landmark VPN kuburitswa , iyo yakaratidza kuendeswa kweWireGuard zvikamu muhombe huru uye kugadzikana kwebudiriro. Kodhi inosanganisirwa muLinux kernel Ongororo yekuwedzera yekuchengetedza yakaitwa nekambani yakazvimirira inyanzvi mukuongororwa kwakadaro. Odhiyo haina kuratidza chero dambudziko.
Sezvo WireGuard yave kugadzirwa muLinux kernel huru, nzvimbo yekuchengetera yakagadzirirwa kugoverwa uye vashandisi vanoramba vachishandisa shanduro dzekare dzekernel. . Iyo repository inosanganisira yakadzoserwa WireGuard kodhi uye compat.h layer kuti ive nechokwadi chekuenderana nekare kernels. Zvinocherechedzwa kuti chero bedzi vagadziri vaine mukana uye vashandisi vachichida, imwe yakaparadzana vhezheni yezvigamba ichatsigirwa mukushanda fomu. Mune chimiro chayo chazvino, yakamira vhezheni yeWireGuard inogona kushandiswa nekernels kubva ΠΈ , uye inowanikwawo sezvigamba zveLinux kernels ΠΈ . Kugovera uchishandisa azvino kernels akadai saArch, Gentoo uye
Fedora 32 ichakwanisa kushandisa WireGuard ine 5.6 kernel update.
Iyo huru yekuvandudza maitiro ikozvino inoitwa mune repository , iyo inosanganisira iyo yakazara Linux kernel muti ine shanduko kubva kuWireguard chirongwa. Mapeche anobva pane ino repository anozoongororwa kuti abatanidzwe mu kernel huru uye anogara achisundirwa kumambure/mambure-anotevera mapazi. Kuvandudzwa kwezvishandiso uye zvinyorwa zvinomhanya munzvimbo yevashandisi, senge wg uye wg-nekukurumidza, inoitwa mune repository. , iyo inogona kushandiswa kugadzira mapakeji mukugovera.
Ngatikuyeuchidzei kuti VPN WireGuard inoshandiswa pahwaro hwemazuva ano encryption nzira, inopa yakanyanya kukwirira kuita, iri nyore kushandisa, isina matambudziko uye yakazviratidza mune akati wandei e deployments anogadzira mavhoriyamu makuru emotokari. Iyo purojekiti yanga ichikura kubva 2015, yakaongororwa uye encryption nzira dzakashandiswa. Tsigiro yeWireGuard yakatobatanidzwa muNetworkManager uye systemd, uye kernel zvigamba zvinosanganisirwa mukugovera kwekutanga. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, ΠΈ .
WireGuard inoshandisa iyo pfungwa ye encryption kiyi nzira, iyo inosanganisira kubatanidza yakavanzika kiyi kune yega yega network interface uye kuishandisa kusunga makiyi eruzhinji. Makiyi eruzhinji anotsinhaniswa kuti amise chinongedzo nenzira yakafanana kune SSH. Kutaurirana makiyi uye kubatana pasina kumhanyisa daemon yakaparadzana munzvimbo yemushandisi, iyo Noise_IK michina kubva zvakafanana nekuchengetedza authorized_keys muSSH. Kuendesa data kunoitwa kuburikidza ne encapsulation muUDP mapaketi. Inotsigira kushandura IP kero yeVPN server (kutenderera) pasina kudzima kubatana neotomatiki mutengi kugadzirisa.
For encryption stream cipher uye meseji yekusimbisa algorithm (MAC) , yakagadzirwa naDaniel Bernstein (), Tanya Lange
(Tanja Lange) naPeter Schwabe. ChaCha20 nePoly1305 zvakamisikidzwa seanokurumidza uye akachengeteka analogues eAES-256-CTR neHMAC, iyo software yekumisikidza inobvumira kuwana yakatemwa yekuuraya nguva pasina kushandisa yakakosha Hardware rutsigiro. Kugadzira kiyi yakavanzika yakagovaniswa, iyo elliptic curve Diffie-Hellman protocol inoshandiswa mukuita , zvakare yakakurudzirwa naDaniel Bernstein. Iyo algorithm inoshandiswa kune hashing ndeye .
Pasi pekare Performance WireGuard yakaratidza 3.9 nguva yakakwirira kupfuura uye 3.8 nguva yakakwirira kuterera kana ichienzaniswa neOpenVPN (256-bit AES ine HMAC-SHA2-256). Kuenzaniswa ne IPsec (256-bit ChaCha20 + Poly1305 uye AES-256-GCM-128), WireGuard inoratidza kuderera kwekuita zvishoma (13-18%) uye pasi latency (21-23%). Mhedzisiro yebvunzo yakatumirwa pawebhusaiti yeprojekiti inovhara iyo yekare yakamira yakamira yeWireGuard uye inomakwa seisina kukwana mhando yepamusoro. Kubva pakuyedzwa, iyo WireGuard uye IPsec kodhi yakagadziridzwa zvakare uye yave kukurumidza. Kumwe kuyedza kwakazara kunovhara kuisirwa kwakabatanidzwa mukernel hakusati kwaitwa. Nekudaro, zvinocherechedzwa kuti WireGuard ichiri kupfuura IPsec mune mamwe mamiriro nekuda kweakawanda-tambo, nepo OpenVPN inoramba ichinonoka.
Source: opennet.ru