Pakupera kwaChikunguru, vagadziri veWireGuard VPN mugero vakakurudzira , iyo ichaita yavo VPN tunneling software chikamu cheLinux kernel. Zvisinei, zuva chairo rekushandiswa kwe "pfungwa" rinoramba risingazivikanwi. Pazasi pekucheka tichataura nezve chishandiso ichi zvakadzama.
/ mufananidzo
Muchidimbu nezvechirongwa
WireGuard chizvarwa chinotevera VPN mugero wakagadzirwa naJason A. Donenfeld, CEO weEdge Security. Chirongwa chakagadzirwa se uye imwe inokurumidza imwe nzira kune OpenVPN uye IPsec. Yekutanga vhezheni yechigadzirwa yaingova ne4 zviuru mitsetse yekodhi. Kuenzanisa, OpenVPN ine zviuru zana nemakumi maviri mitsara, uye IPSec - zviuru mazana mana nemakumi maviri.
By vagadziri, WireGuard iri nyore kugadzirisa uye chengetedzo yeprotocol inowanikwa . : Wi-Fi, LTE kana Ethernet inoda kubatana zvakare kune VPN sevha nguva dzese. Masevha eWireGuard haamise kubatana, kunyangwe mushandisi agamuchira kero itsva yeIP.
Kunyangwe chokwadi chekuti WireGuard yakatanga kugadzirirwa iyo Linux kernel, ivo vanogadzira uye nezve inotakurika vhezheni yechishandiso chemidziyo yeAroid. Iyo application haisati yagadzirwa zvizere, asi unogona kuiedza izvozvi. Nokuda kweizvi unoda .
Kazhinji, WireGuard yakakurumbira uye yakatove akati wandei VPN vanopa, senge Mullvad uye AzireVPN. Rakadhindwa online chisarudzo ichi. Semuyenzaniso, , izvo zvinogadzirwa nevashandisi, uye kune vatungamiriri, .
Unyanzvi ruzivo
Π (p. 18) inocherechedzwa kuti kubuda kweWireGuard kwakapetwa kana kupfuura kweOpenVPN: 1011 Mbit / s inopesana ne258 Mbit / s, zvichiteerana. WireGuard iri zvakare pamberi peyakajairwa mhinduro yeLinux IPsec - ine 881 Mbit/s. Iyo zvakare inodarika iyo mukureruka kwekuseta.
Mushure mekunge makiyi achitsinhaniswa (iyo VPN yekubatanidza inotangwa zvakanyanya seSSH) uye kubatana kwasimbiswa, WireGuard inobata mamwe mabasa ese ari ega: hapana chikonzero chekunetseka nezve nzira, kutonga kwenyika, nezvimwe. inodiwa kana iwe uchida kushandisa symmetric encryption.
/ mufananidzo
Kuisa, iwe uchada kugovera neLinux kernel yakakura kupfuura 4.1. Inogona kuwanikwa mune repositories makuru eLinux kugovera.
$ sudo add-apt-repository ppa:hda-me/wireguard
$ sudo apt update
$ sudo apt install wireguard-dkms wireguard-tools
Sezvo vapepeti ve xakep.ru note, self-assembly kubva kuzvinyorwa zvinyorwa zvakare zvakare nyore. Zvakakwana kuvhura iyo interface uye kugadzira makiyi eruzhinji uye akavanzika:
$ sudo ip link add dev wg0 type wireguard
$ wg genkey | tee privatekey | wg pubkey > publickey
WireGuard interface yekushanda ne crypto provider . Pane kudaro, stream cipher inoshandiswa , cryptographic Poly1305 uye proprietary cryptographic hash mabasa.
Kiyi yakavanzika inogadzirwa uchishandisa zvichibva pane elliptic curve . Kana hashing, vanoshandisa ΠΈ . Nekuda kwechitambi chenguva iyo protocol inorasa mapaketi ane diki timestamp kukosha, nekudaro ΠΈ .
Muchiitiko ichi, WireGuard inoshandisa iyo ioctl basa kudzora I/O (yaimboshandiswa ), iyo inoita kuti kodhi ive yakachena uye nyore. Unogona kuzvisimbisa nekutarisa .
Zvirongwa zvevagadziri
Parizvino, WireGuard iri kunze-kwemuti kernel module. Asi munyori wechirongwa ndiJason Donenfeld , kuti nguva yasvika yekuita zvizere muLinux kernel. Nokuti iri nyore uye yakavimbika kupfuura mamwe mhinduro. Jason panyaya iyi kunyange Linus Torvalds pachake akadana WireGuard kodhi "basa reunyanzvi."
Asi hapana ari kutaura nezve mazuva chaiwo ekuunzwa kweWireGuard mukernel. UYE izvi zvichaitika nekuburitswa kweAugust Linux kernel 4.18. Nekudaro, pane mukana wekuti izvi zvichaitika munguva pfupi iri kutevera: mushanduro 4.19 kana 5.0.
Kana WireGuard yawedzerwa kune kernel, vagadziri pedzisa chikumbiro chemidziyo yeAroid uye tanga kunyora kunyorera iOS. Kune zvakare zvirongwa zvekupedzisa kuita muGo uye Rust uye kuendesa kune macOS, Windows uye BSD. Izvo zvakare zvakarongwa kuita WireGuard kune mamwe "exotic system": , , pamwe chete nezvimwe zvinhu zvakawanda zvinofadza. Dzese dzakanyorwa mukati vanyori vepurojekiti.
PS Zvimwe zvinyorwa zvishoma kubva kune yedu yekambani blog:
Iyo nzira huru yebasa redu kupihwa kwegore masevhisi:
| | | | | |
Source: www.habr.com