Abaphuhlisi beProjekthi ye-NetBSD ingxelo ΠΎ Π²ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ Π² ΠΎΡΠ½ΠΎΠ²Π½ΠΎΠΉ ΡΠΎΡΡΠ°Π² ΡΠ΄ΡΠ° NetBSD Π΄ΡΠ°ΠΉΠ²Π΅ΡΠ° wg Ρ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠ΅ΠΉ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π° WireGuard. NetBSD ΡΡΠ°Π»Π° ΡΡΠ΅ΡΡΠ΅ΠΉ ΠΠ‘ ΠΏΠΎΡΠ»Π΅ Linux ΠΈ OpenBSD Ρ ΠΈΠ½ΡΠ΅Π³ΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠΉ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠΎΠΉ WireGuard. Π’Π°ΠΊΠΆΠ΅ ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Ρ ΡΠΎΠΏΡΡΡΡΠ²ΡΡΡΠΈΠ΅ ΠΊΠΎΠΌΠ°Π½Π΄Ρ Π΄Π»Ρ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ VPN β wg-keygen ΠΈ wgconfig. Π ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ ΡΠ΄ΡΠ° ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ (GENERIC) Π΄ΡΠ°ΠΉΠ²Π΅Ρ ΠΏΠΎΠΊΠ° Π½Π΅ Π°ΠΊΡΠΈΠ²ΠΈΡΠΎΠ²Π°Π½ ΠΈ ΡΡΠ΅Π±ΡΠ΅Ρ ΡΠ²Π½ΠΎΠ³ΠΎ ΡΠΊΠ°Π·Π°Π½ΠΈΡ Π² Π½Π°ΡΡΡΠΎΠΉΠΊΠ°Ρ
Β«pseudo-device wgΒ».
Ukongezelela, kunokuqatshelwa upapasho ΠΊΠΎΡΡΠ΅ΠΊΡΠΈΡΡΡΡΠ΅Π³ΠΎ ΠΎΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΡ ΠΏΠ°ΠΊΠ΅ΡΠ° wireguard-tools 1.0.20200820, Π²ΠΊΠ»ΡΡΠ°ΡΡΠ΅Π³ΠΎ ΡΠ°Π±ΠΎΡΠ°ΡΡΠΈΠ΅ Π² ΠΏΡΠΎΡΡΡΠ°Π½ΡΡΠ²Π΅ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ ΡΡΠΈΠ»ΠΈΡΡ, ΡΠ°ΠΊΠΈΠ΅ ΠΊΠ°ΠΊ wg ΠΈ wg-quick. Π Π½ΠΎΠ²ΠΎΠΌ Π²ΡΠΏΡΡΠΊΠ΅ ΠΏΡΠΎΠ²Π΅Π΄Π΅Π½Π° ΠΏΠΎΠ΄Π³ΠΎΡΠΎΠ²ΠΊΠ° IPC ΠΊ ΠΏΡΠ΅Π΄ΡΡΠΎΡΡΠ΅ΠΉ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ΅ WireGuard Π² ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΠΎΠΉ ΡΠΈΡΡΠ΅ΠΌΠ΅ FreeBSD. ΠΡΡΡΠ΅ΡΡΠ²Π»Π΅Π½ΠΎ ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΠ΅ ΠΏΠΎ ΡΠ°Π·Π½ΡΠΌ ΡΠ°ΠΉΠ»Π°ΠΌ ΡΠΏΠ΅ΡΠΈΡΠΈΡΠ½ΠΎΠ³ΠΎ Π΄Π»Ρ ΡΠ°Π·Π½ΡΡ
ΠΏΠ»Π°ΡΡΠΎΡΠΌ ΠΊΠΎΠ΄Π°. Π unit-ΡΠ°ΠΉΠ» Π΄Π»Ρ systemd Π΄ΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ° ΠΊΠΎΠΌΠ°Π½Π΄Ρ Β«reloadΒ», ΡΡΠΎ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ Π·Π°ΠΏΡΡΠΊΠ°ΡΡ ΠΊΠΎΠ½ΡΡΡΡΠΊΡΠΈΠΈ Π²ΠΈΠ΄Π° Β«systemctl reload wg-quick at wgnet0Β».
Masikukhumbuze ukuba i-VPN WireGuard iphunyezwa ngesiseko seendlela zanamhlanje zokubethela, ibonelela ngokusebenza okuphezulu kakhulu, kulula ukuyisebenzisa, ingenazo iingxaki kwaye izibonakalise ngokwazo kwinani lokuthunyelwa okukhulu okuqhuba umthamo omkhulu wezithuthi. Iprojekthi iphuhliswa ukususela ngo-2015, iphicothwe kwaye ukuqinisekiswa okusesikweni iindlela zofihlo ezisetyenziswayo. Inkxaso ye-WireGuard sele idityaniswe kwi-NetworkManager kunye ne-systemd, kunye neepatches ze-kernel zibandakanyiwe kwisiseko sonikezelo. Debian engaqinisekanga, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Umhlathana ΠΈ ALT.
I-WireGuard isebenzisa ingqikelelo ye-encryption key routing, ebandakanya ukuncamathelisa isitshixo sabucala kujongano lwenethiwekhi nganye kwaye uyisebenzise ukubophelela izitshixo zoluntu. Izitshixo zikawonke-wonke ziyatshintshwa ukuseka umdibaniso ngendlela efanayo kwi-SSH. Ukuthethathethana nezitshixo kunye nokudibanisa ngaphandle kokusebenzisa i-daemon eyahlukileyo kwindawo yomsebenzisi, indlela yeNoise_IK esuka Isakhelo seNkqubo yeNgxoloiyafana nokugcina authorized_keys kwi-SSH. Ukuhanjiswa kwedatha kuqhutyelwa nge-encapsulation kwiipakethi ze-UDP. Ixhasa ukutshintsha idilesi ye-IP yomncedisi we-VPN (ukuzulazula) ngaphandle kokuqhawula uxhulumaniso ngohlengahlengiso oluzenzekelayo lomxumi.
Eyoguqulelo oluntsonkothileyo iyasetyenziswa stream cipher I-ChaCha20 kunye ne-algorithm yoqinisekiso lomyalezo (MAC) I-Poly1305, iyilwe nguDaniel Bernstein (UDaniel J. Bernstein), Tanya Lange
(Tanja Lange) kunye noPeter Schwabe. I-ChaCha20 kunye ne-Poly1305 zibekwe njengee-analogues ezikhawulezayo nezikhuselekileyo ze-AES-256-CTR kunye ne-HMAC, ukuphunyezwa kwesoftware evumela ukufezekisa ixesha elimiselweyo ngaphandle kokusetyenziswa kwenkxaso ekhethekileyo ye-hardware. Ukuvelisa iqhosha eliyimfihlo ekwabelwana ngalo, i-elliptic curve Diffie-Hellman protocol isetyenziswa ekuphunyezweni I-Curve25519, ikwacetywe nguDaniel Bernstein. I-algorithm esetyenziselwa i-hashing yi I-BLAKE2s (RFC7693).
umthombo: opennet.ru