Mashruuca Headscale wuxuu horumarinayaa hirgelinta furan ee qaybta server-ka ee shabakadda Tailscale VPN, kaas oo kuu oggolaanaya inaad abuurto shabakado VPN oo la mid ah Tailscale xarumahaaga, adigoon ku xidhnayn adeegyada dhinac saddexaad. Koodhka Headscale wuxuu ku qoran yahay Go waxaana lagu qaybiyaa shatiga BSD. Mashruucan waxaa soo saaray Juan Font oo ka tirsan wakaaladda hawada sare ee Yurub.
Tailscale waxay kuu ogolaaneysaa inaad isku darsato tiro aan loo meel dayin oo juqraafi ahaan kala firdhisantay hal shabakad, oo loo dhisay sida shabakad mesh ah, kaas oo nood kastaa uu si toos ah ula falgalo qanjidhada kale (P2P) ama iyada oo loo marayo noodhadhka deriska ah, iyada oo aan ku gudbin taraafikada iyada oo loo marayo server-yada dibadda ee dhexe ee VPN bixiye. Helitaanka ku salaysan ACL iyo kontoroolka dariiqa waa la taageeray. Si loo dhiso kanaalada isgaarsiinta marka la isticmaalayo turjumaanada ciwaanka (NAT), taageero ayaa la bixiyaa hababka STUN, ICE iyo DERP (oo la mid ah TURN, laakiin ku salaysan HTTPS). Haddii kanaalka isgaadhsiinta ee u dhexeeya qanjidhada qaarkood la xannibo, shabakadu waxay dib u dhisi kartaa dariiqa si ay u hagto socodka iyada oo loo marayo qanjidhada kale.
Tailscale way ka duwan tahay mashruuca Nebula, oo sidoo kale loogu talagalay in lagu abuuro shabakado VPN oo la qaybiyey oo leh marin-hawleed mesh ah, iyada oo la adeegsanayo nidaamka Wireguard si loo abaabulo wareejinta xogta inta u dhaxaysa noodhka, halka Nebula ay isticmaasho horumarinta mashruuca Tinc, kaas oo isticmaalaya AES-256 algorithm si loo xafido xirmooyinka -GSM (Wireguard waxay isticmaashaa ChaCha20 cipher, kaas oo imtixaanada muujinaya wax soo saar sare iyo ka jawaab celin).
Mashruuc kale oo la mid ah ayaa si gaar ah loo soo saarayaa - Innernet, kaas oo nidaamka Wireguard sidoo kale loo isticmaalo isweydaarsiga xogta inta u dhaxaysa noodhka. Si ka duwan sida Tailscale iyo Nebula, Innernet waxay isticmaashaa nidaam kala-soocitaan kala duwan, oo aan ku salaysnayn ACLs oo leh calaamado ku xiran qanjidhada shakhsi ahaaneed, laakiin kala-soocidda subnets-yada iyo qoondaynta noocyada kala duwan ee cinwaannada IP, sida shabakadaha internetka ee caadiga ah. Intaa waxaa dheer, halkii laga isticmaali lahaa luqadda Go, Innernet waxay isticmaashaa luqadda Rust. Saddex maalmood ka hor, cusboonaysiinta Innernet 1.5 ayaa la daabacay iyadoo la wanaajiyey taageerada socdaalka ee NAT. Waxa kale oo jira mashruuc Netmaker ah kaas oo kuu ogolaanaya inaad isku xidho shabakadaha leh topologies kala duwan adoo isticmaalaya Wireguard, laakiin koodka waxaa lagu bixiyaa SSPL (Server Side Public License), kaas oo aan furnayn sababtoo ah jiritaanka shuruudaha takoorka.
Tailscale waxa loo qaybiyaa iyadoo la isticmaalayo nooc freemium ah, taasoo la micno ah isticmaalka bilaashka ah ee shakhsiyaadka iyo helitaanka lacag bixinta ee ganacsiyada iyo kooxaha. Qaybaha macmiilka Tailscale, marka laga reebo codsiyada garaafyada ee Windows iyo macOS, waxaa loo sameeyay sidii mashruucyo furan oo hoos imanaya shatiga BSD. Software-ka server-ka ee ka shaqeeya dhinaca Tailscale waa mid iska leh, oo bixisa xaqiijinta marka la isku xirayo macaamiisha cusub, isku dubaridka maamulka muhiimka ah, iyo habeynta xiriirka ka dhexeeya noodaha. Mashruuca Headscale wuxuu wax ka qabtaa cilladaan wuxuuna bixiyaa fulin madax banaan, furan oo ah qaybaha dhabarka ee Tailscale.
Headscale waxay la wareegtaa hawlaha isdhaafsiga furayaasha guud ee noodhka, waxayna sidoo kale fulisaa hawlgallada ku meelaynta cinwaannada IP-ga iyo qaybinta miisaska marinka inta u dhaxaysa noodhka. Qaabkeeda hadda, Headscale waxay fulisaa dhammaan awoodaha aasaasiga ah ee server-ka maamulka, marka laga reebo taageerada MagicDNS iyo Smart DNS. Gaar ahaan, hawlaha diiwaangelinta noodes (oo ay ku jiraan iyada oo loo marayo webka), laqabsiga shabakada si loogu daro ama ka saaro noodhka, kala soocida subnets iyada oo la adeegsanayo meelo magacyo ah (hal shabakad VPN ayaa loo abuuri karaa dhowr isticmaale), abaabulida marinka wadaagga ah ee noodhka hoose ee magacyo kala duwan , kantaroolka marinka (oo ay ku jiraan u-dejinta noodhadhka bixitaanka si loo galo adduunka ka baxsan), helitaanka kala soocida ACLs, iyo hawlgalka adeegga DNS.
Source: opennet.ru