I-WireGuard yamukelwe futhi izofakwa enguqulweni elandelayo ye-Linux 5.6

Darkcrizt

Imizuzu ye-4

ucingo

Kudalulwe lokho UDavid S. Miller, obhekele uhlelo olungaphansi kwenethiwekhi yeLinux, uthathe nezimagqabhagqabha nge ukuqaliswa kwesixhumi esibonakalayo se-VPN sephrojekthi ye-WireGuard egatsheni elilandelayo. Ngayo ekuqaleni konyaka ozayo, izinguquko ezinqwabelene egatsheni elilandelayo bazokwakha isisekelo sokukhishwa kweLinux 5.6.

Kulabo abangazi I-WireGuard kufanele bazi ukuthi lokhu yi-VPN okwenziwa ngesisekelo sezindlela zesimanje zokubethela, inikeza ukusebenza okuphezulu kakhulu, kulula ukuyisebenzisa, Ayisiyinkimbinkimbi futhi izifakazele ekuthumeni okuningi okuphatha amavolumu aphezulu ethrafikhi.

Mayelana ne-WireGuard

Le phrojekthi yathuthukiswa kusukela ngo-2015, isidlulile ukucwaningwa okusemthethweni nokuqinisekiswa kwezindlela zokubethela ezisetshenzisiwe. Ukusekelwa kwe- I-WireGuard isivele ihlanganiswe ne-NetworkManager ne-systemd, nezimagqabhagqabha zezinhlamvu ziyingxenye yokwabiwa okuyisisekelo kweDebian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph, ne-ALT.

I-WireGuard isebenzisa umqondo wokhiye wokubethela, okubandakanya ukubopha ukhiye oyimfihlo kusixhumi esibonakalayo senethiwekhi ngayinye nokuwusebenzisa ukubopha izinkinobho zomphakathi. Ukushintshaniswa kokhiye bomphakathi ukusungula ukuxhumana kwenziwa ngokufaniswa ne-SSH.

Ukuxoxisana ngokhiye nokuxhuma ngaphandle kokuqala i-daemon ehlukile esikhaleni somsebenzisi, kusetshenziswa indlela yeNoise_IK yeNoise Protocol Framework, okufana nokunakekelwa kokhiye abagunyaziwe ku-SSH. Idatha idluliselwa ngokufakwa ngaphakathi kumaphakethe we-UDP. Ukusekela ukushintsha ikheli le-IP leseva ye-VPN (ukuzula) ngaphandle kokuphazamisa ukuxhumeka bese ulungisa kabusha iklayenti ngokuzenzakalela.

Ukubethela, kusetshenziswa ukubethela kwe-ChaCha20 kokusakazwa kanye ne-Poly1305 (MAC) yomyalezo wokuqinisekisa i-algorithm, lokhu kubekwe njengama-analogs asheshayo futhi aphephe kakhudlwana we-AES-256-CTR ne-HMAC, ukuqaliswa kwesoftware yayo okuvumela ukuthola isikhathi esinqunyiwe sokwenza ngaphandle kokubandakanya ukwesekwa okukhethekile kwehadiwe.

Ngemuva kwesikhathi eside iWireGuard ekugcineni izofakwa kwiLinux

Linux

Kwenziwe imizamo eyahlukahlukene yokuqhakambisa Ikhodi ye- I-WireGuard ngaphakathi kwe-Linux, kepha abaphumelelanga ngenxa yokubophezela kokusebenzisa kwabo imisebenzi ye-cryptographic, esetshenziselwe ukukhiqiza umkhiqizo.

Le misebenzi yaqale yaphakanyiswa ku-kernel njenge-API eyengeziwe esezingeni eliphansi, engagcina ithathe indawo ye-Crypto API ejwayelekile.

Ngemuva kwezingxoxo engqungqutheleni yeKernel Recipes, abadali be-WireGuard ngoSepthemba bathatha isinqumo sokuyekethisa ukushintsha amabala abo ukusebenzisa i-API eyinhloko ye-Crypto, lapho onjiniyela be-WireGuard banezikhalazo maqondana nokusebenza nokuphepha okujwayelekile.

Kwanqunywa ukuthi i-API izoqhubeka nokuthuthuka, kepha njengephrojekthi ehlukile.

Kamuva ngoNovemba, abathuthukisi be-kernel bazibophezela futhi bavumile ukudlulisela enye yekhodi ku-kernel enkulu. Eqinisweni, ezinye izinto zizodluliselwa ku-kernel, kepha hhayi njenge-API ehlukile, kepha njengengxenye yohlelo olungaphansi lwe-Crypto API.

Isibonelo, i-Crypto API isivele ifaka ukusetshenziswa okusheshayo okulungiselelwe yi-Wireguard we-ChaCha20 ne-Poly1305 algorithm.

Mayelana nokufakwa okulandelayo kwe-WireGuard enkabeni, umsunguli wephrojekthi umemezele ukwakhiwa kabusha kwenqolobane. Ukwenza intuthuko ibe lula, ikhosombe le-monolithic "WireGuard.git", elenzelwe ukuba khona okwehlukile, lizothathelwa indawo ngamakhosombe amathathu ahlukene afaneleke kakhulu ukuhlela umsebenzi wekhodi kukherneli eyinhloko:

  • i-wireguard-linux.git - Isihlahla se-kernel esiphelele esinezinguquko kusuka kuphrojekthi ye-Wireguard, iziqeshana zazo ezizobuyekezwa ukuze zifakwe ku-kernel futhi zidluliselwe njalo emagatsheni enetha / enetha elilandelayo.
  • wireguard-amathuluzi.git- Indawo yokugcina izinsiza nemibhalo esebenza esikhaleni somsebenzisi, njenge-wg ne-wg-quick. Indawo yokugcina ingasetshenziswa ukudala amaphakheji wokusabalalisa.
  • i-wireguard-linux-compat.git  indawo yokugcina enenketho yemodyuli, enikezwe ngokuhlukile kusuka ku-kernel futhi ifaka ungqimba lwe-compat.h ukuqinisekisa ukuhambisana nezinhlamvu ezindala. Ukuthuthuka okuyinhloko kuzokwenzeka endaweni yokugcina izinto i-wireguard-linux.git, kepha kuze kube manje abasebenzisi banethuba nesidingo senguqulo ehlukile yamachashazi nawo azosekelwa efomini elisebenzayo.

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.