chizindikiro cha VPN kumasulidwa , zomwe zidawonetsa kuperekedwa kwa zigawo za WireGuard pachimake chachikulu ndi kukhazikika kwachitukuko. Code ikuphatikizidwa mu Linux kernel kuwunika kowonjezera kwachitetezo kochitidwa ndi kampani yodziyimira payokha yomwe imachita kafukufuku wotere. Kafukufukuyu sanaulule zovuta zilizonse.
Popeza WireGuard tsopano ikupangidwa mu kernel yayikulu ya Linux, nkhokwe yakonzedwa kuti igawidwe ndipo ogwiritsa ntchito akupitiliza kugwiritsa ntchito mitundu yakale ya kernel. . Chosungiracho chimaphatikizapo code ya WireGuard yobwerera kumbuyo ndi compat.h wosanjikiza kuti zitsimikizire kuti zimagwirizana ndi maso akale. Zikudziwika kuti malinga ngati opanga ali ndi mwayi ndipo ogwiritsa ntchito akuwufuna, mtundu wina wa zigamba udzathandizidwa mu mawonekedwe ogwirira ntchito. M'mawonekedwe ake apano, mtundu woyimilira wa WireGuard ungagwiritsidwe ntchito ndi maso kuchokera ΠΈ , komanso kupezeka ngati zigamba za ma kernels a Linux ΠΈ . Kugawa pogwiritsa ntchito maso atsopano monga Arch, Gentoo ndi
Fedora 32 azitha kugwiritsa ntchito WireGuard ndikusintha kwa 5.6 kernel.
Njira yayikulu yachitukuko tsopano ikuchitika munkhokwe , yomwe imaphatikizapo mtengo wathunthu wa Linux kernel ndi zosintha kuchokera ku polojekiti ya Wireguard. Zigamba zochokera m'nkhokweyi zidzawunikidwanso kuti ziphatikizidwe mu kernel yayikulu ndikukankhira ku ukonde / nthambi zotsatira. Kupititsa patsogolo zofunikira ndi zolemba zomwe zimayendetsedwa m'malo ogwiritsira ntchito, monga wg ndi wg-mwamsanga, zimachitika kumalo osungirako. , zomwe zingagwiritsidwe ntchito popanga phukusi pogawa.
Tiyeni tikukumbutseni kuti VPN WireGuard ikugwiritsidwa ntchito pamaziko a njira zamakono zolembera, zimapereka ntchito zapamwamba kwambiri, ndizosavuta kugwiritsa ntchito, zopanda mavuto ndipo zadziwonetsera yokha m'magulu angapo akuluakulu omwe amayendetsa magalimoto ambiri. Ntchitoyi yakhala ikukula kuyambira 2015, idawunikidwa komanso njira zama encryption zomwe zimagwiritsidwa ntchito. Thandizo la WireGuard laphatikizidwa kale mu NetworkManager ndi systemd, ndipo zigamba za kernel zikuphatikizidwa mu magawo oyambira. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, ΠΈ .
WireGuard amagwiritsa ntchito lingaliro la makiyi achinsinsi, omwe amaphatikiza kuyika kiyi yachinsinsi pa intaneti iliyonse ndikuigwiritsa ntchito kumanga makiyi a anthu onse. Makiyi apagulu amasinthidwa kuti akhazikitse kulumikizana mofanana ndi SSH. Kukambilana makiyi ndikulumikizana popanda kugwiritsa ntchito daemon yosiyana m'malo ogwiritsa ntchito, makina a Noise_IK kuchokera zofanana ndi kusunga authorized_keys mu SSH. Kutumiza kwa data kumachitika kudzera mu encapsulation mu mapaketi a UDP. Imathandizira kusintha adilesi ya IP ya seva ya VPN (kuyendayenda) popanda kulumikiza kulumikizana ndikusinthanso kwa kasitomala.
Za kubisa mtsinje cipher ndi algorithm yotsimikizira uthenga (MAC) , lopangidwa ndi Daniel Bernstein (), Tanya Lange
(Tanja Lange) ndi Peter Schwabe. ChaCha20 ndi Poly1305 zili pabwino ngati ma analogue othamanga komanso otetezeka a AES-256-CTR ndi HMAC, kukhazikitsidwa kwa mapulogalamu omwe amalola kukwaniritsa nthawi yokhazikika popanda kugwiritsa ntchito zida zapadera zothandizira. Kuti mupange kiyi yachinsinsi yogawana, elliptic curve Diffie-Hellman protocol imagwiritsidwa ntchito pakukhazikitsa , yomwe idaperekedwanso ndi Daniel Bernstein. Algorithm yomwe imagwiritsidwa ntchito pa hashing ndi .
Pansi zakale Performance WireGuard idawonetsa kuchulukira kuwirikiza ka 3.9 ndi kuyankha kokwera ka 3.8 poyerekeza ndi OpenVPN (256-bit AES yokhala ndi HMAC-SHA2-256). Poyerekeza ndi IPsec (256-bit ChaCha20+Poly1305 ndi AES-256-GCM-128), WireGuard ikuwonetsa kusintha pang'ono (13-18%) ndi latency yochepa (21-23%). Zotsatira zoyeserera zomwe zayikidwa patsamba la pulojekitiyi zikuwonetsa kukhazikitsidwa kwa WireGuard kwakale koyima ndipo zimalembedwa kuti ndizosakwanira. Chiyambireni kuyezetsa, code ya WireGuard ndi IPsec yakonzedwanso ndipo tsopano ikufulumira. Kuyesa kokwanira kokwanira kukhazikitsidwa kophatikizidwa mu kernel sikunachitikebe. Komabe, zimadziwika kuti WireGuard imachitabe bwino kuposa IPsec nthawi zina chifukwa cha ulusi wambiri, pomwe OpenVPN imakhala yochedwa kwambiri.
Source: opennet.ru