ProHoster > Blog > wararka internetka > Siideynta OpenIKED 7.3, oo ah hirgelinta la qaadi karo ee borotokoolka IKEv2 ee IPsec

Siideynta OpenIKED 7.3, oo ah hirgelinta la qaadi karo ee borotokoolka IKEv2 ee IPsec

Mashruuca OpenBSD wuxuu sii daayay OpenIKED 7.3, oo ah horumarinta hab-maamuuska IKEv2. Markii hore, qaybaha IKEv2 waxay ahaayeen qayb muhiim ah oo ka mid ah xidhmada OpenBSD IPsec, laakiin markii dambe waxaa loo kala saaray xirmo gaar ah oo la qaadi karo waxaana hadda loo isticmaali karaa nidaamyada kale ee hawlgalka. OpenIKED waxaa lagu tijaabiyay FreeBSD, NetBSD, macOS iyo qaybinta kala duwan Linux, oo ay ku jiraan Arch, Debian, Fedora iyo UbuntuKoodhka waxaa lagu qoray C waxaana lagu qaybiyay shatiga ISC.

OpenIKED waxay kuu ogolaanaysaa inaad geyso shabakadaha gaarka ah ee IPsec ku salaysan. Xirmada IPsec waxa ay ka kooban tahay laba hab-maamuus oo waaweyn: Hab-maamuuska Isweydaarsiga Furaha (IKE) iyo Protocol-ka Gaadiidka Incrypted (ESP). OpenIKED waxay fulisaa walxaha xaqiijinta, qaabaynta, isweydaarsiga muhiimka ah, iyo ilaalinta siyaasada amniga, iyo nidaamka sirta ah ee taraafikada ESP waxaa sida caadiga ah bixiya kernel nidaamka qalliinka. Hababka xaqiijinta ee OpenIKED waxay isticmaali karaan furayaasha horay loo wadaagay, EAP MSCHAPv2 oo wata shahaadada X.509, iyo RSA iyo ECDSA furayaasha dadweynaha.

Nooca cusub:

  • Waxaa lagu daray taageero loogu talagalay tunnooyinka sec ee laga sameeyay OpenBSD si loogu wareejiyo taraafikada IPsec iyada oo loo marayo is-dhexgalka shabakadda sec, halkii laga isticmaali lahaa xeerarka SPD (IPsec Security Policy Database) marka la abuurayo tunnaalo ammaan ah. VPN qaabka dhibic-ilaa-dhibic.
  • Taageero lagu daray qeexida badan adeegayaasha magacyo leh hal interface shabakadeed oo ku jira Linux.
  • Waxaa lagu daray awoodda loo isticmaalo maktabadda libssytemd si loo habeeyo DNS iyada oo loo marayo DBUS gudaha Linux, halkii aad ka wici lahayd adeegga resolvectl.
  • On platform ah Linux Maktabadda libapparmor ayaa laga saaray ku-tiirsanaanta, taa beddelkeeda, marin-u-helka tooska ah ee /proc pseudo-FS hadda waxaa loo isticmaalaa in lagu beddelo siyaasadaha AppArmor, kaas oo u oggolaanaya sharraxaadda faylka in la furo ka hor inta aan mudnaanta la dejin.
  • Awoodda lagu farsamayn karo silsiladaha shahaado x509 buuxda ee culayska bixinta CERT ayaa la bixiyay.
  • Si loo hagaajiyo go'doominta nidaamka, hababka ilmaha ayaa dib loo bilaabayaa ka dib marka la waco fargeeto ().
  • Ibuf API-ga gudaha ayaa dib loo habeeyay OpenBSD 7.4.
  • Lakabka iswaafajinta ayaa la mid ah kii ugu dambeeyay ee OpenBSD.
  • Sixitaan ayaa lagu sameeyay qaabeynta OpenSSL ee uu isticmaalo ikectl si loo hubiyo cusboonaysiinta shahaadooyinka dhacay.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster