tokollo ea bohlokoa ea VPN , e ileng ea tšoaea ho tsamaisoa ha likarolo tsa WireGuard karolong e ka sehloohong le botsitso ba ntshetsopele. Khoutu e kenyellelitsoe ho Linux kernel tlhahlobo e eketsehileng ea ts'ireletso e entsoeng ke k'hamphani e ikemetseng e sebetsanang le lihlahlobo tse joalo. Tlhahlobo eo ha ea ka ea senola mathata leha e le afe.
Kaha WireGuard e se e ntse e ntlafatsoa ka har'a kernel e kholo ea Linux, polokelo e lokiselitsoe ho ajoa le basebelisi ba tsoelang pele ho sebelisa mefuta ea khale ea kernel. . Sebaka sa polokelo se kenyelletsa khoutu ea WireGuard e khutliselitsoeng morao le lesela la compat.h ho netefatsa hore e tsamaellana le lithollo tsa khale. Hoa hlokomeloa hore ha feela bahlahisi ba e-na le monyetla mme basebelisi ba e hloka, mofuta o fapaneng oa li-patches o tla tšehetsoa ka mokhoa oa ho sebetsa. Ka sebopeho sa eona sa hajoale, mofuta o ikemetseng oa WireGuard o ka sebelisoa ka lithollo tse tsoang ho и , hape e fumaneha e le li-patches tsa Linux kernels и . Liphatlalatso tse sebelisang lithollo tsa morao-rao tse kang Arch, Gentoo le
Fedora 32 e tla khona ho sebelisa WireGuard ka ntlafatso ea 5.6 kernel.
Ts'ebetso ea mantlha ea ntlafatso e se e etsoa sebakeng sa polokelo , e kenyelletsang sefate se felletseng sa Linux kernel ka liphetoho tse tsoang morerong oa Wireguard. Lipache tse tsoang polokelong ena li tla hlahlojoa hore li kenyeletsoe ka har'a kernel e kholo le ho sutumelletsoa khafetsa letlooa/makaleng a latelang. Nts'etsopele ea lits'ebeletso le lingoloa tse tsamaisoang sebakeng sa basebelisi, joalo ka wg le wg-potlako, li etsoa sebakeng sa polokelo. , e ka sebelisetsoang ho etsa liphutheloana ka liphallelo.
A re u hopotse hore VPN WireGuard e kenngoa ts'ebetsong motheong oa mekhoa ea morao-rao ea ho kenyelletsa, e fana ka ts'ebetso e phahameng haholo, e bonolo ho e sebelisa, ha e na mathata 'me e ipakile e le palo e kholo ea lisebelisoa tse sebetsanang le sephethephethe se seholo. Morero ona esale o ntlafala ho tloha ka 2015, o hlahlobiloe le ho mekhoa ea encryption e sebelisitsoeng. Ts'ehetso ea WireGuard e se e kopantsoe ho NetworkManager le systemd, 'me li-patches tsa kernel li kenyelelitsoe ho arolelanoeng ha motheo. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, и .
WireGuard e sebelisa mohopolo oa li-encryption key routing, tse kenyelletsang ho hokela senotlolo sa lekunutu ho sehokelo se seng le se seng sa marang-rang le ho se sebelisa ho tlama linotlolo tsa sechaba. Linotlolo tsa sechaba lia fapanyetsanoa ho theha khokahano ka tsela e ts'oanang le SSH. Ho buisana le linotlolo le ho hokela ntle le ho sebelisa daemon e arohaneng sebakeng sa mosebelisi, mochini oa Noise_IK ho tloha ho tšoana le ho boloka li-audhised_keys ho SSH. Phetiso ea data e etsoa ka ho kenyelletsa lipakete tsa UDP. E ts'ehetsa ho fetola aterese ea IP ea seva sa VPN (ho solla) ntle le ho hakolla khokahano ka tokiso ea othomathike ea moreki.
Bakeng sa encryption stream cipher le algorithm ea netefatso ea molaetsa (MAC) , e entsoeng ke Daniel Bernstein (), Tanya Lange
(Tanja Lange) le Peter Schwabe. ChaCha20 le Poly1305 li behiloe e le li-analogues tse potlakileng le tse sireletsehileng tsa AES-256-CTR le HMAC, ts'ebetso ea software e lumellang ho fihlela nako e tsitsitseng ea ts'ebetso ntle le ts'ehetso e khethehileng ea lisebelisoa. Ho hlahisa senotlolo se arolelanoang sa lekunutu, ho sebelisoa protocol ea elliptic curve Diffie-Hellman ts'ebetsong , hape e hlahisitsoeng ke Daniel Bernstein. Algorithm e sebelisoang bakeng sa hashing ke .
Tlas'a tsa khale Ts'ebetso ea WireGuard e bonts'itse ts'ebetso e phahameng ka makhetlo a 3.9 le karabelo e phahameng makhetlo a 3.8 ha e bapisoa le OpenVPN (256-bit AES e nang le HMAC-SHA2-256). Ha e bapisoa le IPsec (256-bit ChaCha20 + Poly1305 le AES-256-GCM-128), WireGuard e bontša ntlafatso e fokolang ea ts'ebetso (13-18%) le latency e tlaase (21-23%). Liphetho tsa liteko tse behiloeng webosaeteng ea projeke li akaretsa ts'ebetsong ea khale e ikemetseng ea WireGuard 'me li tšoauoa e le boleng bo phahameng bo sa lekaneng. Ho tloha ha ho etsoa liteko, khoutu ea WireGuard le IPsec e ntlafalitsoe le ho feta 'me joale e potlakile. Teko e felletseng e akaretsang ts'ebetsong e kopantsoeng le kernel ha e so etsoe. Leha ho le joalo, hoa hlokomeloa hore WireGuard e ntse e feta IPsec maemong a mang ka lebaka la mekhoa e mengata, ha OpenVPN e ntse e tsamaea butle haholo.
Source: opennet.ru