I-Nebula, isixhobo sothungelwano sokwakha uthungelwano lolwalekayo olukhuselekileyo

Ukuphehlelelwa Inguqulelo entsha ye I-Nebula 1.5 ebekwe njengengqokelela yezixhobo zokwakha uthungelwano olungaphezulu olukhuselekileyo Banokunxibelelana ukusuka kwinani ukuya kwishumi lamawaka emikhosi eyahlulwe ngokwejografi, yenze uthungelwano oluzimeleyo olulodwa phezulu kuthungelwano lwehlabathi.

Iprojekthi yenzelwe ukudala uthungelwano lwakho olugqithisiweyo kuyo nayiphi na imfuno, umzekelo, ukudibanisa iikhomputha zenkampani kwiiofisi ezahlukeneyo, iiseva kumaziko ahlukeneyo edatha, okanye iindawo ezibonakalayo ezivela kubaboneleli bamafu ahlukeneyo.

Malunga Nebula

Iinodi zothungelwano lweNebula zinxibelelana ngokuthe ngqo enye kwenye kwimodi yeP2P, ukusukela imfuneko yokudlulisa idatha phakathi kweenodis yenza uqhagamshelo ngqo VPN ngamandla. Isazisi somkhosi ngamnye kuthungelwano siqinisekiswa sisatifikethi sedijithali, kwaye uqhagamshelo kwinethiwekhi lufuna ukuqinisekiswa; umsebenzisi ngamnye ufumana isatifikethi esiqinisekisa idilesi ye-IP kuthungelwano lweNebula, igama kunye nobulungu bamaqela abamba.

Izatifikethi zisayinwa ngugunyaziwe wezatifikethi zangaphakathi, eziphunyezwa ngumdali wothungelwano lomntu ngamnye kumaziko azo, kwaye zisetyenziselwa ukuqinisekisa igunya leenginginya ezinelungelo lokuqhagamshela kuthungelwano oluthile lolwalekayo oludityaniswe kugunyaziwe wesatifikethi.

Ukwenza umjelo wonxibelelwano oqinisekisiweyo, INebula isebenzisa eyayo iprothokholi yetonela esekwe kwiDiffie-Hellman key exchange protocol kunye ne-AES-256-GCM encryption. Ukuphunyezwa kweprothokholi kusekwe kwimiqobo esele ilungele ukusetyenziswa kunye nevavanyiweyo ebonelelwa ngesakhelo seNgxolo, ekwanjalo. isetyenziswe kwiiprojekthi ezifana ne-WireGuard, Lightning kunye ne-I2P. Le projekthi kuthiwa iphumelele uphicotho oluzimeleyo lokhuseleko.

Ukufumana ezinye iindawo kunye nokulungelelanisa uxhulumaniso kwinethiwekhi, ii-nodes "beacon" zenziwe ezizodwa, iidilesi zabo ze-IP zehlabathi zilungisiwe kwaye zaziwa ngabathathi-nxaxheba bothungelwano. Iinodi ezithatha inxaxheba azinalo ikhonkco kwidilesi ye-IP yangaphandle, zichongwa ngezatifikethi. Abanini bamamkeli abanako ukwenza utshintsho kwizatifikethi ezizisayinileyo, kwaye ngokungafaniyo neenethiwekhi ze-IP zesiqhelo, abanako ukuzenza omnye umkhosi ngokutshintsha idilesi ye-IP. Xa itonela yenziwe, isazisi senginginya siqinisekiswa ngokuchasene neqhosha labucala lomntu.

Inethiwekhi eyenziweyo inikwe uluhlu oluthile lweedilesi ze-intranet (umzekelo, 192.168.10.0/24) kunye needilesi zangaphakathi ziboshwe kunye nezatifikethi zokusingatha. Amaqela angasekwa ukusuka kubathathi-nxaxheba kuthungelwano olungaphezulu, umzekelo ukwahlula iiseva kunye neendawo zokusebenza, apho imithetho yokucoca i-traffic eyahlukileyo isetyenziswa. Iindlela ezahlukeneyo zibonelelwe ukunqumla abaguquleli beedilesi (NAT) kunye neendonga zomlilo. Kuyenzeka ukuba uququzelele umzila ngokusebenzisa uthungelwano olungaphezulu lwetrafikhi ukusuka kwinginginya zomntu wesithathu ezingaqukwanga kuthungelwano lweNebula (indlela engakhuselekanga).

Kwakhona ixhasa ukuyilwa kweeFirewall ukwahlula ukufikelela kunye nokucoca itrafikhi phakathi kweendawo zothungelwano olukwalekeneyo lweNebula. Ii-ACL ezibotshelelwe kwithegi zisetyenziselwa ukuhluza. Umamkeli ngamnye kuthungelwano angachaza imithetho yakhe yokucoca inginginya zothungelwano, amaqela, imithetho elandelwayo, kunye namazibuko. Kwangaxeshanye, ababuki zindwendwe abahluzwanga ziidilesi ze-IP, kodwa ngabachongi bomkhosi abasayinwe ngedijithali, abangenako ukubunjwa ngaphandle kokuthomalalisa iziko lesatifikethi esilungelelanisa inethiwekhi.

Ikhowudi ibhalwe kwi-Go kwaye ilayisenisi yi-MIT. Le projekthi yasekwa ngu-Slack, ophuhlisa umthunywa wenkampani onegama elifanayo. Ixhasa iLinux, FreeBSD, macOS, Windows, iOS kunye neAndroid.

Ewe utshintsho oluthe lwaphunyezwa kuguqulelo olutsha Zizo zilandelayo:

  • Yongeza iflegi "-eluhlaza" kumyalelo we-print-cert ukuprinta ukumelwa kwePEM kwesatifikethi.
  • Inkxaso eyongeziweyo yoyilo lweLinux riscv64 entsha.
  • Kongezwe umfuniselo weremote_allow_ranges useto ukubophelela uluhlu lwenginginya oluvumelekileyo kwiisubnet ezithile.
  • Kongezwe i-pki.disconnect_invalid ukhetho lokuseta ngokutsha iitonela emva kokupheliswa kwentembeko okanye ukuphelelwa kwesatifikethi.
  • Kongezwe ukhetho lweendlela ezingaphephile. .metric ukuseta ubunzima bendlela ethile yangaphandle.

Okokugqibela, ukuba unomdla wokwazi ngakumbi ngayo, ungajongana neenkcukacha zayo kunye / okanye uxwebhu kwikhonkco elilandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.