Uphononongo lwakutsha nje lubonisa ukuba kunokwenzeka njani ukuchonga unxibelelwano olusebenzisa i-OpenVPN

Darkcrizt

Imizuzu ye4

Ushicilelo lweminwe lweVPN

Indlela yokubona iseshoni ye-OpenVPN

Kumanqaku amalunga nokhuseleko kunye nobuthathaka endiye ndabelana nabo apha kwiblogi, bahlala bekhankanya ukuba akukho nkqubo, i-hardware okanye ukuphunyezwa okukhuselekileyo, ekubeni kungakhathaliseki ukuba ingakanani na i-100% ethembekileyo, iindaba malunga nobuthathaka obufunyenweyo busibonisile. ngokuchaseneyo..

Isizathu sokukhankanya oku kukuba kutsha nje a iqela labaphandi kwiYunivesithi yaseMichigan iqhube isifundo ekuchongeni uqhagamshelo lwe-VPN olusekwe kwi-OpenVPN, esibonisa ukuba ukusetyenziswa kweVPN akuqinisekisi ukuba umzekelo wethu kwinethiwekhi ukhuselekile.

Indlela esetyenziswa ngabaphandi ibizwa ngokuba "Ushicilelo lweminwe lweVPN", ebeka iliso kwitrafiki yokuhamba kunye nakuphononongo olwenziweyo Iindlela ezintathu ezisebenzayo zifunyenwe ukuchonga iprotocol ye-OpenVPN phakathi kwezinye iipakethi zenethiwekhi, ezinokusetyenziswa kwiinkqubo zokuhlola izithuthi ukuvala amanethiwekhi abonakalayo asebenzisa i-OpenVPN.

Kwiimvavanyo ezenziweyo kuthungelwano lomnikezeli we-Intanethi iMerit, enabasebenzisi abangaphezu kwesigidi, ibonise ukuba ezi ndlela zinokuchonga i-85% yeeseshoni ze-OpenVPN ezinomgangatho ophantsi wobuxoki. Ukwenza iimvavanyo, isethi yezixhobo zasetyenziswa ezichonge i-OpenVPN itrafikhi ngexesha langempela kwimowudi yokwenziwa kwaye emva koko yaqinisekisa ukuchaneka kwesiphumo ngetshekhi esebenzayo kunye nomncedisi. Ngexesha lovavanyo, umhlalutyi owenziwe ngabaphandi baphatha ukuhamba kwetrafikhi ngokuqina malunga ne-20 Gbps.

Iindlela zokuchonga ezisetyenzisiweyo zisekwe ekuqwalaselweni kweepateni ezikhethekileyo ze-OpenVPN kwiiheader zepakethe ezingafihlwanga, Ubungakanani bepakethe ye-ACK kunye neempendulo zeseva.

  • Kulo Imeko yokuqala, idityaniswe kwipatheni kwindawo "yekhowudi yokusebenza".»kumxholo wepakethe ngexesha lenqanaba lothethathethwano loqhagamshelo, olutshintsha ngokuqikelelwayo ngokuxhomekeke kuqwalaselo loqhagamshelwano. Ukuchonga kufezekiswa ngokuchonga ulandelelwano oluthile lotshintsho lwe-opcode kwiipakethi ezimbalwa zokuqala zokuhamba kwedatha.
  • Indlela yesibini isekelwe kubukhulu obuthile beepakethi ze-ACK isetyenziswe kwi-OpenVPN ngexesha lesigaba sothethathethwano. Ukuchonga kwenziwa ngokuqaphela ukuba iipakethi ze-ACK zobungakanani obunikeziweyo zenzeke kuphela kwiindawo ezithile zeseshoni, njengaxa uqalisa uxhumano lwe-OpenVPN apho ipakethe yokuqala ye-ACK idla ngokuba yipakethi yesithathu yedatha ethunyelwe kwiseshoni.
  • El Indlela yesithathu ibandakanya ukujonga okusebenzayo ngokucela ukusetwa kwakhona koqhagamshelo, apho iseva ye-OpenVPN ithumela ipakethe ethile ye-RST ekuphenduleni. Okubalulekileyo, oku kukhangela akusebenzi xa usebenzisa imowudi ye-tls-auth, njengoko iseva ye-OpenVPN ingazihoyi izicelo ezisuka kubathengi abangagunyaziswanga nge-TLS.

Iziphumo zophononongo zibonise ukuba umhlalutyi wakwazi ukuchonga ngempumelelo i-1.718 kwi-2.000 yovavanyo lwe-OpenVPN uxhulumaniso olusekwe ngumxhasi onobuqhophololo usebenzisa i-40 eyahlukeneyo yokusekwa kwe-OpenVPN eqhelekileyo. Indlela isebenze ngempumelelo kwi-39 ye-40 yoqwalaselo oluvavanyiweyo. Ukongezelela, ngeentsuku ezisibhozo zovavanyo, iiseshini ze-OpenVPN ze-3.638 zichongiwe kwi-traffic traffic, apho iiseshoni ze-3.245 ziqinisekisiwe njengezisebenzayo.

Kubalulekile ukuba uqaphele ukuba Indlela ecetywayo inomda ophezulu weempembelelo zobuxoki imiyalelo emithathu yobukhulu obuncinci kuneendlela zangaphambili ezisekelwe ekusebenziseni umatshini wokufunda. Oku kuphakamisa ukuba iindlela eziphuhliswe ngabaphandi beYunivesithi yaseMichigan zichanekile kwaye zisebenza kakuhle ekuchongeni uxhulumaniso lwe-OpenVPN kwi-traffic network.

Ukusebenza kweendlela zokukhusela i-OpenVPN yetrafikhi kwiinkonzo zorhwebo zavavanywa ngovavanyo olwahlukileyo. Kwiinkonzo ze-VPN ze-41 ezivavanyiweyo ezisebenzisa iindlela ze-OpenVPN zokuvala i-traffic, i-traffic yachongwa kwiimeko ze-34. Iinkonzo ezingakhange zibonwe zisetyenziselwe iileya ezongezelelweyo ngaphezulu kwe-OpenVPN ukufihla itrafikhi, njengokuthumela i-OpenVPN itrafikhi ngetonela eyongezelelweyo efihliweyo. Uninzi lweenkonzo ezichongiweyo ngempumelelo zisetyenzisiwe ukuphambuka kwetrafikhi ye-XOR, iileya ezongezelelweyo ze-obfuscation ngaphandle kwe-padding ye-traffic eyaneleyo, okanye ubukho beenkonzo ze-OpenVPN ezingabonakaliyo kwiseva efanayo.

Ukuba unomdla wokufunda ngakumbi ngayo, ungajonga iinkcukacha ku eli khonkco lilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.