Maanta Linus waxa uu u guuray laanta netka ee xigta oo leh VPN interfaces naftiisa . Ku saabsan dhacdadan ku jira liiska boostada ee WireGuard.
Ururinta koodka Linux 5.6 kernel-ka cusub ayaa hadda socda. WireGuard waa VPN jiilka soo socda ee degdega ah kaas oo hirgeliya sirta casriga ah. Waxaa markii hore loo sameeyay sidii ka fudud oo ka habboon beddelka VPN-yada jira. Qoraagu waa khabiirka amniga macluumaadka Kanadiyaanka Jason A. Donenfeld. Bishii Ogosto 2018, WireGuard Waxaa qoray Linus Torvalds. Wakhtigaas oo dhan, shaqadu waxay bilaabatay in VPN lagu daro kernel Linux. Hawshu wax yar ayay qaadatay.
"Waxaan arkaa in Jason uu sameeyay codsi jiidis ah oo lagu daro WireGuard kernel," Linus ayaa qoray Agoosto 2, 2018. - Mar labaad ma caddayn karaa jacaylka aan u qabo VPN-kan oo ma rajeynayaa midoobid dhawaan? Koodhku ma noqon karo mid qumman, laakiin waan eegay, oo marka la barbardhigo argagaxa OpenVPN iyo IPSec, waa shaqo farshaxan oo dhab ah."
In kasta oo Linus uu rabay, isku darka ayaa soo jiitamayay sannad iyo badh. Dhibaatada ugu weyni waxay u soo baxday inay ku xidhan tahay fulinta lahaanshaha ee hawlaha cryptographic, kuwaas oo loo isticmaalay si loo hagaajiyo waxqabadka. Wada xaajood dheer ka dib Sebtembar 2019 waxay ahayd u tarjun balastarrada loo yaqaan 'Crypto API' ee laga heli karo kernel-ka, taas oo horumariyayaasha WireGuard ay ka cabanayaan goobta waxqabadka iyo amniga guud. Laakiin waxay go'aansadeen in ay u kala soocaan shaqada WireGuard crypto ee waddaniga ah si ay u dhigaan heer hoose oo Zinc API ah oo ugu dambeyntii u geeyaan kernel-ka. Bishii Nofembar, horumarinta kernel-ka ayaa oofiyay ballanqaadkoodii iyo ku wareejinta qayb ka mid ah koodka Zinc una wareejiso kernel-ka ugu weyn. Tusaale ahaan, gudaha Crypto API Hirgelinta degdegga ah ee ChaCha20 iyo Poly1305 algorithms ee lagu diyaariyey WireGuard.
Ugu dambeyntii, Diseembar 9, 2019, David S. Miller, oo mas'uul ka ah isku xirka nidaamka hoose ee kernel Linux, laanta net-ku xigta iyadoo la hirgelinayo is-dhexgalka VPN ee mashruuca WireGuard.
Maanta, Janaayo 29, 2020, isbeddeladu waxay aadeen Linus si loogu daro kernel-ka.
Faa'iidooyinka la sheegay ee WireGuard ee xalalka kale ee VPN:
- Si fudud loo isticmaalo
- Adeegsada cryptography casriga ah: Qaabka hab-maamuuska qaylada, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, iwm.
- Koodh is haysta, la akhriyi karo, fududahay in la baaro baylahda.
- Waxqabad sare.
- Cad oo faahfaahi .
Dhammaan macquulnimada asaasiga ah ee WireGuard waxay qaadataa wax ka yar 4000 oo khadadka kood ah, halka OpenVPN iyo IPSec ay u baahan yihiin boqolaal kun oo khad.
"WireGuard waxay isticmaashaa fikradda marin-ku-wareejinta furaha sirta ah, taas oo ku lug leh ku dhejinta furaha khaaska ah ee shabakad kasta iyo isticmaalka furayaasha dadweynaha si loo isku xiro. Furayaasha dadweynaha ayaa la isweydaarsadaa si loo sameeyo xiriir la mid ah SSH. Si aad uga gorgortanto furayaasha oo aad isku xidho adoon ku shaqayn daemon gooni ah goobta isticmaalaha, habka Noise_IK la mid ah ilaalinta_furayaasha la oggolaaday ee SSH. Gudbinta xogta waxaa lagu fuliyaa iyada oo la isku duubayo baakadaha UDP. Waxay taageertaa beddelka cinwaanka IP-ga ee server-ka VPN (roaming) iyada oo aan la jarin xidhiidhka dib-u-habaynta tooska ah ee macmiilka, - Shabakadda furan
Si qarsoodi ah ilbiriqsi iyo xaqiijinta fariinta algorithm (MAC) , waxaa naqshadeeyay Daniel Bernstein (Tanja Lange iyo Peter Schwabe. ChaCha20 iyo Poly1305 waxay u taagan yihiin si dhakhso leh oo ammaan ah analoogyada AES-256-CTR iyo HMAC, hirgelinta software kaas oo u oggolaanaya in la gaaro waqti go'an oo fulin ah iyada oo aan la isticmaalin taageero qalab gaar ah. Si loo dhaliyo furaha sirta ah ee la wadaago, qalooca qalooca Diffie-Hellman ayaa loo adeegsadaa hirgelinta , sidoo kale waxaa soo jeediyay Daniel Bernstein. Algorithm loo isticmaalo xashiishku waa ".
Π Π΅Π·ΡΠ»ΡΡΠ°ΡΡ Laga soo bilaabo degelka rasmiga ah:
Bandwidth (megabit/s)
Ping (ms)
Tijaabi qaabaynta:
- Intel Core i7-3820QM iyo Intel Core i7-5200U
- Gigabit kaararka Intel 82579LM iyo Intel I218LM
- Linux 4.6.1
- Isku xirka WireGuard: 256-bit ChaCha20 oo wata Poly1305 MAC
- Qaabeynta First IPsec: 256-bit ChaCha20 oo leh Poly1305 MAC
- Qaabeynta labaad ee IPsec: AES-256-GCM-128 (oo leh AES-NI)
- Isku xidhka Furan ee VPN: AES 256-bit u dhiganta suite cipher oo leh HMAC-SHA2-256, qaabka UDP
- Waxqabadka waxaa lagu cabiray iyadoo la isticmaalayo
iperf3, waxay muujinaysaa celceliska natiijada ka badan 30 daqiiqo.
Aragti ahaan, marka la isku daro xirmada shabakada, WireGuard waa inuu si dhakhso leh u shaqeeyaa. Laakiin dhab ahaantii tani maahan inay noqoto kiiska sababtoo ah u gudubka hawlaha cryptographic Crypto API ee lagu dhisay kernel. Waxaa laga yaabaa in aan dhamaantood weli loo hagaajin heerka waxqabadka ee WireGuard.
"Marka loo eego aragtidayda, WireGuard guud ahaan waxay ku fiican tahay isticmaalaha. Dhammaan go'aamada hoose waxaa lagu sameeyaa qeexitaanka, markaa habka diyaarinta kaabayaasha VPN ee caadiga ah waxay qaadataa dhowr daqiiqo oo keliya. Waa wax aan macquul aheyn in la khalkhal geliyo qaabeynta - Habre sanadka 2018. - Habka rakibidda on website-ka rasmiga ah, waxaan jeclaan lahaa in aan si gooni gooni ah u xuso fiican . Fududeyntan isticmaalka iyo cufnaanta saldhigga koodka ayaa lagu gaaray iyadoo meesha laga saaray qaybinta furayaasha. Ma jiro nidaam shahaado adag iyo dhammaan argagaxa shirkadda; furayaasha sirta gaaban ayaa loo qaybiyaa si aad u badan sida furayaasha SSH."
Mashruuca WireGuard wuxuu soo socday ilaa 2015, waa la baaray oo . Taageerada WireGuard waxaa lagu dhex daray NetworkManager iyo habaysan, iyo balastarrada kernel-ka ayaa lagu daray qaybinta aasaasiga ah ee Debian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph iyo ALT.
Source: www.habr.com