Iphrojekthi ye-Headscale ithuthukisa ukuqaliswa okuvulekile kwengxenye yeseva yenethiwekhi ye-Tailscale VPN, ekuvumela ukuthi udale amanethiwekhi we-VPN afana ne-Tailscale ezindaweni zakho siqu, ngaphandle kokuboshelwa ezinsizeni zezinkampani zangaphandle. Ikhodi ye-Headscale ibhalwe ku-Go futhi isatshalaliswa ngaphansi kwelayisensi ye-BSD. Lo msebenzi uthuthukiswa nguJuan Font we-European Space Agency.
I-Tailscale ikuvumela ukuthi uhlanganise inombolo engafanele yababungazi abahlakazeke ngokwendawo ibe yinethiwekhi eyodwa, eyakhelwe njengenethiwekhi ye-mesh, lapho i-node ngayinye ixhumana namanye ama-node ngokuqondile (P2P) noma ngokusebenzisa ama-node angomakhelwane, ngaphandle kokudlulisa ithrafikhi ngamaseva angaphandle aphakathi nendawo we-VPN. umhlinzeki. Ukufinyelela okusekelwe ku-ACL nokulawula umzila kuyasekelwa. Ukuze kusungulwe iziteshi zokuxhumana lapho kusetshenziswa abahumushi bekheli (NAT), usekelo luhlinzekwa ezindleleni ze-STUN, ICE kanye ne-DERP (efana ne-TURN, kodwa ngokusekelwe ku-HTTPS). Uma isiteshi sokuxhumana phakathi kwama-node athile sivinjiwe, inethiwekhi ingakha kabusha umzila ukuze iqondise ithrafikhi kwamanye ama-node.
I-Tailscale ihluke kuphrojekthi ye-Nebula, futhi ehloselwe ukudala amanethiwekhi e-VPN asabalalisiwe ane-mesh routing, ngokusebenzisa i-Wireguard protocol ukuhlela ukudluliswa kwedatha phakathi kwama-node, kuyilapho i-Nebula isebenzisa ukuthuthukiswa kwephrojekthi ye-Tinc, esebenzisa i-algorithm ye-AES-256 ukubethela amaphakethe. -GSM (I-Wireguard isebenzisa i-ChaCha20 cipher, lapho ekuhlolweni ebonisa ukuphuma nokuphendula okuphezulu).
Enye iphrojekthi efanayo ithuthukiswa ngokwehlukana - I-Innernet, lapho i-Wireguard protocol isetshenziselwa ukushintshanisa idatha phakathi kwamanodi. Ngokungafani ne-Tailscale ne-Nebula, i-Innernet isebenzisa isistimu yokuhlukanisa ukufinyelela okuhlukile, okusekelwe hhayi kuma-ACL anamathegi aboshwe ku-node ngayinye, kodwa ekuhlukaniseni ama-subnets kanye nokwabiwa kwebanga elihlukile lamakheli e-IP, njengakumanethiwekhi avamile e-Inthanethi. Ngaphezu kwalokho, esikhundleni solimi lwe-Go, i-Innernet isebenzisa ulimi lwe-Rust. Ezinsukwini ezintathu ezedlule, isibuyekezo se-Innernet 1.5 sashicilelwa ngokusekelwa okuthuthukisiwe kokunqamula kwe-NAT. Kukhona futhi iphrojekthi ye-Netmaker ekuvumela ukuthi uhlanganise amanethiwekhi anama-topology ahlukene usebenzisa i-Wireguard, kodwa ikhodi yayo inikezwa ngaphansi kwe-SSPL (Server Side Public License), engavulwanga ngenxa yokuba khona kwezidingo zokucwasa.
I-Tailscale isatshalaliswa kusetshenziswa imodeli ye-freemium, okusho ukusetshenziswa kwamahhala komuntu ngamunye kanye nokufinyelela okukhokhelwayo kwamabhizinisi namathimba. Izingxenye zeklayenti le-Tailscale, ngaphandle kwezicelo ezinemifanekiso ze-Windows ne-macOS, zithuthukiswa njengamaphrojekthi avulekile ngaphansi kwelayisensi ye-BSD. Isofthiwe yeseva esebenza ngasohlangothini lwe-Tailscale ingeyobunikazi, ihlinzeka ngokufakazela ubuqiniso lapho ixhuma amaklayenti amasha, ixhumanisa ukuphathwa kokhiye, futhi ihlela ukuxhumana phakathi kwamanodi. Iphrojekthi ye-Headscale ibhekana nalokhu kushiyeka futhi inikeza ukuqaliswa okuzimele, okuvulekile kwezingxenye ze-backend ye-Tailscale.
I-Headscale ithatha imisebenzi yokushintshisana ngokhiye basesidlangalaleni wamanodi, futhi yenza imisebenzi yokunikeza amakheli e-IP kanye nokusabalalisa amatafula omzila phakathi kwamanodi. Ngendlela yayo yamanje, i-Headscale isebenzisa wonke amakhono ayisisekelo weseva yokuphatha, ngaphandle kokusekelwa kwe-MagicDNS ne-Smart DNS. Ikakhulukazi, imisebenzi yokubhalisa ama-node (kuhlanganise newebhu), ukulungisa inethiwekhi ukuze ungeze noma ukhiphe ama-node, ukuhlukanisa ama-subnets usebenzisa izikhala zamagama (inethiwekhi eyodwa ye-VPN ingadalwa kubasebenzisi abaningana), ukuhlela ukufinyelela okwabiwe kwama-node kuma-subnets ezindaweni zamagama ezahlukene. , ukulawula umzila (okuhlanganisa nokwabela izindawo zokuphuma ukuze ufinyelele emhlabeni wangaphandle), ukuhlukaniswa kokufinyelela ngama-ACL, nokusebenza kwesevisi ye-DNS.
Source: opennet.ru