Kudalulwe lokho UDavid S. Miller, obhekele uhlelo olungaphansi kwenethiwekhi yeLinux, uthathe nezimagqabhagqabha nge ukuqaliswa kwesixhumi esibonakalayo se-VPN sephrojekthi ye-WireGuard egatsheni elilandelayo. Ngayo ekuqaleni konyaka ozayo, izinguquko ezinqwabelene egatsheni elilandelayo bazokwakha isisekelo sokukhishwa kweLinux 5.6.
Kulabo abangazi I-WireGuard kufanele bazi ukuthi lokhu yi-VPN okwenziwa ngesisekelo sezindlela zesimanje zokubethela, inikeza ukusebenza okuphezulu kakhulu, kulula ukuyisebenzisa, Ayisiyinkimbinkimbi futhi izifakazele ekuthumeni okuningi okuphatha amavolumu aphezulu ethrafikhi.
Mayelana ne-WireGuard
Le phrojekthi yathuthukiswa kusukela ngo-2015, isidlulile ukucwaningwa okusemthethweni nokuqinisekiswa kwezindlela zokubethela ezisetshenzisiwe. Ukusekelwa kwe- I-WireGuard isivele ihlanganiswe ne-NetworkManager ne-systemd, nezimagqabhagqabha zezinhlamvu ziyingxenye yokwabiwa okuyisisekelo kweDebian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph, ne-ALT.
I-WireGuard isebenzisa umqondo wokhiye wokubethela, okubandakanya ukubopha ukhiye oyimfihlo kusixhumi esibonakalayo senethiwekhi ngayinye nokuwusebenzisa ukubopha izinkinobho zomphakathi. Ukushintshaniswa kokhiye bomphakathi ukusungula ukuxhumana kwenziwa ngokufaniswa ne-SSH.
Ukuxoxisana ngokhiye nokuxhuma ngaphandle kokuqala i-daemon ehlukile esikhaleni somsebenzisi, kusetshenziswa indlela yeNoise_IK yeNoise Protocol Framework, okufana nokunakekelwa kokhiye abagunyaziwe ku-SSH. Idatha idluliselwa ngokufakwa ngaphakathi kumaphakethe we-UDP. Ukusekela ukushintsha ikheli le-IP leseva ye-VPN (ukuzula) ngaphandle kokuphazamisa ukuxhumeka bese ulungisa kabusha iklayenti ngokuzenzakalela.
Ukubethela, kusetshenziswa ukubethela kwe-ChaCha20 kokusakazwa kanye ne-Poly1305 (MAC) yomyalezo wokuqinisekisa i-algorithm, lokhu kubekwe njengama-analogs asheshayo futhi aphephe kakhudlwana we-AES-256-CTR ne-HMAC, ukuqaliswa kwesoftware yayo okuvumela ukuthola isikhathi esinqunyiwe sokwenza ngaphandle kokubandakanya ukwesekwa okukhethekile kwehadiwe.
Ngemuva kwesikhathi eside iWireGuard ekugcineni izofakwa kwiLinux
Kwenziwe imizamo eyahlukahlukene yokuqhakambisa Ikhodi ye- I-WireGuard ngaphakathi kwe-Linux, kepha abaphumelelanga ngenxa yokubophezela kokusebenzisa kwabo imisebenzi ye-cryptographic, esetshenziselwe ukukhiqiza umkhiqizo.
Le misebenzi yaqale yaphakanyiswa ku-kernel njenge-API eyengeziwe esezingeni eliphansi, engagcina ithathe indawo ye-Crypto API ejwayelekile.
Ngemuva kwezingxoxo engqungqutheleni yeKernel Recipes, abadali be-WireGuard ngoSepthemba bathatha isinqumo sokuyekethisa ukushintsha amabala abo ukusebenzisa i-API eyinhloko ye-Crypto, lapho onjiniyela be-WireGuard banezikhalazo maqondana nokusebenza nokuphepha okujwayelekile.
Kwanqunywa ukuthi i-API izoqhubeka nokuthuthuka, kepha njengephrojekthi ehlukile.
Kamuva ngoNovemba, abathuthukisi be-kernel bazibophezela futhi bavumile ukudlulisela enye yekhodi ku-kernel enkulu. Eqinisweni, ezinye izinto zizodluliselwa ku-kernel, kepha hhayi njenge-API ehlukile, kepha njengengxenye yohlelo olungaphansi lwe-Crypto API.
Isibonelo, i-Crypto API isivele ifaka ukusetshenziswa okusheshayo okulungiselelwe yi-Wireguard we-ChaCha20 ne-Poly1305 algorithm.
Mayelana nokufakwa okulandelayo kwe-WireGuard enkabeni, umsunguli wephrojekthi umemezele ukwakhiwa kabusha kwenqolobane. Ukwenza intuthuko ibe lula, ikhosombe le-monolithic "WireGuard.git", elenzelwe ukuba khona okwehlukile, lizothathelwa indawo ngamakhosombe amathathu ahlukene afaneleke kakhulu ukuhlela umsebenzi wekhodi kukherneli eyinhloko:
- i-wireguard-linux.git - Isihlahla se-kernel esiphelele esinezinguquko kusuka kuphrojekthi ye-Wireguard, iziqeshana zazo ezizobuyekezwa ukuze zifakwe ku-kernel futhi zidluliselwe njalo emagatsheni enetha / enetha elilandelayo.
- wireguard-amathuluzi.git- Indawo yokugcina izinsiza nemibhalo esebenza esikhaleni somsebenzisi, njenge-wg ne-wg-quick. Indawo yokugcina ingasetshenziswa ukudala amaphakheji wokusabalalisa.
- i-wireguard-linux-compat.git indawo yokugcina enenketho yemodyuli, enikezwe ngokuhlukile kusuka ku-kernel futhi ifaka ungqimba lwe-compat.h ukuqinisekisa ukuhambisana nezinhlamvu ezindala. Ukuthuthuka okuyinhloko kuzokwenzeka endaweni yokugcina izinto i-wireguard-linux.git, kepha kuze kube manje abasebenzisi banethuba nesidingo senguqulo ehlukile yamachashazi nawo azosekelwa efomini elisebenzayo.