I-OpenVPN 2.5.0 sele ikhutshiwe kwaye iza notshintsho oluninzi

Emva kweminyaka ephantse ibe yiminyaka emine ukupapashwa kwesebe 2.4 kwaye zeziphi iinguqulelo ezincinci ezazikhutshwa (ukulungiswa kwe-bug kunye nezinye izinto ezongezelelweyo) Ukukhutshwa kwe-OpenVPN 2.5.0 kwalungiswa.

Le nguqulo intsha iza notshintsho olukhulu, Yeyona nto inomdla esinokuyifumana inxulumene notshintsho kubhalo oluntsonkothileyo, kunye notshintsho kwi-IPv6 kunye nokwamkelwa kweenkqubo ezintsha.

Malunga ne-OpenVPN

Kulabo abangaqhelekanga nge-OpenVPN, kuya kufuneka uyazi loo nto Esi sisixhobo simahla esisekwe kwisoftware, I-SSL (iZiseko zoKhuseleko eziKhuselekileyo), iVPN yeNethiwekhi yangasese yangasese

OpenVPN inika inqaku lokudibanisa inqaku kunye nokuqinisekiswa kwemigangatho yabasebenzisi abaxhumeneyo kunye nemikhosi ukude. Olukhetho oluhle kakhulu kubuchwephesha beWi-Fi (IEEE 802.11 iinethiwekhi ngaphandle kwamacingo) kwaye ixhasa ubumbeko olubanzi, kubandakanya ukulinganisa umthwalo.

I-OpenVPN sisixhobo esiphindaphindayo esenza ukuba kube lula ukuqwalaselwa kwee-VPNs xa kuthelekiswa nezindala kwaye kunzima ngakumbi ukuzilungiselela ezinjenge-IPsec nokwenza ukuba zifikeleleke kubantu abangenamava kolu hlobo lwetekhnoloji.

Iimpawu ezintsha eziphambili ze-OpenVPN 2.5.0

Kwezona nguqu zibaluleke kakhulu sinokufumanisa ukuba le nguqulo intsha ye-OpenVPN 2.5.0 yiyo ixhasa ukubethela i-datalink isebenzisa ukuguqulelwa kokubhaliweyo ChaCha20 kunye algorithm ungqinisiso lomyalezo (MAC) I-Poly1305 ezibekwe ngokukhawuleza kunye nokukhuseleka ngakumbi koogxa be-AES-256-CTR kunye ne-HMAC, enokuphunyezwa kwesoftware evumela ukufezekisa amaxesha amiselweyo okuphumeza ngaphandle kokusebenzisa inkxaso ekhethekileyo yehardware.

La Ukubanakho ukubonelela umthengi ngamnye ngesitshixo esikhethekileyo se-tls-crypt, evumela imibutho emikhulu kunye nababoneleli be-VPN ukuba basebenzise ukhuseleko olufanayo lwe-TLS kunye neendlela zokuthintela i-DoS ezazifumaneka ngaphambili kulungelelwaniso oluncinci zisebenzisa i-tls-auth okanye i-tls-crypt.

Olunye utshintsho olubalulekileyo yile indlela ephuculweyo yokuxoxa ngokufihlakeleyo isetyenziselwa ukukhusela ijelo lokuhambisa idatha. Ithiye i-ncp-ciphers kwi-data-ciphers ukunqanda ukungangqinelani kunye nokukhethwa kwe-tls-cipher kunye nokugxininisa ukuba i-data-ciphers ikhethwa ekuqwalaseleni i-chip channel ye-data (igama elidala ligcinelwe ukungqinelana).

Abathengi ngoku bathumela uluhlu lwazo zonke iidatha ezixhasayo ezisebenzisa iserver isebenzisa IV_CIPHERS eyahlukileyo, evumela iserver ukuba ikhethe i-cipher yokuqala ehambelana nawo omabini amacala.

Inkxaso yokubhala ngokufihlakeleyo ye-BF-CBC isusiwe kuseto olungagqibekanga. I-OpenVPN 2.5 ngoku ixhasa i-AES-256-GCM kunye ne-AES-128-GCM ngokungagqibekanga. Le ndlela yokuziphatha inokutshintshwa ngokusebenzisa ukhetho lokubethela idatha. Xa uphuculo kuhlobo olutsha lwe-OpenVPN, ubumbeko lwe Ukubethela kwe-BF-CBC kwiifayile zoqwalaselo ezindala uya kuguqulwa ukongeza i-BF-CBC kwindawo yokugcina idatha kunye nemowudi yogcino lwedata esebenzayo.

Yongeze inkxaso yokuqinisekiswa kwe-asynchronous (ichaziweyo) kwiplagi ye-auth-pam. Ngokufanayo, "-client-connect" ukhetho kunye ne-plugin qhagamshela i-API yongeze amandla okuchasa ukubuyisela ifayile yoqwalaselo.

Kwi-Linux, inkxaso yokunxibelelana kwenethiwekhi yongezwa Ukuhamba ngendlela kunye nokudlulisa (i-VRF). Inketho "-Bopha-dev" ubonelelwe ukubeka ikhonkco langaphandle kwiVRF.

Inkxaso yokumisela iidilesi ze-IP kunye neendlela ezisebenzisa i-Netlink interface enikezwe yi-Linux kernel. I-Netlink isetyenziswa xa yakhiwe ngaphandle kokhetho lwe- "-enable-iproute2" kwaye ivumela i-OpenVPN ukuba iqhubeke ngaphandle kwamalungelo ongezelelweyo afunekayo okusebenzisa "ip".

Umgaqo-nkqubo wongeze amandla okusebenzisa ukungqinisisa kwezinto ezimbini okanye uqinisekiso olongezelelweyo kwiWebhu (SAML), ngaphandle kokuphazamisa iseshoni emva kokuqinisekiswa kokuqala (emva kokuqinisekiswa kokuqala, iseshoni ihlala ikwimo 'engaqinisekiswanga' kwaye ulinde ungqinisiso lwesibini isigaba sokugqiba).

Zabanye utshintsho olubonakalayo:

  • Ngoku ungasebenza kuphela ngeedilesi ze-IPv6 ngaphakathi kwetonela yeVPN (ngaphambili kwakungenakwenzeka ukwenza oku ngaphandle kokuchaza iidilesi ze-IPv4).
  • Amandla okubopha i-encryption yedatha kunye nokuseta ukubethela idatha kubathengi kwiskripthi somdibaniso womthengi.
  • Amandla okuchaza ubungakanani beMTU ye-tun / tap interface kwiWindows.
    Inkxaso yokukhetha injini ye-OpenSSL ukufikelela kwisitshixo sangasese (umz. I-TPM).
    Ukhetho "-auth-gen-token" ukhetho ngoku luxhasa ukuveliswa kwethokheni esekwe kwi-HMAC.
  • Amandla okusebenzisa / i-netmasks ezingama-31 kuseto lwe-IPv4 (i-OpenVPN ayisazami ukuseta idilesi yosasazo).
  • Yongezwe "-block-ipv6" ukhetho lokuvimba nayiphi na ipakethi ye-IPv6.
  • Ukhetho "-ifconfig-ipv6" kunye "-ifconfig-ipv6-push" lukhetho lukuvumela ukuba ucacise igama lomphathi endaweni yedilesi ye-IP (idilesi iya kugqitywa yi-DNS).
  • TLS 1.3 inkxaso. I-TLS 1.3 ifuna ubuncinci i-OpenSSL 1.1.1. Yongezwe "-tls-ciphersuites" kunye "-tls-amaqela" ukhetho lokuhlengahlengisa iiparameter ze-TLS.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.