Tare da karuwar sahihan bayanai na Intanet daga gwamnatocin masu mulki, ana toshe ɗimbin albarkatu da shafuka masu amfani na Intanet. Ciki har da bayanan fasaha.
Don haka, ya zama ba zai yiwu a yi cikakken amfani da Intanet ba kuma ya keta ainihin haƙƙin 'yancin faɗar albarkacin baki, wanda aka ƙulla a ciki Sanarwar Haƙƙin Dan Adam ta Duniya.
Mataki na 19
Kowane mutum na da 'yancin fadin albarkacin bakinsa; wannan haƙƙin ya haɗa da 'yancin yin ra'ayi ba tare da tsangwama ba da neman, karɓa da ba da bayanai da ra'ayoyi ta kowace hanyar sadarwa ba tare da la'akari da iyaka ba.
A cikin wannan jagorar, za mu tura namu freeware* a cikin matakai 6. VPN sabis bisa fasaha Waya tsaro, a cikin kayan aikin girgije Amazon Web Services (AWS), ta amfani da asusun kyauta (na tsawon watanni 12), akan misali (na'ura mai kama-da-wane) wanda ke sarrafawa Ubuntu Server 18.04LTS.
Na yi ƙoƙarin yin wannan tafiya a matsayin abokantaka ga mutanen da ba IT ba kamar yadda zai yiwu. Abinda kawai ake buƙata shine juriya a maimaita matakan da aka bayyana a ƙasa.
Примечание
AWS yana bayarwa matakin amfani kyauta na tsawon watanni 12, tare da iyakar 15 gigabytes na zirga-zirga a kowane wata.
Yin rajista don asusun AWS na kyauta yana buƙatar lambar waya ta gaske da ingantaccen katin kiredit Visa ko Mastercard. Ina ba da shawarar yin amfani da katunan kama-da-wane waɗanda aka bayar kyauta Yandex.Money ko kiwi wallet. Don bincika ingancin katin, ana cire $ 1 yayin rajista, wanda daga baya ya dawo.
A wannan matakin, an tabbatar da lambar wayar kuma an cire $ 1 kai tsaye daga katin biyan kuɗi. Ana nuna lambar lambobi 4 akan allon kwamfutar, kuma ƙayyadadden wayar tana karɓar kira daga Amazon. Yayin kira, dole ne ka buga lambar da aka nuna akan allon.
1.6. Zaɓin tsarin jadawalin kuɗin fito.
Zaɓi - Tsarin asali (kyauta)
1.7. Shiga cikin na'ura wasan bidiyo na gudanarwa
1.8. Zabar wurin da cibiyar bayanai take
1.8.1. Gwajin sauri
Kafin zabar cibiyar bayanai, ana ba da shawarar gwada ta https://speedtest.net saurin isa ga cibiyoyin bayanai mafi kusa, a wurina sakamakon sakamako masu zuwa:
Сингапур
Paris
Frankfurt
Stockholm
London
Cibiyar bayanai a London tana nuna mafi kyawun sakamako ta fuskar sauri. Don haka na zaɓi shi don ƙarin gyare-gyare.
2. Ƙirƙiri misali AWS
2.1 Ƙirƙirar injin kama-da-wane
2.1.1. Zaɓi nau'in misali
Ta hanyar tsoho, an zaɓi misalin t2.micro, wanda shine abin da muke buƙata, danna maɓallin kawai Na gaba: Sanya Bayanan Misali
2.1.2. Saitin Zaɓuɓɓukan Misali
A nan gaba, za mu haɗa adireshin IP na dindindin na jama'a zuwa misalinmu, don haka a wannan matakin za mu kashe aikin kai tsaye na IP na jama'a, sannan danna maɓallin. Na gaba: Ƙara Ma'aji
2.1.3. Haɗin ajiya
Ƙayyade girman "hard disk". Don dalilanmu, 16 gigabytes ya isa, kuma muna danna maɓallin Na gaba: Ƙara Tags
2.1.4. Saita tags
Idan mun ƙirƙiri lokuta da yawa, to ana iya haɗa su ta tags don sauƙaƙe gudanarwa. A wannan yanayin, wannan aikin yana da yawa, danna maɓallin nan da nan Na gaba: Sanya Ƙungiyar Tsaro
2.1.5. Buɗe tashoshin jiragen ruwa
A cikin wannan mataki, muna saita Tacewar zaɓi ta buɗe tashoshin da ake buƙata. Saitin bude tashoshin jiragen ruwa ana kiransa Ƙungiyar Tsaro. Dole ne mu ƙirƙiri sabon ƙungiyar tsaro, ba ta suna, bayanin, ƙara tashar tashar UDP (Custom UDP Rule), a cikin filin Rort Range, sanya lambar tashar jiragen ruwa daga kewayon. tashoshin jiragen ruwa masu tsauri 49152-65535. A wannan yanayin, na zaɓi lambar tashar jiragen ruwa 54321.
Bayan cika bayanan da ake buƙata, danna maɓallin Bita da Ƙaddamarwa
2.1.6. Bayanin duk saituna
A wannan shafin akwai bayyani na duk saitunan misalin mu, muna duba ko duk saitunan suna cikin tsari, sannan danna maɓallin. Launch
2.1.7. Ƙirƙirar Maɓallan Shiga
Na gaba ya zo akwatin maganganu don ko dai ƙirƙira ko ƙara maɓallin SSH da ke wanzu, wanda daga baya za mu haɗa kai tsaye zuwa misalinmu. Mun zaɓi zaɓin "Ƙirƙiri sabon maɓalli" don ƙirƙirar sabon maɓalli. Ka ba shi suna kuma danna maɓallin Zazzage Maɓallin Maɓallidon zazzage maɓallan da aka samar. Ajiye su zuwa wuri mai aminci a kan kwamfutarka na gida. Da zarar an sauke, danna maɓallin. Kaddamar da Misalai
2.1.7.1. Ajiye Maɓallan Shiga
Ana nunawa anan shine matakin adana maɓallan da aka samar daga matakin baya. Bayan mun danna maballin Zazzage Maɓallin Maɓalli, an adana maɓallin azaman fayil ɗin takaddun shaida tare da tsawo * .pem. A wannan yanayin, na ba shi suna wayaguard-awskey.pem
2.1.8. Bayanin Sakamakon Halittar Misali
Bayan haka, muna ganin saƙo game da nasarar ƙaddamar da misalin da muka ƙirƙira. Za mu iya zuwa jerin abubuwan mu ta danna maɓallin duba misalai
2.2. Ƙirƙirar adireshin IP na waje
2.2.1. Fara ƙirƙirar IP na waje
Na gaba, muna buƙatar ƙirƙirar adireshin IP na dindindin na waje wanda ta inda za mu haɗa zuwa uwar garken VPN ɗin mu. Don yin wannan, a cikin maɓallin kewayawa a gefen hagu na allon, zaɓi abu IP na roba daga category NETWORK & TSARO kuma danna maɓallin Sanya sabon adireshin
2.2.2. Saita ƙirƙirar IP na waje
A mataki na gaba, muna buƙatar kunna zaɓi Amazon pool (wanda aka kunna ta tsohuwa), kuma danna maɓallin Raba
2.2.3. Bayanin sakamakon ƙirƙirar adireshin IP na waje
Allon na gaba zai nuna adireshin IP na waje da muka karɓa. An ba da shawarar a haddace shi, kuma yana da kyau ko da a rubuta shi. zai zo da amfani fiye da sau ɗaya a cikin tsarin ci gaba da kafawa da amfani da uwar garken VPN. A cikin wannan jagorar, Ina amfani da adireshin IP azaman misali. 4.3.2.1. Da zarar ka shigar da adireshin, danna maɓallin Close
2.2.4. Jerin adiresoshin IP na waje
Bayan haka, ana gabatar da mu tare da jerin adiresoshin IP ɗin mu na dindindin na jama'a (lastics IP).
2.2.5. Sanya IP na waje zuwa Misali
A cikin wannan jerin, za mu zaɓi adireshin IP ɗin da muka karɓa, kuma danna maɓallin linzamin kwamfuta na dama don kawo menu mai saukewa. A ciki, zaɓi abu adireshin abokin tarayyadon sanya shi ga misalin da muka ƙirƙira a baya.
2.2.6. Saitin aikin IP na waje
A mataki na gaba, zaɓi misalin mu daga jerin zaɓuka, kuma danna maɓallin Mataimakin
2.2.7. Bayanin Sakamako na IP na Waje
Bayan haka, zamu iya ganin misalin mu da adireshin IP na sirri suna daure zuwa adireshin IP ɗin mu na dindindin.
Yanzu za mu iya haɗawa da sabon misalin da aka ƙirƙira daga waje, daga kwamfutar mu ta hanyar SSH.
3. Haɗa zuwa misali AWS
SSH amintacciyar yarjejeniya ce don sarrafa ramut na na'urorin kwamfuta.
3.1. Haɗa ta hanyar SSH daga kwamfutar Windows
Don haɗawa da kwamfutar Windows, da farko kuna buƙatar saukewa kuma shigar da shirin Putty.
3.1.1. Shigo da keɓaɓɓen maɓalli don Putty
3.1.1.1. Bayan shigar da Putty, kuna buƙatar gudanar da kayan aikin PuTTYgen da ke zuwa tare da shi don shigo da maɓallin takaddun shaida a cikin tsarin PEM zuwa tsarin da ya dace don amfani a Putty. Don yin wannan, zaɓi abu a cikin menu na sama Juyawa->Shigo da Maɓalli
3.1.1.2. Zaɓi maɓallin AWS a Tsarin PEM
Na gaba, zaɓi maɓallin da muka ajiye a baya a mataki na 2.1.7.1, a yanayinmu sunansa wayaguard-awskey.pem
3.1.1.3. Saita zaɓuɓɓukan shigo da maɓalli
A wannan matakin, muna buƙatar saka sharhi don wannan maɓalli (bayani) kuma saita kalmar sirri da tabbatarwa don tsaro. Za a nemi shi duk lokacin da ka haɗa. Don haka, muna kare maɓalli tare da kalmar sirri daga amfani da bai dace ba. Ba sai ka saita kalmar sirri ba, amma ba shi da tsaro idan maɓalli ya fada hannun da bai dace ba. Bayan mun danna maballin Ajiye maɓalli na sirri
3.1.1.4. Ajiye maɓallin da aka shigo da shi
Maganar adana fayil tana buɗewa kuma muna adana maɓallin sirrinmu azaman fayil tare da tsawo .ppkdace don amfani a cikin shirin Putty.
Ƙayyade sunan maɓallin (a cikin yanayin mu wireguard-awskey.ppk) kuma danna maɓallin riƙe.
3.1.2. Ƙirƙirar da daidaita haɗin kai a Putty
3.1.2.1. Ƙirƙiri haɗi
Bude shirin Putty, zaɓi nau'i Zama (yana buɗe ta tsohuwa) kuma a cikin filin Sunan Mai watsa shiri shigar da adireshin IP na jama'a na uwar garken mu, wanda muka karɓa a mataki na 2.2.3. A cikin filin Sanarwar Zama shigar da suna na sabani don haɗin gwiwarmu (a cikin akwati na wayaguard-aws-london), sannan danna maballin Ajiye don ajiye canje-canjen da muka yi.
3.1.2.2. Saita mai amfani da autologin
Ƙari a cikin rukuni Connection, zaɓi yanki data kuma a cikin filin Sunan mai amfani da shiga ta atomatik shigar da sunan mai amfani Ubuntu shine daidaitaccen mai amfani da misalin akan AWS tare da Ubuntu.
3.1.2.3. Zaɓi maɓallin keɓaɓɓen don haɗawa ta hanyar SSH
Sa'an nan kuma je zuwa ga subcategori Haɗin kai/SSH/Auth kuma kusa da filin Fayil ɗin maɓallin keɓaɓɓen don tantancewa danna maballin Yi bincike… don zaɓar fayil tare da takaddun maɓalli.
3.1.2.4. Bude maɓallin da aka shigo da shi
Ƙayyade maɓallin da muka shigo da shi a baya a mataki na 3.1.1.4, a cikin yanayin mu fayil ne wayaguard-awskey.ppk, kuma danna maɓallin Bude.
3.1.2.5. Ajiye saituna da fara haɗi
Komawa zuwa shafi na rukuni Zama danna maballin sake Ajiye, don adana canje-canjen da muka yi a baya a matakan da suka gabata (3.1.2.2 - 3.1.2.4). Sannan muna danna maballin Bude don buɗe haɗin SSH mai nisa da muka ƙirƙira kuma muka daidaita shi.
3.1.2.7. Kafa amana tsakanin runduna
A mataki na gaba, da farko da muka yi ƙoƙarin haɗawa, an ba mu gargaɗi, ba mu da aminci tsakanin kwamfutocin biyu, kuma muna tambayar ko za mu amince da kwamfutar ta nesa. Za mu danna maɓallin A, ta haka ƙara shi zuwa jerin amintattun runduna.
3.1.2.8. Shigar da kalmar sirri don samun damar maɓalli
Bayan haka, sai taga tasha, inda ake tambayarka kalmar sirri don maɓalli, idan ka saita shi a baya a mataki na 3.1.1.3. Lokacin shigar da kalmar wucewa, babu wani aiki akan allon da zai faru. Idan kun yi kuskure, kuna iya amfani da maɓallin Backspace.
3.1.2.9. Saƙon maraba akan haɗin gwiwa mai nasara
Bayan shigar da kalmar sirri cikin nasara, an nuna mana rubutu maraba a tashar, wanda ke nuna mana cewa tsarin nesa ya shirya don aiwatar da umarninmu.
4. Saita uwar garken Wireguard
Ana iya samun umarni na yau da kullun don shigarwa da amfani da Wireguard ta amfani da rubutun da aka bayyana a ƙasa a cikin ma'ajiyar: https://github.com/isystem-io/wireguard-aws
4.1. Sanya WireGuard
A cikin tashar tashar, shigar da umarni masu zuwa (zaka iya kwafa zuwa allon allo, kuma liƙa a cikin tashar ta danna maɓallin linzamin kwamfuta na dama):
4.1.1. Rufe wurin ajiya
Rufe ma'ajiyar tare da rubutun shigarwa na Wireguard
4.1.2. Canjawa zuwa kundin adireshi tare da rubutun
Je zuwa kundin adireshi tare da ma'ajiyar cloned
cd wireguard_aws
4.1.3 Gudanar da rubutun farawa
Gudu azaman mai gudanarwa (mai amfani da tushen) rubutun shigarwa na Wireguard
sudo ./initial.sh
Tsarin shigarwa zai nemi wasu bayanan da ake buƙata don saita Wireguard
4.1.3.1. Shigar da batun haɗin kai
Shigar da adireshin IP na waje kuma buɗe tashar jiragen ruwa na uwar garken Wireguard. Mun sami adireshin IP na waje na uwar garken a mataki na 2.2.3, kuma mun buɗe tashar jiragen ruwa a mataki na 2.1.5. Muna nuna su tare, muna raba su da hanji, misali 4.3.2.1:54321sa'an nan kuma danna maɓallin Shigar Fitowar samfur:
Enter the endpoint (external ip and port) in format [ipv4:port] (e.g. 4.3.2.1:54321): 4.3.2.1:54321
4.1.3.2. Shigar da adireshin IP na ciki
Shigar da adireshin IP na uwar garken Wireguard akan amintaccen subnet na VPN, idan baku san menene ba, kawai danna maɓallin Shigar don saita ƙimar tsoho (10.50.0.1) Fitowar samfur:
Enter the server address in the VPN subnet (CIDR format) ([ENTER] set to default: 10.50.0.1):
4.1.3.3. Ƙayyadaddun Sabar DNS
Shigar da adireshin IP na uwar garken DNS, ko kawai danna maɓallin Shigar don saita ƙimar tsoho 1.1.1.1 (Cloudflare jama'a DNS) Fitowar samfur:
Enter the ip address of the server DNS (CIDR format) ([ENTER] set to default: 1.1.1.1):
4.1.3.4. Ƙayyadaddun tsarin WAN
Bayan haka, kuna buƙatar shigar da sunan cibiyar sadarwar waje wacce za ta saurara akan cibiyar sadarwar cikin gida ta VPN. Kawai danna Shigar don saita tsohuwar ƙimar AWS (eth0) Fitowar samfur:
Enter the name of the WAN network interface ([ENTER] set to default: eth0):
4.1.3.5. Ƙayyadaddun sunan abokin ciniki
Shigar da sunan mai amfani da VPN. Gaskiyar ita ce uwar garken Wireguard VPN ba za ta iya farawa ba har sai an ƙara aƙalla abokin ciniki ɗaya. A wannan yanayin, na shigar da sunan Alex@mobile Fitowar samfur:
Enter VPN user name: Alex@mobile
Bayan haka, ya kamata a nuna lambar QR tare da tsarin sabon abokin ciniki da aka ƙara akan allon, wanda dole ne a karanta ta amfani da abokin ciniki na wayar hannu ta Wireguard akan Android ko iOS don daidaita shi. Kuma a ƙasan lambar QR, za a nuna rubutun fayil ɗin daidaitawa idan akwai daidaitawar abokan ciniki. Yadda za a yi wannan za a tattauna a kasa.
4.2. Ƙara sabon mai amfani da VPN
Don ƙara sabon mai amfani, kuna buƙatar aiwatar da rubutun a cikin tasha add-client.sh
sudo ./add-client.sh
Rubutun yana neman sunan mai amfani: Fitowar samfur:
Enter VPN user name:
Hakanan, ana iya ƙaddamar da sunan masu amfani azaman sigar rubutun (a wannan yanayin Alex@mobile):
sudo ./add-client.sh Alex@mobile
A sakamakon aiwatar da rubutun, a cikin kundin adireshi tare da sunan abokin ciniki tare da hanya /etc/wireguard/clients/{ИмяКлиента} za a ƙirƙiri fayil ɗin sanyi na abokin ciniki /etc/wireguard/clients/{ИмяКлиента}/{ИмяКлиента}.conf, kuma allon tasha zai nuna lambar QR don kafa abokan ciniki ta hannu da abubuwan da ke cikin fayil ɗin sanyi.
4.2.1. Fayil ɗin daidaitawar mai amfani
Kuna iya nuna abubuwan da ke cikin fayil ɗin .conf akan allon, don daidaitawar abokin ciniki, ta amfani da umarnin cat
[Interface]
PrivateKey = Приватный ключ клиента
Address = IP адрес клиента
DNS = ДНС используемый клиентом
[Peer]
PublicKey = Публичный ключ сервера
PresharedKey = Общи ключ сервера и клиента
AllowedIPs = Разрешенные адреса для подключения (все - 0.0.0.0/0, ::/0)
Endpoint = IP адрес и порт для подключения
4.2.2. Lambar QR don daidaitawar abokin ciniki
Kuna iya nuna lambar QR mai sanyi don abokin ciniki da aka ƙirƙira a baya akan allon tasha ta amfani da umarnin qrencode -t ansiutf8 (a cikin wannan misalin, ana amfani da abokin ciniki mai suna Alex@mobile):
Bayan haka, kuna buƙatar shigo da tsarin ta hanyar karanta lambar QR tare da daidaitawar abokin ciniki (duba sakin layi na 4.2.2) kuma ku ba shi suna:
Bayan shigo da tsarin cikin nasara, zaku iya kunna rami na VPN. Za a nuna haɗin kai mai nasara ta hanyar maɓalli mai maɓalli a cikin tiren tsarin Android
5.2. Saitin abokin ciniki na Windows
Da farko kana buƙatar saukewa kuma shigar da shirin TunSafe don Windows shine abokin ciniki na Wireguard don Windows.
5.2.1. Ƙirƙirar fayil ɗin daidaitawar shigo da kaya
Danna-dama don ƙirƙirar fayil ɗin rubutu akan tebur.
5.2.2. Kwafi abubuwan da ke cikin fayil ɗin sanyi daga uwar garken
Sa'an nan kuma mu koma tashar Putty kuma mu nuna abubuwan da ke cikin fayil ɗin sanyi na mai amfani da ake so, kamar yadda aka bayyana a mataki na 4.2.1.
Na gaba, danna dama-danna rubutun sanyi a cikin tashar Putty, bayan an gama zaɓin, za a kwafi ta atomatik zuwa allo.
5.2.3. Ana kwafin saitin zuwa fayil ɗin sanyi na gida
A cikin wannan filin, muna komawa zuwa fayil ɗin rubutu da muka ƙirƙira a baya akan tebur, sannan mu liƙa rubutun daidaitawa a ciki daga allon allo.
5.2.4. Ajiye fayil ɗin sanyi na gida
Ajiye fayil ɗin tare da tsawo .conf (a cikin wannan harka mai suna london.conf)
5.2.5. Ana shigo da fayil ɗin daidaitawa na gida
Bayan haka, kuna buƙatar shigo da fayil ɗin sanyi a cikin shirin TunSafe.
5.2.6. Saita haɗin VPN
Zaɓi wannan fayil ɗin sanyi kuma haɗa ta danna maɓallin connect.
6. Dubawa idan haɗin ya yi nasara
Don duba nasarar haɗin yanar gizon ta hanyar rami na VPN, kuna buƙatar buɗe mai bincike kuma je shafin https://2ip.ua/ru/
Adireshin IP da aka nuna dole ne ya dace da wanda muka karɓa a mataki na 2.2.3.
Idan haka ne, to, rami na VPN yana aiki cikin nasara.
Daga Linux Terminal, zaku iya duba adireshin IP ɗinku ta hanyar buga:
curl http://zx2c4.com/ip
Ko kuma kuna iya zuwa gidan batsa idan kuna cikin Kazakhstan.