ProHoster > Blog > Utongi > Sei usingafaniri kuishandisa WireGuard

Sei usingafaniri kuishandisa WireGuard

Munguva pfupi yapfuura, WireGuard inokwezva kutariswa kwakawanda, kutaura chokwadi, i "nyeredzi" itsva pakati VPNAsi zvakanaka here sezvazvinoita? Ndinoda kukurukura zvimwe zvataurwa uye kuongorora mashandiro azvo. WireGuard, kutsanangura kuti sei isiri mhinduro ichatsiva IPsec kana OpenVPN.

Muchinyorwa chino ndinoda kuburitsa pachena dzimwe ngano [dziri pamusoro WireGuard]. Ehe, inguva yakareba yekuverenga, saka kana usati wabika kapu yetii kana kofi, ino ndiyo nguva. Ndinodawo kutenda Peter nekuverenga pfungwa dzangu dzisina kugadzikana.

Chinangwa changu hachisi chekunyadzisa vanogadzira mapurogiramu aya. WireGuard, kuderedza kukosha kwezvavanoita kana mazano avo. Chigadzirwa chavo chiri kushanda, asi ini pachangu ndinotenda kuti chinoratidzwa sechinhu chakasiyana zvachose nezvachiri chaizvo - chinoratidzwa sekutsiva IPsec uye OpenVPN, izvo chaizvoizvo zvisipo pari zvino.

Semashoko ekuwedzera, ndinoda kuwedzera kuti mutoro wekuisa nzvimbo dzakadaro WireGuard zvinoburitswa nevezvenhau vakashuma nezvazvo, kwete neprojekiti yacho pachayo kana kuti nevagadziri vayo.

Munguva pfupi yapfuura pamusoro penyaya huru Linux Pakanga pasina mashoko akanaka akawanda. Takaudzwa nezvematambudziko makuru e processor akaderedzwa ne software, uye Linus Torvalds akataura nezvazvo zvaive zvisina kunaka uye zvisingafadzi, mumutauro we utilitarian we developer. Scheduler kana level-0 network stack hazvisiwo misoro yakajeka yemagazini anopenya. Uye zvino zvinouya. WireGuard.

Pabepa, zvese zvinonzwika zvakanaka: tekinoroji nyowani inonakidza.

Asi ngatizvitarisei zvishoma.

Magwaro ehunyanzvi WireGuard

Ichi chinyorwa chakavakirwa pa zvinyorwa zvepamutemo WireGuard, yakanyorwa naJason Donenfeld, kwaanotsanangura pfungwa, chinangwa, uye kushandiswa kwehunyanzvi [WireGuard] pakati Linux.

Mutsara wekutanga unoti:

WireGuard […] Chinangwa chekutsiva IPsec mune dzakawanda nzira dzekushandisa, pamwe nedzimwe nzira dzakakurumbira dzekushandisa uye/kana TLS dzakadai se OpenVPN, ukuwo zvichiva zvakachengeteka, zvinobudirira uye zviri nyore kushandisa [chishandiso].

Ehe, mukana mukuru weese matekinoroji matsva ndeavo nyore [zvichienzaniswa nevakatangira]. Asi VPN inofanirawo kuva inoshanda uye yakachengeteka.

Saka, chii chinotevera?

Kana iwe ukati izvi hazvisi izvo zvaunoda [kubva kuVPN], saka unogona kupedzisa kuverenga pano. Nekudaro, ini ndichacherechedza kuti mabasa akadaro akagadzirirwa chero imwe tunneling tekinoroji.

Chinonyanya kufadza chemashoko ari pamusoro apa chiri mumashoko okuti "muzviitiko zvizhinji", izvo, zvechokwadi, zvakafuratirwa nemapepanhau. Uye saka, isu tiri kwatakagumira nekuda kwemhirizhonga yakaitwa nekuregeredza uku - muchinyorwa chino.

Sei usingafaniri kuishandisa WireGuard

Zvichaitika here? WireGuard kutsiva VPN yangu ye [IPsec] kubva panzvimbo imwe kuenda kune imwe?

Kwete. Hapana mukana wekuti vatengesi vakuru vakaita seCisco, Juniper, nevamwe vachaitenga nekuda kwezvigadzirwa zvavo. WireGuardHava "svetukira muzvitima zvinopfuura" kunze kwekunge paine chikonzero chikuru. Gare gare, ndichakurukura zvimwe zvezvikonzero nei vangasazokwanisa kuisa zvigadzirwa zvavo muchikepe. WireGuard, kunyangwe dai vaida kudaro.

Ichapona here? WireGuard RoadWarrior yangu kubva palaptop kuenda kudata center?

Kwete. Pari zvino mu WireGuard Pane zvinhu zvakakosha zvakawanda zvisipo kuti zvikwanise kuita chimwe chinhu chakadai. Semuenzaniso, haigone kushandisa ma IP address anochinja-chinja pa server ye tunnel, uye izvi chete zvinokanganisa kushandiswa kwese kwechigadzirwa ichi.

IPFire inowanzo shandiswa kune zvakachipa Internet zvinongedzo, senge DSL kana tambo dzekubatanidza. Izvi zvine musoro kumabhizinesi madiki kana epakati asingade kukurumidza fiber. [Cherechedza kubva kumushanduri: usakanganwa kuti maererano nekukurukurirana, Russia nedzimwe nyika dzeCIS dziri kure mberi kweEurope neUnited States, nokuti takatanga kuvaka mambure edu gare gare uye nekuuya kweEthernet uye fiber optic network sechiyero, zvakanga zviri nyore kwatiri kuvakazve. Munyika dzakafanana dzeEU kana USA, xDSL Broadband kupinda nekumhanya kwe 3-5 Mbps ichiri muitiro, uye fibre optic yekubatanidza inodhura imwe mari isingaite nemaitiro edu. Naizvozvo, munyori wechinyorwa anotaura nezve DSL kana tambo yekubatanidza seyakajairika, uye kwete nguva dzekare.] Nekudaro, DSL, tambo, LTE (nedzimwe nzira dzekuwana dzisina waya) dzine simba reIP kero. Chokwadi, dzimwe nguva havawanzochinja, asi vanochinja.

Pane subproject inonzi "wg-dynamic", iyo inowedzera userspace daemon kukunda kukanganisa uku. Dambudziko hombe nemamiriro emushandisi anotsanangurwa pamusoro ndiko kuwedzera kwesimba IPv6 kugadzirisa.

Kubva pakuona kwemugovera, zvese izvi hazvitaridzike zvakanaka zvakare. Imwe yezvinangwa zvekugadzira yaive yekuchengeta protocol iri nyore uye yakachena.

Nehurombo, zvese izvi zvave nyore uye zvechinyakare, zvekuti isu tinofanirwa kushandisa imwe software kuitira kuti dhizaini iyi yese ishande mukushandisa chaiko.

WireGuard Zviri nyore kushandisa here?

Kwete parizvino. Handiri kutaura izvozvo. WireGuard Hazvizombofi zvakava imwe nzira yakanaka yekubatanidza pakati pemapoinzi maviri, asi parizvino ingori alpha version yechigadzirwa chazvinofanirwa kuva.

Asi zvino chii chaanoita chaizvoizvo? IPsec ndiyo yakanyanya kuoma kuchengetedza here?

Zviri pachena kuti kwete. IPsec mutengesi akafunga izvi uye anotumira chigadzirwa chavo pamwe chete neinterface, senge IPFire.

Kuti umise VPN tunnel pamusoro peIPsec, iwe uchada mashanu seti yedata kuti iiswe mukumisikidzwa: yako wega IP kero, iyo inogamuchira yeruzhinji IP kero, ma subnet aunoda kuzivisa kuburikidza neVPN iyi yekubatanidza, uye pre-yakagovaniswa kiyi. Nekudaro, iyo VPN inomiswa mukati memaminitsi uye inoenderana nechero mutengesi.

Sezvineiwo, pane mashoma anosiya nyaya iyi. Chero ani akaedza kufambisa pamusoro peIPsec kune OpenBSD muchina anoziva zvandiri kutaura nezvazvo. Kune mimwe mienzaniso miviri inorwadza, asi chokwadi, kune akawanda, akawanda akawanda maitiro akanaka ekushandisa IPsec.

Nezve protocol yakaoma

Mushandisi wekupedzisira haafaniri kunetseka pamusoro pekuoma kweprotocol.

Dai tairarama munyika umo ichi chainyanya kunetseka nemushandisi, saka tingadai takabvisa kare kare SIP, H.323, FTP uye mamwe maitiro akagadzirwa makore anopfuura gumi apfuura asingashande zvakanaka neNAT.

Pane zvikonzero nei IPsec yakaoma kupfuura WireGuard: Inoita zvakawanda. Semuenzaniso, inosimbisa vashandisi vachishandisa login/password kana SIM card ine EAP. Ine kugona kwakawedzerwa kwekuwedzera matsva. cryptographic primitives.

Uye pa WireGuard izvi hazvipo.

Uye izvi zvinoreva kuti WireGuard Pane imwe nguva, ichakundikana nekuti imwe yezvinyorwa zve cryptographic primitives ichashaya simba kana kukanganiswa zvachose. Munyori wemagwaro ehunyanzvi anotaura seizvi:

Izvo zvinofanirwa kucherechedzwa kuti WireGuard Kuzvivimba zvakanyanya ne cryptographic. Inoshaya ma ciphers nemaune uye ma protocol ayo. Kana maburi akakomba akawanikwa mu primitives dziri pasi, ma endpoints ese achafanirwa kugadziriswa. Sezvinoratidzwa nekuwanda kuri kuitika kwe SSL/TLS disabilities, flexibility ye encryption ikozvino yawedzera zvakanyanya.

Mutsara wekupedzisira wakarurama.

Kusvika pakubvumirana pane izvo encryption yekushandisa inoita maprotocol seIKE neTLS более yakaoma. Zvakanyanya kuoma? Ehe, kusasimba kwakajairika muTLS/SSL, uye hapana imwe nzira kwazviri.

Pakufuratira matambudziko chaiwo

Fungidzira uine VPN server ine ma production client mazana maviri, kune imwe nzvimbo pasi rose. Iyi inyaya yakajairika yekushandisa. Kana uchida kuchinja encryption, unofanira kusundidzira update kune ese makopi. WireGuard pamalaptop aya, mafoni emafoni, nezvimwewo. Panguva imwe chete deliver. Hazviiti zvachose. Mamaneja ari kuyedza kuita izvi zvinotora mwedzi kutumira magadzirirwo anodiwa, uye zvinototora makore ekambani yepakati kuti abvise chiitiko chakadaro.

IPsec uye OpenVPN inopa mukana wekutaurirana uchishandisa cipher. Saka, kwenguva pfupi, mushure mekunge wagonesa encryption itsva, yekare ichashandawo. Izvi zvinobvumira vatengi varipo kuti vakwidziridze kune vhezheni itsva. Kana gadziridzo yangoburitswa, ingodzima encryption isina njodzi. Uye ndizvozvo chete! Zvapera! Unoshamisa! Uye vatengi vako havatombozvioni.

Izvi zvinowanzoitika kune vanhu vakawanda vanotumira zvinhu, uye kunyange OpenVPN Zviri kusangana nematambudziko neizvi. Kuenderana nedata rekare kwakakosha, uye kunyangwe uchishandisa encryption isina simba, kune vazhinji, ichi hachisi chikonzero chekudzima bhizinesi ravo. Nekuti zvinokanganisa mazana evatengi nekuda kwekusakwanisa kwavo kuita mabasa avo.

chikwata WireGuard yakaita kuti maitiro ayo ave nyore, asi asina kukodzera zvachose kuvanhu vasina simba rekutonga vezera ravo vese. Mukuona kwangu, iyi ndiyo mamiriro ezvinhu akajairika.

Sei usingafaniri kuishandisa WireGuard

Cryptography!

Asi chii ichi chinhu chitsva chinonakidza chiri kushandiswa pakuvhara ruzivo? WireGuard?

WireGuard Inoshandisa Curve25519 pakuchinjana makiyi, ChaCha20 pakunyora mashoko, uye Poly1305 pakusimbisa data. Inotsigirawo SipHash pakuisa makiyi uye BLAKE2 pakuisa makiyi.

ChaCha20-Poly1305 yakajairika kune IPsec uye OpenVPN (kuburikidza neTLS).

Zviri pachena kuti kukura kwaDaniel Bernstein kunoshandiswa kakawanda. BLAKE2 ndiye anotsiva BLAKE, SHA-3 yekupedzisira iyo isina kuhwina nekuda kwekufanana kwayo neSHA-2. Dai SHA-2 yaizotyorwa, paive nemukana wakanaka wekuti BLAKE akanganiswa zvakare.

IPsec uye OpenVPN SipHash haidiwi nekuda kwekugadzirwa kwayo. Saka, chinhu chega chisingagone kushandiswa navo parizvino iBLAKE2, uye chete kusvika yagadziriswa. Izvi hazvisi dambudziko guru, sezvo maVPN anoshandisa HMAC kuti ive yakavimbika, iyo inoonekwa semhinduro yakasimba kunyangwe kana yakabatana neMD5.

Saka ndakasvika pakugumisa kuti maVPN ese anoshandisa zvishandiso zvakafanana zve cryptographic. WireGuard Hazvina kuchengetedzeka zvakanyanya kana kuti zvishoma kupfuura chero chimwe chigadzirwa chiripo kana zvasvika pakunyora kana kuvimbika kwedata rinotumirwa.

Asi kunyange ichi hachisi chinhu chinonyanya kukosha, icho chakakodzera kubhadhara maererano nemagwaro epamutemo eprojekti. Mushure mezvose, chinhu chikuru ndechekukurumidza.

WireGuard nekukurumidza kupfuura dzimwe mhinduro dzeVPN?

Muchidimbu: kwete, kwete nekukurumidza.

ChaCha20 irukova cipher iri nyore kuita musoftware. Iyo encrypts chikamu chimwe chete panguva. Vhara maprotocol seAES encrypt block 128 bits panguva. Mazhinji transistors anodiwa kuti ashandise tsigiro yehardware, saka ma processor akakura anouya neAES-NI, yekuwedzera yekuraira iyo inoita mamwe emabasa eiyo encryption process kuti ikurumidze.

Zvaitarisirwa kuti AES-NI yaisazombopinda muma smartphones [asi yakaita - approx. pa.]. Kune izvi, iyo ChaCha20 yakagadziridzwa seyakareruka, inochengetedza bhatiri imwe nzira. Naizvozvo, zvinogona kuuya senhau kwauri kuti yega yega smartphone yaunogona kutenga nhasi ine imwe mhando yeAES kukwidziridzwa uye inomhanya nekukurumidza uye nekushomeka kwesimba rekushandisa neiyi encryption pane neChaCha20.

Zviripachena, ingangoita yese desktop/server processor yakatengwa mumakore mashoma apfuura ine AES-NI.

Saka, ndinotarisira kuti AES ichaita zvakanaka kupfuura ChaCha20 mune zvese zviitiko. Magwaro epamutemo WireGuard Zvinotaurwa kuti nekuda kweAVX512, ChaCha20-Poly1305 ichaita zvakanaka kupfuura AES-NI, asi iyi mirairo yekuwedzera ichavepo chete pama processor makuru, izvo zvakare hazvizobatsiri nehardware diki uye yefoni, iyo inogara ichikurumidza neAES-NI.

Handina chokwadi kana izvi zvingadai zvakafanotaurwa panguva yekugadzirwa. WireGuard, asi nhasi chokwadi chekuti yakasungirirwa pakuvhara kamwe chete chatova chinhu chakaipa chingasave nemigumisiro yakanaka pakushanda kwayo.

IPsec inokutendera kuti usarudze zvakasununguka kuti ndeipi encryption yakanakira nyaya yako. Uye zvechokwadi, izvi zvinodikanwa kana, semuenzaniso, iwe uchida kuendesa gumi kana kupfuura gigabytes yedata kuburikidza neVPN yekubatanidza.

Matambudziko ekubatanidzwa mu Linux

Kunyange zvakadaro WireGuard Ndakasarudza nzira yemazuva ano yekudzivirira data, iyo iri kutokonzera matambudziko akawanda. Saka, pachinzvimbo chekushandisa zvinotsigirwa nekernel, kubatanidzwa kwacho kwakatanga. WireGuard yakambomiswa kwemakore nekuda kwekushaikwa kwezviyo zvepakutanga izvi mu Linux.

Handizive zvizere kuti mamiriro ezvinhu akaita sei pane mamwe masisitimu ekushanda, asi pamwe hazvina kusiyana zvakanyanya ne Linux.

Chokwadi chinotaridzika sei?

Nehurombo, pese kana mutengi achindikumbira kuti ndivagadzirire VPN yekubatanidza, ini ndinomhanyira munhau yekuti vari kushandisa zvitupa zvekare uye encryption. 3DES yakabatana neMD5 ichiri tsika yakajairika, sezvakaita AES-256 uye SHA1. Uye kunyangwe iyo yekupedzisira iri nani zvishoma, ichi hachisi chinhu chinofanira kushandiswa muna 2020.

Kuchinjana kiyi nguva dzose RSA inoshandiswa - chishandiso chinononoka asi chakachengeteka.

Makasitoma angu anodyidzana nevakuru vetsika uye mamwe masangano ehurumende nemasangano, pamwe nemakambani makuru ane mazita anozivikanwa pasi rese. Vese vanoshandisa fomu rekukumbira rakagadzirwa makumi emakore apfuura, uye kugona kushandisa SHA-512 hakuna kumbowedzerwa. Ini handigone kutaura kuti neimwe nzira inokanganisa zvakajeka kufambira mberi kwetekinoroji, asi zviri pachena kuti inononoka mashandiro emakambani.

Zvinondirwadza kuona izvi, nekuti IPsec yakatsigira elliptic curves offhand kubva mugore ra 2005. Curve25519 iriwo nyowani uye iripo kuti ishandiswe. Kune zvakare dzimwe nzira dzeAES seCamellia uye ChaCha20, asi zviri pachena kuti havasi vese vanotsigirwa nevatengesi vakuru vakaita saCisco nevamwe.

Uye vanhu vanotora mukana nazvo. Kune akawanda maCisco kits, kune akawanda kits akagadzirirwa kushanda neCisco. Ivo vatungamiriri vemusika muchikamu chino uye havafarire zvakanyanya chero mhando yekuvandudza.

Ehe, mamiriro ezvinhu [muchikamu chemakambani] akaipa, asi hatizooni shanduko dzinokonzerwa ne WireGuardVagadziri havazombofi vakaona matambudziko ekushanda kwemidziyo uye encryption yavari kushandisa kare, uye havazooni matambudziko neIKEv2—saka havasi kutsvaga dzimwe nzira.

Kazhinji, wakambofunga nezvekusiya Cisco?

Benchmarks

Zvino ngatiendererei mberi kune zviratidzo kubva mumagwaro. WireGuardKunyange zvazvo [magwaro] aya asiri esainzi, ndaitarisira kuti vagadziri vemapurogiramu vatore nzira yesainzi, kana kushandisa nzira yesainzi sechiyereso. Zviratidzo hazvibatsiri kana zvisingagoni kudzokororwa, uye zvinonyanya kubatsira kana zvikawanikwa murabhoritari.

Mumusangano WireGuard nokuti Linux Inowana mukana nekushandisa GSO (Generic Segmentation Offloading). Inobvumira mutengi kugadzira packet hombe ye64-kilobyte uye kuivharidzira nekuibvisa pasuru imwe chete. Izvi zvinoderedza mari yekuita mabasa e cryptographic uye mafoni. Kana uchida kuwedzera kugona kweVPN connection yako, iyi ipfungwa yakanaka.

Asi, senguva dzose, chokwadi hachisi nyore. Kutumira pakiti yakakura kudaro kune network adapter inoda kuti ichekwe mumapakiti madiki akawanda. Yakajairika saizi yekutumira i1500 bytes. Ndiko kuti, hofori yedu ye64 kilobytes ichakamurwa kuita 45 mapaketi (1240 bytes yeruzivo uye 20 bytes yeIP musoro). Zvadaro, kwechinguva, ivo vachavhara zvachose basa re network adapter, nekuti ivo vanofanirwa kutumirwa pamwe chete uye kamwechete. Nekuda kweizvozvo, izvi zvinotungamira kune yekutanga kusvetuka, uye mapaketi akadai seVoIP, semuenzaniso, achaiswa mumutsara.

Saka, huwandu hwakawanda hwezvibodzwa hunotaurwa neushingi WireGuard, inoitika nekunonotsa mashandiro enetwork emamwe maapplication. Uye timu WireGuard kare yakasimbiswa iyi ndiyo mhedziso yangu.

Asi ngatienderere mberi.

Zvinoenderana nemabhenji mune zvinyorwa zvehunyanzvi, kubatana kunoratidza kubuda kwe1011 Mbps.

Zvinoshamisa.

Izvi zvinoshamisa zvikuru nekuti kugona kukuru kwekubatanidza kweGigabit Ethernet imwe chete i966 Mbps nehukuru hwepaketi ye1500 bytes minus 20 bytes yeIP header, 8 bytes yeUDP header, uye 16 bytes yeheader pachayo. WireGuardPane imwe header yeIP mupaketi yakavharirwa uye imwe iri muTCP, yakareba mabyte makumi maviri. Saka bandwidth iyi yekuwedzera inobva kupi?

Nemafuremu akakura uye mabhenefiti eGSO atakataura pamusoro apa, iyo theoretical yakakwira yesaizi ye9000 bytes ingave 1014 Mbps. Kazhinji kubuda kwakadaro hakugoneki muchokwadi, nokuti inosanganiswa nematambudziko makuru. Nokudaro, ndinogona kungofungidzira kuti muedzo wakaitwa uchishandisa kunyange mafuremu akafuta akawandisa e64 kilobytes ane theoretical maximum of 1023 Mbps, iyo inotsigirwa chete nemamwe maadapter network. Asi izvi hazvigoneke zvachose mumamiriro ezvinhu chaiwo, kana kuti zvinogona kushandiswa chete pakati pezviteshi zviviri zvakabatana zvakananga, mukati mebhenji rekuyedza.

Asi sezvo mugero weVPN uchiendeswa mberi pakati pevatambi vaviri vachishandisa Internet yekubatanidza isingatsigire jumbo mafuremu zvachose, mhedzisiro inowanikwa pabhenji haigone kutorwa sebhenji. Izvi zvinongori zvisingaite murabhoritari kubudirira izvo zvisingagoneke uye zvisingashande mumamiriro ekurwa chaiwo.

Kunyangwe ndakagara munzvimbo yedata, handina kukwanisa kuendesa mafuremu akakura kupfuura 9000 bytes.

Chiyero chekushandiswa muhupenyu chaihwo chakatyorwa zvachose uye, sezvandinofunga, munyori we "chiyero" chakaitwa akazvishora zvakanyanya nekuda kwezvikonzero zviri pachena.

Sei usingafaniri kuishandisa WireGuard

Kupenya kwetariro yekupedzisira

Panzvimbo WireGuard Pane hurukuro dzakawanda pamusoro pemakontena uye zvinova pachena kuti akagadzirirwa chii chaizvo.

Iyo yakapfava uye inokurumidza VPN iyo inoda kusamisikidzwa uye inogona kuisirwa uye kugadziridzwa nematurusi makuru ekuimba senge iyo Amazon ine mugore ravo. Kunyanya, Amazon inoshandisa yazvino hardware maficha andambotaura, akadai seAVX512. Izvi zvinoitirwa kukurumidza kuita basa uye kusasungirirwa ku x86 kana chero imwe dhizaini.

Vanogadzirisa huwandu hwema "throughput" uye saizi dzema "packet" dzinodarika 9000 bytes—izvi zvinoguma nema "encapsulated frames" makuru ekutaurirana ne "container", "backup operations", "snapshot" kana "container deployment". Kunyangwe ma "dynamic IP address" haakanganisi mashandiro. WireGuard kana iri nyaya yandatsanangura.

Watamba mushe. Kuitwa kwakajeka uye kutetepa kwazvo, kunenge kurevera protocol.

Asi hazvina kukodzera nyika iri kunze kwedata center yaunodzora zvizere. Kana ukatora njodzi wotanga kushandisa WireGuard, uchafanira kugara uchigadzirisa zvinhu paunenge uchigadzira uye uchishandisa nzira yekudzivirira data.

mhedziso

Hazvina kundiomera kugumisa kuti WireGuard hazvisati zvagadzirira.

Yakagadzirirwa semhinduro yakareruka uye inokurumidza kumatambudziko akawanda nemhinduro dziripo. Zvinosuwisa kuti, kuti iwane mhinduro idzi, yakarasikirwa nezvinhu zvakawanda zvaizoshanda kune vazhinji vashandisi. Ndosaka isingakwanise kutsiva IPsec kana OpenVPN.

Mukuda WireGuard Kuti ikwanise kukwikwidzana, inofanira kuwedzera IP address configuration, routing, uye DNS configuration. Zviri pachena kuti nzira dzakavharidzirwa dzinodiwa pakuita izvi.

Chengetedzo ndiyo yandinonyanya kukoshesa, uye izvozvi handina chikonzero chekutenda kuti IKE kana TLS neimwe nzira yakakanganiswa kana kuputswa. Yemazuva ano encryption inotsigirwa mune ese ari maviri, uye iwo akaratidzirwa nemakumi emakore ekushanda. Kungoti chimwe chinhu chitsva hazvireve kuti zviri nani.

Kushanda pamwe chete kwakakosha pakutaurirana nevanhu vechitatu vane zviteshi zvausingadzore. IPsec ndiyo standard chaiyo uye inotsigirwa kwese kwese. Uye inoshanda. Uye chero chitarisiko chayo, mudzidziso, WireGuard mune ramangwana zvingasawirirana kunyangwe neshanduro dzakasiyana dzayo.

Chero chipi nechipi chekudzivirira chekrisptographic chinoputsika nokukurumidza kana kuti gare gare uye, maererano naizvozvo, inofanira kutsiviwa kana kuvandudzwa.

Kurambwa kwechokwadi ichi chose uye chishuwo chekushandisa WireGuard kubatanidza yako iPhone Kunzvimbo yebasa repamba ikirasi yepamusoro yekupinza musoro wako mujecha.

Source: www.habr.com

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster