Kwiintsuku ezimbalwa ezidlulileyo lAbaphuhlisi be-OpenVPN bakhutshiwe iindaba zokuba bazise imodyuli yekernel ebizwa ngokuba yi "ovpn-dco" owona msebenzi uphambili kukukhawulezisa ngokubonakalayo ukusebenza kweVPN.
Nangona imodyuli isaphuhlisa kwisebe elilandelayo le-linux kwaye inesimo sokuvavanywa, sele ifikelele kwinqanaba lokuzinza elenza ukuba kube lula ukuyisebenzisa ukuqinisekisa ukusebenza kwe-OpenVPN.
Xa kuthelekiswa nolungelelwaniso olusekwe kuthungelwano, Ukusetyenziswa kwemodyuli kwicala lomxhasi nakwiseva ngokusetyenziswa kwe-AES-256-GCM encryption kuvunyelwe ukonyuka okuphindwe ka-8 kwintsebenzo (ukusuka kuma-370 Mbit / s ukuya kuma-2950 Mbit s).
Xa usebenzisa imodyuli kuphela kwicala lomthengi, ukusebenza kathathu kwitrafikhi ephumayo kwaye ayitshintshi kwitrafikhi engenayo. Xa usebenzisa imodyuli kuphela kwicala leseva, ukuphuma kuphindaphindwe ngo-4 kwitrafikhi engenayo nangama-35% kutrafikhi ephumayo.
Ukhuseleko yenye yezona zinto zibalulekileyo ekufuneka uziqwalasele xa ukwi-Intanethi. Xa unxibelelwano lwakho olukhuselekileyo lukhuselekile ngokufihla, kubhetele. Ukubethela idatha kuye kwacothisa isantya sekhompyuter kwixesha elidlulileyo, eliphuculeyo ngee-CPU zangoku. Kodwa sinokwenza ngaphezulu. I-OpenVPN isandula ukwazisa uphuhliso olutsha olonyusa isantya sabasebenzisi bayo xa bephelelwa yindawo yekernel: I-OpenVPN Idatha yokuThumela umthwalo (DCO).
Ukukhawulezisa kufezekiswa ngokuhambisa yonke imisebenzi ye-crypto, Ukulungiswa kwephakheji kunye nolawulo lwejelo kwi-kernel yeLinux, ishenxisa intloko edibeneyo Ngokutshintsha komxholo, kwenza ukuba kube lula ukuhlengahlengisa umsebenzi ngokufikelela ngokuthe ngqo kwi-API yangaphakathi ye-kernel kunye nokususa ukudluliselwa kwedatha okucothayo phakathi kwekernel kunye nendawo yomsebenzisi. (Imodyuli yenza ukubethela, ukuguqulela, kunye nokuhamba ngaphandle kokuthumela itrafikhi kumlawuli kwindawo yomsebenzisi.)
Kufuneka kuqatshelwe ukuba ifuthe elibi kwintsebenzo yeVPN ikakhulu kungenxa yokusebenza kwemfihlo ebhengeza izixhobo ezininzi kunye nokulibaziseka okubangelwe kukutshintsha kwemeko. Iiprosesa zolwandiso ezinje nge-Intel AES-NI zazisetyenziselwa ukukhawulezisa ukubethela, kodwa ukutshintsha kwemeko yayiseyibhotile ngaphambi kwe-ovpn-dco.
Ukongeza ekusebenziseni imiyalelo enikezwe yiprosesa ukukhawulezisa ukubethela, imodyuli ye-ovpn-dco ikwabonelela ngokwahlulwa kwemisebenzi yokubhala ngokufihlakeleyo kumacandelo ahlukeneyo kunye nokusebenza kwayo kwimowudi efundwayo, eyenza ukuba kube lula ukusebenzisa zonke ii-CPU cores ezikhoyo.
Indawo ye-VPN yomsebenzisi, njengeOpenVPN, ukubethela ngaphezulu kunye nokutshintsha komxholo kwisantya. Ngee-CPU zale mihla, ukubethela ngaphezulu kuye kwaphuculwa ngokwandiswa njenge-Intel AES-NI, ethi yona iphucule isantya sabasebenzisi be-OpenVPN.
Kodwa ukulayisha ngaphezulu kokutshintsha komxholo kusafuna ukulungiswa. Njengokuba isantya sobuqu kunye neshishini kwi-Intanethi sisanda kwaye usetyenziso lusebenzisa i-bandwidth engaphezulu, abasebenzisi balindele isantya esikhawulezayo kunxibelelwano lwe-Intanethi. Ke ngoko, iimpembelelo zezi zihloko ziye zaqapheleka ngakumbi.
Kwimida ekhoyo ngoku ezichazwe ekuphunyezweni kwaye ziya kupheliswa nakwixa elizayo, kuphela Iindlela ze-AEAD kunye 'akukho' (ngaphandle kokungqinisisa) kunye ne-AES-GCM kunye ne-CHACHA20POLY1305 ciphers.
Kukwakhankanyiwe ukuba Inkxaso yeDCO icwangcisiwe ukuba ibandakanywe ekukhululweni kwe Inguqulelo ye VulaVPN 2.6, icwangciselwe ikota yesine yalo nyaka. Okwangoku, imodyuli ixhasa umxhasi ovulekileyo we-beta ye-beta ye-Linux kunye nolwakhiwo lovavanyo lweseva ye-OpenVPN yeLinux. Imodyuli efanayo ye-ovpn-dco-win ikwenzelwe i-kernel yeWindows.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nenqaku, unokujonga iinkcukacha Kule khonkco ilandelayo.