Nguva yasvika iyo VPN haisisiri imwe yemhando yekushandisa yendebvu system maneja. Vashandisi vane mabasa akasiyana, asi chokwadi ndechekuti munhu wese anoda VPN.
Dambudziko neazvino VPN mhinduro nderekuti dzakaoma kugadzirisa nemazvo, dzinodhura kuchengetedza, uye dzakazara nenhaka kodhi yemhando inopokana.
Makore akati kuti apfuura, nyanzvi yekuchengetedzwa kwemashoko kuCanada Jason A. Donenfeld akasarudza kuti akanga atokwana nazvo ndokutanga kushanda pairi.
Zvinonzi zvakanakira WireGuard pamusoro pemamwe maVPN mhinduro:
- Nyore kushandisa.
- Inoshandisa cryptography yemazuva ano: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, nezvimwe.
- Compact, kodhi inoverengeka, iri nyore kuferefeta kune kusarongeka.
- Kuita kwepamusoro.
- Zvakajeka uye zvakanyatsorongeka
tsanangudzo .
Bara resirivha rawanikwa here? Inguva yekuviga OpenVPN uye IPSec? Ndakasarudza kutarisana neizvi, uye panguva imwe chete ndakazviita
Misimboti yebasa
Mitemo yekushandisa inogona kutsanangurwa seizvi:
- Iyo WireGuard interface inogadzirwa uye kiyi yakavanzika uye IP kero inopihwa kwairi. Zvirongwa zvevamwe vezera zvakaremerwa: makiyi avo eruzhinji, IP kero, nezvimwe.
- Yese IP mapaketi anosvika paWireGuard interface akaiswa muUDP uye
kununurwa zvakachengeteka vamwe vezera. - Vatengi vanotsanangura iyo yeruzhinji IP kero yeseva muzvirongwa. Sevha inoziva otomatiki kero dzevatengi kana data rakanyatso zivikanwa ragamuchirwa kubva kwavari.
- Sevha inogona kushandura kero yeruzhinji IP pasina kukanganisa basa rayo. Panguva imwecheteyo, inotumira yambiro kune vatengi vakabatana uye ivo vanozogadzirisa gadziriso yavo panhunzi.
- Pfungwa yekufambisa inoshandiswa
Cryptokey Routing . WireGuard inogamuchira uye inotumira mapaketi zvichienderana nekiyi yeruzhinji yevezera. Kana sevha ikabvisa pakiti yakanyatsosimbiswa, munda wayo we src unotariswa. Kana ichienderana nekugadzirisaallowed-ips
peer yakatendeseka, pakiti inogamuchirwa neWireGuard interface. Pakutumira pakiti inobuda, maitiro anoenderana anoitika: iyo dst munda wepaketi inotorwa uye, zvichibva pairi, iyo inoenderana peer inosarudzwa, iyo packet inosainwa nekiyi yayo, yakavharidzirwa nekiyi yevezera uye inotumirwa kunzvimbo iri kure yekupedzisira. .
Yese yeWireGuard's core logic inotora isingasviki zviuru zvina mitsara yekodhi, nepo OpenVPN uye IPSec vane mazana ezviuru zvemitsara. Kutsigira yemazuva ano cryptographic algorithms, inokurudzirwa kuti ibatanidze itsva cryptographic API muLinux kernel
Kubudirira
Iyo yakanyanya kuita mukana wekuita (ichienzaniswa neOpenVPN uye IPSec) ichaonekwa pane Linux masisitimu, sezvo WireGuard inoitwa senge kernel module ipapo. Mukuwedzera, macOS, Android, iOS, FreeBSD uye OpenBSD zvinotsigirwa, asi mazviri WireGuard inomhanya munzvimbo yevashandisi nemigumisiro yese inotevera. Tsigiro yeWindows inotarisirwa kuwedzerwa munguva pfupi iri kutevera.
Benchmark zvawanikwa ne
Chiitiko changu chekushandisa
Ini handisi nyanzvi yeVPN. Ndakamboseta OpenVPN nemaoko uye zvainetesa, uye handina kana kumboyedza IPSec. Kune sarudzo dzakawandisa dzekuita, zviri nyore kwazvo kuzvipfura wega mutsoka. Naizvozvo, ini ndaigara ndichishandisa akagadzirira-akagadzirwa zvinyorwa kugadzirisa sevha.
Saka, WireGuard, kubva pakuona kwangu, kazhinji yakanakira mushandisi. Sarudzo dzese dzepasi-pasi dzinoitwa mune yakatarwa, saka maitiro ekugadzirira yakajairwa VPN zvivakwa zvinotora maminetsi mashoma. Zvinenge zvisingabviri kubiridzira mukugadzirisa.
Kuisa nzira
Encryption makiyi anogadzirwa neutility wg
:
SERVER_PRIVKEY=$( wg genkey )
SERVER_PUBKEY=$( echo $SERVER_PRIVKEY | wg pubkey )
CLIENT_PRIVKEY=$( wg genkey )
CLIENT_PUBKEY=$( echo $CLIENT_PRIVKEY | wg pubkey )
Tevere, iwe unofanirwa kugadzira server config /etc/wireguard/wg0.conf
nezvinotevera zvirimo:
[Interface]
Address = 10.9.0.1/24
PrivateKey = $SERVER_PRIVKEY
[Peer]
PublicKey = $CLIENT_PUBKEY
AllowedIPs = 10.9.0.2/32
uye simudza tunnel ne script wg-quick
:
sudo wg-quick up /etc/wireguard/wg0.conf
Pane masisitimu ane systemd unogona kushandisa izvi pachinzvimbo sudo systemctl start [email protected]
.
Pamuchina wevatengi, gadzira config /etc/wireguard/wg0.conf
:
[Interface]
PrivateKey = $CLIENT_PRIVKEY
Address = 10.9.0.2/24
[Peer]
PublicKey = $SERVER_PUBKEY
AllowedIPs = 0.0.0.0/0
Endpoint = 1.2.3.4:51820 # ΠΠ½Π΅ΡΠ½ΠΈΠΉ IP ΡΠ΅ΡΠ²Π΅ΡΠ°
PersistentKeepalive = 25
Uye simudza tunnel nenzira imwechete:
sudo wg-quick up /etc/wireguard/wg0.conf
Chasara kugadzirisa NAT pane server kuitira kuti vatengi vagone kuwana iyo Internet, uye wapedza!
Izvi zviri nyore zvekushandisa uye compactness yekodhi base yakawanikwa nekubvisa yakakosha kugovera basa. Iko hakuna yakaoma chitupa system uye zvese izvi zvinotyisa zvekambani; makiyi mapfupi encryption akagoverwa zvakanyanya seSSH makiyi. Asi izvi zvinounza dambudziko: WireGuard haizove nyore kuita pane mamwe manetwork aripo.
Pakati pezvakashata, zvakakosha kuziva kuti WireGuard haishande kuburikidza neHTTP proxy, sezvo chete UDP protocol inowanikwa sechokufambisa. Mubvunzo unomuka: zvinokwanisika here kuvhiringidza iyo protocol? Ehe, iri harisi iro rakananga basa reVPN, asi kuOpenVPN, semuenzaniso, kune nzira dzekuzvivanza seHTTPS, iyo inobatsira vagari venyika dzehudzvanyiriri kushandisa zvizere Internet.
zvakawanikwa
Kupfupisa, iyi ipurojekiti inonakidza uye inovimbisa, unogona kutoishandisa pamaseva emunhu. Chii purofiti? Kuita kwepamusoro paLinux masisitimu, nyore kuseta uye kutsigirwa, compact uye inoverengeka kodhi base. Nekudaro, kuchiri kukasika kumhanyisa kuendesa zvivakwa zvakaomarara kuWireGuard; zvakakodzera kumirira kuisirwa muLinux kernel.
Kuchengetedza yangu (uye yako) nguva, ndakagadzira
Source: www.habr.com