Isikhathi sesifikile lapho i-VPN ingaselona ithuluzi elingavamile labaphathi bohlelo lwentshebe. Abasebenzisi banemisebenzi ehlukene, kodwa iqiniso liwukuthi wonke umuntu udinga i-VPN.
Inkinga ngezixazululo zamanje ze-VPN ukuthi zinzima ukuzilungiselela kahle, kuyabiza ukuzigcina, futhi zigcwele ikhodi yefa yekhwalithi engabazekayo.
Eminyakeni embalwa edlule, uchwepheshe wezokuphepha kolwazi waseCanada uJason A. Donenfeld wanquma ukuthi wayesenele ngakho waqala ukusebenza ngokuqhubekayo.
Izinzuzo ezifunwayo ze-WireGuard ngaphezu kwezinye izixazululo ze-VPN:
- Kulula ukuyisebenzisa.
- Isebenzisa i-cryptography yesimanje: Uhlaka lwephrothokholi yomsindo, i-Curve25519, i-ChaCha20, i-Poly1305, i-BLAKE2, i-SipHash24, i-HKDF, njll.
- Ikhodi ehlangene, efundekayo, kulula ukuyiphenya ngobungozi.
- Ukusebenza okuphezulu.
- Icacile futhi inemininingwane
ukucaciswa .
Ingabe inhlamvu yesiliva itholakele? Ingabe yisikhathi sokungcwaba i-OpenVPN ne-IPSec? Nganquma ukubhekana nalokhu, futhi ngesikhathi esifanayo ngakwenza
Izimiso zomsebenzi
Izimiso zokusebenza zingachazwa kanje:
- Isixhumi esibonakalayo se-WireGuard siyadalwa futhi ukhiye oyimfihlo kanye nekheli le-IP kunikezwa kuso. Izilungiselelo zabanye ontanga zilayishiwe: okhiye babo basesidlangalaleni, amakheli e-IP, njll.
- Wonke amaphakethe e-IP afika kusixhumi esibonakalayo se-WireGuard ahlanganiswe ku-UDP kanye
zilethwe ngokuphepha abanye ontanga. - Amaklayenti acacisa ikheli le-IP lomphakathi leseva kuzilungiselelo. Iseva ibona ngokuzenzakalelayo amakheli angaphandle amaklayenti lapho idatha egunyazwe kahle itholwa kuwo.
- Iseva ingashintsha ikheli le-IP lomphakathi ngaphandle kokuphazamisa umsebenzi wayo. Ngesikhathi esifanayo, izothumela isaziso kumakhasimende axhunyiwe futhi azobuyekeza ukucushwa kwawo ngokuhamba kwesikhathi.
- Kusetshenziswa umqondo womzila
I-Cryptokey Routing . I-WireGuard yamukela futhi ithumele amaphakethe ngokusekelwe kukhiye womphakathi wontanga. Uma iseva isusa ukubethela iphakethe eligunyazwe ngokulungile, inkambu yayo ye-src iyahlolwa. Uma ifana nokucushwaallowed-ips
ontanga eqinisekisiwe, iphakethe litholwa isixhumi esibonakalayo se-WireGuard. Lapho uthumela iphakethe eliphumayo, inqubo ehambisanayo iyenzeka: inkambu ye-dst yephakethe ithathwa futhi, ngokususelwa kuyo, kukhethwa untanga ohambelanayo, iphakethe lisayinwe ngokhiye walo, libethelwe ngokhiye wontanga futhi lithunyelwe ekugcineni okukude. .
Yonke ingqondo eyinhloko ye-WireGuard ithatha imigqa yekhodi engaphansi kwezinkulungwane ezi-4, kuyilapho i-OpenVPN ne-IPSec zinamakhulu ezinkulungwane zemigqa. Ukuze kusekelwe ama-algorithms esimanjemanje e-cryptographic, kuhlongozwa ukuthi kufakwe i-cryptographic API entsha kukernel ye-Linux
Ukukhiqiza
Inzuzo ephezulu yokusebenza (uma iqhathaniswa ne-OpenVPN ne-IPSec) izobonakala ezinhlelweni ze-Linux, njengoba i-WireGuard isetshenziswa njengemojula ye-kernel lapho. Ngaphezu kwalokho, i-macOS, i-Android, i-iOS, i-FreeBSD ne-OpenBSD iyasekelwa, kodwa kuzo i-WireGuard isebenza endaweni yomsebenzisi nayo yonke imiphumela yokusebenza elandelayo. Ukusekelwa kweWindows kulindeleke ukuthi kwengezwe maduze nje.
Imiphumela yebhentshimakhi nge
Umuzwa wami wokusebenzisa
Angiyena uchwepheshe we-VPN. Ngake ngenza i-OpenVPN ngesandla futhi yayiyisicefe kakhulu, futhi angizange ngizame i-IPSec. Ziningi kakhulu izinqumo ongazithatha, kulula kakhulu ukuzidubula wena onyaweni. Ngakho-ke, ngangihlala ngisebenzisa imibhalo esenziwe ngomumo ukuze ngilungiselele iseva.
Ngakho-ke, i-WireGuard, ngokombono wami, ngokuvamile ilungele umsebenzisi. Zonke izinqumo ezisezingeni eliphansi zenziwa ekucacisweni, ngakho-ke inqubo yokulungiselela ingqalasizinda ye-VPN evamile ithatha imizuzu embalwa kuphela. Cishe akunakwenzeka ukukopela ekucushweni.
Inqubo yokufaka
Okhiye bokubethela bakhiqizwa insiza wg
:
SERVER_PRIVKEY=$( wg genkey )
SERVER_PUBKEY=$( echo $SERVER_PRIVKEY | wg pubkey )
CLIENT_PRIVKEY=$( wg genkey )
CLIENT_PUBKEY=$( echo $CLIENT_PRIVKEY | wg pubkey )
Okulandelayo, udinga ukudala ukulungiselelwa kweseva /etc/wireguard/wg0.conf
ngokuqukethwe okulandelayo:
[Interface]
Address = 10.9.0.1/24
PrivateKey = $SERVER_PRIVKEY
[Peer]
PublicKey = $CLIENT_PUBKEY
AllowedIPs = 10.9.0.2/32
bese uphakamisa umhubhe ngombhalo wg-quick
:
sudo wg-quick up /etc/wireguard/wg0.conf
Kumasistimu ane-systemd ungasebenzisa lokhu esikhundleni salokho sudo systemctl start [email protected]
.
Emshinini weklayenti, dala ukuhlela /etc/wireguard/wg0.conf
:
[Interface]
PrivateKey = $CLIENT_PRIVKEY
Address = 10.9.0.2/24
[Peer]
PublicKey = $SERVER_PUBKEY
AllowedIPs = 0.0.0.0/0
Endpoint = 1.2.3.4:51820 # ΠΠ½Π΅ΡΠ½ΠΈΠΉ IP ΡΠ΅ΡΠ²Π΅ΡΠ°
PersistentKeepalive = 25
Futhi uphakamise umhubhe ngendlela efanayo:
sudo wg-quick up /etc/wireguard/wg0.conf
Okusele nje ukulungisa i-NAT kuseva ukuze amaklayenti akwazi ukufinyelela i-inthanethi, futhi usuqedile!
Lokhu kusebenziseka kalula nokubumbana kwesisekelo sekhodi kwafinyelelwa ngokususa ukusebenza okubalulekile kokusabalalisa. Alukho uhlelo lwesitifiketi oluyinkimbinkimbi nakho konke lokhu kuthusa kwenkampani; okhiye abafushane bokubethela basakazwa njengokhiye be-SSH. Kepha lokhu kudala inkinga: I-WireGuard ngeke ibe lula kakhulu ukuyisebenzisa kwamanye amanethiwekhi akhona.
Phakathi kokubi, kubalulekile ukuqaphela ukuthi i-WireGuard ngeke isebenze ngommeleli we-HTTP, ngoba yi-protocol ye-UDP kuphela etholakalayo njengezokuthutha. Umbuzo uphakama: ingabe kuzokwenzekani ukuphazamisa iphrothokholi? Yiqiniso, lokhu akuwona umsebenzi oqondile we-VPN, kodwa ku-OpenVPN, isibonelo, kunezindlela zokuzifihla njenge-HTTPS, okusiza izakhamuzi zamazwe aphelele ukusebenzisa i-intanethi ngokugcwele.
okutholakele
Ukufingqa, lena iphrojekthi ethakazelisa kakhulu futhi ethembisayo, ungayisebenzisa kakade kumaseva womuntu siqu. Iyini inzuzo? Ukusebenza okuphezulu ezinhlelweni ze-Linux, ukusethwa kalula nokusekelwa, isisekelo sekhodi esihlangene nesifundekayo. Kodwa-ke, kusesekuseni kakhulu ukujaha ukudlulisa ingqalasizinda eyinkimbinkimbi ku-WireGuard; kufanelekile ukulinda ukufakwa kwayo ku-Linux kernel.
Ukonga isikhathi sami (nesakho), ngithuthukile
Source: www.habr.com