Kuburitswa kweiyo Nebula 1.5 purojekiti iripo, ichipa maturusi ekuvaka akachengeteka akafukidzira network. Iyo network inogona kubatanidza kubva kune akati wandei kusvika kumakumi ezviuru emauto akapatsanurwa munzvimbo anogarwa nevanopa vakasiyana, vachigadzira yakaparadzana yakasarudzika network pamusoro peiyo network yepasirese. Iyo purojekiti yakanyorwa muGo uye yakagoverwa pasi peMIT rezenisi. Iyo purojekiti yakavambwa naSlack, iyo inovandudza mutumwa wekambani wezita rimwe chete. Inotsigira Linux, FreeBSD, macOS, Windows, iOS uye Android.
Node paNebula network inotaurirana zvakananga kune imwe neimwe muP2P modhi-yakananga VPN yekubatanidza inogadzirwa zvine simba sezvo data inoda kuendeswa pakati pemanodhi. Kuzivikanwa kwemunhu wega wega pane network kunosimbiswa nechitupa chedhijitari, uye kubatana kunetiweki kunoda humbowo - wega wega mushandisi anogamuchira chitupa chinosimbisa IP kero muNebula network, zita uye nhengo mumapoka evaenzi. Zvitupa zvinosainwa nedare retifiketi remukati, rinoiswa nemugadziri wetiweki panzvimbo dzayo uye rinoshandiswa kusimbisa masimba evaenzi vane kodzero yekubatanidza kune network inovharika.
Kugadzira yakatendeseka, yakachengeteka yekutaurirana chiteshi, Nebula inoshandisa yayo yega tunnel protocol yakavakirwa paDiffie-Hellman kiyi yekutsinhana protocol uye AES-256-GCM cipher. Kuitwa kweprotocol kunobva pane zvakagadzirirwa-zvakagadzirwa uye zvakasimbiswa primitives inopihwa neNoise framework, iyo inoshandiswawo mumapurojekiti akadai seWireGuard, Mheni uye I2P. Chirongwa ichi chinonzi chakaitwa ongororo yakazvimirira.
Kuti uwane mamwe ma node uye kurongeka kubatanidzwa kunetiweki, yakakosha "lighthouse" node inogadzirwa, iyo yepasi rose IP kero iyo yakagadziriswa uye inozivikanwa kune network vatori vechikamu. Node dzinotora chikamu hadzina kusungwa kune yekunze IP kero; ivo vanoonekwa nezvitupa. Varidzi vevaenzi havagone kuita shanduko kuzvitupa zvakasainwa vari voga uye, kusiyana neagara IP network, havagone kunyepedzera kuve mumwe muenzi nekungochinja IP kero. Kana tunnel yagadzirwa, zita remugamuchiri rinobva rasimbiswa nekiyi yega yega.
Iyo network yakagadzirwa inopihwa imwe siyana yemakero e intranet (semuenzaniso, 192.168.10.0/24) uye kero dzemukati dzine hukama nezvitupa. Mapoka anogona kuumbwa kubva kune vatori vechikamu mune yakavharika network, semuenzaniso, kupatsanura maseva uye nzvimbo dzekushandira, uko kwakaparadzaniswa mitemo yekusefa kwemigwagwa inoshandiswa. Nzira dzakasiyana-siyana dzinopihwa kuti dzinzvere vashanduri vekero (NATs) nemafirewall. Izvo zvinogoneka kuronga nzira kuburikidza neyakavharika network yetraffic kubva kune yechitatu-bato mauto asiri chikamu cheNebula network (nzira isina kuchengetedzeka).
Inotsigira kugadzirwa kwemadziro emoto kuti aparadzanise kupinda uye kusefa traffic pakati pemanodhi muNebula overlay network. MaACL ane tag binding anoshandiswa kusefa. Mumwe nemumwe anotambira panetiweki anogona kutsanangura ega mitemo yekusefa zvichibva pamabati, mapoka, maprotocol, uye network ports. Muchiitiko ichi, mauto anosefa kwete nema IP kero, asi nemadhijitari akasainwa madhijitari, ayo asingagone kuumbwa pasina kukanganisa certification centre inoronga network.
Mukuburitswa kutsva:
- Yakawedzera "-raw" mureza kune print-cert command kudhinda iyo PEM inomiririra yechitupa.
- Yakawedzerwa rutsigiro rweiyo Linux architecture riscv64.
- Yakawedzera chiyedzo cheremote_allow_ranges kusungira mazita evatambi vanotenderwa kune mamwe ma subnets.
- Yakawedzerwa pki.disconnect_invalid sarudzo yekumisikidzazve tunnel mushure mekumisa kuvimba kana kuti chitupa hupenyu hwapera.
- Yakawedzera unsafe_routes sarudzo. .metric kupa huremu kune chaiyo nzira yekunze.
Source: opennet.ru