Nguva yasvika iyo VPN haisisiri imwe yemhando yekushandisa yendebvu system maneja. Vashandisi vane mabasa akasiyana, asi chokwadi ndechekuti munhu wese anoda VPN.
Dambudziko neazvino VPN mhinduro nderekuti dzakaoma kugadzirisa nemazvo, dzinodhura kuchengetedza, uye dzakazara nenhaka kodhi yemhando inopokana.
Makore akati kuti apfuura, nyanzvi yekuchengetedzwa kwemashoko kuCanada Jason A. Donenfeld akasarudza kuti akanga atokwana nazvo ndokutanga kushanda pairi. . WireGuard ikozvino iri kugadzirira kuisirwa muLinux kernel uye yakatogamuchira kurumbidzwa kubva and in .
Zvinonzi zvakanakira WireGuard pamusoro pemamwe maVPN mhinduro:
- Nyore kushandisa.
- Inoshandisa cryptography yemazuva ano: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, nezvimwe.
- Compact, kodhi inoverengeka, iri nyore kuferefeta kune kusarongeka.
- Kuita kwepamusoro.
- Zvakajeka uye zvakanyatsorongeka .
Bara resirivha rawanikwa here? Inguva yekuviga OpenVPN uye IPSec? Ndakasarudza kutarisana neizvi, uye panguva imwe chete ndakazviita .
Misimboti yebasa
Mitemo yekushandisa inogona kutsanangurwa seizvi:
- Iyo WireGuard interface inogadzirwa uye kiyi yakavanzika uye IP kero inopihwa kwairi. Zvirongwa zvevamwe vezera zvakaremerwa: makiyi avo eruzhinji, IP kero, nezvimwe.
- Yese IP mapaketi anosvika paWireGuard interface akaiswa muUDP uye vamwe vezera.
- Vatengi vanotsanangura iyo yeruzhinji IP kero yeseva muzvirongwa. Sevha inoziva otomatiki kero dzevatengi kana data rakanyatso zivikanwa ragamuchirwa kubva kwavari.
- Sevha inogona kushandura kero yeruzhinji IP pasina kukanganisa basa rayo. Panguva imwecheteyo, inotumira yambiro kune vatengi vakabatana uye ivo vanozogadzirisa gadziriso yavo panhunzi.
- Pfungwa yekufambisa inoshandiswa . WireGuard inogamuchira uye inotumira mapaketi zvichienderana nekiyi yeruzhinji yevezera. Kana sevha ikabvisa pakiti yakanyatsosimbiswa, munda wayo we src unotariswa. Kana ichienderana nekugadzirisa
allowed-ipspeer yakatendeseka, pakiti inogamuchirwa neWireGuard interface. Pakutumira pakiti inobuda, maitiro anoenderana anoitika: iyo dst munda wepaketi inotorwa uye, zvichibva pairi, iyo inoenderana peer inosarudzwa, iyo packet inosainwa nekiyi yayo, yakavharidzirwa nekiyi yevezera uye inotumirwa kunzvimbo iri kure yekupedzisira. .
Yese yeWireGuard's core logic inotora isingasviki zviuru zvina mitsara yekodhi, nepo OpenVPN uye IPSec vane mazana ezviuru zvemitsara. Kutsigira yemazuva ano cryptographic algorithms, inokurudzirwa kuti ibatanidze itsva cryptographic API muLinux kernel . Parizvino pane nhaurirano irikuitika yekuti iri ipfungwa yakanaka here.
Kubudirira
Iyo yakanyanya kuita mukana wekuita (ichienzaniswa neOpenVPN uye IPSec) ichaonekwa pane Linux masisitimu, sezvo WireGuard inoitwa senge kernel module ipapo. Mukuwedzera, macOS, Android, iOS, FreeBSD uye OpenBSD zvinotsigirwa, asi mazviri WireGuard inomhanya munzvimbo yevashandisi nemigumisiro yese inotevera. Tsigiro yeWindows inotarisirwa kuwedzerwa munguva pfupi iri kutevera.
Benchmark zvawanikwa ne :
Chiitiko changu chekushandisa
Ini handisi nyanzvi yeVPN. Ndakamboseta OpenVPN nemaoko uye zvainetesa, uye handina kana kumboyedza IPSec. Kune sarudzo dzakawandisa dzekuita, zviri nyore kwazvo kuzvipfura wega mutsoka. Naizvozvo, ini ndaigara ndichishandisa akagadzirira-akagadzirwa zvinyorwa kugadzirisa sevha.
Saka, WireGuard, kubva pakuona kwangu, kazhinji yakanakira mushandisi. Sarudzo dzese dzepasi-pasi dzinoitwa mune yakatarwa, saka maitiro ekugadzirira yakajairwa VPN zvivakwa zvinotora maminetsi mashoma. Zvinenge zvisingabviri kubiridzira mukugadzirisa.
Kuisa nzira pane webhusaiti yepamutemo, ndinoda kucherechedza zvakasiyana zvakanaka .
Encryption makiyi anogadzirwa neutility wg:
SERVER_PRIVKEY=$( wg genkey )
SERVER_PUBKEY=$( echo $SERVER_PRIVKEY | wg pubkey )
CLIENT_PRIVKEY=$( wg genkey )
CLIENT_PUBKEY=$( echo $CLIENT_PRIVKEY | wg pubkey )Tevere, iwe unofanirwa kugadzira server config /etc/wireguard/wg0.conf nezvinotevera zvirimo:
[Interface]
Address = 10.9.0.1/24
PrivateKey = $SERVER_PRIVKEY
[Peer]
PublicKey = $CLIENT_PUBKEY
AllowedIPs = 10.9.0.2/32uye simudza tunnel ne script wg-quick:
sudo wg-quick up /etc/wireguard/wg0.confPane masisitimu ane systemd unogona kushandisa izvi pachinzvimbo sudo systemctl start [email protected].
Pamuchina wevatengi, gadzira config /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = $CLIENT_PRIVKEY
Address = 10.9.0.2/24
[Peer]
PublicKey = $SERVER_PUBKEY
AllowedIPs = 0.0.0.0/0
Endpoint = 1.2.3.4:51820 # ΠΠ½Π΅ΡΠ½ΠΈΠΉ IP ΡΠ΅ΡΠ²Π΅ΡΠ°
PersistentKeepalive = 25 Uye simudza tunnel nenzira imwechete:
sudo wg-quick up /etc/wireguard/wg0.confChasara kugadzirisa NAT pane server kuitira kuti vatengi vagone kuwana iyo Internet, uye wapedza!
Izvi zviri nyore zvekushandisa uye compactness yekodhi base yakawanikwa nekubvisa yakakosha kugovera basa. Iko hakuna yakaoma chitupa system uye zvese izvi zvinotyisa zvekambani; makiyi mapfupi encryption akagoverwa zvakanyanya seSSH makiyi. Asi izvi zvinounza dambudziko: WireGuard haizove nyore kuita pane mamwe manetwork aripo.
Pakati pezvakashata, zvakakosha kuziva kuti WireGuard haishande kuburikidza neHTTP proxy, sezvo chete UDP protocol inowanikwa sechokufambisa. Mubvunzo unomuka: zvinokwanisika here kuvhiringidza iyo protocol? Ehe, iri harisi iro rakananga basa reVPN, asi kuOpenVPN, semuenzaniso, kune nzira dzekuzvivanza seHTTPS, iyo inobatsira vagari venyika dzehudzvanyiriri kushandisa zvizere Internet.
zvakawanikwa
Kupfupisa, iyi ipurojekiti inonakidza uye inovimbisa, unogona kutoishandisa pamaseva emunhu. Chii purofiti? Kuita kwepamusoro paLinux masisitimu, nyore kuseta uye kutsigirwa, compact uye inoverengeka kodhi base. Nekudaro, kuchiri kukasika kumhanyisa kuendesa zvivakwa zvakaomarara kuWireGuard; zvakakodzera kumirira kuisirwa muLinux kernel.
Kuchengetedza yangu (uye yako) nguva, ndakagadzira . Nerubatsiro rwayo, unogona kumisikidza wega VPN iwe neshamwari dzako pasina kana kunzwisisa chero chinhu nezvazvo.
Source: www.habr.com