Iprojekthi ye-Headscale iphuhlisa ukuphunyezwa okuvulekileyo kwecandelo lomncedisi wenethiwekhi ye-Tailscale VPN, evumela ukuba wenze iinethiwekhi ze-VPN ezifana ne-Tailscale kwiindawo zakho, ngaphandle kokubotshwa kwiinkonzo zenkampani yesithathu. Ikhowudi ye-Headscale ibhalwe kwi-Go kwaye isasazwe phantsi kwelayisensi ye-BSD. Le projekthi iphuhliswa nguJuan Font we-European Space Agency.
I-Tailscale ikuvumela ukuba udibanise inani elingafanelekanga lemikhosi esasazekileyo ngokwelizwe kwinethiwekhi enye, eyakhelwe njengenethiwekhi ye-mesh, apho i-node nganye isebenzisana nezinye iindawo ngokuthe ngqo (P2P) okanye ngokusebenzisa iindawo ezingabamelwane, ngaphandle kokuhambisa i-traffic ngokusebenzisa iiseva zangaphandle ze-VPN. umboneleli. Ufikelelo olusekelwe kwi-ACL kunye nolawulo lwendlela luyaxhaswa. Ukuseka iziteshi zonxibelelwano xa usebenzisa abaguquleli beedilesi (NAT), inkxaso inikezelwa STUN, ICE kunye ne-DERP iindlela (ezifana ne-TURN, kodwa ngokusekelwe kwi-HTTPS). Ukuba umjelo wonxibelelwano phakathi kweenodi ezithile uvaliwe, inethiwekhi inokwakha kwakhona indlela yokuqondisa i-traffic kwezinye iindawo.
I-Tailcale ihluke kwiprojekthi ye-Nebula, ekwajoliswe ekudaleni amanethiwekhi e-VPN asasazwayo kunye nomzila we-mesh, ngokusebenzisa i-protocol ye-Wireguard ukulungiselela ukuhanjiswa kwedatha phakathi kwee-node, ngelixa i-Nebula isebenzisa uphuhliso lweprojekthi ye-Tinc, esebenzisa i-algorithm ye-AES-256 ukubethela iipakethi. -GSM (I-Wireguard isebenzisa i-ChaCha20 cipher, ethi kwiimvavanyo ibonisa ukugqithisa okuphezulu kunye nokuphendula).
Enye iprojekthi efanayo iphuhliswa ngokwahlukileyo - i-Innernet, apho i-protocol ye-Wireguard isetyenziselwa utshintshiselwano lwedatha phakathi kweenodi. Ngokungafaniyo ne-Tailscale kunye ne-Nebula, i-Innernet isebenzisa inkqubo yokwahlukana yokufikelela okwahlukileyo, esekelwe kwi-ACL eneethegi eziboshwe kwiindawo ezizimeleyo, kodwa ngokuhlukana kwee-subnets kunye nokwabiwa kweendlela ezahlukeneyo zeedilesi ze-IP, njengoko kuthungelwano lwe-Intanethi rhoqo. Ukongeza, endaweni yolwimi lweGo, i-Innernet isebenzisa ulwimi lweRust. Kwiintsuku ezintathu ezidlulileyo, ukuhlaziywa kwe-Innernet 1.5 kwapapashwa ngenkxaso ephuculweyo ye-NAT. Kukho kwakhona iprojekthi ye-Netmaker evumela ukuba udibanise amanethiwekhi kunye ne-topology ezahlukeneyo usebenzisa i-Wireguard, kodwa ikhowudi yayo inikezelwa phantsi kwe-SSPL (i-Server Side Public License), engavulwanga ngenxa yobukho beemfuno zocalucalulo.
I-Tailscale ihanjiswa kusetyenziswa imodeli ye-freemium, oku kuthetha ukusetyenziswa kwamahhala kubantu kunye nokufikelela okuhlawulelwayo kumashishini kunye namaqela. Amacandelo abaxhasi be-Tailscale, ngaphandle kwezicelo zegraphical zeWindows kunye ne-macOS, ziphuhliswa njengeeprojekthi ezivulekileyo phantsi kwelayisensi ye-BSD. Isofthiwe yeseva esebenza kwicala le-Tailscale inelungelo, inika ubungqina xa udibanisa abathengi abatsha, ukulungelelanisa ulawulo oluphambili, kunye nokulungelelanisa unxibelelwano phakathi kwee-nodes. Iprojekthi ye-Headscale ijongana nale ntsilelo kwaye inikezela ngokuzimeleyo, ukuphunyezwa okuvulekileyo kwe-Tailscale backend components.
I-Headscale ithatha imisebenzi yokutshintshiselana izitshixo zikawonkewonke ze-nodes, kwaye yenza imisebenzi yokunikezela iidilesi ze-IP kunye nokusabalalisa iitafile zomzila phakathi kwee-nodes. Kwifom yayo yangoku, i-Headscale isebenzisa zonke izakhono ezisisiseko zomncedisi wokulawula, ngaphandle kwenkxaso ye-MagicDNS kunye ne-Smart DNS. Ngokukodwa, imisebenzi yokubhalisa ii-nodes (kubandakanywa ngewebhu), ukulungelelanisa inethiwekhi yokongeza okanye ukususa iinqununu, ukwahlula ii-subnets usebenzisa i-namespaces (inethiwekhi ye-VPN enye inokudalwa kubasebenzisi abaninzi), ukuququzelela ukufikelela okwabelwanayo kwee-nodes kwii-subnets kwiindawo ezahlukeneyo zamagama. , ulawulo lwendlela (kubandakanywa nokunika iindawo zokuphuma ukufikelela kwihlabathi langaphandle), ukuhlukana kokufikelela kwii-ACLs, kunye nokusebenza kwenkonzo ye-DNS.
umthombo: opennet.ru