Horumarinta Mashruuca NetBSD ΠΎ Π²ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ Π² ΠΎΡΠ½ΠΎΠ²Π½ΠΎΠΉ ΡΠΎΡΡΠ°Π² ΡΠ΄ΡΠ° NetBSD Π΄ΡΠ°ΠΉΠ²Π΅ΡΠ° wg Ρ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠ΅ΠΉ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π° WireGuard. NetBSD ΡΡΠ°Π»Π° ΡΡΠ΅ΡΡΠ΅ΠΉ ΠΠ‘ ΠΏΠΎΡΠ»Π΅ Linux ΠΈ OpenBSD Ρ ΠΈΠ½ΡΠ΅Π³ΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠΉ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠΎΠΉ WireGuard. Π’Π°ΠΊΠΆΠ΅ ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Ρ ΡΠΎΠΏΡΡΡΡΠ²ΡΡΡΠΈΠ΅ ΠΊΠΎΠΌΠ°Π½Π΄Ρ Π΄Π»Ρ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ VPN β wg-keygen ΠΈ wgconfig. Π ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ ΡΠ΄ΡΠ° ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ (GENERIC) Π΄ΡΠ°ΠΉΠ²Π΅Ρ ΠΏΠΎΠΊΠ° Π½Π΅ Π°ΠΊΡΠΈΠ²ΠΈΡΠΎΠ²Π°Π½ ΠΈ ΡΡΠ΅Π±ΡΠ΅Ρ ΡΠ²Π½ΠΎΠ³ΠΎ ΡΠΊΠ°Π·Π°Π½ΠΈΡ Π² Π½Π°ΡΡΡΠΎΠΉΠΊΠ°Ρ Β«pseudo-device wgΒ».
Intaa waxaa dheer, waxaa lagu ogaan karaa ΠΊΠΎΡΡΠ΅ΠΊΡΠΈΡΡΡΡΠ΅Π³ΠΎ ΠΎΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΡ ΠΏΠ°ΠΊΠ΅ΡΠ° wireguard-tools 1.0.20200820, Π²ΠΊΠ»ΡΡΠ°ΡΡΠ΅Π³ΠΎ ΡΠ°Π±ΠΎΡΠ°ΡΡΠΈΠ΅ Π² ΠΏΡΠΎΡΡΡΠ°Π½ΡΡΠ²Π΅ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ ΡΡΠΈΠ»ΠΈΡΡ, ΡΠ°ΠΊΠΈΠ΅ ΠΊΠ°ΠΊ wg ΠΈ wg-quick. Π Π½ΠΎΠ²ΠΎΠΌ Π²ΡΠΏΡΡΠΊΠ΅ ΠΏΡΠΎΠ²Π΅Π΄Π΅Π½Π° ΠΏΠΎΠ΄Π³ΠΎΡΠΎΠ²ΠΊΠ° IPC ΠΊ ΠΏΡΠ΅Π΄ΡΡΠΎΡΡΠ΅ΠΉ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ΅ WireGuard Π² ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΠΎΠΉ ΡΠΈΡΡΠ΅ΠΌΠ΅ FreeBSD. ΠΡΡΡΠ΅ΡΡΠ²Π»Π΅Π½ΠΎ ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΠ΅ ΠΏΠΎ ΡΠ°Π·Π½ΡΠΌ ΡΠ°ΠΉΠ»Π°ΠΌ ΡΠΏΠ΅ΡΠΈΡΠΈΡΠ½ΠΎΠ³ΠΎ Π΄Π»Ρ ΡΠ°Π·Π½ΡΡ ΠΏΠ»Π°ΡΡΠΎΡΠΌ ΠΊΠΎΠ΄Π°. Π unit-ΡΠ°ΠΉΠ» Π΄Π»Ρ systemd Π΄ΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ° ΠΊΠΎΠΌΠ°Π½Π΄Ρ Β«reloadΒ», ΡΡΠΎ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ Π·Π°ΠΏΡΡΠΊΠ°ΡΡ ΠΊΠΎΠ½ΡΡΡΡΠΊΡΠΈΠΈ Π²ΠΈΠ΄Π° Β«systemctl reload wg-quick at wgnet0Β».
Aan ku xasuusino in VPN WireGuard lagu hirgeliyay iyadoo lagu saleynayo hababka qarsoodiga ah ee casriga ah, waxay bixisaa waxqabad aad u sarreeya, waa sahlan tahay in la isticmaalo, oo ka madax bannaan dhibaatooyinka waxayna isku caddeeyeen tiro badan oo la geeyo oo ka shaqeeya taraafikada tirada badan. Mashruucu waxa uu soo socday ilaa 2015, waa la baaray iyo hababka sirta loo isticmaalo. Taageerada WireGuard ayaa durba lagu dhex daray NetworkManager iyo habaysan, iyo balastarrada kernel-ka ayaa lagu daray qaybinta saldhigga , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, ΠΈ .
WireGuard waxay isticmaashaa fikradda marin-ku-wareejinta furaha sirta ah, taas oo ku lug leh ku-xidhida furaha khaaska ah ee shabakad kasta iyo adeegsiga si loogu xidho furayaasha dadweynaha. Furayaasha dadweynaha ayaa la isweydaarsadaa si loo sameeyo xiriir la mid ah SSH. Si aad uga gorgortanto furayaasha oo aad isku xidho adoon ku shaqayn daemon gooni ah goobta isticmaalaha, habka Noise_IK la mid ah ilaalinta_furayaasha la oggolaaday ee SSH. Gudbinta xogta waxaa lagu fuliyaa iyada oo la daboolayo baakadaha UDP. Waxay taageertaa beddelka cinwaanka IP-ga ee server-ka VPN (roaming) iyada oo aan la jarin xidhiidhka dib-u-habaynta tooska ah ee macmiilka.
Si qarsoodi ah ilbiriqsi iyo xaqiijinta fariinta algorithm (MAC) , waxaa naqshadeeyay Daniel Bernstein (), Tanya Lange
(Tanja Lange) iyo Peter Schwabe. ChaCha20 iyo Poly1305 waxay u taagan yihiin si dhakhso leh oo ammaan ah analoogyada AES-256-CTR iyo HMAC, hirgelinta software kaas oo u oggolaanaya in la gaaro waqti go'an oo fulin ah iyada oo aan la isticmaalin taageero qalab gaar ah. Si loo dhaliyo furaha sirta ah ee la wadaago, qalooca qalooca Diffie-Hellman ayaa loo adeegsadaa hirgelinta , sidoo kale waxaa soo jeediyay Daniel Bernstein. Algorithm loo isticmaalo xashiishku waa .
Source: opennet.ru