Iprojekthi ye-OpenBSD ibhengeze ukukhutshwa kwe-OpenIKED 7.2, ukuphunyezwa kwe-IKEv2 protocol eyenziwe yiProjekthi ye-OpenBSD. Oku kukukhutshwa kwesine kwe-OpenIKED njengeprojekthi eyahlukileyo - amacandelo e-IKEv2 ekuqaleni ayeyinxalenye ebalulekileyo ye-OpenBSD IPsec stack, kodwa emva koko ahlulwa abe yiphakheji ephathekayo kwaye ngoku anokusetyenziswa kwezinye iinkqubo zokusebenza. I-OpenIKED ivavanyiwe kwi-FreeBSD, i-NetBSD, i-macOS kunye nokuhanjiswa kwe-Linux eyahlukeneyo kuquka i-Arch, i-Debian, i-Fedora kunye ne-Ubuntu. Ikhowudi ibhalwe kwi-C kwaye ihanjiswa phantsi kwelayisensi ye-ISC.
I-OpenIKED ikuvumela ukuba usebenzise iinethiwekhi zabucala ezisekelwe kwi-IPsec. Isitaki se-IPsec senziwe ziiprothokholi ezimbini eziphambili: iProtocol yoTshintsho oluPhambili (IKE) kunye neProtocol yezoThutho eziFihliweyo (ESP). I-OpenIKED iphumeza iziqalelo zoqinisekiso, uqwalaselo, utshintshiselwano olungundoqo, kunye nokugcinwa komgaqo-nkqubo wokhuseleko, kunye neprothokholi yokubethela i-ESP traffic ngokuqhelekileyo inikezelwa yi-kernel yenkqubo yokusebenza. Iindlela zokuqinisekisa kwi-OpenIKED zinokusebenzisa izitshixo ekwabelwana ngazo kwangaphambili, i-EAP MSCHAPv2 enesatifikethi se-X.509, kunye nezitshixo zikawonke-wonke ze-RSA kunye ne-ECDSA.
Kwinguqulelo entsha:
- Izinto zokubala ezongeziweyo ezinezibalo zenkqubo ye-iked yangasemva, enokujongwa kusetyenziswa 'iikectl bonisa izibalo' umyalelo.
- Ukukwazi ukuthumela amatyathanga esatifikethi kwiintlawulo ezininzi ze-CERT kunikezelwe.
- Ukuphucula ukuhambelana neenguqulelo ezindala, umthwalo ohlawulayo kunye ne-ID yomthengisi yongeziwe.
- Ukuphuculwa kophando lwemithetho ethathela ingqalelo ipropathi ye-srcnat.
- Umsebenzi kunye ne-NAT-T kwi-Linux usekiwe.
umthombo: opennet.ru