Abaphuhlisi be-OpenVPN iphakheji yenethiwekhi yangasese yangasese baye bazisa imodyuli ye-ovpn-dco kernel, enokukhawuleza kakhulu ukusebenza kweVPN. Nangona imodyuli isaphuhliswa ngeso kuphela kwi-linux-elandelayo yesebe kwaye inesimo sokulinga, sele ifikelele kwinqanaba lokuzinza elivumela ukuba lisetyenziswe ukuqinisekisa ukusebenza kwenkonzo ye-OpenVPN Cloud.
Xa kuthelekiswa noqwalaselo olusekwe kwi-interface ye-tun, ukusetyenziswa kwemodyuli kumxhasi kunye namacala omncedisi usebenzisa i-cipher ye-AES-256-GCM yenze ukuba kube nokwenzeka ukufezekisa ukunyuka kwe-8-fold in throughput (ukusuka kwi-370 Mbit / s ukuya kwi-2950 Mbit /s). Xa usebenzisa imodyuli kuphela kwicala lomxhasi, i-output inyuke ngokuphindwe kathathu kwi-traffic ephumayo kwaye ayizange itshintshe kwi-traffic engenayo. Xa usebenzisa imodyuli kuphela kwicala lomncedisi, ukuphuma kwenyuka ngamaxesha e-4 kwi-traffic engenayo kunye ne-35% yetrafikhi ephumayo.
Ukukhawuleza kuphunyezwa ngokuhambisa yonke imisebenzi yokufihla, ukusetyenzwa kwepakethi kunye nolawulo lwejeneli yonxibelelwano ukuya kwicala le-Linux kernel, esusa i-overhead ehambelana nokutshintsha komxholo, yenza kube lula ukunyusa umsebenzi ngokufikelela ngokuthe ngqo kwi-APIs ye-kernel yangaphakathi kunye nokuphelisa ukuhanjiswa kwedatha okucothayo phakathi kwe-kernel. kunye nesithuba somsebenzisi (uguqulelo oluntsonkothileyo, uguqulelo oluntsonkothileyo kunye nothungelwano lwenziwa yimodyuli ngaphandle kokuthumela itrafikhi kumphathi kwindawo yomsebenzisi).
Kuyaphawulwa ukuba impembelelo engalunganga ekusebenzeni kweVPN ikakhulu ibangelwa yimisebenzi yokubethela i-resource-intensive-encryption kunye nokulibaziseka okubangelwa kukutshintsha komxholo. Izandiso zeprosesa ezifana ne-Intel AES-NI zazisetyenziselwa ukukhawulezisa ukubethelwa, kodwa utshintsho lweemeko lwahlala luyi-bottleneck de kufike i-ovpn-dco. Ukongeza ekusebenziseni imiyalelo enikwe yiprosesa ukukhawulezisa ukubethelwa, imodyuli ye-ovpn-dco iqinisekisa ukuba imisebenzi yokubhala i-encryption iyahlula ibe ngamacandelo ahlukeneyo kwaye iqhutywe kwimodi enemisonto emininzi, evumela ukusetyenziswa kwazo zonke ii-CPU cores ezikhoyo.
Imida yokuphunyezwa kwangoku eya kulungiswa kwixesha elizayo ibandakanya inkxaso ye-AEAD kunye neendlela 'ezingekho' kuphela, kunye ne-AES-GCM kunye ne-CHACHA20POLY1305 ciphers. Inkxaso ye-DCO icwangciswe ukuba ifakwe ekukhutshweni kwe-OpenVPN 2.6, ecwangciselwe ikota yesi-4 kulo nyaka. Imodyuli okwangoku ixhaswa kuvavanyo lwe-beta ye-OpenVPN3 Linux umxhasi kunye nolwakhiwo lovavanyo lweseva ye-OpenVPN yeLinux. Imodyuli efanayo, i-ovpn-dco-win, nayo iphuhliselwa i-kernel ye-Windows.
umthombo: opennet.ru