Nhasi Linus akatamisa bazi-rinotevera neVPN interfaces kwaari
Kodhi yekuunganidza yeLinux 5.6 kernel irikuenderera mberi. WireGuard inokurumidza-inotevera-chizvarwa VPN inoshandisa yemazuva ano cryptography. Yakagadzirwa senzira iri nyore uye iri nyore kune iripo VPNs. Munyori weCanada ruzivo rwekuchengetedza ruzivo Jason A. Donenfeld. Muna Nyamavhuvhu 2018, WireGuard
"Ndinoona kuti Jason aita chikumbiro chekudhonza WireGuard mukernel," Linus akanyora musi waNyamavhuvhu 2, 2018. - Ndinogona here kuzivisa zvakare rudo rwangu rweVPN iyi uye tariro yekubatanidzwa munguva pfupi? Iyo kodhi inogona kunge isina kukwana, asi ndakaitarisa, uye ichienzaniswa nekutyisa kweOpenVPN uye IPSec, ibasa chairo reunyanzvi. "
Pasinei nezvido zvaLinus, kubatanidzwa kwacho kwakaenderera mberi kwegore nehafu. Dambudziko guru rakazove rakasungirirwa kune proprietary implementations ye cryptographic mabasa, ayo akashandiswa kuvandudza kushanda. Mushure menhaurirano refu munaGunyana 2019 zvaive
Pakupedzisira, muna Zvita 9, 2019, David S. Miller, ane mutoro weiyo networking subsystem yeLinux kernel,
Uye nhasi, Ndira 29, 2020, shanduko dzakaenda kuLinus kuti dziiswe mukernel.
Zvinonzi zvakanakira WireGuard pamusoro pemamwe maVPN mhinduro:
- Nyore kushandisa.
- Inoshandisa cryptography yemazuva ano: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, nezvimwe.
- Compact, kodhi inoverengeka, iri nyore kuferefeta kune kusarongeka.
- Kuita kwepamusoro.
- Zvakajeka uye zvakanyatsorongeka
tsanangudzo .
Yese yeWireGuard's core logic inotora isingasviki 4000 mitsara yekodhi, nepo OpenVPN uye IPSec inoda mazana ezviuru zvemitsara.
"WireGuard inoshandisa pfungwa yekuvharidzira kiyi nzira, iyo inosanganisira kubatanidza kiyi yakavanzika kune yega yega network interface uye kushandisa makiyi eruzhinji kuisunga. Makiyi eruzhinji anotsinhaniswa kuti amise chinongedzo nenzira yakafanana kune SSH. Kutaurirana makiyi uye kubatana pasina kumhanyisa daemon yakaparadzana munzvimbo yemushandisi, iyo Noise_IK michina kubva
Noise Protocol Framework zvakafanana nekuchengetedza authorized_keys muSSH. Kuendesa data kunoitwa kuburikidza ne encapsulation muUDP mapaketi. Inotsigira kushandura IP kero yeVPN server (kutenderera) pasina kubvisa kubatana neotomatiki kugadziridzwa kwemutengi, -anonyora Opennet.For encryption
inoshandiswa ne stream cipherChaCha20 uye meseji yekusimbisa algorithm (MAC)Poly1305 , yakagadzirwa naDaniel Bernstein (Daniel J. Bernstein ), Tanja Lange naPeter Schwabe. ChaCha20 nePoly1305 zvakamisikidzwa seanokurumidza uye akachengeteka analogues eAES-256-CTR neHMAC, iyo software yekumisikidza inobvumira kuwana yakatemwa yekuuraya nguva pasina kushandisa yakakosha Hardware rutsigiro. Kugadzira kiyi yakavanzika yakagovaniswa, iyo elliptic curve Diffie-Hellman protocol inoshandiswa mukuitaCurve25519 , zvakare yakakurudzirwa naDaniel Bernstein. Iyo algorithm inoshandiswa kune hashing ndeyeBLAKE2s (RFC7693) ".
Mhinduro
Bandwidth (megabit/s)
Ping (ms)
Muedzo kugadzirisa:
- Intel Core i7-3820QM uye Intel Core i7-5200U
- Gigabit makadhi Intel 82579LM uye Intel I218LM
- Linux 4.6.1
- WireGuard Configuration: 256-bit ChaCha20 ine Poly1305 yeMAC
- Kutanga IPsec kumisikidzwa: 256-bit ChaCha20 ine Poly1305 yeMAC
- Chechipiri IPsec kumisikidza: AES-256-GCM-128 (ine AES-NI)
- OpenVPN Configuration: AES 256-bit yakaenzana cipher suite ine HMAC-SHA2-256, UDP maitiro
- Kuita kwakayerwa pachishandiswa
iperf3
, inoratidza avhareji yemhedzisiro pamusoro pemaminitsi makumi matatu.
Mune dzidziso, kana yangobatanidzwa munetiweki stack, WireGuard inofanirwa kushanda nekukurumidza. Asi muchokwadi izvi hazvizove zvakadaro nekuda kwekuchinja kune Crypto API cryptographic mabasa akavakirwa mukernel. Zvichida havasi vese vachiri kugadziridzwa kusvika padanho rekuita rekuzvarwa WireGuard.
"Semaonero angu, WireGuard inowanzo kanakira mushandisi. Sarudzo dzese dzepasi-pasi dzinoitwa mune yakatarwa, saka maitiro ekugadzirira yakajairwa VPN zvivakwa zvinotora maminetsi mashoma. Zvinenge zvisingaite kuita chikanganiso mukugadzirisa -
akanyora paHabrΓ© muna 2018. - Kuiswa maitiroinotsanangurwa zvakadzama pane webhusaiti yepamutemo, ndinoda kucherechedza zvakasiyana zvakanakaOpenWRT rutsigiro . Izvi zviri nyore zvekushandisa uye compactness yekodhi nheyo yakawanikwa nekubvisa kugoverwa kwemakiyi. Iko hakuna yakaoma chitupa system uye zvese izvi zvinotyisa zvekambani; makiyi mapfupi encryption akagoverwa zvakanyanya seSSH makiyi. "
Iyo WireGuard purojekiti yanga ichikura kubva 2015, yakaongororwa uye
Source: www.habr.com