OpenVPN 2.5.0 an riga an sake shi kuma ya zo tare da canje-canje da yawa

Darkcrizt

4 minti

Bayan kusan shekaru hudu tun bayan buga reshe 2.4 da kuma waɗanne ƙananan nau'ikan da ake fitarwa (gyaran bug da wasu ƙarin abubuwa) OpenVPN 2.5.0 saki an shirya.

Wannan sabon sigar ya zo tare da manyan canje-canje da yawa, wanda mafi kyawun ban sha'awa wanda zamu iya samu yana da alaƙa da canje-canje a ɓoye, da kuma miƙa mulki zuwa IPv6 da karɓar sabbin ladabi.

Game da BuɗeVPN

Ga waɗanda ba su da masaniya da BuɗeVPN, ya kamata ku san hakan wannan kayan aikin kayan haɗin kyauta ne na kyauta, SSL (Amintaccen Kwandon Kwantena), VPN Cibiyar Sadarwar Kamfanoni Masu Zaman Kansu.

OpenVPN yana ba da haɗin kai-zuwa-aya tare da ingantaccen tsari na masu amfani masu haɗi da runduna nesa. Kyakkyawan zaɓi ne a cikin fasahar Wi-Fi (hanyoyin sadarwar mara waya ta IEEE 802.11) kuma tana goyan bayan daidaitaccen tsari, gami da daidaita ma'auni.

OpenVPN kayan aiki ne na kayan aiki da yawa wanda ya sauƙaƙa daidaiton VPNs idan aka kwatanta da tsofaffi kuma mafi wahalar daidaitawa kamar IPsec da kuma samar da shi mafi sauƙi ga mutane marasa ƙwarewa a cikin wannan nau'in fasaha.

Babban sabon fasali na OpenVPN 2.5.0

Daga cikin mahimman canje-canje zamu iya samun cewa wannan sabon sigar na OpenVPN 2.5.0 shine goyon bayan boye-boye datalink ta amfani da ɓoye ɓoye ChaCha20 da algorithm Tantance saƙo (MAC) Poly1305 waɗanda aka sanya su a matsayin takwarorin aiki masu sauri da aminci na AES-256-CTR da HMAC, waɗanda aiwatar da software ke ba da damar cimma tsayayyun lokutan aiwatarwa ba tare da amfani da kayan aikin kayan aiki na musamman ba.

La ikon ba kowane abokin ciniki maɓallin tls-crypt na musamman, wanda ke bawa manyan kungiyoyi da masu samarda VPN damar amfani da tsari iri guda na TLS da dabarun rigakafin DoS waɗanda a baya ake samunsu a cikin ƙananan tsari ta amfani da tls-auth ko tls-crypt.

Wani muhimmin canji shi ne ingantaccen inji don sasanta boye-boye amfani dashi don kare tashar watsa bayanai. An sake canza sunan ncp-ciphers zuwa bayanan-ciphers don kauce wa shubuha tare da zabin tls-cipher da kuma jaddada cewa an fi son masu ba da bayanan don daidaita tashoshin tashoshin bayanai (tsohuwar sunan an rike ta don dacewa).

Abokan ciniki yanzu suna aika jerin duk bayanan ci gaba da suke tallafawa zuwa sabar ta amfani da mai canzawa ta IV_CIPHERS, wanda ke bawa sabar damar zaɓi ɓoyayyen ɓoye na farko wanda ɓangarorin biyu ke tallafawa.

An cire tallafin ɓoye BF-CBC daga saitunan da aka saba. OpenVPN 2.5 yanzu yana tallafawa AES-256-GCM da AES-128-GCM ta tsohuwa. Ana iya canza wannan ɗabi'ar ta amfani da zaɓin ɓoye bayanan. Lokacin haɓakawa zuwa sabon juzu'in OpenVPN, sanyi na BF-CBC ɓoyewa a cikin tsofaffin fayilolin sanyi za a canza don ƙara BF-CBC zuwa ɗakunan cipher data kuma an kunna yanayin ajiyar bayanan boye.

Ara tallafi don ingantaccen asynchronous (an jinkirta) zuwa auth-pam plugin. Hakanan, zaɓin "-client-connect" da plugin ɗin haɗa API sun ƙara ikon jinkirta dawo da fayil ɗin sanyi.

A kan Linux, an ƙara tallafi don abubuwan haɗin yanar gizo tura hanya ta zamani da kuma turawa (VRF). Zaɓin "–Bind-dev" an samar dashi don sanya mahaɗin baƙo a cikin VRF.

Taimako don daidaita adiresoshin IP da hanyoyi ta amfani da haɗin Netlink wanda aka samar da kernel na Linux. Ana amfani da Netlink lokacin da aka gina shi ba tare da zaɓi na “–enable-iproute2” ba kuma yana ba OpenVPN damar gudana ba tare da ƙarin ƙarin gata da ake buƙata don gudanar da amfanin “ip” ba.

Yarjejeniyar ta kara da ikon amfani da bangarori biyu na tabbatarwa ko karin tabbaci kan gidan yanar gizo (SAML), ba tare da katse zaman ba bayan tabbatarwar farko (bayan tabbatarwar farko, zaman yana nan a cikin 'rashin sahihancin' kuma yana jiran tantancewa ta biyu mataki don kammala).

Na wasu canje-canje da suka yi fice:

  • Kuna iya aiki kawai tare da adiresoshin IPv6 a cikin ramin VPN (a baya ba zai yiwu a yi haka ba tare da tantance adiresoshin IPv4 ba).
  • Ikon ɗaura ɓoye bayanan bayanai da kuma saitunan ɓoye bayanan bayanai don abokan ciniki daga rubutun haɗin abokin ciniki.
  • Ikon tantance girman MTU don aikin kunna / taɓa a cikin Windows.
    Tallafi don zaɓar injin OpenSSL don samun damar maɓallin keɓaɓɓu (misali TPM).
    Zaɓin "–auth-gen-token" yanzu yana tallafawa ƙarni na alama na HMAC.
  • Ikon amfani / netmasks a cikin saitunan IPv31 (BuɗeVPN baya ƙoƙarin saita adireshin watsa shirye-shirye).
  • An kara zabin "–block-ipv6" don toshe duk wani fakiti na IPv6.
  • Zaɓuɓɓukan "–ifconfig-ipv6" da "–ifconfig-ipv6-push" suna baka damar tantance sunan mai masaukin maimakon adireshin IP ɗin (adireshin zai ƙaddara ta DNS).
  • TLS 1.3 tallafi. TLS 1.3 yana buƙatar aƙalla OpenSSL 1.1.1. Optionsara "-tls-ciphersuites" da "-tls-groups" zaɓuɓɓuka don daidaita abubuwan TLS.

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.