Abaphuhlisi beProjekthi ye-NetBSD malunga nokubandakanywa komqhubi we-wg kunye nokuphunyezwa kweprotocol ye-WireGuard kwi-kernel ye-NetBSD engundoqo. I-NetBSD yaba yi-OS yesithathu emva kweLinux kunye ne-OpenBSD enenkxaso edibeneyo ye-WireGuard. Imiyalelo ehambelanayo yoqwalaselo lwe-VPN iyanikezelwa - wg-keygen kunye ne-wgconfig. Kuqwalaselo lwekernel olungagqibekanga (GENERIC), umqhubi akakasebenzi kwaye ufuna isalathiso esicacileyo se "pseudo-device wg" kwizicwangciso.
Ukongezelela, kunokuqatshelwa uhlaziyo olulungisayo kwi-wireguard-izixhobo 1.0.20200820 iphakheji, equka izinto eziluncedo zendawo yabasebenzisi ezifana ne-wg kunye ne-wg-quick. Ukukhutshwa okutsha kulungiselela i-IPC kwinkxaso ezayo yeWireGuard kwinkqubo yokusebenza yeFreeBSD. Ikhowudi ethile kwiiplatifomu ezahlukeneyo iye yahlulahlulwe kwiifayile ezahlukeneyo. Inkxaso yomyalelo "wokulayishwa kwakhona" yongezwe kwifayile yeyunithi ye-systemd, ekuvumela ukuba uqhube ukwakha njenge "systemctl reload wg-quick at wgnet0".
Masikukhumbuze ukuba i-VPN WireGuard iphunyezwa ngesiseko seendlela zanamhlanje zokubethela, ibonelela ngokusebenza okuphezulu kakhulu, kulula ukuyisebenzisa, ingenazo iingxaki kwaye izibonakalise ngokwazo kwinani lokuthunyelwa okukhulu okuqhuba umthamo omkhulu wezithuthi. Iprojekthi iphuhliswa ukususela ngo-2015, iphicothwe kwaye iindlela zofihlo ezisetyenziswayo. Inkxaso ye-WireGuard sele idityaniswe kwi-NetworkManager kunye ne-systemd, kunye neepatches ze-kernel zibandakanyiwe kwisiseko sonikezelo. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, ΠΈ .
I-WireGuard isebenzisa ingqikelelo ye-encryption key routing, ebandakanya ukuncamathelisa isitshixo sabucala kujongano lwenethiwekhi nganye kwaye uyisebenzise ukubophelela izitshixo zoluntu. Izitshixo zikawonke-wonke ziyatshintshwa ukuseka umdibaniso ngendlela efanayo kwi-SSH. Ukuthethathethana nezitshixo kunye nokudibanisa ngaphandle kokusebenzisa i-daemon eyahlukileyo kwindawo yomsebenzisi, indlela yeNoise_IK esuka iyafana nokugcina authorized_keys kwi-SSH. Ukuhanjiswa kwedatha kuqhutyelwa nge-encapsulation kwiipakethi ze-UDP. Ixhasa ukutshintsha idilesi ye-IP yomncedisi we-VPN (ukuzulazula) ngaphandle kokuqhawula uxhulumaniso ngohlengahlengiso oluzenzekelayo lomxumi.
Eyoguqulelo oluntsonkothileyo stream cipher kunye ne-algorithm yoqinisekiso lomyalezo (MAC) , iyilwe nguDaniel Bernstein (), Tanya Lange
(Tanja Lange) kunye noPeter Schwabe. I-ChaCha20 kunye ne-Poly1305 zibekwe njengee-analogues ezikhawulezayo nezikhuselekileyo ze-AES-256-CTR kunye ne-HMAC, ukuphunyezwa kwesoftware evumela ukufezekisa ixesha elimiselweyo ngaphandle kokusetyenziswa kwenkxaso ekhethekileyo ye-hardware. Ukuvelisa iqhosha eliyimfihlo ekwabelwana ngalo, i-elliptic curve Diffie-Hellman protocol isetyenziswa ekuphunyezweni , ikwacetywe nguDaniel Bernstein. I-algorithm esetyenziselwa i-hashing yi .
umthombo: opennet.ru