I-Nebula, ithuluzi lenethiwekhi lokwakha amanethiwekhi embondela avikelekile

Darkcrizt

Imizuzu ye-4

Ukwethulwa kwe- inguqulo entsha ye I-Nebula 1.5 ebekwe njengeqoqo lamathuluzi okwakha amanethiwekhi embondela avikelekile Bangakwazi ukuxhumanisa ababungazi abahlukene ngokwendawo abaningana kuya kwamashumi ezinkulungwane, benze inethiwekhi ehlukile ehlukanisiwe phezu kwenethiwekhi yomhlaba wonke.

Iphrojekthi yakhelwe ukudala amanethiwekhi akho okumbondela kunoma yisiphi isidingo, isibonelo, ukuhlanganisa amakhompyutha ezinkampani emahhovisi ahlukene, amaseva ezikhungweni zedatha ezihlukene, noma izindawo ezibonakalayo ezivela kubahlinzeki bamafu abahlukene.

Mayelana Nebula

Ama-node enethiwekhi ye-Nebula axhumana ngqo nomunye ngemodi ye-P2P, kusukela isidingo sokudlulisa idatha phakathi kwama-nodes idala ukuxhumana okuqondile kwe-VPN ngamandla. Ubunikazi bosokhaya ngamunye kunethiwekhi buqinisekiswa yisitifiketi sedijithali, futhi ukuxhumeka kunethiwekhi kudinga ukuqinisekiswa; umsebenzisi ngamunye uthola isitifiketi esiqinisekisa ikheli le-IP kunethiwekhi ye-Nebula, igama kanye nobulungu bamaqembu abamba.

Izitifiketi zisayinwa yisiphathimandla sezitifiketi sangaphakathi, ezisetshenziswa umdali wenethiwekhi ngayinye ezindaweni zabo, futhi zisetshenziselwa ukuqinisekisa igunya lababungazi abanelungelo lokuxhuma kunethiwekhi ethile eyimbondela exhunywe kuziphathimandla zesitifiketi.

Ukwakha isiteshi sokuxhumana esiqinisekisiwe esiqinisekisiwe, I-Nebula isebenzisa iphrothokholi yayo yokuhubhe esekelwe kumthethonqubo wokushintshanisa ukhiye we-Diffie-Hellman kanye nokubethela kwe-AES-256-GCM. Ukuqaliswa kwephrothokholi kusekelwe ezintweni zakudala esezilungele ukusetshenziswa nezihloliwe ezihlinzekwe wuhlaka lwe-Noise, nalo oluwuhlaka. esetshenziswa kumaphrojekthi afana ne-WireGuard, Lightning kanye ne-I2P. Lo msebenzi kuthiwa uphasise ucwaningo oluzimele lwezokuphepha.

Ukuthola amanye ama-node futhi uxhumanise ukuxhumana nenethiwekhi, ama-node "we-beacon" ayakhiwa okukhethekile, amakheli abo e-IP yomhlaba wonke alungisiwe futhi aziwa ngabahlanganyeli benethiwekhi. Amanodi abamba iqhaza awanawo isixhumanisi sekheli le-IP langaphandle, akhonjwa ngezitifiketi. Abanikazi bosokhaya abakwazi ukwenza izinguquko kuzitifiketi ezizisayinele, futhi ngokungafani namanethiwekhi e-IP avamile, abakwazi ukuzenza omunye umsingathi ngokushintsha ikheli le-IP. Uma umhubhe udalwa, ubunikazi bosokhaya buqinisekiswa ngokhiye oyimfihlo ngamunye.

Inethiwekhi edaliwe inikezwe ububanzi obuthile bamakheli e-intranethi (isibonelo, 192.168.10.0/24) namakheli angaphakathi aboshwe ngezitifiketi zokusingatha. Amaqembu angakhiwa kusukela kubahlanganyeli kunethiwekhi yembondela, isibonelo ukuhlukanisa amaseva nezindawo zokusebenza, lapho kusetshenziswa khona imithetho ehlukene yokuhlunga ithrafikhi. Kuhlinzekwe izindlela ezehlukene zokunqamula abahumushi bamakheli (NAT) kanye nezicishamlilo. Kuyenzeka ukuhlela umzila ngenethiwekhi eyimbondela yethrafikhi evela kubasingathi bezinkampani zangaphandle abangafakiwe kunethiwekhi ye-Nebula (umzila ongavikelekile).

Futhi isekela ukudalwa kwama-Firewall ukuze kuhlukaniswe ukufinyelela nokuhlunga ithrafikhi phakathi kwamanodi enethiwekhi ye-Nebula eyimbondela. Ama-ACL aboshwe umaka asetshenziselwa ukuhlunga. Umsingathi ngamunye kunethiwekhi angachaza imithetho yakhe yokuhlunga kubasingathi benethiwekhi, amaqembu, izivumelwano, nezimbobo. Ngesikhathi esifanayo, ababungazi abahlungi ngamakheli e-IP, kodwa ngezihlonzi zomsingathi ezisayinwe ngedijithali, ezingakwazi ukwenziwa ngaphandle kokubeka engcupheni isikhungo sokunikeza izitifiketi esixhumanisa inethiwekhi.

Ikhodi ibhalwe ku-Go futhi ilayisensi ngabakwa-MIT. Le phrojekthi yasungulwa ngu-Slack, othuthukisa isithunywa sebhizinisi segama elifanayo. Isekela i-Linux, i-FreeBSD, i-macOS, iWindows, i-iOS ne-Android.

Kepha izinguquko ezisetshenziswe enguqulweni entsha Yilezi ezilandelayo:

  • Kwengezwe ifulegi elithi "-raw" kumyalo we-print-cert ukuze uphrinte ukumelwa kwe-PEM kwesitifiketi.
  • Kungezwe ukusekelwa kwe-architecture entsha ye-Linux riscv64.
  • Kwengezwe isilungiselelo sokuhlola se-remote_allow_ranges ukuze sibophe uhlu lwabasingathi oluvunyelwe kuma-subnet athile.
  • Kwengezwe inketho ye-pki.disconnect_invalid yokusetha kabusha imigudu ngemva kokunqanyulwa kokwethenjwa noma ukuphelelwa yisikhathi kwesitifiketi.
  • Kwengezwe inketho ye-unsafe_routes. .metric yokusetha isisindo sendlela ethile yangaphandle.

Okokugcina, uma ungathanda ukwazi okwengeziwe ngayo, ungathintana nemininingwane yayo kanye / noma imibhalo kusixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.