Namuhla uLinus uhambise kuye igatsha elilandelayo elinezixhumanisi ze-VPN
Ukuqoqwa kwekhodi ye-Linux 5.6 kernel entsha kuyaqhubeka okwamanje. I-WireGuard iyi-VPN yesizukulwane esilandelayo esheshayo esebenzisa i-cryptography yesimanje. Yasungulwa ekuqaleni njengendlela elula futhi elula kakhulu kuma-VPN akhona. Umbhali uchwepheshe wezokuphepha kolwazi waseCanada u-Jason A. Donenfeld. Ngo-Agasti 2018, i-WireGuard
"Ngibona ukuthi uJason wenze isicelo sokudonsa i-WireGuard ku-kernel," kubhala uLinus ngo-Agasti 2, 2018. - Ngingakwazi yini ukuphinde ngimemezele uthando lwami ngale VPN futhi ngethemba ukuhlangana maduze? Ikhodi ingase ingabi ephelele, kodwa ngiyibhekile, futhi uma ngiqhathanisa nezimo ezesabekayo ze-OpenVPN ne-IPSec, kuwumsebenzi wangempela wobuciko. "
Naphezu kwezifiso zikaLinus, ukuhlanganiswa kudonse unyaka nesigamu. Inkinga eyinhloko ivele iboshelwe ekusetshenzisweni kobunikazi kwemisebenzi ye-cryptographic, eyasetshenziselwa ukuthuthukisa ukusebenza. Ngemuva kwezingxoxo ezinde ngoSepthemba 2019 kwaba njalo
Ekugcineni, ngoDisemba 9, 2019, uDavid S. Miller, obhekelele uhlelo olungaphansi lwenethiwekhi ye-Linux kernel,
Futhi namuhla, Januwari 29, 2020, izinguquko ziye ku-Linus ukuze zifakwe ku-kernel.
Izinzuzo ezifunwayo ze-WireGuard ngaphezu kwezinye izixazululo ze-VPN:
- Kulula ukuyisebenzisa.
- Isebenzisa i-cryptography yesimanje: Uhlaka lwephrothokholi yomsindo, i-Curve25519, i-ChaCha20, i-Poly1305, i-BLAKE2, i-SipHash24, i-HKDF, njll.
- Ikhodi ehlangene, efundekayo, kulula ukuyiphenya ngobungozi.
- Ukusebenza okuphezulu.
- Icacile futhi inemininingwane
ukucaciswa .
Yonke ingqondo eyinhloko ye-WireGuard ithatha imigqa yekhodi engaphansi kuka-4000, kanti i-OpenVPN ne-IPSec zidinga amakhulu ezinkulungwane zemigqa.
βI-WireGuard isebenzisa umqondo womzila wokhiye wokubethela, ohlanganisa ukunamathisela ukhiye oyimfihlo kusixhumi esibonakalayo senethiwekhi ngayinye nokusebenzisa okhiye basesidlangalaleni ukuyibopha. Okhiye basesidlangalaleni bayashintshaniswa ukuze kusungulwe uxhumano ngendlela efanayo neye-SSH. Ukuze uxoxisane ngokhiye futhi uxhume ngaphandle kokusebenzisa i-daemon ehlukile endaweni yomsebenzisi, indlela ye-Noise_IK esuka ku-
I-Noise Protocol Framework kufana nokugcina okhiye_abagunyaziwe ku-SSH. Ukudluliswa kwedatha kwenziwa ngokusebenzisa i-encapsulation kumaphakethe e-UDP. Isekela ukushintsha ikheli le-IP leseva ye-VPN (ukuzulazula) ngaphandle kokunqamula ukuxhumana nokulungiswa kabusha okuzenzakalelayo kweklayenti, -ubhala I-Opennet.Okokubethela
isetshenzisiwe stream cipherI-ChaCha20 kanye ne-algorithm yokuqinisekisa umlayezo (MAC)I-Poly1305 , eyakhiwe nguDaniel Bernstein (Daniel J. Bernstein ), uTanja Lange noPeter Schwabe. I-ChaCha20 ne-Poly1305 zibekwe njengama-analogue asheshayo futhi aphephile e-AES-256-CTR ne-HMAC, ukuqaliswa kwesofthiwe okuvumela ukufeza isikhathi esinqunyiwe sokwenza ngaphandle kokusebenzisa ukusekelwa okukhethekile kwehadiwe. Ukuze ukhiqize ukhiye oyimfihlo owabiwe, i-elliptic curve Diffie-Hellman protocol isetshenziswa ekusetshenzisweniI-Curve25519 , futhi ehlongozwa nguDaniel Bernstein. I-algorithm esetshenziselwa i-hashing ithiI-BLAKE2s (RFC7693) ".
Imiphumela
Umkhawulokudonsa (megabit/s)
I-Ping (ms)
Ukucushwa kokuhlola:
- I-Intel Core i7-3820QM ne-Intel Core i7-5200U
- Gigabit amakhadi Intel 82579LM kanye Intel I218LM
- Linux 4.6.1
- Ukucushwa kwe-WireGuard: 256-bit ChaCha20 ene-Poly1305 ye-MAC
- Ukucushwa kwe-IPsec yokuqala: i-256-bit ChaCha20 ene-Poly1305 ye-MAC
- Ukucushwa kwe-IPsec kwesibili: AES-256-GCM-128 (nge-AES-NI)
- Ukucushwa kwe-OpenVPN: I-AES 256-bit elingana ne-cipher suite ene-HMAC-SHA2-256, imodi ye-UDP
- Ukusebenza kukalwe kusetshenziswa
iperf3
, ibonisa umphumela omaphakathi ngaphezu kwemizuzu engama-30.
Ngokombono, uma sekuhlanganiswe isitaki senethiwekhi, i-WireGuard kufanele isebenze ngokushesha okukhulu. Kodwa empeleni lokhu ngeke kube njalo ngenxa yokushintshela emisebenzini ye-cryptographic ye-Crypto API eyakhelwe ku-kernel. Mhlawumbe akuzona zonke ezilungiselelwe izinga lokusebenza le-WireGuard yomdabu.
"Ngokombono wami, i-WireGuard ngokuvamile ilungele umsebenzisi. Zonke izinqumo ezisezingeni eliphansi zenziwa ekucacisweni, ngakho-ke inqubo yokulungiselela ingqalasizinda ye-VPN evamile ithatha imizuzu embalwa kuphela. Cishe akunakwenzeka ukumosha ukucushwa -
wabhala ngo-Habre ngo-2018. - Inqubo yokufakakuchazwe ngokuningiliziwe kuwebhusayithi esemthethweni, ngithanda ukuphawula ngokuhlukile okuhle kakhuluUkwesekwa kwe-OpenWRT . Lokhu kulula ukusetshenziswa nokubumbana kwesisekelo sekhodi kwafinyelelwa ngokuqeda ukusatshalaliswa kokhiye. Alukho uhlelo lwesitifiketi oluyinkimbinkimbi kanye nakho konke lokhu kuthusa kwenkampani; okhiye abafushane bokubethela basakazwa njengokhiye be-SSH.β
Iphrojekthi ye-WireGuard ithuthukiswa kusukela ngo-2015, ihlolwe futhi
Source: www.habr.com