Ho lokolloa ha morero oa Nebula 1.5 ho fumaneha, ho fana ka lisebelisoa tsa ho haha marang-rang a sireletsehileng a holimo. Marang-rang a ka kopanya ho tloha ho tse 'maloa ho isa ho tse mashome a likete tsa mabotho a arohaneng sebakeng sa libaka tse tšoaroang ke bafani ba fapaneng, ho etsa marang-rang a arohaneng a arohaneng holim'a marang-rang a lefats'e. Morero o ngotsoe ho Go mme o abuoa tlasa laesense ea MIT. Morero o thehiloe ke Slack, ea hlahisang len messengerosa la khoebo le nang le lebitso le tšoanang. E tšehetsa Linux, FreeBSD, macOS, Windows, iOS le Android.
Li-node tsa marang-rang tsa Nebula li buisana ka ho toba ka mokhoa oa P2P-likhokahanyo tse tobileng tsa VPN li bōptjoa ka matla ha data e hloka ho fetisoa pakeng tsa li-node. Boitsebahatso ba moamoheli e mong le e mong marang-rang bo netefatsoa ke setifikeiti sa dijithale, mme ho hokela marang-rang ho hloka netefatso - mosebelisi e mong le e mong o fumana lengolo le tiisang aterese ea IP marang-rang a Nebula, lebitso le litho tsa lihlopha tse amohelang batho. Litifikeiti li saennoe ke bolaoli ba setifikeiti ba ka hare, bo rometsoeng ke moetsi oa marang-rang litsing tsa bona mme bo sebelisetsoa ho netefatsa bolaoli ba mabotho a nang le tokelo ea ho hokela marang-rang a overlay.
Ho theha mocha oa puisano o netefalitsoeng, o sireletsehileng, Nebula e sebelisa protocol ea eona ea kotopo e thehiloeng ho protocol ea phapanyetsano ea senotlolo ea Diffie-Hellman le cipher ea AES-256-GCM. Ts'ebetsong ea protocol e ipapisitse le li-primitives tse seng li entsoe le tse netefalitsoeng tse fanoeng ke moralo oa Lerata, o sebelisoang hape mererong e kang WireGuard, Lightning le I2P. Ho boleloa hore morero ona o entsoe tlhahlobo e ikemetseng ea tšireletso.
Ho fumana li-node tse ling le ho hokahanya likhokahano ho marang-rang, li-node tse khethehileng tsa "lighthouse" li thehoa, liaterese tsa IP tsa lefats'e li tsitsitse ebile li tsejoa ke barupeluoa ba marang-rang. Li-node tse nkang karolo ha li tlameletsoe ho aterese ea IP ea kantle; li khetholloa ka litifikeiti. Beng ba moamoheli ba ke ke ba etsa liphetoho ho litifikeiti tse saenneng ka bobona, 'me, ho fapana le marang-rang a tloaelehileng a IP, ba ke ke ba iketsa moamoheli e mong feela ka ho fetola aterese ea IP. Ha thanele e etsoa, boitsebiso ba moamoheli bo netefatsoa ka senotlolo sa lekunutu.
Marang-rang a bōpiloeng a abetsoe mefuta e itseng ea liaterese tsa intranet (mohlala, 192.168.10.0/24) 'me liaterese tsa ka hare li amahanngoa le litifikeiti tsa moamoheli. Lihlopha li ka thehoa ho tsoa ho barupeluoa marang-rang a holim'a marang-rang, mohlala, ho arola li-server le li-workstations, tseo ho tsona ho sebelisoang melao e arohaneng ea sephethephethe. Ho fanoe ka mekhoa e fapaneng ho feta bafetoleli ba liaterese (NATs) le li-firewall. Hoa khoneha ho hlophisa tsela ka marang-rang a holim'a sephethephethe ho tsoa ho mabotho a mang ao e seng karolo ea marang-rang a Nebula (tsela e sa sireletsehang).
E ts'ehetsa ho theoa ha li-firewall ho arola phihlello le ho sefa sephethephethe lipakeng tsa li-node tsa marang-rang a holim'a Nebula. Li-ACL tse tlamang li-tag li sebelisoa ho sefa. Moamoheli e mong le e mong marang-rang a ka hlalosa melao ea hae ea ho sefa e ipapisitse le mabotho, lihlopha, liprothokholo le likou tsa marang-rang. Tabeng ena, mabotho ha a hloekisoe ka liaterese tsa IP, empa ka li-identifiers tse saenneng ka mokhoa oa digital, tse ke keng tsa etsoa ntle le ho senya setsi sa setifikeiti se hokahanyang marang-rang.
Tokollong e ncha:
- E kentse "-raw" folakha ho taelo ea print-cert ho hatisa setšoantšo sa PEM sa setifikeiti.
- Ts'ehetso e ekelitsoeng bakeng sa meralo e ncha ea Linux riscv64.
- E kentse litlhophiso tsa liteko tsa remote_allow_ranges ho kopanya manane a baamoheli ba lumelletsoeng ho li-subnet tse itseng.
- Khetho ea pki.disconnect_invalid e kentsoeng ea ho seta lithanele bocha kamora ho felloa ke tšepo kapa setifikeiti sa bophelo bohle.
- Khetho e kentsoeng ea unsafe_routes. .metric ho abela boima ho tsela e itseng e kantle.
Source: opennet.ru