I-NetBSD Project Developers mayelana nokufakwa komshayeli we-wg ngokusetshenziswa kwephrothokholi ye-WireGuard ku-kernel enkulu ye-NetBSD. I-NetBSD ibe yi-OS yesithathu ngemuva kwe-Linux ne-OpenBSD ngokusekelwa okuhlanganisiwe kwe-WireGuard. Imiyalo ehlobene yokumisa i-VPN nayo inikezwa - i-wg-keygen ne-wgconfig. Ekucushweni kwe-kernel okuzenzakalelayo (GENERIC), umshayeli akakenziwa kusebenze futhi udinga inkomba ecacile ye-"pseudo-device wg" kuzilungiselelo.
Ukwengeza, kungaphawulwa isibuyekezo sokulungisa sephakheji ye-wireguard-Tools 1.0.20200820, ehlanganisa izinsiza zesikhala somsebenzisi ezifana ne-wg ne-wg-quick. Ukukhishwa okusha kulungiselela i-IPC ngokusekelwa okuzayo kwe-WireGuard ohlelweni lokusebenza lwe-FreeBSD. Ikhodi eqondene nezinkundla ezahlukene ihlukaniswe yaba amafayela ahlukene. Ukusekelwa komyalo "wokulayisha kabusha" kwengezwe kufayela leyunithi ye-systemd, elikuvumela ukuthi usebenzise izakhiwo ezifana ne-"systemctl reload wg-quick at wgnet0".
Ake sikukhumbuze ukuthi i-VPN WireGuard isetshenziswa ngesisekelo sezindlela zesimanje zokubethela, ihlinzeka ngokusebenza okuphezulu kakhulu, kulula ukuyisebenzisa, ayinazo izinkinga futhi izitholele yona enanini lokuthunyelwa okukhulu okucubungula umthamo omkhulu wethrafikhi. Lo msebenzi ubulokhu uthuthukiswa kusukela ngo-2015, ucwaningwe futhi izindlela zokubethela ezisetshenzisiwe. Ukusekelwa kwe-WireGuard sekuvele kuhlanganiswe ku-NetworkManager naku-systemd, futhi ama-kernel patches afakiwe ekusatshalalisweni kwesisekelo. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, и .
I-WireGuard isebenzisa umqondo womzila wokhiye wokubethela, obandakanya ukunamathisela ukhiye oyimfihlo kusixhumi esibonakalayo senethiwekhi ngasinye futhi siwusebenzise ukubopha okhiye basesidlangalaleni. Okhiye basesidlangalaleni bayashintshaniswa ukuze kusungulwe uxhumano ngendlela efanayo neye-SSH. Ukuze uxoxisane ngokhiye futhi uxhume ngaphandle kokusebenzisa i-daemon ehlukile endaweni yomsebenzisi, indlela ye-Noise_IK esuka ku- kufana nokugcina okhiye_abagunyaziwe ku-SSH. Ukudluliswa kwedatha kwenziwa ngokusebenzisa i-encapsulation kumaphakethe e-UDP. Isekela ukushintsha ikheli le-IP leseva ye-VPN (ukuzulazula) ngaphandle kokunqamula ukuxhumana ngokuhlelwa kabusha kweklayenti okuzenzakalelayo.
Okokubethela stream cipher kanye ne-algorithm yokuqinisekisa umlayezo (MAC) , eyakhiwe nguDaniel Bernstein (), Tanya Lange
(Tanja Lange) noPeter Schwabe. I-ChaCha20 ne-Poly1305 zibekwe njengama-analogue asheshayo naphephile we-AES-256-CTR ne-HMAC, ukuqaliswa kwesofthiwe okuvumela ukufeza isikhathi esinqunyiwe sokwenza ngaphandle kokusebenzisa ukusekelwa okukhethekile kwehadiwe. Ukuze ukhiqize ukhiye oyimfihlo owabiwe, i-elliptic curve Diffie-Hellman protocol isetshenziswa ekusetshenzisweni , futhi ehlongozwa nguDaniel Bernstein. I-algorithm esetshenziselwa i-hashing ithi .
Source: opennet.ru