Kutulutsidwa kwa pulojekiti ya Nebula 1.5 kulipo, kumapereka zida zomangira maukonde otetezedwa. Netiweki imatha kulumikizana kuchokera pamagulu angapo mpaka masauzande ambiri olekanitsidwa ndi malo omwe amakhala ndi othandizira osiyanasiyana, kupanga netiweki yapayokha pamwamba pa netiweki yapadziko lonse lapansi. Ntchitoyi idalembedwa mu Go ndikugawidwa pansi pa layisensi ya MIT. Pulojekitiyi idakhazikitsidwa ndi Slack, yomwe imapanga mthenga wamakampani wa dzina lomweli. Imathandizira Linux, FreeBSD, macOS, Windows, iOS ndi Android.
Ma Node pa Nebula network amalumikizana mwachindunji munjira ya P2P-malumikizidwe achindunji a VPN amapangidwa mwamphamvu chifukwa deta imayenera kusamutsidwa pakati pa node. Kudziwika kwa wolandira aliyense pa intaneti kumatsimikiziridwa ndi satifiketi ya digito, ndipo kulumikizana ndi netiweki kumafuna kutsimikizika - wogwiritsa ntchito aliyense amalandira chiphaso chotsimikizira adilesi ya IP mu netiweki ya Nebula, dzina ndi umembala m'magulu olandila. Zikalata zimasainidwa ndi oyang'anira certification amkati, omwe amatumizidwa ndi wopanga ma netiweki pamalo ake ndipo amagwiritsidwa ntchito kutsimikizira ulamulilo wa omwe ali ndi ufulu wolumikizana ndi netiweki ya overlay.
Kuti apange njira yolumikizirana yotsimikizika, yotetezedwa, Nebula imagwiritsa ntchito njira yakeyake yolumikizirana ndi Diffie-Hellman key exchange protocol ndi AES-256-GCM cipher. Kukhazikitsidwa kwa protocol kumatengera zakale zopangidwa kale komanso zotsimikiziridwa zoperekedwa ndi Noise framework, yomwe imagwiritsidwanso ntchito pama projekiti monga WireGuard, Lightning ndi I2P. Ntchitoyi akuti idachita kafukufuku wodziyimira pawokha.
Kuti mupeze ma node ena ndikugwirizanitsa ma netiweki, ma node apadera a "lighthouse" amapangidwa, ma adilesi apadziko lonse a IP omwe amakhazikika komanso odziwika kwa omwe akuchita nawo ma network. Ma node omwe akutenga nawo mbali samamangidwa ku adilesi yakunja ya IP; amadziwika ndi satifiketi. Eni eni ake sangasinthe ziphaso zosainidwa paokha ndipo, mosiyana ndi ma IP achikhalidwe, sangayerekeze kukhala wolandila wina posintha adilesi ya IP. Pamene tunnel ipangidwa, chizindikiritso cha wolandirayo chimatsimikiziridwa ndi kiyi yachinsinsi.
Netiweki yopangidwa imapatsidwa ma adilesi angapo a intraneti (mwachitsanzo, 192.168.10.0/24) ndipo ma adilesi amkati amalumikizidwa ndi satifiketi yolandira. Magulu amatha kupangidwa kuchokera kwa omwe akutenga nawo gawo pamaneti owunjika, mwachitsanzo, kupatutsa ma seva ndi malo ogwirira ntchito, komwe malamulo amasefa amasefa amatsatiridwa. Njira zosiyanasiyana zimaperekedwa kuti zilambalale omasulira maadiresi (NATs) ndi ma firewall. Ndi zotheka kukonza njira kudzera pamaneti ophatikizika amagalimoto kuchokera kwa omwe sali mbali ya Nebula network (njira yosatetezeka).
Imathandizira kupanga ma firewall kuti alekanitse mwayi ndi kusefa magalimoto pakati pa node mu Nebula overlay network. Ma ACL okhala ndi ma tag amagwiritsidwa ntchito posefa. Wolandira aliyense pa netiweki amatha kufotokozera malamulo ake osefera kutengera makamu, magulu, ma protocol, ndi ma network. Pankhaniyi, makamu sasefedwa ndi ma adilesi a IP, koma ndi zozindikiritsa zosainidwa ndi digito, zomwe sizingapangidwe popanda kusokoneza malo otsimikizira omwe akugwirizanitsa maukonde.
M'kutulutsa kwatsopano:
- Anawonjezera mbendera "-raw" ku lamulo la print-cert kuti musindikize chiwonetsero cha PEM cha satifiketi.
- Thandizo lowonjezera la zomangamanga zatsopano za Linux riscv64.
- Onjezani zochunira zoyeserera za remote_allow_ranges kuti zimangirize mndandanda wa olandila ololedwa kumagulu ena ang'onoang'ono.
- Chowonjezera pki.disconnect_invalid njira yokhazikitsiranso tunnel pambuyo pa kutha kwa chikhulupiliro kapena satifiketi yatha.
- Njira yowonjezedwa ya unsafe_routes. .metric kuti apereke kulemera kwa njira inayake yakunja.
Source: opennet.ru