Abathuthukisi bephakheji yenethiwekhi yangasese ye-OpenVPN ebonakalayo bethule i-ovpn-dco kernel module, engasheshisa kakhulu ukusebenza kwe-VPN. Naphezu kokuthi i-module isathuthukiswa ngeso kuphela egatsheni le-linux-elilandelayo futhi inesimo sokuhlola, isivele ifinyelele izinga lokuzinza elivumela ukuthi lisetshenziswe ukuze kuqinisekiswe ukusebenza kwesevisi ye-OpenVPN Cloud.
Uma kuqhathaniswa nokucushwa okusekelwe kusixhumi esibonakalayo se-tun, ukusetshenziswa kwemojula kuklayenti nezinhlangothi zeseva kusetshenziswa i-cipher ye-AES-256-GCM kwenze kwaba nokwenzeka ukuzuza ukwanda okuphindwe ka-8 kokuphumayo (kusuka ku-370 Mbit/s kuya ku-2950 Mbit /s). Uma usebenzisa imojuli kuphela ohlangothini lweklayenti, ukuphuma kukhuphuke ngokuphindwe kathathu kuthrafikhi ephumayo futhi akuzange kushintshe kuthrafikhi engenayo. Uma usebenzisa imojula kuphela ohlangothini lweseva, ukuphuma kukhuphuke izikhathi ezi-4 kuthrafikhi engenayo nangama-35% kuthrafikhi ephumayo.
Ukusheshisa kufinyelelwa ngokuhambisa yonke imisebenzi yokubethela, ukucutshungulwa kwephakethe kanye nokuphathwa kwesiteshi sokuxhumana ohlangothini lwe-Linux kernel, okususa i-overhead ehlobene nokushintsha komongo, kwenza kube nokwenzeka ukukhulisa umsebenzi ngokufinyelela ngokuqondile kuma-API we-kernel yangaphakathi futhi kuqede ukudluliswa kwedatha okuhamba kancane phakathi kwe-kernel. kanye nesikhala somsebenzisi (ukubethela, ukukhishwa kwekhodi kanye nomzila kwenziwa yimojuli ngaphandle kokuthumela ithrafikhi kusibambi esikhaleni somsebenzisi).
Kuyaphawulwa ukuthi umthelela omubi ekusebenzeni kwe-VPN ubangelwa ikakhulukazi ukusebenza kokubethela okugxilile kwensiza kanye nokubambezeleka okubangelwa ukushintsha kokuqukethwe. Izandiso zephrosesa ezifana ne-Intel AES-NI zasetshenziselwa ukusheshisa ukubethela, kodwa ukushintsha kokuqukethwe kwahlala kuyibhodlela kuze kube yilapho kufika i-ovpn-dco. Ngaphezu kokusebenzisa imiyalelo enikezwe iphrosesa ukusheshisa ukubethela, imojula ye-ovpn-dco iqinisekisa futhi ukuthi imisebenzi yokubethela ihlukaniswe yaba izingxenye ezihlukene futhi icutshungulwe ngemodi enezintambo eziningi, evumela ukusetshenziswa kwawo wonke ama-CPU cores atholakalayo.
Imikhawulo yamanje yokusetshenziswa okuzobhekwana nayo esikhathini esizayo ihlanganisa ukusekelwa kwezindlela ze-AEAD nezithi 'akekho' kuphela, kanye namaciphe e-AES-GCM kanye ne-CHACHA20POLY1305. Ukusekelwa kwe-DCO kuhlelwe ukuthi kufakwe ekukhululweni kwe-OpenVPN 2.6, ehlelelwe ikota yesi-4 yalo nyaka. Imojuli okwamanje iyasekelwa ekuhloleni i-beta kweklayenti le-OpenVPN3 Linux kanye nezakhiwo zokuhlola zeseva ye-OpenVPN ye-Linux. Imojula efanayo, i-ovpn-dco-win, nayo iyathuthukiswa i-Windows kernel.
Source: opennet.ru