I-Firezone, inketho enhle kakhulu yokwenza ama-VPNs asuselwa ku-WireGuard

Okuhle | | Kubuyekezwe ngomhla ka- | Izaziso, Amanethiwekhi / Amaseva

Akunazwana

Uma ufuna ukwakha iseva ye-VPN, ake ngikutshele ukuthi kukhona inketho enhle kakhulu ongazisekela ngayo ukuze ufeze umgomo wakho nokuthi iphrojekthi I-Firezone ithuthukisa iseva ye-VPN pUkuhlela ukufinyelela kubasingathi kunethiwekhi yangaphakathi ehlukanisiwe kumadivayisi omsebenzisi atholakala kumanethiwekhi angaphandle.

Le phrojekthi ihlose ukuzuza izinga eliphezulu lokuvikeleka futhi wenze lula inqubo yokusebenzisa i-VPN.

Mayelana neFirezone

Le phrojekthi ithuthukiswa yiCisco Security Automation Engineer, ozame ukwakha isisombululo esenza ngokuzenzakalelayo ukusebenza ngokucushwa komsingathi futhi aqede ukuhlupheka okwakudingeka abhekane nakho lapho ehlela ukufinyelela okuvikelekile kuma-VPC efwini.

Indawo yomlilo isebenza njengesixhumi esibonakalayo kuzo zombili imojuli ye-WireGuard kernel ngokuqondene nesihlungi sesistimu engaphansi kwe-kernel. Dala isixhumi esibonakalayo se-WireGuard (okuthiwa i-wg-firezone ngokuzenzakalela) kanye nethebula lesihlungi bese wengeza imizila efanelekile kuthebula lomzila. Ezinye izinhlelo ezishintsha ithebula lomzila le-Linux noma i-netfilter firewall zingaphazamisa ukusebenza kwe-Firezone.

Ungacabanga nge-Firezone njengozakwabo womthombo ovulekile we-OpenVPN Access Server, eyakhelwe phezulu kwe-WireGuard esikhundleni se-OpenVPN.

I-WireGuard isetshenziselwa ukuhlela iziteshi zokuxhumana ku-Firezone. I-Firezone futhi inomsebenzi owakhelwe ngaphakathi we-firewall esebenzisa ama-nftables.

Ngendlela elikuyo manje, i-firewall inqunyelwe ngokuvimba ithrafikhi ephumayo kubasingathi abathile noma ama-subnets Kumanethiwekhi angaphakathi noma angaphandle, lokhu kungenxa yokuthi i-Firezone iyisofthiwe ye-beta, ngakho okwamanje ukusetshenziswa kwayo kunconywa kuphela ngokukhawulela ukufinyelela kwenethiwekhi ku-interface yomsebenzisi wewebhu ukuze kugwenywe ukuyiveza ku-inthanethi yomphakathi.

I-Firezone idinga isitifiketi esivumelekile se-SSL kanye nerekhodi le-DNS elifanayo ukuze liqalise ekukhiqizeni, elingenziwa futhi liphathwe ithuluzi elithi Masibethele ukuze kukhiqizwe isitifiketi samahhala se-SSL.

Engxenyeni ye- ukuphathwa, kushiwo ukuthi lokhu kwenziwa ngokusebenzisa isikhombimsebenzisi sewebhu noma kumodi yomugqa womyalo usebenzisa insiza ye-firezone-ctl. Isixhumi esibonakalayo sewebhu sakhelwe phezu kwesisekelo se-Admin One Bulma.

Okwamanje, zonke izingxenye ze-Firezone zisebenza kuseva efanayo, Kodwa iphrojekthi iqale ithuthukiswe ngeso le-modularity, futhi ngokuzayo ihlelelwe ukwengeza amandla okusabalalisa izingxenye zesixhumi esibonakalayo sewebhu, i-VPN kanye ne-firewall kubasingathi abahlukahlukene.

Izinhlelo ziphinde zikhulume ngokuhlanganiswa kwesivimbeli sesikhangiso esisekelwe ku-DNS, ukusekelwa kohlu lwe-host kanye ne-subnet block, ikhono lokuqinisekisa nge-LDAP / SSO, namandla engeziwe okuphatha abasebenzisi.

Ezicini ezishiwo zeFirezone:

  • Ngokushesha: sebenzisa i-WireGuard ukuze isheshe izikhathi ezi-3-4 kune-OpenVPN.
  • Akukho ukuncika: konke ukuncika kuqoqwe ngenxa ye-Chef Omnibus.
  • Kulula: kuthatha imizuzu embalwa ukusetha. Phatha nge-CLI API elula.
  • Iphephile: isebenza ngaphandle kwamalungelo. I-HTTPS isetshenzisiwe.
  • Amakhukhi abethelwe.
  • I-Firewall ifakiwe - Isebenzisa ama-nftables e-Linux ukuvimba ithrafikhi ephumayo engafuneki.

Ukuze kufakwe, amaphakheji e-rpm ne-deb anikezwa ezinguqulweni ezahlukene ze-CentOS, Fedora, Ubuntu kanye ne-Debian, ukufakwa kwayo akudingi ukuncika kwangaphandle, njengoba konke ukuncika okudingekayo sekufakiwe kusetshenziswa ikhithi yamathuluzi ye-Chef Omnibus.

Ukusebenza, udinga kuphela ukusatshalaliswa kwe-Linux ene-Linux kernel ngaphambi kuka-4.19 kanye nemodyuli ye-kernel ehlanganiswe ne-WireGuard VPN.. Ngokusho kombhali, ukuqala nokulungisa iseva ye-VPN kungenziwa ngemizuzu embalwa nje. Izingxenye zesixhumi esibonakalayo sewebhu zisebenza ngaphansi komsebenzisi ongenamalungelo futhi ukufinyelela kutholakala kuphela nge-HTTPS.

I-Firezone iqukethe iphakheji ye-Linux eyodwa engasabalaliswa engafakwa futhi iphathwe umsebenzisi. Ikhodi yephrojekthi ibhalwe ku-Elixir neRuby, futhi isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0.

Okokugcina uma unentshisekelo yokwazi kabanzi ngakho noma ufuna ukulandela imiyalelo yokufaka, ungakwenza kusuka isixhumanisi esilandelayo.


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Yiba ngowokuqala ukuphawula

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.