UJason A. Donenfeld, umbhali we-VPN WireGuard, umemezele ukwamukelwa komshayeli omkhulu we-OpenBSD "wg" wesivumelwano I-WireGuard, ukuqaliswa kwesixhumi esibonakalayo senethiwekhi ethile, nezinguquko kumathuluzi asebenza esikhaleni somsebenzisi.
Ngakho-ke, i-OpenBSD ibekwe njengohlelo lwesibili lokusebenza ngemuva kwe-Linux ngokuxhaswa okuphelele nokuhlanganisiwe kwe-WireGuard.
Ama-patches afaka umshayeli we-OpenBSD kernel, ushintsho kuzinsiza ze-ifconfig ne-tcpdump ngokusekelwa kokusebenza kwe-WireGuard, imibhalo, kanye nezinguquko ezincane zokuhlanganisa i-WireGuard nalo lonke uhlelo. I-WireGuard kulindeleke ukuthi ifakwe ekukhishweni kwe-OpenBSD 6.8.
Khumbula ukuthi kwikota yokugcina yanyakenye umbhali wale protocol nguyena futhi owamemezela ukwamukelwa nokwethulwa kwekhodi kusitaki senethiwekhi yeLinux Kernel kwathi ngokuhamba kwesikhathi kwaba nguLinus Torvalds uqobo owemukela le khodi.
Ngokwengxoxo ngale phrojekthi, yize kusekhona ukuhlolwa okusamele kwenziwe, kufanele ikhishwe kunguqulo enkulu elandelayo ye-Linux kernel, inguqulo 5.6, kwikota yokuqala noma yesibili ka-2020, njengoba i-WireGuard ithole imvume kuLinus Torvalds yokuhlanganisa neLinux.
Mayelana ne-WireGuard
Isilawuli sisebenzisa ukuqaliswa kwaso kwama-algorithms blake2s, hchacha20 kanye curve25519, kanye nokuqaliswa kwe-SipHash sekuvele kukhona ku-OpenBSD kernel.
Ukuqaliswa kuyahambisana nawo wonke amaklayenti asemthethweni we-WireGuard we-Linux, Windows, macOS, * BSD, iOS ne-Android.
Ukuhlolwa kokusebenza kwikhompuyutha yonjiniyela (iLenovo x230) kukhombise umkhawulokudonsa we-750 mbit / s. Ukuqhathanisa i-isakmpd nokucushwa okuyisisekelo, i-ike psk inikeza umkhawulokudonsa we-380 mbit / s.
Mina noMat Dunwoodie kade sasebenza kulokhu. Manje, ngephuzu elithile, uMatt uze wakhombisa emnyango wami eParis ukuze aqhubeke nomzamo. Lokhu kuphawula ukuphela komzamo omncane impela, futhi impela ngumsebenzi weminyaka eminingi kaMat.
Kufanele futhi ngiqaphele ukuthi inqubo yokulayisha ye-OpenBSD yayijabulisa kakhulu.
Senze ukubuyekezwa kwama-patch amathathu, ngempendulo ewusizo ngakunye nomphakathi osekela kakhulu.
Ngicabanga ukuthi lo msebenzi uzothunyelwa nge-OpenBSD 6.8.
Lapho wenza isilawuli se- umnyombo we I-OpenBSD, ezinye izixazululo zokwakha ezifana nomshayeli weLinux ezikhethiwe, kepha umshayeli wenzelwe i-OpenBSD ikakhulukazi, kucatshangelwa imininingwane yalolu hlelo futhi kucatshangelwa ulwazi olutholakele lapho kwenziwa umshayeli weLinux.
Ngemvume yombhali wokuqala we-WireGuard, ikhodi yesilawuli esisha isatshalaliswa ngokugcwele ngaphansi kwelayisense yamahhala ye-ISC.
Isilawuli ihlangana ngokuqinile nesitaki senethiwekhi se-OpenBSD futhi isebenzisa ama-subsystems akhona, enza ikhodi ihambisane kakhulu (cishe imigqa engama-3.000 yekhodi).
Wokwehluka, futhi ukwahlukaniswa kwezakhi zomshayeli ezingezona ze-Linux kuyabonakalaIzindlela zokuxhumana eziqondene ne-OpenBSD ziya ku "if_wg. * »Amafayela, ikhodi yokuvikela ye-DoS iku-« wg_cookie. * ", Futhi izingxoxo zokuxhuma nokubethela okubhaliwe kuku" wg_noise. *
Ekugcineni, kubonakala sengathi imizamo eyenziwe ithimba le-WireGuard ekwenzeni inani elikhulu lezinguquko ngaphakathi kwekhodi yohlelo lokusebenza bathele izithelo.
Futhi lokho akufani nezimbangi zayo ezindala, okuhloswe ngazo ukufaka esikhundleni, ikhodi yayo ihlanzekile kakhulu futhi ilula. Ngokusho kokucaciswa kwephrojekthi, i-WireGuard isebenza ngokuhlanganisa amaphakethe we-IP ngokuphepha nge-UDP. Ukuqinisekiswa kwayo nokwakhiwa kwesixhumi esibonakalayo kuhlobene kakhulu ne-Secure Shell (SSH) kunamanye ama-VPN.
Kumele kubhekelwe lokho isathuthuka ngokugcweleKepha kungathathwa njengesixazululo esiphephe kunazo zonke, esilula kakhulu ukusisebenzisa, nesilula se-VPN embonini. Yisixazululo se-Layer 3 VPN esiphephile.
Uma unesifiso sokwazi okwengeziwe ngezindaba, ungabheka imilayezo engaphakathi uhlu lwamakheli de I-WireGuard y ukuvulwa.