Ezihlokweni ezimayelana nokuvikeleka nokuba sengozini engizabe lapha kubhulogi, zivame ukusho ukuthi ayikho isistimu, i-hardware noma ukuqaliswa okuphephile, njengoba kungakhathaliseki ukuthi ibiza kangakanani ithembekile ngo-100%, izindaba mayelana nokukhubazeka okutholiwe kusibonisile. okuphambene ..
Isizathu sokubalula lokhu ukuthi muva nje a iqembu labacwaningi kusuka eNyuvesi yaseMichigan yenze ucwaningo ekuhlonzeni uxhumano lwe-VPN olusekelwe ku-OpenVPN, okusibonisa ukuthi ukusetshenziswa kwama-VPN akuqinisekisi ukuthi isibonelo sethu kunethiwekhi sivikelekile.
Indlela esetshenziswa abacwaningi ibizwa ngokuthi "Izigxivizo zeminwe ze-VPN", eqapha ithrafikhi yezokuthutha nakucwaningo olwenziwe Kutholwe izindlela ezintathu ezisebenzayo zokukhomba iphrothokholi ye-OpenVPN phakathi kwamanye amaphakethe enethiwekhi, angasetshenziswa ezinhlelweni zokuhlolwa kwethrafikhi ukuvimba amanethiwekhi abonakalayo asebenzisa i-OpenVPN.
Ezivivinyweni ezenziwe kunethiwekhi yomhlinzeki we-inthanethi i-Merit, enabasebenzisi abangaphezu kwesigidi, ibonise lokho Lezi zindlela zingakhomba u-85% wezikhathi ze-OpenVPN ngezinga eliphansi lezinto ezingamanga. Ukuze kwenziwe izivivinyo, kusetshenziswe isethi yamathuluzi athole ithrafikhi ye-OpenVPN ngesikhathi sangempela ngemodi yokungenzi lutho futhi yaqinisekisa ukunemba komphumela ngokuhlola okusebenzayo neseva. Ngesikhathi sokuhlolwa, i-analyzer edalwe abacwaningi iphathe ukugeleza kwethrafikhi ngamandla acishe abe ngu-20 Gbps.
Izindlela zokuhlonza ezisetshenzisiwe zisekelwe ekubonweni kwamaphethini athile we-OpenVPN kumaheda ephakethe angabhalwanga, osayizi bephakethe le-ACK nezimpendulo zeseva.
- Ku Okokuqala, ixhunywe nephethini kunkambu "yekhodi yokusebenza".»kusihloko sephakethe ngesikhathi sesiteji sokuxoxisana, esishintsha ngokubikezela ngokuya ngokucushwa koxhumano. Ukuhlonza kufinyelelwa ngokuhlonza ukulandelana okuthile kwezinguquko ze-opcode kumaphakethe ambalwa okuqala okugeleza kwedatha.
- Indlela yesibili isekelwe kusayizi othize wamaphakethe we-ACK esetshenziswa ku-OpenVPN phakathi nesiteji sokuxoxisana. Ukuhlonza kwenziwa ngokuqaphela ukuthi amaphakethe e-ACK osayizi onikeziwe avela kuphela ezingxenyeni ezithile zeseshini, njengalapho kuqaliswa uxhumano lwe-OpenVPN lapho iphakethe lokuqala le-ACK ngokuvamile liyiphakethe ledatha lesithathu elithunyelwa kuseshini.
- El Indlela yesithathu ibandakanya ukuhlola okusebenzayo ngokucela ukusethwa kabusha koxhumano, lapho iseva ye-OpenVPN ithumela iphakethe elithile le-RST njengempendulo. Okubalulekile, lokhu kuhlola akusebenzi uma usebenzisa imodi ye-tls-auth, njengoba iseva ye-OpenVPN iziba izicelo ezivela kumakhasimende angagunyaziwe nge-TLS.
Imiphumela yocwaningo ibonise ukuthi umhlaziyi ukwazile ukuhlonza ngempumelelo ukuxhumana kwe-OpenVPN okungu-1.718 kokungu-2.000 okusungulwe iklayenti eliwumgunyathi kusetshenziswa ukulungiselelwa okujwayelekile kwe-OpenVPN okungu-40. Indlela isebenze ngempumelelo kwezingu-39 kwezingu-40 ezihloliwe. Ukwengeza, phakathi nezinsuku eziyisishiyagalombili zokuhlolwa, ingqikithi yamaseshini e-OpenVPN angu-3.638 akhonjwe kuthrafikhi yezokuthutha, lapho izikhathi ezingu-3.245 zaqinisekiswa njengezivumelekile.
Kubalulekile ukukuqaphela lokho Indlela ehlongozwayo inomkhawulo ophezulu wezinto ezingamanga ama-oda amathathu obukhulu amancane kunezindlela zangaphambilini ezisuselwe ekusetshenzisweni komshini wokufunda. Lokhu kuphakamisa ukuthi izindlela ezakhiwe abacwaningi baseNyuvesi yaseMichigan zinembe kakhulu futhi zisebenza kahle ekuhlonzeni ukuxhumana kwe-OpenVPN kuthrafikhi yenethiwekhi.
Ukusebenza kwezindlela zokuvikela ukuhogela kwethrafikhi ye-OpenVPN ezinsizeni zezentengiso kwahlaziywa ngokuhlolwa okuhlukene. Ezinsizeni ezingama-41 ze-VPN ezihloliwe ezisebenzisa izindlela zokuvala zethrafikhi ze-OpenVPN, ithrafikhi ikhonjwe ezimeni ezingama-34. Amasevisi angazange abonwe asebenzise izendlalelo ezengeziwe phezulu kwe-OpenVPN ukufihla ithrafikhi, njengokudlulisa ithrafikhi ye-OpenVPN ngomhubhe owengeziwe obethelwe. Iningi lezinsizakalo zakhombe ngempumelelo ukuhlanekezelwa kwethrafikhi ye-XOR esetshenzisiwe, izendlalelo ezengeziwe ze-obfuscation ngaphandle kokuphediswa kwethrafikhi okungahleliwe okwanele, noma ukuba khona kwezinsizakalo ze-OpenVPN ezingafihli kuseva efanayo.
Uma ungathanda ukufunda okwengeziwe ngayo, ungathintana nemininingwane kokuthi isixhumanisi esilandelayo.