NetBSD Project Developers nezve kuisirwa kwemutyairi wg nekushandiswa kweiyo WireGuard protocol mune huru yeNetBSD kernel. NetBSD yakava yechitatu OS mushure meLinux uye OpenBSD nerutsigiro rwakabatanidzwa rweWireGuard. Inoenderana mirairo yekumisikidza VPN inopihwa zvakare - wg-keygen uye wgconfig. Mune iyo default kernel configuration (GENERIC), mutyairi haasati aitwa uye anoda pachena chiratidzo che "pseudo-device wg" muzvirongwa.
Uyezve, inogona kucherechedzwa kugadzirisa kugadzirisa kune wireguard-zvishandiso 1.0.20200820 pasuru, iyo inosanganisira mushandisi-nzvimbo zvinoshandiswa senge wg uye wg-nekukurumidza. Kuburitswa kutsva kunogadzirira IPC kune iri kuuya WireGuard rutsigiro pane iyo FreeBSD inoshanda sisitimu. Iyo kodhi yakananga kumapuratifomu akasiyana yakakamurwa kuita mafaera akasiyana. Tsigiro ye "reload" yekuraira yawedzerwa kune systemd unit faira, iyo inokutendera kuti umhanye zvinovaka se "systemctl reload wg-nekukurumidza pa wgnet0".
Ngatikuyeuchidzei kuti VPN WireGuard inoshandiswa pahwaro hwemazuva ano encryption nzira, inopa yakanyanya kukwirira kuita, iri nyore kushandisa, isina matambudziko uye yakazviratidza mune akati wandei e deployments anogadzira mavhoriyamu makuru emotokari. Iyo purojekiti yanga ichikura kubva 2015, yakaongororwa uye encryption nzira dzakashandiswa. Tsigiro yeWireGuard yakatobatanidzwa muNetworkManager uye systemd, uye kernel zvigamba zvinosanganisirwa mukugovera kwekutanga. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, ΠΈ .
WireGuard inoshandisa iyo pfungwa ye encryption kiyi nzira, iyo inosanganisira kubatanidza yakavanzika kiyi kune yega yega network interface uye kuishandisa kusunga makiyi eruzhinji. Makiyi eruzhinji anotsinhaniswa kuti amise chinongedzo nenzira yakafanana kune SSH. Kutaurirana makiyi uye kubatana pasina kumhanyisa daemon yakaparadzana munzvimbo yemushandisi, iyo Noise_IK michina kubva zvakafanana nekuchengetedza authorized_keys muSSH. Kuendesa data kunoitwa kuburikidza ne encapsulation muUDP mapaketi. Inotsigira kushandura IP kero yeVPN server (kutenderera) pasina kudzima kubatana neotomatiki mutengi kugadzirisa.
For encryption stream cipher uye meseji yekusimbisa algorithm (MAC) , yakagadzirwa naDaniel Bernstein (), Tanya Lange
(Tanja Lange) naPeter Schwabe. ChaCha20 nePoly1305 zvakamisikidzwa seanokurumidza uye akachengeteka analogues eAES-256-CTR neHMAC, iyo software yekumisikidza inobvumira kuwana yakatemwa yekuuraya nguva pasina kushandisa yakakosha Hardware rutsigiro. Kugadzira kiyi yakavanzika yakagovaniswa, iyo elliptic curve Diffie-Hellman protocol inoshandiswa mukuita , zvakare yakakurudzirwa naDaniel Bernstein. Iyo algorithm inoshandiswa kune hashing ndeye .
Source: opennet.ru