landmark VPN kuburitswa , izvo zvairatidza kugoverwa kwezvikamu WireGuard muchikamu chikuru chenucleus uye kugadzikana kwebudiriro. Zvinosanganisirwa muchikamu chepakati Linux code Ongororo yekuwedzera yekuchengetedza yakaitwa nefemu yakazvimirira inoongorora maodhita akadai. Audit yacho yakaratidza kuti hapana nyaya.
kubva WireGuard ikozvino iri kukura muchikamu chikuru Linux, kune vanogovera uye vashandisi vanoramba vachishandisa shanduro dzekare dzekernel, nzvimbo yekuchengetedza yakagadzirwa. Nzvimbo yekuchengetera zvinhu inosanganisira kodhi yakadzoserwa kumashure. WireGuard uye chikamu che compat.h kuti chive nechokwadi chekuti chinoenderana nema kernels ekare. Zvinocherechedzwa kuti chero bedzi vagadziri vane kugona uye vashandisi vachichida, vhezheni yechigamba chega chega ichachengetwa. Muchimiro chayo chazvino, vhezheni yega yega WireGuard inogona kushandiswa ne cores kubva и , uye inowanikwawo sema kernel patches Linux и . Kugovera kunoshandisa yazvino kernels, senge Arch, Gentoo, uye
Fedora 32 ichakwanisa kushandisa WireGuard pamwe chete ne kernel 5.6 update.
Iyo huru yekuvandudza maitiro ikozvino inoitwa mune repository , kusanganisira muti wembeu yakazara Linux nekuchinja kubva kupurojekiti WireguardMapeji kubva mudura iri achaongororwa kuti aonekwe mu kernel huru uye achabatanidzwa nguva dzose mumatavi e net/net-next. Kugadzirwa kwezvishandiso zve user-space uye zvinyorwa, zvakaita se wg uye wg-quick, zvinoitwa mudura. , iyo inogona kushandiswa kugadzira mapakeji mukugovera.
Ngatikuyeuchidzei kuti VPN WireGuard Inoshandiswa uchishandisa nzira dzemazuva ano dzekuvharidzira, inoita basa repamusoro-soro, iri nyore kushandisa, haina matambudziko, uye yakaratidza kushanda kwayo mumabasa akawanda makuru anobata vanhu vakawanda vanofamba. Chirongwa ichi chave chiri kugadzirwa kubvira muna 2015 uye chakaongororwa uye nzira dzekuvhara data dzakashandiswa. Rutsigiro rwemashoko WireGuard Yakatobatanidzwa muNetworkManager uye systemd, uye ma kernel patches anowanikwa mu base distributions. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, и .
В WireGuard Pfungwa ye encryption key routing inoshandiswa, iyo inosanganisira kusunga kiyi yakavanzika kune yega yega network interface uye kuishandisa pakusunga kiyi yeruzhinji. Makiyi eruzhinji anotsinhaniswa kuti pave nekubatana nenzira yakafanana neSSH. Kuti vataurirane makiyi uye vagadzire kubatana pasina kushandisa daemon yakasiyana munzvimbo yemushandisi, Noise_IK mechanism kubva zvakafanana nekuchengetedza authorized_keys muSSH. Kuendesa data kunoitwa kuburikidza ne encapsulation muUDP mapaketi. Inotsigira kushandura IP kero yeVPN server (kutenderera) pasina kudzima kubatana neotomatiki mutengi kugadzirisa.
For encryption stream cipher uye meseji yekusimbisa algorithm (MAC) , yakagadzirwa naDaniel Bernstein (), Tanya Lange
(Tanja Lange) naPeter Schwabe. ChaCha20 nePoly1305 zvakamisikidzwa seanokurumidza uye akachengeteka analogues eAES-256-CTR neHMAC, iyo software yekumisikidza inobvumira kuwana yakatemwa yekuuraya nguva pasina kushandisa yakakosha Hardware rutsigiro. Kugadzira kiyi yakavanzika yakagovaniswa, iyo elliptic curve Diffie-Hellman protocol inoshandiswa mukuita , zvakare yakakurudzirwa naDaniel Bernstein. Iyo algorithm inoshandiswa kune hashing ndeye .
Pasi pekare kugadzirwa WireGuard yakaratidza kuti bandwidth yakakwira ka3.9 uye kupindura kwakakwira ka3.8 zvichienzaniswa ne OpenVPN (256-bit AES ine HMAC-SHA2-256). Zvichienzaniswa ne IPsec (256-bit ChaCha20+Poly1305 uye AES-256-GCM-128) mu WireGuard Kubatsira kudiki pakushanda (13-18%) uye kudzikira kwekunonoka (21-23%) kunoonekwa. Mhedzisiro yebvunzo yakatumirwa pawebhusaiti yepurojekiti inovhara kushandiswa kwekare kwakazvimirira. WireGuard uye zvakaonekwa sekuti hazvina kunaka. Kubva pakaitwa bvunzo, kodhi yacho WireGuard uye IPsec yakagadziridzwa zvakanyanya uye ikozvino yava kukurumidza. Kuedzwa kwakazara kunosanganisira integrated kernel implementation hakusati kwaitwa. Zvisinei, zvinocherechedzwa kuti WireGuard mune dzimwe nguva ichiri kushanda zvakanaka kupfuura IPsec nekuda kwemultithreading, nepo OpenVPN inoramba ichinonoka zvikuru.
Source: opennet.ru
