OpenVPN 2.5.0 yakatoburitswa uye inouya neshanduko zhinji

Darkcrizt

4 maminitsi

Mushure memakore angangoita mana kubvira pakaburitswa bazi 2.4 uye ndedzipi shanduro diki dzaive dzirikuburitswa (bug fixes uye zvimwe zvinowedzerwa) OpenVPN 2.5.0 kuburitswa kwakagadzirirwa.

Iyi vhezheni itsva inouya neshanduko zhinji huru, yeiyo inonakidza kwazvo yatinogona kuwana inoenderana neshanduko mukunyorwa, pamwe nekushandurwa kuenda kuPv6 uye kugamuchirwa kwemitemo mitsva.

Nezve OpenVPN

Kune avo vasina kujairana neOpenVPN, iwe unofanirwa kuziva izvo iyi yemahara software yakavakirwa yekubatanidza chishandiso, SSL (Yakachengeteka Socket Layer), VPN Virtual Yakavanzika Network.

OpenVPN inopa kunongedzera-kune-poindi yekubatanidza pamwe nehutarisiro kusimbisa kwevanoshamwaridzana vashandisi uye mauto ari kure. Iyo sarudzo yakanaka kwazvo muWi-Fi matekinoroji (IEEE 802.11 waya asina waya) uye inotsigira kumisikidzwa kwakakura, kusanganisira mutoro kuenzanisa.

OpenVPN chishandiso chemultipuratifomu chakarerutsa kumisikidzwa kweVPNs zvichienzaniswa neyakare uye zvakanyanya kunetsa kumisikidza senge IPsec uye ichiita kuti isvike nyore kune vanhu vasina ruzivo murudzi urwu rwetekinoroji.

Main nyowani maficha eOpenVPN 2.5.0

Pakati pekuchinja kwakanyanya kukosha tinogona kuwana kuti iyi vhezheni itsva yeOpenVPN 2.5.0 iri inotsigira encryption datalink uchishandisa rwizi kunyorera ChaCha20 uye algorithm kusimbiswa kwemashoko (MAC) Poly1305 ayo akamisikidzwa seanokurumidza uye akachengeteka zvakaenzana eAES-256-CTR uye HMAC, ine software yekumisikidza inobvumidza kuwana yakatarwa nguva dzekuuraya pasina kushandisa yakakosha Hardware rutsigiro.

La kugona kupa mutengi wega wega yakasarudzika tls-crypt kiyi, iyo inobvumidza masangano makuru uye vapi veVPN kushandisa imwechete TLS dziviriro yekuchengetedza uye nzira dzekudzivirira dzeDoS dzaimbove dzichiwanikwa mune diki masisitimu vachishandisa tls-auth kana tls-crypt.

Imwe shanduko yakakosha ndeye yakagadziriswa mashandiro ekutaurirana kunyorera inoshandiswa kuchengetedza dhata rekufambisa dhata. Yakatumidzazve ncp-ciphers ku data-ciphers kudzivirira kusanzwisisika neiyo tls-cipher sarudzo uye kusimbisa kuti data-ciphers inosarudzwa kugadzirisa data chiteshi cipher (zita rekare rakachengetedzwa kuti riwirirane).

Vatengi ikozvino vanotumira runyorwa rweese data data cipher yavanotsigira kuseva vachishandisa IV_CIPHERS kusiyanisa, iyo inobvumidza server kusarudza yekutanga cipher inoenderana nemativi ese.

BF-CBC encryption rutsigiro yabviswa kubva pazvishoma marongero. OpenVPN 2.5 ikozvino inongotsigira AES-256-GCM uye AES-128-GCM nekutadza. Aya maitiro anogona kuchinjwa nekushandisa iyo data encryption sarudzo. Paunenge uchisimudzira kune nyowani vhezheni yeOpenVPN, kumisikidzwa kwe BF-CBC kunyorera mumafaira ekare ekugadzirisa inoshandurwa kuwedzera BF-CBC kune data cipher suite uye data encryption backup mode inogoneswa.

Wakawedzera rutsigiro rweasynchronous kuvimbiswa (yakadzoserwa) kune auth-pam plugin. Saizvozvo, iyo "-client-connect" Sarudzo uye iyo plugin yekubatanidza API yakawedzera kugona kunonoka kudzosera faira rekumisikidza.

PaLinux, rutsigiro rwe network network yakawedzerwa nzira chaiyo uye yekuendesa mberi (VRF). Sarudzo "- Sunga-dev" inopihwa kuisa chinongedzo chekune dzimwe nyika muVRF.

Tsigiro yekumisikidza IP kero uye nzira uchishandisa iyo Netlink interface yakapihwa neLinux kernel. Netlink inoshandiswa kana ichivakwa isina "-enable-iproute2" sarudzo uye inobvumira OpenVPN kumhanya isina mamwe maropafadzo anodikanwa kumhanyisa iyo "ip".

Iyo protocol yakawedzera kugona kushandisa maviri-chinhu chokwadi kana kuwedzera kwechokwadi pamusoro peWebhu (SAML), pasina kukanganisa musangano mushure mekutanga kuvimbiswa (mushure mekutanga kuvimbiswa, musangano unoramba uri mune 'isina kuvimbwa' mamiriro uye kumirira kwechipiri kusimbiswa danho kupedzisa).

Zvevamwe shanduko dzinomira pachena:

  • Iwe unogona ikozvino kushanda chete neI IPv6 kero mukati meVPN tunnel (kare zvaisaita kuita izvi usingataure IPv4 kero).
  • Kugona kusunga data encryption uye backup data encryption marongero kune vatengi kubva kune yevatengi yekubatanidza script.
  • Kugona kutsanangura saizi yeMTU yeiyo tun / tap interface muWindows.
    Tsigiro yekusarudza iyo OpenSSL injini yekuwana yakavanzika kiyi (semuenzaniso TPM).
    Iyo "-auth-gen-token" sarudzo ikozvino inotsigira HMAC-yakavakirwa chiratidzo chizvarwa.
  • Kugona kushandisa / 31 netmasks muIPv4 marongero (VhuraVPN haichayedze kuseta kero yekutepfenyura).
  • Wakawedzera "-block-ipv6" sarudzo yekuvharira chero IPv6 packet.
  • "--Ifconfig-ipv6" uye "-ifconfig-ipv6-Push" sarudzo dzinokutendera kuti utaure zita revaenzi panzvimbo pe IP kero (kero yacho ichave yakatarwa neDNS).
  • TLS 1.3 rutsigiro. TLS 1.3 inoda angangoita OpenSSL 1.1.1. Wakawedzera "-tls-ciphersuites" uye "-tls-mapoka" sarudzo dzekugadzirisa paramita dzeTLS.

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako