ovpn-dco, kernel module yekumhanyisa OpenVPN kuita

Mazuva mashoma apfuura lVagadziri veOpenVPN vakaburitswa nhau dzekuti ivo vaunza kernel module inonzi "ovpn-dco" rine basa guru rekusimudzira zvakanyanya mashandiro eVPN.

Kunyangwe iyo module ichiri kusimukira mubazi re linux-rinotevera uye iine chinzvimbo chekuyedza, yatosvika padanho rekugadzikana yakaita kuti zvikwanise kuishandisa kuona kushanda kweOpenVPN.

Kuenzaniswa neiyo tun interface-yakavakirwa gadziriso, kushandiswa kwemo module pane mutengi uye padivi pe server nekushandiswa kweAES-256-GCM kunyorera kwakabvumidza kuwedzera ka8 kuita (kubva pa370 Mbit / s kusvika 2950 Mbit s).

Paunenge uchishandisa module chete padivi remutengi, mashandiro matatu emigwagwa inobuda uye haachinje kune traffic inopinda. Paunenge uchishandisa module chete parutivi rwe server, iyo yekuwedzera inowedzerwa ne4 yetraibha inopinda uye ne35% yetraffic inobuda.

Kuchengeteka ndechimwe chezvinhu zvakakosha zvekufunga kana uri online. Izvo zvakanyanya kuchengetedzeka kutaurirana kwako kwepamhepo zvine encryption, zvirinani. Data encryption yakadzora pasi komputa kumhanya munguva yakapfuura, iyo yakavandudzwa nemaCUU emazuva ano. Asi isu tinogona kuita zvakawanda. OpenVPN ichangobva kuburitsa kuvandudzwa kutsva kunozowedzera kumhanya kune vashandisi vayo kana vachinge vapera kubva kune kernel nzvimbo: OpenVPN Data Channel Offload (DCO).

Kumhanyisa kunowanikwa nekufambisa ese crypto mashandiro, Kugadziriswa kwepakeji uye manejimendi manejimendi kuLinux kernel, kubvisa iyo yakabatana pamusoro Nekuchinja kwemamiriro ezvinhu, zvinoita kuti zvikwanisike kugadzirisa basa nekuwana zvakananga maKernel emukati maAPI uye kubvisa kunonoka kwekufambisa data pakati penzvimbo nenzvimbo yemushandisi. (Iyo module inoita encryption, decryption, uye nzira pasina kutumira traffic kune mutungamiriri munzvimbo yemushandisi.)

Inofanira kuonekwa kuti kukanganisa kwakashata pane VPN kuita zvinonyanya kukonzerwa nekuvharira mashandiro ayo anoshandisa zviwanikwa zvakawanda uye kunonoka kunokonzerwa neshanduko yechinyorwa. Processor extensions senge Intel AES-NI yaishandiswa kumhanyisa kunyorera, asi switch switch dzaive dzichiri bhodhoro pamberi peovpn-dco.

Kunze kwekushandisa rairo dzakapihwa neye processor kumhanyisa kunyorera, iyo ovpn-dco module inopawo kupatsanurwa kwekuvharira mashandiro muzvikamu zvakasiyana uye kugadziriswa kwavo mune multithreaded mode, izvo zvinoita kuti zvikwanise kushandisa ese aripo CPU macores.

Yezve mushandisi-nzvimbo VPN, senge OpenVPN, kunyorera pamusoro uye mamiriro ekuchinja switch muganho wekumhanya. Nemazuva ano maCUU, encryption pamusoro yakagadziridzwa kuburikidza nekuwedzeredzwa seIntel AES-NI, inova zvakare inovandudza kumhanya kwevashandisi veOpenVPN.

Asi kuwandisa pamwe nemamiriro ekushanduka kuchiri kuda kugadziriswa. Sezvo yega uye bhizinesi Internet kumhanyisa kuwedzera uye mashandisiro anoshandisa yakawanda bandwidth, vashandisi vanotarisira kumhanya nekukurumidza nekutaurirana kwepamhepo. Naizvozvo, iko kukanganiswa kwemisoro iyi kwanyanya kuoneka.

Yezvino ganhurirwa izvo zvinotaurwa kubva mukuitwa uye izvo zvichabviswa zvakare mune ramangwana, chete iyo AEAD uye 'hapana' modes (isina kusimbiswa) uye AES-GCM uye CHACHA20POLY1305 ciphers.

Izvo zvinotaurwa zvakare kuti Tsigiro yeDCO inorongwa kuverengerwa mukuburitswa kwe iyo vhezheni ye VhuraVPN 2.6, yakarongerwa kota yechina yegore rino. Parizvino, module inotsigira iyo OpenVPN3 yakavhurika beta Linux mutengi uye iyo yekuyedza inovaka yeiyo OpenVPN server yeLinux. Iyo yakafanana module ovpn-dco-win iri kuvakwa zvakare kune iyo Windows kernel.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezve katsamba, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako