Mai ka WireGuard
Kākoʻo
- ʻO Raspberry Pi 3 me ka module LTE a me IP lehulehu. E loaʻa kahi kikowaena VPN (ma hope i kapa ʻia ʻo hele wāwae)
- He kelepona Android pono e hoʻohana i ka VPN no nā kamaʻilio āpau
- ʻO ka pona Linux pono e hoʻohana i ka VPN i loko o ka pūnaewele
Pono kēlā me kēia mea hoʻopili i kahi VPN e hoʻopili i kēlā me kēia mea hana ʻē aʻe. No ka laʻana, hiki i ke kelepona ke hoʻohui i kahi kikowaena pūnaewele ma kahi pona inā he ʻāpana nā mea ʻelua o kahi pūnaewele VPN. Inā maʻalahi ka hoʻonohonoho, a laila hiki iā ʻoe ke noʻonoʻo e pili ana i ka hoʻopili ʻana i kahi VPN a me kahi pākaukau (ma o Ethernet).
Ke noʻonoʻo nei e emi ana ka palekana o nā pilina uea a me nā uea i ka manawa (
ʻŌnaehana hoʻonohonoho ʻana
Hāʻawi ʻo WireGuard
Loaʻa iaʻu ka Fedora Linux 31 hou loa a ua palaualelo wau e heluhelu i ka manual ma mua o ka hoʻokomo ʻana. Loaʻa wale i nā pūʻolo wireguard-tools
, hoʻokomo iā lākou, a laila ʻaʻole hiki ke hoʻomaopopo i ke kumu o ka hana ʻole. Ua hōʻike hou ʻia ka noiʻi ʻana ʻaʻole wau i hoʻokomo i ka pūʻolo wireguard-dkms
(me kahi mea hoʻokele pūnaewele), ʻaʻole ia i loko o ka waihona o kaʻu hoʻolaha.
Inā wau i heluhelu i nā ʻōlelo aʻo, ua hana wau i nā ʻanuʻu kūpono:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Loaʻa iaʻu ka mahele Raspbian Buster i hoʻokomo ʻia ma kaʻu Raspberry Pi, aia kahi pūʻolo wireguard
, hoʻokomo iā ia:
$ sudo apt install wireguard
Ua hoʻokomo au i ka polokalamu ma kaʻu kelepona Android
Ke kau ʻana i nā kī
No ka hōʻoiaʻiʻo ʻana i nā nodes, hoʻohana ʻo Wireguard i kahi hoʻolālā kī pilikino / lehulehu maʻalahi e hōʻoia i nā node VPN. Hiki iā ʻoe ke hana maʻalahi i nā kī VPN me kēia kauoha:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.key
Hāʻawi kēia iā mākou i ʻekolu mau kī (ʻeono faila). ʻAʻole mākou e kuhikuhi i nā faila i nā configs, akā kope i nā ʻike ma aneʻi: kēlā me kēia kī hoʻokahi laina ma base64.
Ke hana ʻana i kahi faila hoʻonohonoho no kahi kikowaena VPN (Raspberry Pi)
He mea maʻalahi ka hoʻonohonoho, hana wau i kēia faila /etc/wireguard/wg0.conf
:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32
ʻElua mau memo:
- Ma nā wahi kūpono e pono ai ʻoe e hoʻokomo i nā laina mai nā faila me nā kī
- Ke hoʻohana nei kaʻu VPN i ka laulā kūloko
10.200.200.0/24
- No nā hui
PostUp
/PostDown
Loaʻa iaʻu kahi kikowaena pūnaewele waho wwan0, he ʻokoʻa paha kāu (e laʻa, eth0)
Hoʻopuka maʻalahi ka pūnaewele VPN me kēia kauoha:
$ sudo wg-quick up wg0
Hoʻokahi kikoʻī liʻiliʻi: ma ke ʻano he kikowaena DNS, ua hoʻohana wau dnsmasq
pili i ke kikowaena pūnaewele br0
, Ua hoʻohui pū au i nā mea hana wg0
i ka papa inoa o nā mea i ʻae ʻia. I ka dnsmasq, hana ʻia kēia ma ka hoʻohui ʻana i kahi laina hou me ke kikowaena pūnaewele i ka faila hoʻonohonoho /etc/dnsmasq.conf
no ka laʻana:
interface=br0
interface=wg0
Eia kekahi, ua hoʻohui au i kahi lula iptable e ʻae i ke kaʻa i ka port UDP hoʻolohe (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT
I kēia manawa ke hana nei nā mea a pau, hiki iā mākou ke hoʻopaʻa inoa i ka hoʻomaka ʻana o ka tunnel VPN:
$ sudo systemctl enable [email protected]
Hoʻonohonoho mea kūʻai laptop
Ma ka pona, hana i kahi faila hoʻonohonoho /etc/wireguard/wg0.conf
me nā hoʻonohonoho like:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820
Nā memo:
- Ma kahi o edgewalker, pono ʻoe e kuhikuhi i kahi IP lehulehu a i ʻole VPN server host
- Ma ka hoʻonohonoho ʻana
AllowedIPs
maluna o10.200.200.0/24
, hoʻohana wale mākou i ka VPN e komo i ka pūnaewele kūloko. E hele mau ana nā kaʻa i nā helu IP ʻē aʻe a pau ma nā ala hāmama "maʻamau". E hoʻohana pū ʻia ka server DNS i hoʻonohonoho mua ʻia ma ka kamepiula.
No ka ho'āʻo a me ka hoʻomaka 'akomi, hoʻohana mākou i nā kauoha like wg-quick
и systemd
:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]
Hoʻonohonoho i kahi mea kūʻai aku ma ke kelepona Android
No ke kelepona Android, hana mākou i kahi faila hoʻonohonoho like loa (e kāhea mākou mobile.conf
):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
ʻAʻole like me ka hoʻonohonoho kamepiula, pono ke kelepona e hoʻohana i kā mākou kikowaena VPN e like me kāna kikowaena DNS (string DNS
), a me ka hele ʻana i nā kaʻa āpau ma o ka tunnel VPN (AllowedIPs = 0.0.0.0/0
).
Ma kahi o ke kope ʻana i ka faila i kāu kelepona paʻalima, hiki iā ʻoe ke hoʻololi iā ia i QR code:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf
E hoʻopuka ʻia ka QR code i ka console ma ke ʻano he ASCII. Hiki ke nānā ʻia mai ka polokalamu Android VPN a hoʻonohonoho maʻalahi i kahi tunnel VPN.
hopena
ʻO ka hoʻonohonoho ʻana iā WireGuard he mea kupanaha wale nō i hoʻohālikelike ʻia me OpenVPN.
Source: www.habr.com