Nhasi Linus akatamisa bazi-rinotevera neVPN interfaces kwaari . Nezve chiitiko ichi paWireGuard tsamba yetsamba.
Kodhi yekuunganidza yeLinux 5.6 kernel irikuenderera mberi. WireGuard inokurumidza-inotevera-chizvarwa VPN inoshandisa yemazuva ano cryptography. Yakagadzirwa senzira iri nyore uye iri nyore kune iripo VPNs. Munyori weCanada ruzivo rwekuchengetedza ruzivo Jason A. Donenfeld. Muna Nyamavhuvhu 2018, WireGuard naLinus Torvalds. Panenge panguva iyoyo, basa rakatanga kusanganisira VPN muLinux kernel. Kuita kwacho kwakatora nguva yakati rebei.
"Ndinoona kuti Jason aita chikumbiro chekudhonza WireGuard mukernel," Linus akanyora musi waNyamavhuvhu 2, 2018. - Ndinogona here kuzivisa zvakare rudo rwangu rweVPN iyi uye tariro yekubatanidzwa munguva pfupi? Iyo kodhi inogona kunge isina kukwana, asi ndakaitarisa, uye ichienzaniswa nekutyisa kweOpenVPN uye IPSec, ibasa chairo reunyanzvi. "
Pasinei nezvido zvaLinus, kubatanidzwa kwacho kwakaenderera mberi kwegore nehafu. Dambudziko guru rakazove rakasungirirwa kune proprietary implementations ye cryptographic mabasa, ayo akashandiswa kuvandudza kushanda. Mushure menhaurirano refu munaGunyana 2019 zvaive shandura zvigamba kune Crypto API mabasa anowanikwa mu kernel, iyo iyo WireGuard Developers vane zvichemo mumunda wekuita uye kuchengetedzwa kwese. Asi vakasarudza kupatsanura mabasa eiyo WireGuard crypto mashandiro mune yakaparadzana yakaderera-level Zinc API uye pakupedzisira kuvaendesa kune kernel. MunaNovember, vanogadzira kernel vakachengeta vimbiso yavo uye kutamisa chikamu chekodhi kubva kuZinc kuenda kune main kernel. Somuenzaniso, mu Crypto API kukurumidza kuita kweChaCha20 uye Poly1305 algorithms yakagadzirirwa muWireGuard.
Pakupedzisira, muna Zvita 9, 2019, David S. Miller, ane mutoro weiyo networking subsystem yeLinux kernel, kubazi remambure-rinotevera nekushandiswa kweVPN interface kubva kuWireGuard purojekiti.
Uye nhasi, Ndira 29, 2020, shanduko dzakaenda kuLinus kuti dziiswe mukernel.
Zvinonzi zvakanakira WireGuard pamusoro pemamwe maVPN mhinduro:
- Nyore kushandisa.
- Inoshandisa cryptography yemazuva ano: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, nezvimwe.
- Compact, kodhi inoverengeka, iri nyore kuferefeta kune kusarongeka.
- Kuita kwepamusoro.
- Zvakajeka uye zvakanyatsorongeka .
Yese yeWireGuard's core logic inotora isingasviki 4000 mitsara yekodhi, nepo OpenVPN uye IPSec inoda mazana ezviuru zvemitsara.
"WireGuard inoshandisa pfungwa yekuvharidzira kiyi nzira, iyo inosanganisira kubatanidza kiyi yakavanzika kune yega yega network interface uye kushandisa makiyi eruzhinji kuisunga. Makiyi eruzhinji anotsinhaniswa kuti amise chinongedzo nenzira yakafanana kune SSH. Kutaurirana makiyi uye kubatana pasina kumhanyisa daemon yakaparadzana munzvimbo yemushandisi, iyo Noise_IK michina kubva zvakafanana nekuchengetedza authorized_keys muSSH. Kuendesa data kunoitwa kuburikidza ne encapsulation muUDP mapaketi. Inotsigira kushandura IP kero yeVPN server (kutenderera) pasina kubvisa kubatana neotomatiki kugadziridzwa kwemutengi, - Opennet.
For encryption stream cipher uye meseji yekusimbisa algorithm (MAC) , yakagadzirwa naDaniel Bernstein (), Tanja Lange naPeter Schwabe. ChaCha20 nePoly1305 zvakamisikidzwa seanokurumidza uye akachengeteka analogues eAES-256-CTR neHMAC, iyo software yekumisikidza inobvumira kuwana yakatemwa yekuuraya nguva pasina kushandisa yakakosha Hardware rutsigiro. Kugadzira kiyi yakavanzika yakagovaniswa, iyo elliptic curve Diffie-Hellman protocol inoshandiswa mukuita , zvakare yakakurudzirwa naDaniel Bernstein. Iyo algorithm inoshandiswa kune hashing ndeye ".
Mhinduro kubva pawebhusaiti yepamutemo:
Bandwidth (megabit/s)
Ping (ms)
Muedzo kugadzirisa:
- Intel Core i7-3820QM uye Intel Core i7-5200U
- Gigabit makadhi Intel 82579LM uye Intel I218LM
- Linux 4.6.1
- WireGuard Configuration: 256-bit ChaCha20 ine Poly1305 yeMAC
- Kutanga IPsec kumisikidzwa: 256-bit ChaCha20 ine Poly1305 yeMAC
- Chechipiri IPsec kumisikidza: AES-256-GCM-128 (ine AES-NI)
- OpenVPN Configuration: AES 256-bit yakaenzana cipher suite ine HMAC-SHA2-256, UDP maitiro
- Kuita kwakayerwa pachishandiswa
iperf3, inoratidza avhareji yemhedzisiro pamusoro pemaminitsi makumi matatu.
Mune dzidziso, kana yangobatanidzwa munetiweki stack, WireGuard inofanirwa kushanda nekukurumidza. Asi muchokwadi izvi hazvizove zvakadaro nekuda kwekuchinja kune Crypto API cryptographic mabasa akavakirwa mukernel. Zvichida havasi vese vachiri kugadziridzwa kusvika padanho rekuita rekuzvarwa WireGuard.
"Semaonero angu, WireGuard inowanzo kanakira mushandisi. Sarudzo dzese dzepasi-pasi dzinoitwa mune yakatarwa, saka maitiro ekugadzirira yakajairwa VPN zvivakwa zvinotora maminetsi mashoma. Zvinenge zvisingaite kuita chikanganiso mukugadzirisa - paHabrΓ© muna 2018. - Kuiswa maitiro pane webhusaiti yepamutemo, ndinoda kucherechedza zvakasiyana zvakanaka . Izvi zviri nyore zvekushandisa uye compactness yekodhi nheyo yakawanikwa nekubvisa kugoverwa kwemakiyi. Iko hakuna yakaoma chitupa system uye zvese izvi zvinotyisa zvekambani; makiyi mapfupi encryption akagoverwa zvakanyanya seSSH makiyi. "
Iyo WireGuard purojekiti yanga ichikura kubva 2015, yakaongororwa uye . Rutsigiro rweWireGuard rwakabatanidzwa muNetworkManager uye systemd, uye kernel patches inosanganisirwa munheyo yekugovera yeDebian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph uye ALT.
Source: www.habr.com