·ã§ã³ ãªãããŒã) ãå©çšããŸãã 圌ã®ãããã§ãã¯ã©ã€ã¢ã³ã㯠64 ãããã€ãã®å·šå€§ãªãã±ãããäœæãããããäžåºŠã«æå·å/埩å·åããŸãã ãããã£ãŠãæå·åæäœã®åŒã³åºããšå®è£ ã®ã³ã¹ããåæžãããŸãã VPN æ¥ç¶ã®ã¹ã«ãŒããããæ倧åãããå Žåãããã¯è¯ãèãã§ãã
ãããããã€ãã®ããã«ãçŸå®ã¯ããã»ã©åçŽã§ã¯ãããŸããã ãã®ãããªå€§ããªãã±ããããããã¯ãŒã¯ ã¢ããã¿ã«éä¿¡ããã«ã¯ããã±ãããå€æ°ã®å°ããªãã±ããã«åå²ããå¿ èŠããããŸãã éåžžã®éä¿¡ãµã€ãºã¯ 1500 ãã€ãã§ãã ã€ãŸãã64 ãããã€ãã®å·šå€§ãªãã±ãã㯠45 ã®ãã±ãã (1240 ãã€ãã®æ å ±ãš 20 ãã€ãã® IP ããããŒ) ã«åå²ãããŸãã ãã®åŸããããã¯äžç·ã«äžåºŠã«éä¿¡ããå¿ èŠãããããããã°ããã®éããããã¯ãŒã¯ ã¢ããã¿ãŒã®åäœãå®å šã«ãããã¯ãããŸãã ãã®çµæãåªå é äœãæ¥äžæããVoIP ãªã©ã®ãã±ããããã¥ãŒã«å ¥ããããããšã«ãªããŸãã
ãããã£ãŠãWireGuard ã倧èã«äž»åŒµããé«ã¹ã«ãŒãããã¯ãä»ã®ã¢ããªã±ãŒã·ã§ã³ã®ãããã¯ãŒã¯é床ãäœäžããããšããç ç²ãæã£ãŠå®çŸãããŠããŸãã ãããŠãWireGuard ããŒã ã¯ãã§ã«
ããããå ã«é²ã¿ãŸãããã
æè¡ããã¥ã¡ã³ãã®ãã³ãããŒã¯ã«ãããšãæ¥ç¶ã®ã¹ã«ãŒããã㯠1011 Mbps ã§ãã
å°è±¡çã§ãã
ããã¯ãåäžã®ã¬ããã ã€ãŒãµãããæ¥ç¶ã®çè«äžã®æ倧ã¹ã«ãŒãããã 966 ãã€ããã IP ããããŒã® 1500 ãã€ããUDP ããããŒã® 20 ãã€ããããã³ããããŒã® 8 ãã€ããåŒãããã±ãã ãµã€ãºã§ 16 Mbps ã§ãããšããäºå®ã«ãããç¹ã«å°è±¡çã§ãã WireGuard èªäœã ã«ãã»ã«åããããã±ããã«ã¯ãã 20 ã€ã® IP ããããŒããããTCP ã«ã¯ XNUMX ãã€ãã® IP ããããŒããã XNUMX ã€ãããŸãã ã§ã¯ããã®è¿œå ã®åž¯åå¹ ã¯ã©ãããæ¥ãã®ã§ãããã?
巚倧ãªãã¬ãŒã ãšäžã§èª¬æãã GSO ã®å©ç¹ãèæ ®ãããšããã¬ãŒã ãµã€ãº 9000 ãã€ãã®çè«äžã®æ倧å€ã¯ 1014 Mbps ã«ãªããŸãã éåžžããã®ãããªã¹ã«ãŒãããã¯å€§ããªå°é£ã䌎ããããçŸå®ã«ã¯éæã§ããŸããã ãããã£ãŠãçè«äžã®æ倧å€ã 64 Mbps ã§ãäžéšã®ãããã¯ãŒã¯ ã¢ããã¿ã§ã®ã¿ãµããŒããããã1023 ãããã€ãã®ããã«å€ªãç¹å€§ãã¬ãŒã ã䜿çšããŠãã¹ããå®è¡ããããšããèããããŸããã ããããããã¯å®éã®ç¶æ³ã§ã¯ãŸã£ããé©çšã§ãããçŽæ¥æ¥ç¶ããã XNUMX ã€ã®ã¹ããŒã·ã§ã³éã§ã®ã¿ããã¹ããã³ãå ã§ã®ã¿äœ¿çšã§ããŸãã
ãã ããVPN ãã³ãã«ã¯ãžã£ã³ã ãã¬ãŒã ããŸã£ãããµããŒãããªãã€ã³ã¿ãŒãããæ¥ç¶ã䜿çšã㊠XNUMX ã€ã®ãã¹ãéã§è»¢éãããããããã³ãã§åŸãããçµæããã³ãããŒã¯ãšããŠæ¡çšããããšã¯ã§ããŸããã ããã¯åã«å®éšå®€ã§ã®éçŸå®çãªææã§ãããå®éã®æŠéç¶æ³ã§ã¯äžå¯èœã§ãããé©çšã§ããŸããã
ããŒã¿ã»ã³ã¿ãŒã«åº§ã£ãŠããŠãã9000 ãã€ããè¶ ãããã¬ãŒã ã転éã§ããŸããã§ããã
å®ç掻ãžã®é©çšæ§ã®åºæºã¯å®å šã«éåãããŠãããç§ãæãã«ãå®è¡ãããã枬å®ãã®äœæè ã¯ãæçœãªçç±ã§èªåèªèº«ã®ä¿¡çšãèããå·ã€ããŸããã
æåŸã®åžæã®å
WireGuard ã® Web ãµã€ãã§ã¯ã³ã³ããã«ã€ããŠå€ãã®ããšãèªãããŠãããã³ã³ãããå®éã«äœãç®çãšããŠããã®ããæããã«ãªããŸãã
ã·ã³ãã«ã§é«é㪠VPN ã¯æ§æãå¿ èŠãšãããAmazon ãã¯ã©ãŠãã«åããŠãããããªå€§èŠæš¡ãªãªãŒã±ã¹ãã¬ãŒã·ã§ã³ ããŒã«ã䜿çšããŠå±éããã³æ§æã§ããŸãã å ·äœçã«ã¯ãAmazon ã¯ãAVX512 ãªã©ãåè¿°ããææ°ã®ããŒããŠã§ã¢æ©èœã䜿çšããŠããŸãã ããã¯ãx86 ããã®ä»ã®ã¢ãŒããã¯ãã£ã«çžããããäœæ¥ãé«éåããããã«è¡ãããŸãã
ãããã¯ãã¹ã«ãŒããããš 9000 ãã€ããè¶ ãããã±ãããæé©åããŸãããããã¯ãã³ã³ãããŒãçžäºã«éä¿¡ããããããã¯ã¢ããæäœãã¹ãããã·ã§ããã®äœæãåãã³ã³ãããŒã®ãããã€ãè¡ãããã®å·šå€§ãªã«ãã»ã«åããããã¬ãŒã ã«ãªããŸãã ç§ã説æããã·ããªãªã®å Žåãåç IP ã¢ãã¬ã¹ã§ãã£ãŠããWireGuard ã®åäœã«ã¯ãŸã£ãã圱é¿ããŸããã
ãããã£ãã åªããå®è£ ãšéåžžã«èããã»ãŒåç §ãããã³ã«ã
ããããããã¯å®å šã«å¶åŸ¡ã§ããããŒã¿ã»ã³ã¿ãŒã®å€ã®äžçã«ã¯é©åããŸããã ãªã¹ã¯ãè² ã£ãŠ WireGuard ã®äœ¿çšãéå§ããå Žåã¯ãæå·åãããã³ã«ã®èšèšãšå®è£ ã«ãããŠåžžã«åŠ¥åããå¿ èŠããããŸãã
åºå
WireGuard ã¯ãŸã æºåãã§ããŠããªããšçµè«ä»ããã®ã¯ç°¡åã§ãã
ããã¯ãæ¢åã®ãœãªã¥ãŒã·ã§ã³ã®å€ãã®åé¡ã«å¯Ÿãã軜éãã€è¿ éãªãœãªã¥ãŒã·ã§ã³ãšããŠèæ¡ãããŸããã æ®å¿µãªããããããã®ãœãªã¥ãŒã·ã§ã³ãå®çŸããããã«ãã»ãšãã©ã®ãŠãŒã¶ãŒã«é¢ä¿ããå€ãã®æ©èœãç ç²ã«ããŸããã ãã®ãããIPsec ã OpenVPN ã眮ãæããããšã¯ã§ããŸããã
WireGuard ã競äºåãçºæ®ããã«ã¯ãå°ãªããšã IP ã¢ãã¬ã¹èšå®ãã«ãŒãã£ã³ã°ãDNS æ§æãè¿œå ããå¿ èŠããããŸãã æããã«ããããæå·åãã£ãã«ã®ç®çã§ãã
ã»ãã¥ãªãã£ã¯ç§ã®æåªå äºé ã§ãããçŸæç¹ã§ã¯ãIKE ãŸã㯠TLS ãäœããã®åœ¢ã§äŸµå®³ããããç ŽæãããããŠãããšä¿¡ããçç±ã¯ãããŸããã ã©ã¡ãã§ãææ°ã®æå·åããµããŒããããŠãããæ°å幎ã®éçšã«ãã£ãŠèšŒæãããŠããŸãã äœããæ°ãããããšãã£ãŠããããåªããŠãããšããããã§ã¯ãããŸããã
çžäºéçšæ§ã¯ãã¹ããŒã·ã§ã³ãå¶åŸ¡ããŠããªããµãŒãããŒãã£ãšéä¿¡ããå Žåã«éåžžã«éèŠã§ãã IPsec ã¯äºå®äžã®æšæºã§ãããã»ãŒã©ãã§ããµããŒããããŠããŸãã ãããŠåœŒã¯åããŠããŸãã ãããŠãèŠãç®ãã©ãã§ãããçè«çã«ã¯ãå°æ¥ã® WireGuard ã¯ããèªäœã®ç°ãªãããŒãžã§ã³ãšããäºææ§ããªããªãå¯èœæ§ããããŸãã
æå·åä¿è·ã¯é ããæ©ããç Žãããããã亀æãŸãã¯æŽæ°ããå¿ èŠããããŸãã
ãããã®äºå®ããã¹ãŠåŠå®ããç²ç®çã« WireGuard ã䜿çšã㊠iPhone ãèªå®
ã®ã¯ãŒã¯ã¹ããŒã·ã§ã³ã«æ¥ç¶ããããšèããã®ã¯ããŸãã«éŠãçªã£èŸŒããã¹ã¿ãŒã¯ã©ã¹ã§ãã
åºæïŒ habr.com