Isikhathi sesifikile lapho i-VPN ingaselona ithuluzi elingavamile labaphathi bohlelo lwentshebe. Abasebenzisi banemisebenzi ehlukene, kodwa iqiniso liwukuthi wonke umuntu udinga i-VPN.
Inkinga ngezixazululo zamanje ze-VPN ukuthi zinzima ukuzilungiselela kahle, kuyabiza ukuzigcina, futhi zigcwele ikhodi yefa yekhwalithi engabazekayo.
Eminyakeni embalwa edlule, uchwepheshe wezokuphepha kolwazi waseCanada uJason A. Donenfeld wanquma ukuthi wayesenele ngakho waqala ukusebenza ngokuqhubekayo. . I-WireGuard manje isilungiselelwa ukufakwa ku-Linux kernel futhi isize yanconywa futhi ku .
Izinzuzo ezifunwayo ze-WireGuard ngaphezu kwezinye izixazululo ze-VPN:
- Kulula ukuyisebenzisa.
- Isebenzisa i-cryptography yesimanje: Uhlaka lwephrothokholi yomsindo, i-Curve25519, i-ChaCha20, i-Poly1305, i-BLAKE2, i-SipHash24, i-HKDF, njll.
- Ikhodi ehlangene, efundekayo, kulula ukuyiphenya ngobungozi.
- Ukusebenza okuphezulu.
- Icacile futhi inemininingwane .
Ingabe inhlamvu yesiliva itholakele? Ingabe yisikhathi sokungcwaba i-OpenVPN ne-IPSec? Nganquma ukubhekana nalokhu, futhi ngesikhathi esifanayo ngakwenza .
Izimiso zomsebenzi
Izimiso zokusebenza zingachazwa kanje:
- Isixhumi esibonakalayo se-WireGuard siyadalwa futhi ukhiye oyimfihlo kanye nekheli le-IP kunikezwa kuso. Izilungiselelo zabanye ontanga zilayishiwe: okhiye babo basesidlangalaleni, amakheli e-IP, njll.
- Wonke amaphakethe e-IP afika kusixhumi esibonakalayo se-WireGuard ahlanganiswe ku-UDP kanye abanye ontanga.
- Amaklayenti acacisa ikheli le-IP lomphakathi leseva kuzilungiselelo. Iseva ibona ngokuzenzakalelayo amakheli angaphandle amaklayenti lapho idatha egunyazwe kahle itholwa kuwo.
- Iseva ingashintsha ikheli le-IP lomphakathi ngaphandle kokuphazamisa umsebenzi wayo. Ngesikhathi esifanayo, izothumela isaziso kumakhasimende axhunyiwe futhi azobuyekeza ukucushwa kwawo ngokuhamba kwesikhathi.
- Kusetshenziswa umqondo womzila . I-WireGuard yamukela futhi ithumele amaphakethe ngokusekelwe kukhiye womphakathi wontanga. Uma iseva isusa ukubethela iphakethe eligunyazwe ngokulungile, inkambu yayo ye-src iyahlolwa. Uma ifana nokucushwa
allowed-ipsontanga eqinisekisiwe, iphakethe litholwa isixhumi esibonakalayo se-WireGuard. Lapho uthumela iphakethe eliphumayo, inqubo ehambisanayo iyenzeka: inkambu ye-dst yephakethe ithathwa futhi, ngokususelwa kuyo, kukhethwa untanga ohambelanayo, iphakethe lisayinwe ngokhiye walo, libethelwe ngokhiye wontanga futhi lithunyelwe ekugcineni okukude. .
Yonke ingqondo eyinhloko ye-WireGuard ithatha imigqa yekhodi engaphansi kwezinkulungwane ezi-4, kuyilapho i-OpenVPN ne-IPSec zinamakhulu ezinkulungwane zemigqa. Ukuze kusekelwe ama-algorithms esimanjemanje e-cryptographic, kuhlongozwa ukuthi kufakwe i-cryptographic API entsha kukernel ye-Linux . Njengamanje kunengxoxo eqhubekayo mayelana nokuthi wumqondo omuhle yini lona.
Ukukhiqiza
Inzuzo ephezulu yokusebenza (uma iqhathaniswa ne-OpenVPN ne-IPSec) izobonakala ezinhlelweni ze-Linux, njengoba i-WireGuard isetshenziswa njengemojula ye-kernel lapho. Ngaphezu kwalokho, i-macOS, i-Android, i-iOS, i-FreeBSD ne-OpenBSD iyasekelwa, kodwa kuzo i-WireGuard isebenza endaweni yomsebenzisi nayo yonke imiphumela yokusebenza elandelayo. Ukusekelwa kweWindows kulindeleke ukuthi kwengezwe maduze nje.
Imiphumela yebhentshimakhi nge :
Umuzwa wami wokusebenzisa
Angiyena uchwepheshe we-VPN. Ngake ngenza i-OpenVPN ngesandla futhi yayiyisicefe kakhulu, futhi angizange ngizame i-IPSec. Ziningi kakhulu izinqumo ongazithatha, kulula kakhulu ukuzidubula wena onyaweni. Ngakho-ke, ngangihlala ngisebenzisa imibhalo esenziwe ngomumo ukuze ngilungiselele iseva.
Ngakho-ke, i-WireGuard, ngokombono wami, ngokuvamile ilungele umsebenzisi. Zonke izinqumo ezisezingeni eliphansi zenziwa ekucacisweni, ngakho-ke inqubo yokulungiselela ingqalasizinda ye-VPN evamile ithatha imizuzu embalwa kuphela. Cishe akunakwenzeka ukukopela ekucushweni.
Inqubo yokufaka kuwebhusayithi esemthethweni, ngithanda ukuphawula ngokuhlukile okuhle kakhulu .
Okhiye bokubethela bakhiqizwa insiza wg:
SERVER_PRIVKEY=$( wg genkey )
SERVER_PUBKEY=$( echo $SERVER_PRIVKEY | wg pubkey )
CLIENT_PRIVKEY=$( wg genkey )
CLIENT_PUBKEY=$( echo $CLIENT_PRIVKEY | wg pubkey )Okulandelayo, udinga ukudala ukulungiselelwa kweseva /etc/wireguard/wg0.conf ngokuqukethwe okulandelayo:
[Interface]
Address = 10.9.0.1/24
PrivateKey = $SERVER_PRIVKEY
[Peer]
PublicKey = $CLIENT_PUBKEY
AllowedIPs = 10.9.0.2/32bese uphakamisa umhubhe ngombhalo wg-quick:
sudo wg-quick up /etc/wireguard/wg0.confKumasistimu ane-systemd ungasebenzisa lokhu esikhundleni salokho sudo systemctl start [email protected].
Emshinini weklayenti, dala ukuhlela /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = $CLIENT_PRIVKEY
Address = 10.9.0.2/24
[Peer]
PublicKey = $SERVER_PUBKEY
AllowedIPs = 0.0.0.0/0
Endpoint = 1.2.3.4:51820 # ΠΠ½Π΅ΡΠ½ΠΈΠΉ IP ΡΠ΅ΡΠ²Π΅ΡΠ°
PersistentKeepalive = 25 Futhi uphakamise umhubhe ngendlela efanayo:
sudo wg-quick up /etc/wireguard/wg0.confOkusele nje ukulungisa i-NAT kuseva ukuze amaklayenti akwazi ukufinyelela i-inthanethi, futhi usuqedile!
Lokhu kusebenziseka kalula nokubumbana kwesisekelo sekhodi kwafinyelelwa ngokususa ukusebenza okubalulekile kokusabalalisa. Alukho uhlelo lwesitifiketi oluyinkimbinkimbi nakho konke lokhu kuthusa kwenkampani; okhiye abafushane bokubethela basakazwa njengokhiye be-SSH. Kepha lokhu kudala inkinga: I-WireGuard ngeke ibe lula kakhulu ukuyisebenzisa kwamanye amanethiwekhi akhona.
Phakathi kokubi, kubalulekile ukuqaphela ukuthi i-WireGuard ngeke isebenze ngommeleli we-HTTP, ngoba yi-protocol ye-UDP kuphela etholakalayo njengezokuthutha. Umbuzo uphakama: ingabe kuzokwenzekani ukuphazamisa iphrothokholi? Yiqiniso, lokhu akuwona umsebenzi oqondile we-VPN, kodwa ku-OpenVPN, isibonelo, kunezindlela zokuzifihla njenge-HTTPS, okusiza izakhamuzi zamazwe aphelele ukusebenzisa i-intanethi ngokugcwele.
okutholakele
Ukufingqa, lena iphrojekthi ethakazelisa kakhulu futhi ethembisayo, ungayisebenzisa kakade kumaseva womuntu siqu. Iyini inzuzo? Ukusebenza okuphezulu ezinhlelweni ze-Linux, ukusethwa kalula nokusekelwa, isisekelo sekhodi esihlangene nesifundekayo. Kodwa-ke, kusesekuseni kakhulu ukujaha ukudlulisa ingqalasizinda eyinkimbinkimbi ku-WireGuard; kufanelekile ukulinda ukufakwa kwayo ku-Linux kernel.
Ukonga isikhathi sami (nesakho), ngithuthukile . Ngosizo lwayo, ungazisethela wena nabangane bakho i-VPN yomuntu siqu ngaphandle kokuqonda lutho ngayo.
Source: www.habr.com