I-WireGuard yenze izinto kahle futhi manje iza njengechweba leWindows Kernel

ucingo

Kubukeka sengathi izinto zihamba kahle impela ngaphakathi kwephrojekthi ye-WireGuard, njengoJason A. Donenfeld, umbhali we-VPN WireGuard, wethule iphrojekthi ye-WireGuardNT okuyi ichweba elisebenza kahle le-WireGuard VPN le-Windows kernel ehambisana nayo Windows 7, 8, 8.1, no-10, futhi isekela izakhiwo ze-AMD64, x86, ARM64, kanye ne-ARM.

Kubalulekile ukukhumbula ukuthi kwisemester yokugcina ka-2019 ama-patches enziwa ngokusetshenziswa kwe-VPN interface yephrojekthi egatsheni elilandelayo, lokhu kungenxa yokuthi abathuthukisi be-WireGuard bazibophezele futhi bavuma ukudlulisela ingxenye yekhodi kernel, hhayi njenge-API ehlukile, kodwa njengengxenye yohlelo olungaphansi lwe-Crypto API.

Ngemuva kwalokho ezinyangeni ezimbalwa kamuva iphrojekthi yeza kuzinguquko ze-OpenBSD zezinsiza ze-ifconfig ne-tcpdump ngokusekelwa kokusebenza kwe-WireGuard, imibhalo kanye nezinguquko ezincane zokuhlanganisa i-WireGuard nalo lonke uhlelo futhi ngemuva kwalokho iphrojekthi yahanjiswa ukuhambisana ne-Android .

I-athikili ehlobene:
I-WireGuard iyaqhubeka nokuyiphula, manje sekuyi-OpenBSD eyamukela le protocol

I-WireGuard VPN isetshenziswa ngesisekelo sezindlela zokubethela zanamuhla, ihlinzeka ngokusebenza okuphezulu kakhulu, kulula ukuyisebenzisa, ngaphandle kokuhlupheka, futhi izibonakalisile ezinhlakeni eziningi zokuhambisa okuphethe amanani aphezulu ezimoto.

Le phrojekthi ibilokhu ithuthuka kusukela ngo-2015, uphase ukuhlolwa okuhlelekile nokuqinisekiswa kwezindlela zokubethela ezisetshenzisiwe. I-WireGuard isebenzisa umqondo wokhiye wokubethela, okubandakanya ukubopha ukhiye oyimfihlo kusixhumi esibonakalayo senethiwekhi ngayinye nokusebenzisa izinkinobho zomphakathi ukubopha.

Ukushintshaniswa kokhiye bomphakathi ukusungula ukuxhumana kwenziwa ngokufaniswa ne-SSH. Ukuxoxisana ngokhiye nokuxhuma ngaphandle kokusebenzisa i-daemon ehlukile esikhaleni somsebenzisi, kusetshenziswa indlela yeNoise_IK yeNoise Protocol Framework, efanayo nokugcina amakhekhe agunyaziwe ku-SSH. Ukudluliswa kwedatha kwenziwa ngokufakwa kumaphakethe we-UDP. Isekela ukushintsha ikheli le-IP leseva le-VPN (ukuzula) ngaphandle kokwephula ukuxhumana nokuhlelwa kabusha kwamakhasimende okuzenzakalelayo.

Ukubethela isebenzisa ukubethela kokusakaza kweChaCha20 nePoly1305 algorithm (MAC). I-ChaCha20 ne-Poly1305 zibekwe njengabalingani abasheshayo nabaphephe kakhudlwana kuma-AES-256-CTR ne-HMAC, ukuqaliswa kwesoftware okukuvumela ukuthi uzuze isikhathi sokusebenza esinqunyiwe ngaphandle kokusebenzisa ukwesekwa okukhethekile kwehadiwe.

Futhi manje iphrojekthi ifika njengetheku leWindows que yakhela esisekelweni sekhodi esivivinyiwe wokuqaliswa kwe-WireGuard okuyisisekelo kwe- i-linux kernel, ehunyushelwe ukusebenzisa izinhlaka ze-Windows kernel kanye nesitaki senethiwekhi se-NDIS.

Ngemuva kwezinyanga eziningi zokusebenza, mina noSimon siyajabula ukumemezela iphrojekthi ye-WireGuardNT, itheku lomdabu le-WireGuard le-Windows kernel. 

I-WireGuardNT, iqale njengechweba lesisekelo sekhodi yeLinux… Ngemuva kwemizamo yokuqala yokuphatheka kube yimpumelelo, isisekelo sekhodi se-NT saphambukiswa ngokushesha ukuze sivumelane kahle nama-NTisms endabuko ne-NDIS (Windows networking stack) APIs. Umphumela wokugcina ukufakwa okuhlanganiswe ngokujulile, kokusebenza okuphezulu kwe-WireGuard, esebenzisa uhla oluphelele lwamakhono we-NT kernel ne-NDIS.

Uma kuqhathaniswa nokusetshenziswa kwe-wireguard-go okugijima esikhaleni somsebenzisi futhi kusebenzisa i-Wintun interface interface, i-WireGuardNT inokuthuthuka okuphawulekayo kokusebenza ngokususa ukusebenza kokushintsha kokuqukethwe bese ukopisha okuqukethwe kwephakeji kusuka ku-kernel uye esikhaleni somsebenzisi.

Ngokufana nokusetshenziswa kwe-WireGuardNT kweLinux, OpenBSD, neFreeBSD, yonke imiqondo yokucubungula umthetho olandelwayo isebenza ngqo ezingeni lesitaki senethiwekhi.

I-athikili ehlobene:
I-WireGuard ekugcineni yamukelwe yiLinus Torvalds futhi izohlanganiswa neLinux 5.6

Yize kungekho ukwenziwa okulungiselelwe okwenziwe okwamanje, i-WireGuardNT isivele izuze ukudluliswa kwedatha okuphezulu kwe-7,5 Gbps endaweni yethu yokuhlola nge-Ethernet.

Kuzinhlelo zomsebenzisi zangempela ezine-Wi-Fi, ukusebenza kwehla ngokubonakalayo, kepha ayihlukile kakhulu ekudlulisweni kwedatha okuqondile. Isibonelo, ohlelweni olunekhadi elingenantambo le-Intel AC9560, ukusebenza ngaphandle kwe-WireGuard kwakungu-600 Mbps futhi nge-WireGuardNT kwakungu-600 Mbps, ngenkathi usebenzisa i-wireguard-go / Wintun kwakungu-95 Mbps.

Umthombo: https://lists.zx2c4.com/


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Yiba ngowokuqala ukuphawula

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.