Kajeno Linus o isitse lekala le hlahlamang le nang le marang-rang a VPN ho eena . Mabapi le ketsahalo ena lethathamong la mangolo la WireGuard.
Pokello ea khoutu bakeng sa kernel e ncha ea Linux 5.6 e ntse e tsoela pele. WireGuard ke VPN ea moloko o latelang e potlakileng e sebelisang mokhoa oa sejoale-joale oa ho ngola. E qalile e le mokhoa o bonolo le o bonolo haholoanyane ho feta li-VPN tse teng. Mongoli ke setsebi sa ts'ireletso ea tlhahisoleseling ea Canada Jason A. Donenfeld. Ka Phato 2018, WireGuard ka Linus Torvalds. Hoo e ka bang ka nako eo, mosebetsi o ile oa qala ho kenyelletsa VPN ho Linux kernel. Mokhoa ona o ile oa nka nako e teletsana.
"Ke bona hore Jason o entse kopo ea ho kenyelletsa WireGuard ka har'a kernel," Linus o ngotse ka Phato 2, 2018. - Na nka boela ka phatlalatsa lerato la ka bakeng sa VPN ee mme ke ts'epa ho kopanya haufinyane? Khoutu e kanna ea se be e phethahetseng, empa ke e shebile, mme ha e bapisoa le lits'oso tsa OpenVPN le IPSec, ke mosebetsi oa 'nete oa bonono. "
Ho sa tsotellehe litakatso tsa Linus, kopano e ile ea tsoela pele ka selemo le halofo. Bothata bo boholo bo ne bo amana le ts'ebetsong ea ts'ebetsong ea mesebetsi ea cryptographic, e neng e sebelisetsoa ho ntlafatsa tshebetso. Kamora lipuisano tse telele ka Loetse 2019 ho bile joalo fetolela li-patches ho mesebetsi ea Crypto API e fumanehang kernel, eo baetsi ba WireGuard ba nang le litletlebo tšimong ea ts'ebetso le ts'ireletso e akaretsang. Empa ba nkile qeto ea ho arola mesebetsi ea matsoalloa a WireGuard crypto hore e be Zinc API ea boemo bo tlase mme qetellong ba e ise kernel. Ka November, baetsi ba kernel ba ile ba boloka tšepiso ea bona le fetisetsa karolo ea khoutu ho tloha Zinc ho ea kernel e kholo. Ka mohlala, ho Crypto API ts'ebetsong e potlakileng ea ChaCha20 le Poly1305 algorithms e lokiselitsoeng ho WireGuard.
Qetellong, ka la 9 Tšitoe 2019, David S. Miller, ea ikarabellang bakeng sa tsamaiso ea marang-rang ea Linux kernel, ho fihla lekaleng le latelang ka ts'ebetsong ea sebopeho sa VPN ho tsoa morerong oa WireGuard.
Mme kajeno, la 29 Pherekhong 2020, liphetoho li ile tsa ea ho Linus bakeng sa ho kenyelletsoa kernel.
Melemo e boletsoeng ea WireGuard ho feta litharollo tse ling tsa VPN:
- Ho bonolo ho e sebelisa.
- E sebelisa mokhoa oa sejoale-joale oa cryptography: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, joalo-joalo.
- Khoutu e kopaneng, e balehang, ho bonolo ho e batlisisa bakeng sa bofokoli.
- Tshebetso e phahameng.
- E hlakileng le e hlakileng .
Lintlha tsohle tsa mantlha tsa WireGuard li nka mela e ka tlase ho 4000 ea khoutu, athe OpenVPN le IPSec li hloka mela e makholo a likete.
"WireGuard e sebelisa mohopolo oa ho tsamaisa linotlolo tsa encryption, tse kenyelletsang ho hokela senotlolo sa lekunutu sehokelong se seng le se seng sa marang-rang le ho sebelisa linotlolo tsa sechaba ho e kopanya. Linotlolo tsa sechaba lia fapanyetsanoa ho theha khokahano ka tsela e ts'oanang le SSH. Ho buisana le linotlolo le ho hokela ntle le ho sebelisa daemon e arohaneng sebakeng sa mosebelisi, mochini oa Noise_IK ho tloha ho tšoana le ho boloka li-audhised_keys ho SSH. Phetiso ea data e etsoa ka ho kenyelletsa lipakete tsa UDP. E ts'ehetsa ho fetola aterese ea IP ea seva sa VPN (ho solla) ntle le ho khaola khokahano ka ho hlophisa bocha ha moreki, - Opennet.
Bakeng sa encryption stream cipher le algorithm ea netefatso ea molaetsa (MAC) , e entsoeng ke Daniel Bernstein (), Tanja Lange le Peter Schwabe. ChaCha20 le Poly1305 li behiloe e le li-analogues tse potlakileng le tse sireletsehileng tsa AES-256-CTR le HMAC, ts'ebetso ea software e lumellang ho fihlela nako e tsitsitseng ea ts'ebetso ntle le ts'ehetso e khethehileng ea lisebelisoa. Ho hlahisa senotlolo se arolelanoang sa lekunutu, ho sebelisoa protocol ea elliptic curve Diffie-Hellman ts'ebetsong , hape e hlahisitsoeng ke Daniel Bernstein. Algorithm e sebelisoang bakeng sa hashing ke ".
Liphetho ho tsoa webosaeteng ea semmuso:
Bophahamo ba motlakase (megabit/s)
Ping (ms)
Tlhophiso ea teko:
- Intel Core i7-3820QM le Intel Core i7-5200U
- Likarete tsa Gigabit Intel 82579LM le Intel I218LM
- Linux 4.6.1
- Tlhophiso ea WireGuard: 256-bit ChaCha20 e nang le Poly1305 bakeng sa MAC
- Tlhophiso ea pele ea IPsec: 256-bit ChaCha20 e nang le Poly1305 bakeng sa MAC
- Phetoho ea bobeli ea IPsec: AES-256-GCM-128 (e nang le AES-NI)
- OpenVPN Configuration: AES 256-bit e lekanang le cipher suite e nang le HMAC-SHA2-256, UDP mode
- Tshebetso e ne e lekanyetsoa ho sebelisoa
iperf3, e bonts'a sephetho se tloaelehileng ho feta metsotso e 30.
Ka khopolo, hang ha e kenyelelitsoe ho stack ea marang-rang, WireGuard e lokela ho sebetsa ka potlako le ho feta. Empa ha e le hantle sena se ke ke sa e-ba joalo ka lebaka la phetoho ea mesebetsi ea Crypto API cryptographic e hahiloeng ka har'a kernel. Mohlomong ha se kaofela ha tsona tse seng li ntlafalitsoe ho fihlela boemo ba ts'ebetso ea WireGuard ea matsoalloa.
"Ho ea ka pono ea ka, WireGuard hangata e loketse mosebelisi. Liqeto tsohle tsa boemo bo tlaase li etsoa ka mokhoa o hlalositsoeng, kahoo ts'ebetso ea ho lokisa mohaho o tloaelehileng oa VPN o nka metsotso e seng mekae feela. Ho batla ho le thata ho senya tlhophiso - ka Habre ka 2018. - Ts'ebetso ea ho kenya webosaeteng ea semmuso, ke rata ho hlokomela ka thoko tse ntle haholo . Bonolo bona ba tšebeliso le ho kopana ha motheo oa khoutu ho ile ha finyelloa ka ho felisa kabo ea linotlolo. Ha ho na sistimi e rarahaneng ea setifikeiti le ts'abo ena eohle ea khoebo; linotlolo tse khuts'oane tsa encryption li ajoa joalo ka linotlolo tsa SSH. ”
Morero oa WireGuard esale o nts'etsapele ho tloha 2015, o hlahlobiloe le ho . Ts'ehetso ea WireGuard e kenyelelitsoe ho NetworkManager le systemd, 'me li-patches tsa kernel li kenyelelitsoe kabong ea motheo ea Debian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph le ALT.
Source: www.habr.com