Iprojekthi ye-Firezone iphuhlisa iseva ye-VPN ukuququzelela ukufikelela kubabungi kuthungelwano oluzimeleyo lwangaphakathi kwizixhobo zabasebenzisi ezibekwe kuthungelwano lwangaphandle. Le projekthi ijolise ekufikeleleni umgangatho ophezulu wokukhusela kunye nokwenza lula inkqubo yokuthunyelwa kweVPN. Ikhowudi yeprojekthi ibhaliwe kwi-Elixir kunye neRuby, kwaye ihanjiswa phantsi kwelayisensi ye-Apache 2.0.
Le projekthi iphuhliswa yinjineli ye-automation ye-automation evela kwi-Cisco, eyazama ukwenza isisombululo esenza ngokuzenzekelayo ukusebenza kunye noqwalaselo lokusingatha kwaye lususe iingxaki eziye kwafuneka zihlangabezane nazo xa ziququzelela ukufikelela okukhuselekileyo kwiiVPC zefu. I-Firezone inokucingelwa njengomthombo ovulekileyo we-OpenVPN Access Server, eyakhelwe phezulu kwe-WireGuard endaweni ye-OpenVPN.
Ukufakela, iipakethi ze-rpm kunye ne-deb zinikezelwa kwiinguqulelo ezahlukeneyo ze-CentOS, i-Fedora, Ubuntu kunye ne-Debian, ukufakwa kwayo akufuni ukuxhomekeka kwangaphandle, ekubeni zonke izinto ezixhomekeke ezifunekayo sele zibandakanyiwe usebenzisa i-Chef Omnibus toolkit. Ukuze usebenze, udinga kuphela ikhithi yokuhambisa ene-Linux kernel engekho ngaphezulu kwe-4.19 kunye nemodyuli ye-kernel edibeneyo kunye ne-VPN WireGuard. Ngokutsho kombhali, ukuqaliswa nokuseta iseva yeVPN kunokwenziwa ngemizuzu embalwa nje. Amacandelo ojongano lwewebhu aqhutywa phantsi komsebenzisi ongenanto, kwaye ukufikelela kunokwenzeka kuphela nge-HTTPS.
Ukucwangcisa imijelo yonxibelelwano kwiFirezone, iWireGuard isetyenziswa. I-Firezone inomsebenzi owakhelwe ngaphakathi wodonga lomlilo usebenzisa ii-nftables. Kwimo yayo yangoku, i-firewall inqunyelwe ukuvala i-traffic ephumayo kwimikhosi ethile okanye i-subnets kuthungelwano lwangaphakathi okanye lwangaphandle. Ulawulo lwenziwa ngojongano lwewebhu okanye kwimowudi yomyalelo usebenzisa i-firezone-ctl into eluncedo. Ujongano lwewebhu lusekwe kwi-Admin One Bulma.
Okwangoku, onke amacandelo e-Firezone asebenza kwiseva enye, kodwa iprojekthi iqale iphuhliswe ngeliso lokumodareyitha kwaye kwixesha elizayo licetywa ukongeza amandla okusasaza amacandelo ojongano lwewebhu, i-VPN kunye ne-firewall kwimikhosi eyahlukeneyo. Izicwangciso zikwabandakanya ukuhlanganiswa kwe-ad blocker ye-DNS-level, inkxaso ye-host host kunye ne-subnet block lists, i-LDAP / SSO amandla okuqinisekisa, kunye nezakhono ezongezelelweyo zokulawula umsebenzisi.
umthombo: opennet.ru