Lero Linus adasamutsa nthambi yotsatila yokhala ndi ma VPN kwa iye yekha . Za chochitika ichi pa mndandanda wamakalata a WireGuard.
Kutolera ma code a Linux 5.6 kernel yatsopano kukupitilirabe. WireGuard ndi m'badwo wotsatira wa VPN womwe umagwiritsa ntchito zilembo zamakono. Idapangidwa poyambilira ngati njira yosavuta komanso yosavuta kuposa ma VPN omwe alipo. Wolembayo ndi katswiri wa chitetezo cha chidziwitso ku Canada Jason A. Donenfeld. Mu Ogasiti 2018, WireGuard ndi Linus Torvalds. Pafupifupi nthawi imeneyo, ntchito inayamba kuphatikizapo VPN mu Linux kernel. Ntchitoyi inatenga nthawi yayitali.
"Ndikuwona kuti a Jason apempha kuti aphatikizepo WireGuard mu kernel," Linus adalemba pa Ogasiti 2, 2018. - Kodi ndingangolengezanso chikondi changa pa VPN iyi ndikuyembekeza kuphatikiza posachedwa? Khodiyo mwina siyingakhale yangwiro, koma ndidayiyang'ana, ndikuyerekeza ndi zoopsa za OpenVPN ndi IPSec, ndi ntchito yeniyeni yaluso. "
Ngakhale kuti Linus ankafuna, mgwirizanowu unapitirira kwa chaka chimodzi ndi theka. Vuto lalikulu lidakhala lolumikizidwa ndi magwiridwe antchito a cryptographic, omwe adagwiritsidwa ntchito kukonza magwiridwe antchito. Pambuyo pazokambirana zazitali mu Seputembara 2019 zidachitika masulirani zigamba ku ntchito za Crypto API zomwe zimapezeka mu kernel, zomwe opanga WireGuard ali ndi madandaulo pankhani ya ntchito ndi chitetezo chambiri. Koma adaganiza zolekanitsa ntchito za WireGuard crypto m'malo osiyanasiyana a Zinc API ndipo pamapeto pake amawalowetsa ku kernel. Mu Novembala, opanga kernel adasunga lonjezo lawo ndipo kusamutsa gawo la code kuchokera ku Zinc kupita ku kernel yayikulu. Mwachitsanzo, mu Crypto API kukhazikitsa mwachangu ma algorithms a ChaCha20 ndi Poly1305 okonzedwa mu WireGuard.
Pomaliza, pa Disembala 9, 2019, David S. Miller, yemwe ndi woyang'anira ma network a Linux kernel, ku nthambi yotsatira ndikukhazikitsa mawonekedwe a VPN kuchokera ku polojekiti ya WireGuard.
Ndipo lero, Januware 29, 2020, zosintha zidapita ku Linus kuti ziphatikizidwe mu kernel.
Ubwino wonenedwa ndi WireGuard pa mayankho ena a VPN:
- Yosavuta kugwiritsa ntchito.
- Amagwiritsa ntchito cryptography yamakono: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, etc.
- Nambala yaying'ono, yowerengeka, yosavuta kufufuza ngati ili pachiwopsezo.
- Kuchita kwakukulu.
- Zomveka komanso zofotokozera .
Malingaliro onse a WireGuard amatenga mizere yochepera 4000, pomwe OpenVPN ndi IPSec zimafunikira mizere mazana masauzande.
"WireGuard imagwiritsa ntchito lingaliro la makiyi achinsinsi, omwe amaphatikiza kuyika kiyi yachinsinsi pa intaneti iliyonse ndikugwiritsa ntchito makiyi agulu kuti amange. Makiyi apagulu amasinthidwa kuti akhazikitse kulumikizana mofanana ndi SSH. Kukambilana makiyi ndikulumikizana popanda kugwiritsa ntchito daemon yosiyana m'malo ogwiritsa ntchito, makina a Noise_IK kuchokera zofanana ndi kusunga authorized_keys mu SSH. Kutumiza kwa data kumachitika kudzera mu encapsulation mu mapaketi a UDP. Imathandizira kusintha adilesi ya IP ya seva ya VPN (kuyendayenda) popanda kulumikiza kulumikizana ndikusinthanso kwa kasitomala, - Opennet.
Za kubisa mtsinje cipher ndi algorithm yotsimikizira uthenga (MAC) , lopangidwa ndi Daniel Bernstein (), Tanja Lange and Peter Schwabe. ChaCha20 ndi Poly1305 zili pabwino ngati ma analogue othamanga komanso otetezeka a AES-256-CTR ndi HMAC, kukhazikitsidwa kwa mapulogalamu omwe amalola kukwaniritsa nthawi yokhazikika popanda kugwiritsa ntchito zida zapadera zothandizira. Kuti mupange kiyi yachinsinsi yogawana, elliptic curve Diffie-Hellman protocol imagwiritsidwa ntchito pakukhazikitsa , yomwe idaperekedwanso ndi Daniel Bernstein. Algorithm yomwe imagwiritsidwa ntchito pa hashing ndi ".
Zotsatira kuchokera patsamba lovomerezeka:
Bandwidth (megabit/s)
Ping (ms)
Kukonzekera koyesa:
- Intel Core i7-3820QM ndi Intel Core i7-5200U
- Gigabit makadi Intel 82579LM ndi Intel I218LM
- Linux 4.6.1
- Kusintha kwa WireGuard: 256-bit ChaCha20 yokhala ndi Poly1305 ya MAC
- Kusintha koyamba kwa IPsec: 256-bit ChaCha20 yokhala ndi Poly1305 ya MAC
- Kusintha kwachiwiri kwa IPsec: AES-256-GCM-128 (ndi AES-NI)
- Kukonzekera kwa OpenVPN: AES 256-bit yofanana ndi cipher suite yokhala ndi HMAC-SHA2-256, UDP mode
- Kuchita kwake kunayesedwa pogwiritsa ntchito
iperf3, ikuwonetsa zotsatira zapakati pa mphindi 30.
Mwachidziwitso, ikangophatikizidwa mu network stack, WireGuard iyenera kugwira ntchito mwachangu kwambiri. Koma zenizeni izi sizidzakhala choncho chifukwa cha kusintha kwa Crypto API cryptographic ntchito zomangidwa mu kernel. Mwina si onse omwe ali okongoletsedwabe kuti akhale ndi magwiridwe antchito a WireGuard.
"Malingaliro anga, WireGuard nthawi zambiri ndi yabwino kwa ogwiritsa ntchito. Zosankha zonse zotsika zimapangidwa motsatira ndondomeko, kotero ndondomeko yokonzekera zomangamanga za VPN zimatenga mphindi zochepa chabe. Ndikosatheka kusokoneza kasinthidwe - pa Habre mu 2018. - Njira yoyika pa tsamba lovomerezeka, ndikufuna padera kuzindikira zabwino kwambiri . Kusavuta kugwiritsa ntchito komanso kuphatikizika kwa code base kunatheka pochotsa kugawa kwa makiyi. Palibe dongosolo la satifiketi zovuta komanso zoopsa zonse zamakampani; makiyi achidule obisa amagawidwa ngati makiyi a SSH. β
Ntchito ya WireGuard yakhala ikukula kuyambira 2015, idawunikidwa ndipo . Thandizo la WireGuard likuphatikizidwa mu NetworkManager ndi systemd, ndipo mapepala a kernel akuphatikizidwa m'magawo oyambira a Debian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph ndi ALT.
Source: www.habr.com