Ngemuva kwamahora ambalwa kwethulwe uhlobo olusha lweLinux Kernel 5.6 kwethulwe, okubandakanya ukwenziwa kweWireGuard VPN (ungabheka ushintsho nezindaba zalokhu inguqulo entsha lapha) yabo Onjiniyela bakhiphe ukukhishwa kwe- ukwethulwa okubalulekile kwe- I-WireGuard VPN 1.0.0 imaka ukulethwa kwezingxenye ze-WireGuard.
Njengoba iWireGuard manje isakhiwa ku-kernel eyinhloko ye-Linux, i-wireguard-linux-Compact.git isilungisiwe okwabiwayo nabasebenzisi abaqhubeka nokuthumela izinhlobo zakudala zekernel.
Mayelana ne-WireGuard VPN
I-WireGuard VPN isetshenziswa ngesisekelo sezindlela zokubethela zanamuhlas, ihlinzeka ngokusebenza okuphezulu kakhulu, kulula ukuyisebenzisa, ngaphandle kokuhlupheka, futhi kufakazelwe ezindaweni eziningi ezisetshenziswayo eziphethe amanani aphezulu ezimoto. Le phrojekthi yathuthukiswa kusukela ngo-2015, uphase ukuhlolwa okuhlelekile nokuqinisekiswa kwezindlela zokubethela ezisetshenzisiwe.
Ukusekelwa kwe-WireGuard sekuvele kuhlanganiswe ku-NetworkManager naku-systemd namachashazi we-kernel afakiwe ekusatshalalisweni okuyisisekelo kwe-Debian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph, ne-ALT.
I-WireGuard isebenzisa umqondo wendlela yokhiye wokubethela, okubandakanya ukubopha ukhiye oyimfihlo kusixhumi esibonakalayo senethiwekhi ngayinye nokuwusebenzisa ukubopha izinkinobho zomphakathi. Ukushintshaniswa kokhiye bomphakathi ukusungula ukuxhumana kwenziwa ngokufaniswa ne-SSH.
Ukuxoxisana ngokhiye nokuxhuma ngaphandle kokuqala i-daemon ehlukile esikhaleni somsebenzisi, kusetshenziswa indlela yeNoise_IK yeNoise Protocol Framework, efanayo nokugcina okhiye abagunyaziwe ku-SSH. Idatha idluliselwa ngokufakwa ngaphakathi kumaphakethe we-UDP. TOlets shintsha ikheli le-IP leseva ye-VPN (ukuzulazula) ngaphandle kokuphazamisa ukuxhumana nokuhlela kabusha kwamakhasimende okuzenzakalelayo.
Ukubethela, Ukusetshenziswa kokubethela kokusakaza kweChaCha20 ne-Poly1305 algorithm yomyalezo (MAC) eyenziwe nguDaniel J. Bernstein, uTanja Lange, noPeter Schwabe. I-ChaCha20 nePoly1305 zibekwe njengama-analog asheshayo futhi aphephe kakhudlwana we-AES-256-CTR ne-HMAC, ukuqaliswa kwesoftware yayo okuvumela ukuthola isikhathi esinqunyiwe sokwenza ngaphandle kokubandakanya ukusekelwa okukhethekile kwehadiwe.
Ukukhiqiza ukhiye oyimfihlo owabiwe, umthetho olandelwayo we-Diffie-Hellman onamagobongo e-elliptic usetshenziswa ekwenzeni iCurve25519, nayo ehlongozwayo nguDaniel Bernstein. Nge-hashi, i-algorithm ye-BLAKE2s (RFC7693) iyasetshenziswa.
Iziphi izinguquko ezifakiwe ku-WireGuard VPN 1.0.0?
Ikhodi efakwe ku-Linux kernel yacwaningwa yokuphepha okungeziwe, okwenziwa yinkampani ezimele ekhethekile kulezi zilawuli. Ucwaningo aluzange luveze zinkinga.
Indawo yokugcina elungiselelwe ifaka ikhodi ye-WireGuard ngokusekelwa nongqimba compat.h ukuqinisekisa ukuhambisana nezinhlamvu ezindala. Kuyaziwa ukuthi ngenkathi kunethuba lonjiniyela kanye nesidingo sabasebenzisi, inguqulo ehlukile yamachashazi izogcinwa isebenza.
Ngendlela elikuyo manje, I-WireGuard ingasetshenziswa nge-Ubuntu 20.04 ne-Debian 10 "Buster" kernels futhi iyatholakala njengezimagqabhagqabha zezinhlamvu ze-Linux 5.4 no-5.5. Ukusatshalaliswa okusebenzisa izinhlamvu zakamuva, njenge-Arch, Gentoo, neFedora 32, kuzokwazi ukusebenzisa i-WireGuard ngokuhlangana ne-5.6 kernel update.
Inqubo enkulu yentuthuko manje iyaqhubeka enqolobaneni ye-wireguard-linux.git, kufaka phakathi isihlahla se-Linux kernel esigcwele nezinguquko ezivela kuphrojekthi ye-Wireguard.
Izimaki ezikule ndawo yokugcina izobuyekezwa ukuze zifakwe ku-kernel enkulu futhi zizodluliselwa njalo emagatsheni enetha / enetha elilandelayo.
Ukuthuthukiswa kwezinsiza nemibhalo esebenza esikhaleni somsebenzisi, njenge-wg ne-wg-quick, kwenzeka endaweni yokugcina yama-wireguard-tools.git, engasetshenziselwa ukudala amaphakheji ekusatshalalisweni.
Futhi, akukho okunye ukwakhiwa kwesisekelo se-kernel module ezodingeka yize i-WireGuard izoqhubeka nokusebenza njengemodyuli ye-kernel elayishekayo.
Okokugcina uma unesifiso sokwazi okwengeziwe ngakho mayelana nale nguqulo entsha, ungathintana nesitatimende sonjiniyela bayo Kulesi sixhumanisi esilandelayo.