Lero Linus adasamutsa nthambi yotsatila yokhala ndi ma VPN kwa iye yekha . Za chochitika ichi pamndandanda wamakalata WireGuard.
Kusonkhanitsa ma code a kernel yatsopano kukupitilira pakadali pano. Linux 5.6. WireGuard — VPN yachangu komanso yotsatira yomwe imagwiritsa ntchito njira zamakono zolembera mawu. Poyamba idapangidwa ngati njira yosavuta komanso yosavuta m'malo mwa ma VPN omwe alipo. Idapangidwa ndi katswiri wachitetezo cha chidziwitso waku Canada Jason A. Donenfeld. Mu Ogasiti 2018, WireGuard Kuchokera kwa Linus Torvalds. Pa nthawi imeneyo, ntchito yoika VPN mu kernel inayamba. LinuxNjirayi inatenga nthawi yayitali.
"Ndikuona kuti Jason wapempha kuti anditumize WireGuard "mu kernel," Linus analemba pa Ogasiti 2, 2018. "Kodi ndingabwerezenso chikondi changa pa VPN iyi ndikuyembekeza kusakanikirana mwachangu? Khodiyo singakhale yangwiro, koma ndayiyang'ana, ndipo ndayiyerekeza ndi zoopsa zomwezo. OpenVPN ndipo IPSec, ndi ntchito yeniyeni ya zaluso.
Ngakhale kuti Linus ankafuna, mgwirizanowu unapitirira kwa chaka chimodzi ndi theka. Vuto lalikulu lidakhala lolumikizidwa ndi magwiridwe antchito a cryptographic, omwe adagwiritsidwa ntchito kukonza magwiridwe antchito. Pambuyo pazokambirana zazitali mu Seputembara 2019 zidachitika masulirani ma patches ku ntchito za Crypto API zomwe zikupezeka mu kernel, zomwe opanga mapulogalamu ali nazo mwayi WireGuard Panali madandaulo ena okhudza magwiridwe antchito ndi chitetezo chonse. Koma ntchito za crypto zachikhalidwe zinathetsa vutoli. WireGuard siyanitsani ma API a Zinc otsika ndikuwatumiza ku kernel pakapita nthawi. Mu Novembala, opanga ma kernel adasunga lonjezo lawo ndipo kusamutsa gawo la code kuchokera ku Zinc kupita ku kernel yayikulu. Mwachitsanzo, mu Crypto API yokonzedwa mu WireGuard Kugwiritsa ntchito mwachangu ma algorithms a ChaCha20 ndi Poly1305.
Pomaliza, pa Disembala 9, 2019, David S. Miller, yemwe amayang'anira dongosolo la maukonde a kernel, Linux, ku nthambi yotsatira ndikukhazikitsa mawonekedwe a VPN kuchokera ku polojekitiyi WireGuard.
Ndipo lero, Januware 29, 2020, zosintha zidapita ku Linus kuti ziphatikizidwe mu kernel.
Mapindu Omwe Ananenedwa WireGuard kuposa njira zina za VPN:
- Yosavuta kugwiritsa ntchito.
- Amagwiritsa ntchito cryptography yamakono: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, etc.
- Nambala yaying'ono, yowerengeka, yosavuta kufufuza ngati ili pachiwopsezo.
- Kuchita kwakukulu.
- Zomveka komanso zofotokozera .
Mfundo zonse zofunika WireGuard imatenga mizere yosakwana 4000 ya code, pomwe OpenVPN ndipo IPSec ndi mizere mazanamazana zikwizikwi.
"V WireGuard Lingaliro la njira yolumikizira makiyi achinsinsi limagwiritsidwa ntchito, lomwe limaphatikizapo kumangirira kiyi yachinsinsi ku mawonekedwe aliwonse a netiweki ndikuigwiritsa ntchito pomangirira makiyi a anthu onse. Makiyi a anthu onse amasinthidwa kuti akhazikitse kulumikizana mofanana ndi SSH. Kuti akambirane makiyi ndikukhazikitsa kulumikizana popanda kuyendetsa daemon yosiyana pamalo ogwiritsira ntchito, njira ya Noise_IK kuchokera zofanana ndi kusunga authorized_keys mu SSH. Kutumiza kwa data kumachitika kudzera mu encapsulation mu mapaketi a UDP. Imathandizira kusintha adilesi ya IP ya seva ya VPN (kuyendayenda) popanda kulumikiza kulumikizana ndikusinthanso kwa kasitomala, - Opennet.
Za kubisa mtsinje cipher ndi algorithm yotsimikizira uthenga (MAC) , lopangidwa ndi Daniel Bernstein (), Tanja Lange and Peter Schwabe. ChaCha20 ndi Poly1305 zili pabwino ngati ma analogue othamanga komanso otetezeka a AES-256-CTR ndi HMAC, kukhazikitsidwa kwa mapulogalamu omwe amalola kukwaniritsa nthawi yokhazikika popanda kugwiritsa ntchito zida zapadera zothandizira. Kuti mupange kiyi yachinsinsi yogawana, elliptic curve Diffie-Hellman protocol imagwiritsidwa ntchito pakukhazikitsa , yomwe idaperekedwanso ndi Daniel Bernstein. Algorithm yomwe imagwiritsidwa ntchito pa hashing ndi ".
Zotsatira kuchokera patsamba lovomerezeka:
Bandwidth (megabit/s)
Ping (ms)
Kukonzekera koyesa:
- Intel Core i7-3820QM ndi Intel Core i7-5200U
- Gigabit makadi Intel 82579LM ndi Intel I218LM
- Linux 4.6.1
- Kukhazikika WireGuard: 256-bit ChaCha20 yokhala ndi Poly1305 ya MAC
- Kusintha koyamba kwa IPsec: 256-bit ChaCha20 yokhala ndi Poly1305 ya MAC
- Kusintha kwachiwiri kwa IPsec: AES-256-GCM-128 (ndi AES-NI)
- Kukhazikika OpenVPN: cipher suite yofanana ya 256-bit AES yokhala ndi HMAC-SHA2-256, UDP mode
- Kuchita kwake kunayesedwa pogwiritsa ntchito
iperf3, ikuwonetsa zotsatira zapakati pa mphindi 30.
Mwachidziwitso, pambuyo pophatikizidwa mu netiweki WireGuard iyenera kugwira ntchito mwachangu kwambiri. Koma zoona zake, izi sizingakhale choncho chifukwa cha kusintha kwa ntchito za cryptographic zomwe zamangidwa mkati mwa Crypto API. N'zotheka kuti si zonse zomwe zakonzedwa kuti zigwirizane ndi momwe zimagwirira ntchito monga momwe zilili ndi mtundu wamakono. WireGuard.
"Malinga ndi momwe ndimaonera, WireGuard Ndi yabwino kwambiri kwa wogwiritsa ntchito. Zosankha zonse zotsika zimaganiziridwa muzofotokozera, kotero kukhazikitsa zomangamanga za VPN kumatenga mphindi zochepa chabe. N'zosatheka kusokoneza kasinthidwe. pa Habre mu 2018. - Njira yoyika pa tsamba lovomerezeka, ndikufuna padera kuzindikira zabwino kwambiri . Kusavuta kugwiritsa ntchito komanso kuphatikizika kwa code base kunatheka pochotsa kugawa kwa makiyi. Palibe dongosolo la satifiketi zovuta komanso zoopsa zonse zamakampani; makiyi achidule obisa amagawidwa ngati makiyi a SSH. ”
Ntchitoyi WireGuard yakhala ikukula kuyambira 2015, yawunikidwa ndipo . Thandizo WireGuard zophatikizidwa mu NetworkManager ndi systemd, ndipo ma kernel patches akuphatikizidwa mu magawidwe oyambira Debian Zosakhazikika, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph ndi ALT.
Source: www.habr.com
