Iphrojekthi ye-OpenBSD isimemezele ukukhishwa kwe-OpenIKED 7.2, ukuqaliswa kwephrothokholi ye-IKEv2 eyenziwe yi-OpenBSD Project. Lokhu ukukhishwa kwesine kwe-OpenIKED njengephrojekthi ehlukile - izingxenye ze-IKEv2 ekuqaleni beziyingxenye ebalulekile yesitaki se-OpenBSD IPsec, kodwa zabe sezihlukaniswa zaba iphakheji eliphathekayo elihlukile futhi manje lingasetshenziswa kwezinye izinhlelo zokusebenza. I-OpenIKED ihlolwe ku-FreeBSD, NetBSD, macOS kanye nokusatshalaliswa kweLinux okuhlukahlukene okuhlanganisa i-Arch, Debian, Fedora kanye no-Ubuntu. Ikhodi ibhalwe ngo-C futhi isatshalaliswa ngaphansi kwelayisensi ye-ISC.
I-OpenIKED ikuvumela ukuthi usebenzise amanethiwekhi ayimfihlo asuselwa ku-IPsec. Isitaki se-IPsec sakhiwe izivumelwano ezimbili eziyinhloko: I-Key Exchange Protocol (IKE) kanye ne-Encrypted Transport Protocol (ESP). I-OpenIKED isebenzisa izici zokuqinisekisa, ukumisa, ukushintshanisa ukhiye, nokugcinwa kwenqubomgomo yezokuphepha, kanye nephrothokholi yokubethela ithrafikhi ye-ESP ngokuvamile inikezwa i-kernel yesistimu yokusebenza. Izindlela zokuqinisekisa ku-OpenIKED zingasebenzisa okhiye ababiwe ngaphambilini, i-EAP MSCHAPv2 ngesitifiketi se-X.509, kanye nokhiye basesidlangalaleni be-RSA kanye ne-ECDSA.
Enguqulweni entsha:
- Izibali ezingeziwe ezinezibalo zenqubo yangemuva ye-iked, engabukwa kusetshenziswa umyalo 'we-ikectl show stats'.
- Ikhono lokuthumela amaketango esitifiketi ekulayishweni okuningi kwe-CERT linikeziwe.
- Ukuze kuthuthukiswe ukusebenzisana nezinguqulo ezindala, umthwalo okhokhelwayo one-ID yomthengisi wengeziwe.
- Ukusesha okuthuthukisiwe kwemithetho kucatshangelwa impahla ye-srcnat.
- Ukusebenza ne-NAT-T ku-Linux sekusunguliwe.
Source: opennet.ru