Kwiiyure ezimbalwa emva kokuphehlelelwa kwenguqulelo entsha yeLinux Kernel 5.6 ethiwe thaca, ebandakanya ukwenziwa kweWireGuard VPN (ungalujonga utshintsho kunye neendaba zoku inguqulelo entsha apha) yabo abaphuhlisi bakhuphe ukukhutshwa kwe ukumiliselwa okubalulekileyo I-WireGuard VPN 1.0.0 iphawula ukuhanjiswa kwezinto ze-WireGuard.
Kuba iWireGuard ngoku iphuhliswa kweyona kernel iphambili yeLinux, Ugcino lwe-wireguard-linux-compat.git lulungisiwe ulwabiwo kunye nabasebenzisi abaqhubeka nokuthumela iinguqulelo ezindala zekernel.
Malunga neWireGuard VPN
I-WireGuard VPN iphunyezwa ngokwendlela yanamhlanje yokubhala ngokufihlakeleyos, ibonelela ngokusebenza okuphezulu kakhulu, kulula ukuyisebenzisa, ngaphandle kobunzima, kwaye ibonakalisiwe kwinani lezinto ezinkulu eziphatha imithamo ephezulu yezithuthi. Le projekthi iphuhlisiwe ukusukela ngo-2015, uluphumelele uphicotho-zincwadi olusemthethweni kunye nokungqinisiswa kweendlela zokubethela ezisetyenzisiweyo.
Inkxaso yeWireGuard sele idityanisiwe kwiNethiwekhiManager kunye nenkqubo Iipateni zekernel zibandakanyiwe kulwabiwo lwesiseko seDebian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph, kunye ne-ALT.
WireGuard isebenzisa umxholo wendlela yokubhaliweyo yokubethela, Okubandakanya ukubopha isitshixo sangasese kunxibelelwano ngalunye lwenethiwekhi kunye nokuyisebenzisa ukubopha izitshixo zikarhulumente. Ukutshintshwa kwezitshixo zoluntu ukuseka unxibelelwano kwenziwa ngokufaniswa ne-SSH.
Ukuthetha-thethana ngezitshixo kunye nokunxibelelana ngaphandle kokuqala i-daemon eyahlukileyo kwindawo yomsebenzisi, kusetyenziswa i-Noise_IK ye-Noise Protocol Framework, efanayo nokugcina amaqhosha agunyazisiweyo kwi-SSH. Idatha idluliselwa ngokufakwa ngaphakathi kwiipakethe ze-UDP. UKUYAMasitshintshe idilesi ye-IP yeseva yeVPN (ukuzula) ngaphandle kokuphazamisa uqhagamshelo kunye nolungelelwaniso lomthengi oluzenzekelayo.
Ukubethela, I-ChaCha20 yomjelo wokubhaliweyo kunye nePoly1305 yokuqinisekisa umyalezo wealgorithm (MAC) ephuhliswe nguDaniel J. Bernstein, Tanja Lange, noPeter Schwabe. I-ChaCha20 kunye nePoly1305 zibekwe ngokukhawuleza nangokukhuselekileyo kwi-AES-256-CTR kunye ne-HMAC, enokuphunyezwa kwesoftware yayo evumela ukufezekisa ixesha lokuphunyezwa ngaphandle kokubandakanya inkxaso ekhethekileyo yehardware.
Ukuvelisa isitshixo semfihlo ekwabelwana ngaso, umthetho olandelwayo we-Diffie-Hellman kwii-curve ze-elliptic usetyenziswa ekuphunyezweni kweCurve25519, ekwakucetyiswa nguDaniel Bernstein. Kwi-hash, i-BLAKE2s algorithm (RFC7693) iyasetyenziswa.
Luluphi utshintsho olubandakanyiweyo kwi-WireGuard VPN 1.0.0?
Ikhowudi ebandakanyiweyo kwi-kernel ye-Linux iphicothwe yokhuseleko olongezelelekileyo, olwenziwa yinkampani ezimeleyo eneemfuno ezizodwa kulawulo olunjalo. Uphicotho-zincwadi alukhange lubonakalise naziphi na iingxaki.
Indawo yokugcina elungiselelwe iquka ikhowudi ye-WireGuard ngenkxaso kunye nendawo ehambelanayo Ukuqinisekisa ukuhambelana kweenkozo ezindala. Kuyaphawulwa ukuba ngelixa kukho ithuba labaphuhlisi kunye nesidingo sabasebenzisi, uhlobo olwahlukileyo lweepatches luya kugcinwa lusebenza.
Kwimo yayo yangoku, I-WireGuard inokusetyenziswa kunye ne-Ubuntu 20.04 kunye ne-Debian 10 "Buster" kernels ikwafumaneka njengeziphatho zeLinux 5.4 kunye ne-5.5 kernels. Ukuhanjiswa kusetyenziswa iinkozo zamva nje, ezinje ngeArch, Gentoo, kunye neFedora 32, ziya kuba nakho ukusebenzisa iWireGuard ngokudibeneyo nohlaziyo lwe-5.6 kernel.
Eyona nkqubo iphambili yophuhliso ngoku iyaqhubeka kwindawo yokugcina izinto yocingo-linux.git, ebandakanya umthi opheleleyo we-kernel ye-Linux notshintsho oluvela kwiprojekthi ye-Wireguard.
Amachaphaza akule ndawo yokugcina izinto aya kuphononongwa ukuze afakwe kwi-kernel ephambili kwaye iya kudluliselwa rhoqo kumasebe omnatha / omnatha olandelayo.
Ukuphuhliswa kwezinto eziluncedo kunye nezikripthi ezisebenza kwisithuba somsebenzisi, ezinje nge-wg kunye ne-wg-ekhawulezayo, eyenzeka wireguard-tools.git repository, enokusetyenziselwa ukwenza iiphakheji kulwabiwo.
Kwakhona, akukho kuphinda kwakhiwe ngenkxaso yemodyuli ye-kernel eya kufunekayo nangona i-WireGuard izakuqhubeka nokusebenza njengemodyuli ye-kernel enokulayishwa.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nale nguqulo intsha, unokuqhagamshelana nengxelo yabaphuhlisi bayo Kule khonkco ilandelayo.