Vagadziri veOpenVPN virtual private networking package vakaunza ovpn-dco kernel module, inogona kukurumidza kukurumidza kuita VPN. Pasinei nekuti iyo module ichiri kugadzirwa neziso chete kune linux-rinotevera bazi uye ine mamiriro ekuyedza, yakatosvika padanho rekugadzikana inobvumira kuti ishandiswe kuve nechokwadi chekushanda kweOpenVPN Cloud service.
Kuenzaniswa nekugadzirisa kunoenderana neiyo tun interface, kushandiswa kwemodule pane mutengi uye maseva mativi uchishandisa AES-256-GCM cipher yakaita kuti zvikwanisike kuwana 8-kupetwa kuwedzera kwekuwedzera (kubva pa370 Mbit/s kusvika 2950 Mbit. /s). Paunenge uchishandisa iyo module chete padivi revatengi, iyo yekuwedzera yakawedzera zvakapetwa katatu kune inobuda traffic uye haina kuchinja kune inouya traffic. Paunenge uchishandisa iyo module chete padivi reseva, kubuda kwakawedzera ne4 nguva kune iri kuuya traffic uye ne35% kune inobuda traffic.
Kukwidziridza kunowanikwa nekufambisa ese encryption mashandiro, packet kugadzirisa uye kutaurirana chiteshi manejimendi kuLinux kernel side, iyo inobvisa iyo yepamusoro inobatana nekuchinja kwemamiriro ezvinhu, inoita kuti zvikwanise kukwirisa basa nekuwana zvakananga mukati kernel APIs uye kubvisa inononoka kuendesa data pakati pekernel. uye nzvimbo yemushandisi (encryption, decryption uye routing inoitwa nemodule pasina kutumira traffic kune inobata munzvimbo yemushandisi).
Zvinocherechedzwa kuti kukanganisa kweVPN kuita kunonyanya kukonzerwa nekushandisa-yakanyanya encryption mashandiro uye kunonoka kunokonzerwa nekuchinja kwemamiriro ezvinhu. Maprosesa ekuwedzera akadai seIntel AES-NI akashandiswa kukurumidzira encryption, asi shanduko yemamiriro ekunze yakaramba iri bhodhoro kusvika pakuuya kweovpn-dco. Pamusoro pekushandisa mirairo yakapihwa ne processor kuti ikurumidze encryption, iyo ovpn-dco module inovawo nechokwadi chekuti encryption mashandiro akakamurwa kuita zvikamu zvakasiyana uye anogadziriswa mune akawanda-akarukwa maitiro, ayo anobvumira kushandiswa kweese aripo CPU cores.
Izvozvi zvipimo zvekushandisa izvo zvichagadziriswa mune ramangwana zvinosanganisira rutsigiro rweAEAD uye 'hapana' modhi chete, uye AES-GCM uye CHACHA20POLY1305 ciphers. DCO tsigiro yakarongwa kuti ibatanidzwe mukuburitswa kweOpenVPN 2.6, yakarongerwa chikamu chechina chegore rino. Iyo module parizvino inotsigirwa mubeta-yekuyedza OpenVPN4 Linux mutengi uye yekuyedza inovaka yeOpenVPN server yeLinux. Iyo yakafanana module, ovpn-dco-win, zvakare iri kugadzirwa yeWindows kernel.
Source: opennet.ru