I-Firezone, ukhetho olugqwesileyo lokwenza i-VPNs esekwe kwi-WireGuard

Ukuba ufuna ukwenza iseva yeVPN, mandikuxelele ukuba kukho ukhetho olukhethekileyo onokuzixhasa kulo ukufezekisa injongo yakho kwaye yile projekthi IFirezone iphuhlisa iseva yeVPN pUkulungiselela ukufikelela kwimikhosi kuthungelwano lwangaphakathi olwahlukileyo kwizixhobo zomsebenzisi ezikumanethiwekhi angaphandle.

Le projekthi ijolise ukufezekisa inqanaba eliphezulu lokhuseleko kunye nokwenza lula inkqubo yokuphunyezwa kweVPN.

Malunga neFirezone

Le projekthi iphuhliswa nguNjineli woKhuseleko weCisco, ozamile ukwenza isisombululo esizenzekelayo sisebenza ngoqwalaselo lomgcini kwaye siphelise ubunzima ebebufanele bajongane nabo xa beququzelela ukufikelela okukhuselekileyo kwii-VPC kwilifu.

Indawo yomlilo isebenza njengombonakalo kuzo zombini imodyuli yeWernGuard kernel ngokubhekisele kwi-kernel subsystem netfilter. Yenza i-WireGuard interface (ebizwa ngokuba yi-wg-firezone ngokungagqibekanga) kunye netafilter yetafile kwaye ungeze iindlela ezifanelekileyo kwitafile yendlela. Ezinye iinkqubo eziguqula i-Linux itafile yendlela okanye i-firewall ye-firewall inokuphazamisa ukusebenza kwe-Firezone.

I-Firezone inokucingwa njengomlingani ovulekileyo womthombo kwi-OpenVPN Server Server, eyakhelwe ngaphezulu kweWigeGuard endaweni yeOpenVPN.

I-WireGuard isetyenziselwa ukuhlela amajelo onxibelelwano kwiFirezone. I-Firezone ikwanokusebenza okwakhelwe ngaphakathi kwi-firewall esebenzisa ii-nftables.

Kwimo yayo yangoku, i-firewall inomda ngokuthintela ukugcwala okuphumayo kwimikhosi ethile okanye kwiminatha Kuthungelwano lwangaphakathi okanye lwangaphandle, oku kungenxa yokuba iFirezone yisoftware ye-beta, ethi ngalo mzuzu ukusetyenziswa kwayo kukhuthazwe kuphela ngokunciphisa ukufikelela kwinethiwekhi kunxibelelwano lomsebenzisi wewebhu ukuthintela ukuyivelisa kuluntu kwi-Intanethi.

I-Firezone ifuna isatifikethi se-SSL esisebenzayo kunye nerekhodi ye-DNS ehambelana nemveliso, enokuthi iveliswe kwaye ilawulwe sisixhobo se-Encrypt sokuvelisa isatifikethi se-SSL sasimahla.

Kwicala le ulawulo, kuyakhankanywa ukuba oku kwenziwa kusetyenziswa ujongano lwewebhu okanye kwimowudi yelayini yomyalelo usebenzisa isixhobo somlilo-ctl. Ujongano lwewebhu lwakhiwe kwisiseko soLawulo Olunye lweBulma.

Okwangoku, Zonke izinto ze-Firezone ziqhuba kwiseva enye, Kodwa iprojekthi iqale iveliswe ngamehlo kwimodyuli, kwaye kwixesha elizayo kucetywayo ukongeza amandla okusabalalisa izinto kwi-web interface, i-VPN kunye ne-firewall kwimikhosi eyahlukeneyo.

Izicwangciso zikhankanya nokudityaniswa kwebhloko esekwe kwi-DNS, inkxaso yomgcini kunye noluhlu lweebhloko ze-subnet, ukubanakho ukungqinisisa nge-LDAP / SSO, kunye nolawulo olongezelelekileyo lomsebenzisi.

Kwizinto ezikhankanyiweyo zeFirezone:

  • Ngokukhawuleza: sebenzisa i-WireGuard ukuba ibe ngamaxesha angama-3-4 ngokukhawuleza kune-OpenVPN.
  • Akukho kuxhomekeka: konke ukuxhomekeka kubekwe ngokwamaqela enkosi ku-Chef Omnibus.
  • Elula: kuthatha imizuzu embalwa ukuseta. Lawula nge-CLI API elula.
  • Ukhuselekile: isebenza ngaphandle kwamalungelo. Kusetyenziswe i-HTTPS.
  • Iikuki ezifihliweyo.
  • I-firewall ibandakanyiwe-Sebenzisa i-Linux nftables ukubhloka ukugcwala okungafunekiyo.

Ukufakelwa, i-rpm kunye neephakeji ze-deb ziyahanjiswa Iinguqulelo ezahlukeneyo zeCentOS, iFedora, Ubuntu kunye neDebian, ufakelo lwayo alufuni kuxhomekeka kwangaphandle, kuba zonke izixhomekeki eziyimfuneko sele zibandakanyiwe kusetyenziswa izixhobo ze-Chef Omnibus.

Ukusebenza, Ufuna kuphela ukuhanjiswa kweLinux ene-kernel yeLinux engaphambi kwe-4.19 kunye nemodyuli yekernel edityaniswe neWireGuard VPN. Ngokomlobi, ukuqala kunye nokumisela iserver yeVPN kunokwenziwa kwimizuzu nje embalwa. Izinto zonxibelelwano lwewebhu ziqhutywa phantsi komsebenzisi ongenalungelo elilodwa kunye nokufikelela kunokwenzeka kuphela kwi-HTTPS.

IFirezone inepasile enye enokusasazeka yeLinux onokuyifaka kwaye uyilawule. Ikhowudi yeprojekthi ibhaliwe kwi-Elixir kunye neRuby, kwaye isasazwa phantsi kwelayisensi ye-Apache 2.0.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo okanye ufuna ukulandela imiyalelo yokufaka, ungayenza ukusuka eli khonkco lilandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.