Iphrojekthi ye-OpenBSD ikhiphe i-OpenIKED 7.2, ukusetshenziswa kwephrothokholi ye-IKEv2 eyenziwe yiphrojekthi ye-OpenBSD. Lokhu ukukhishwa kwesine kwe-OpenIKED njengephrojekthi ezimele—izingxenye ze-IKEv2 ekuqaleni zaziyingxenye ebalulekile ye-OpenBSD IPsec stack, kodwa kamuva zahlukaniswa zaba iphakheji ehlukile, ephathekayo futhi manje zingasetshenziswa kwezinye izinhlelo zokusebenza. I-OpenIKED ihlolwe ku-FreeBSD, NetBSD, macOS kanye nokwabiwa okuhlukahlukene Linux, kufaka phakathi i-Arch, Debian, i-Fedora kanye UbuntuIkhodi ibhalwe ngo-C futhi isatshalaliswa ngaphansi kwelayisensi ye-ISC.
I-OpenIKED ikuvumela ukuthi usebenzise amanethiwekhi ayimfihlo asuselwa ku-IPsec. Isitaki se-IPsec sakhiwe izivumelwano ezimbili eziyinhloko: I-Key Exchange Protocol (IKE) kanye ne-Encrypted Transport Protocol (ESP). I-OpenIKED isebenzisa izici zokuqinisekisa, ukumisa, ukushintshanisa ukhiye, nokugcinwa kwenqubomgomo yezokuphepha, kanye nephrothokholi yokubethela ithrafikhi ye-ESP ngokuvamile inikezwa i-kernel yesistimu yokusebenza. Izindlela zokuqinisekisa ku-OpenIKED zingasebenzisa okhiye ababiwe ngaphambilini, i-EAP MSCHAPv2 ngesitifiketi se-X.509, kanye nokhiye basesidlangalaleni be-RSA kanye ne-ECDSA.
Enguqulweni entsha:
- Izibali ezingeziwe ezinezibalo zenqubo yangemuva ye-iked, engabukwa kusetshenziswa umyalo 'we-ikectl show stats'.
- Ikhono lokuthumela amaketango esitifiketi ekulayishweni okuningi kwe-CERT linikeziwe.
- Ukuze kuthuthukiswe ukusebenzisana nezinguqulo ezindala, umthwalo okhokhelwayo one-ID yomthengisi wengeziwe.
- Ukusesha okuthuthukisiwe kwemithetho kucatshangelwa impahla ye-srcnat.
- Sekusungulwe umsebenzi ne-NAT-T Linux.
Source: opennet.ru
