Iphrojekthi ye-Firezone ithuthukisa iseva ye-VPN ukuze ihlele ukufinyelela kubabungazi kunethiwekhi engayodwana yangaphakathi kumadivayisi abasebenzisi atholakala kumanethiwekhi angaphandle. Le phrojekthi ihloselwe ukuzuza izinga eliphezulu lokuvikela nokwenza lula inqubo yokuthunyelwa kwe-VPN. Ikhodi yephrojekthi ibhalwe ku-Elixir neRuby, futhi isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0.
Le phrojekthi ithuthukiswa unjiniyela wezokuphepha ozenzakalelayo ovela kwaCisco, ozame ukwakha isisombululo esenza ngokuzenzakalelayo ukusebenza ngokuhlelwa komsingathi futhi aqede izinkinga obekumele kuhlangatshezwane nazo lapho kuhlelwa ukufinyelela okuphephile kuma-VPC wamafu. I-Firezone ingacatshangwa njengozakwabo womthombo ovulekile we-OpenVPN Access Server, eyakhelwe phezulu kwe-WireGuard esikhundleni se-OpenVPN.
Ukuze kufakwe, amaphakheji we-rpm kanye ne-deb anikezwa izinguqulo ezahlukene ze-CentOS, Fedora, Ubuntu kanye ne-Debian, ukufakwa kwayo okungadingi ukuncika kwangaphandle, njengoba konke ukuncika okudingekayo sekufakiwe kusetshenziswa ikhithi yamathuluzi ye-Chef Omnibus. Ukuze usebenze, udinga kuphela ikhithi yokusabalalisa ene-Linux kernel engekho endala kuno-4.19 kanye nemojula ye-kernel ehlanganisiwe ne-VPN WireGuard. Ngokusho kombhali, ukwethula nokusetha iseva ye-VPN kungenziwa ngemizuzu embalwa nje. Izingxenye zokusebenzelana kwewebhu zisebenza ngaphansi komsebenzisi ongenamalungelo, futhi ukufinyelela kutholakala kuphela nge-HTTPS.
Ukuhlela iziteshi zokuxhumana ku-Firezone, kusetshenziswa i-WireGuard. I-Firezone futhi inomsebenzi owakhelwe ngaphakathi we-firewall usebenzisa ama-nftables. Ngendlela yayo yamanje, i-firewall ikhawulelwe ekuvimbeni ithrafikhi ephumayo kubasingathi abathile noma ama-subnets kumanethiwekhi angaphakathi noma angaphandle. Ukuphatha kwenziwa ngesixhumi esibonakalayo sewebhu noma ngemodi yomugqa womyalo kusetshenziswa insiza ye-firezone-ctl. Isixhumi esibonakalayo sewebhu sisekelwe ku-Admin One Bulma.
Njengamanje, zonke izingxenye ze-Firezone zisebenza kuseva eyodwa, kodwa iphrojekthi ekuqaleni ithuthukiswa ngeso le-modularity futhi ngokuzayo ihlelelwe ukwengeza amandla okusabalalisa izingxenye zesixhumi esibonakalayo sewebhu, i-VPN kanye ne-firewall kubo bonke ababungazi abahlukene. Izinhlelo futhi zihlanganisa ukuhlanganiswa kwesivimbeli sesikhangiso sezinga le-DNS, ukusekelwa kosokhaya nohlu lwe-subnet block, amandla okuqinisekisa e-LDAP/SSO, namandla engeziwe okuphatha abasebenzisi.
Source: opennet.ru