WireGuard "abwera" ku Linux kernel - chifukwa chiyani?

Kumapeto kwa Julayi, opanga njira ya WireGuard VPN adakonza patch set, zomwe zipangitsa mapulogalamu awo a VPN kukhala gawo la Linux kernel. Komabe, tsiku lenileni la kukhazikitsidwa kwa "lingaliro" silikudziwika. Pansipa mdulidwe tikambirana za chida ichi mwatsatanetsatane.

/ chithunzi Tambako The Jaguar CC

Mwachidule za polojekitiyi

WireGuard ndi msewu wa VPN wam'badwo wotsatira wopangidwa ndi Jason A. Donenfeld, CEO wa Edge Security. Ntchitoyi idapangidwa ngati chosavuta ndi njira yachangu ya OpenVPN ndi IPsec. Mtundu woyamba wa mankhwalawa unali ndi mizere 4 yokha ya code. Poyerekeza, OpenVPN ili ndi mizere pafupifupi 120, ndi IPSec - 420 zikwi.

Ndi malinga ndi Madivelopa, WireGuard ndiyosavuta kuyisintha ndipo chitetezo cha protocol chimakwaniritsidwa kudzera mu ma algorithms otsimikizika a cryptographic. Posintha maukonde: Wi-Fi, LTE kapena Efaneti ayenera kulumikizananso ndi seva ya VPN nthawi zonse. Ma seva a WireGuard samathetsa kulumikizidwa, ngakhale wogwiritsa ntchito alandila adilesi yatsopano ya IP.

Ngakhale kuti WireGuard idapangidwa koyambirira kwa Linux kernel, opanga kusamalidwa komanso za mtundu wonyamula wa chida chazida za Android. Ntchitoyi sinapangidwe mokwanira, koma mutha kuyesa pano. Kwa ichi muyenera kukhala m'modzi mwa oyesa.

Mwambiri, WireGuard ndiwotchuka kwambiri ndipo wakhalapo zakhazikitsidwa angapo opereka VPN, monga Mullvad ndi AzireVPN. Lofalitsidwa pa intaneti ambiri malangizo opangira chisankho ichi. Mwachitsanzo, pali otsogolera, zomwe zimapangidwa ndi ogwiritsa ntchito, ndipo pali malangizo, zokonzedwa ndi olemba ntchitoyo.

Tsatanetsatane waukadaulo

В zolemba zovomerezeka (p. 18) zimadziwika kuti kutulutsa kwa WireGuard ndikokwera kanayi kuposa kwa OpenVPN: 1011 Mbit / s motsutsana ndi 258 Mbit / s, motsatira. WireGuard ilinso patsogolo pa njira yokhazikika ya Linux IPsec - ili ndi 881 Mbit/s. Imadutsanso mosavuta kukhazikitsa.

Pambuyo makiyi asinthidwa (kulumikizana kwa VPN kumayambitsidwa mofanana ndi SSH) ndipo kugwirizana kumakhazikitsidwa, WireGuard imagwira ntchito zina zonse payekha: palibe chifukwa chodera nkhawa za njira, kayendetsedwe ka boma, ndi zina zotero. chofunika ngati mukufuna kugwiritsa ntchito symmetric encryption.

/ chithunzi Anders Hojbjerg CC

Kuti muyike, mudzafunika kugawa ndi Linux kernel yakale kuposa 4.1. Itha kupezeka m'malo osungiramo magawo akuluakulu a Linux.

$ sudo add-apt-repository ppa:hda-me/wireguard
$ sudo apt update
$ sudo apt install wireguard-dkms wireguard-tools

Monga akonzi a xakep.ru note, kudzipanga nokha kuchokera ku zolemba zoyambira ndikosavuta. Ndikokwanira kutsegula mawonekedwe ndikupanga makiyi apagulu ndi achinsinsi:

$ sudo ip link add dev wg0 type wireguard
$ wg genkey | tee privatekey | wg pubkey > publickey

WireGuard sagwiritsa ntchito mawonekedwe ogwirira ntchito ndi wopereka crypto CryptoAPI. M'malo mwake, stream cipher imagwiritsidwa ntchito ChaCha20, zolembalemba kutsanzira kulowetsa Poly1305 ndi ntchito zake za cryptographic hash.

Chinsinsi chachinsinsi chimapangidwa pogwiritsa ntchito Diffie-Hellman protocol kutengera elliptic curve Curve25519. Pamene hashing, amagwiritsa ntchito ntchito za hash YAM'MBUYO и SipHash. Chifukwa cha masitampu anthawi Mtengo wa TAI64N protocol imataya mapaketi okhala ndi masitampu ocheperako, potero kupewa DoS- и bwerezanso kuukira.

Pankhaniyi, WireGuard amagwiritsa ntchito ioctl kuwongolera I/O (yomwe idagwiritsidwa ntchito kale netlink), zomwe zimapangitsa kuti code ikhale yoyera komanso yosavuta. Mutha kutsimikizira izi poyang'ana configuration kodi.

Mapulani a mapulogalamu

Pakadali pano, WireGuard ndi gawo lakunja kwa mtengo. Koma mlembi wa ntchitoyi ndi Jason Donenfeld akuti, kuti nthawi yakwana yoti ikhazikitsidwe kwathunthu mu Linux kernel. Chifukwa ndi chosavuta komanso chodalirika kuposa mayankho ena. Jason pankhaniyi zogwiriziza ngakhale Linus Torvalds mwiniwakeyo adatcha code ya WireGuard "ntchito yaluso."

Koma palibe amene akukamba za masiku enieni a kukhazikitsidwa kwa WireGuard mu kernel. NDI sichoncho izi zidzachitika ndi kutulutsidwa kwa August Linux kernel 4.18. Komabe, pali kuthekera kuti izi zichitika posachedwa kwambiri: mu mtundu 4.19 kapena 5.0.

WireGuard ikawonjezeredwa ku kernel, opanga ndikufuna malizitsani kugwiritsa ntchito zida za Android ndikuyamba kulemba pulogalamu ya iOS. Palinso mapulani omaliza kukhazikitsa mu Go ndi Rust ndikuwayika ku macOS, Windows ndi BSD. Ikukonzekeranso kukhazikitsa WireGuard pa "machitidwe achilendo": Zamgululi, FPGA, komanso zinthu zina zambiri zosangalatsa. Onse alembedwa mu Zochita-mndandanda olemba ntchito.

PS Zolemba zina zingapo kuchokera patsamba lathu lamakampani:

• Ukadaulo wamtambo mu gawo lazachuma: zomwe zachitika m'makampani aku Russia
• Kuyesa dongosolo la disk mumtambo
• Zomwe zimabisika kuseri kwa mawu akuti vCloud Director - mawonekedwe amkati

Chitsogozo chachikulu cha ntchito yathu ndikupereka ntchito zamtambo:

Virtual Infrastructure (IaaS) | PCI DSS kuchititsa | Mtambo FZ-152 | SAP kuchititsa | Zosungirako zenizeni | Kubisa deta mumtambo | Kusungirako mitambo

Source: www.habr.com