🥇 Hoʻonohonoho ʻana i ka WireGuard ma kahi mea hoʻokele Mikrotik e holo ana i OpenWrt

I ka hapanui o nā hihia, ʻaʻole paʻakikī ka hoʻopili ʻana i kahi alalai i kahi VPN, akā inā makemake ʻoe e pale i ka pūnaewele holoʻokoʻa a i ka manawa like e mālama i ka wikiwiki pili pono, a laila ʻo ka hopena maikaʻi loa ka hoʻohana ʻana i kahi tunnel VPN. ʻO WireGuard.

Nā Alaula microtic ua hōʻoia ʻia he mau ʻōlelo hoʻonā hilinaʻi a maʻalahi loa, akā naʻe Kākoʻo WireGurd ma RouterOS ʻaʻole naʻe a ʻaʻole ʻike ʻia i ka wā e puka mai ai a me ka hana hea. I kēia mau lā uaʻikeʻia e pili ana i ka mea i manaʻo ʻia e nā mea hoʻomohala o ka WireGuard VPN tunnel hoʻonohonoho ʻia, ka mea e hoʻolilo i kā lākou VPN tunneling software ʻāpana o ka Linux kernel, manaʻolana mākou e kōkua kēia i ka hoʻokomo ʻana i RouterOS.

Akā i kēia manawa, ʻaʻole naʻe, e hoʻonohonoho iā WireGuard ma kahi router Mikrotik, pono ʻoe e hoʻololi i ka firmware.

Hoʻopili iā Mikrotik, hoʻonohonoho a hoʻonohonoho iā OpenWrt

Pono mua ʻoe e hōʻoia e kākoʻo ʻo OpenWrt i kāu kumu hoʻohālike. E ʻike inā pili kekahi kumu hoʻohālike i kona inoa kūʻai a me kona kiʻi hiki iā ʻoe ke kipa iā mikrotik.com.

E hele i openwrt.com i ka pauku download firmware.

No kēia mea hana, pono mākou i 2 faila:

downloads.openwrt.org/releases/18.06.2/targets/ar71xx/mikrotik/openwrt-18.06.2-ar71xx-mikrotik-rb-nor-flash-16M-initramfs-kernel.bin|elf

downloads.openwrt.org/releases/18.06.2/targets/ar71xx/mikrotik/openwrt-18.06.2-ar71xx-mikrotik-rb-nor-flash-16M-squashfs-sysupgrade.bin

Pono ʻoe e hoʻoiho i nā faila ʻelua: hoʻouka и hōʻano hou.

1. Hoʻonohonoho pūnaewele, hoʻoiho a hoʻonohonoho i ke kikowaena PXE

Hoʻoiho Kahua PXE liʻiliʻi no ka mana hou loa o Windows.

Wehe i kahi waihona ʻokoʻa. Ma ka waihona config.ini e hoʻohui i ka palena rfc951=1 pauku [dhcp]. Ua like kēia ʻāpana no nā hiʻohiʻona Mikrotik āpau.

E neʻe kāua i ka hoʻonohonoho pūnaewele: pono ʻoe e hoʻopaʻa inoa i kahi helu ip static ma kekahi o nā kikowaena pūnaewele o kāu kamepiula.

IP helu: 192.168.1.10
Netmask: 255.255.255.0

Holo Kahua PXE liʻiliʻi ma ka inoa o ka Luna Hoʻokele a koho i ke kahua Server DHCP kikowaena me ka helu wahi 192.168.1.10

Ma kekahi mau mana o Windows, ʻike ʻia kēia interface ma hope o kahi pilina Ethernet. Manaʻo wau e hoʻopili i kahi alalai a hoʻololi koke i ke alalai a me PC me ka hoʻohana ʻana i kahi kaula patch.

E kaomi i ka pihi "..." (ma lalo ʻākau) a kuhikuhi i ka waihona kahi āu i hoʻoiho ai i nā faila firmware no Mikrotik.

E koho i kahi faila nona ka inoa i pau me "initramfs-kernel.bin a i ʻole elf"

2. Ke hoʻopaʻa ʻana i ke alalai mai ke kikowaena PXE

Hoʻohui mākou i ka PC me kahi uwea a me ka port mua (wan, pūnaewele, poe i loko, ...) o ke alalai. Ma hope o kēlā, lawe mākou i kahi niho niho, hoʻopaʻa iā ia i loko o ka lua me ka palapala "Reset".

Huli mākou i ka mana o ke alalai a kali i 20 kekona, a laila hoʻokuʻu i ka niho niho.
I loko o ka minuke aʻe, pono e hōʻike ʻia nā memo ma ka puka aniani PXE Server:

Inā ʻike ʻia ka memo, a laila aia ʻoe ma ke ala pololei!

E hoʻihoʻi i nā hoʻonohonoho ma ka mea hoʻopili pūnaewele a hoʻonohonoho i ka loaʻa ʻana o ka helu wahi me ka ikaika (ma o DHCP).

Hoʻohui i nā awa LAN o ka mea hoʻokele Mikrotik (2…5 i kā mākou hihia) me ka hoʻohana ʻana i ke kaula patch like. E hoʻololi wale ia mai ka port 1 a i ka port 2. Wehe wahi helu 192.168.1.1 i ka polokalamu kele pūnaewele.

E komo i loko o ka OpenWRT administrative interface a hele i ka "System -> Backup/Flash Firmware" papa kuhikuhi.

Ma ka mahele "Flash new firmware image", kaomi i ka pihi "Select file (Browse)".

E wehewehe i ke ala i kahi faila nona ka inoa i pau me "-squashfs-sysupgrade.bin".

Ma hope o kēlā, kaomi i ka pihi "Flash Image".

Ma ka puka aniani aʻe, e kaomi i ke pihi "E hoʻomau". E hoʻomaka ana ka firmware e hoʻoiho i ka router.

!!! ʻAʻohe mea e hoʻokaʻawale i ka mana o ka router i ka wā o ke kaʻina hana FIRMWARE !!!

Ma hope o ka uila a hoʻomaka hou i ka router, e loaʻa iā ʻoe ʻo Mikrotik me OpenWRT firmware.

Hiki i nā pilikia a me nā hoʻonā

Nui nā polokalamu Mikrotik i hoʻokuʻu ʻia i ka makahiki 2019 e hoʻohana i kahi pahu hoʻomanaʻo FLASH-NOR o ke ʻano GD25Q15 / Q16. ʻO ka pilikia, ʻaʻole mālama ʻia nā ʻikepili e pili ana i ke ʻano o ka hāmeʻa.

Inā ʻike ʻoe i ka hewa "ʻAʻole i kākoʻo ʻia ka faila kiʻi i hoʻoili ʻia. E hōʻoia ʻoe e koho i ke ʻano kiʻi maʻamau no kāu kahua." a laila aia paha ka pilikia i ka uila.

He mea maʻalahi ka nānā ʻana i kēia: holo i ke kauoha e nānā i ka ID model ma ka pahu hāmeʻa

root@OpenWrt: cat /tmp/sysinfo/board_name

A inā loaʻa iā ʻoe ka pane "ʻike ʻole", a laila pono ʻoe e kuhikuhi lima i ke kumu hoʻohālike ma ke ʻano "rb-951-2nd"

No ka loaʻa ʻana o ke kumu hoʻohālike, e holo i ke kauoha

root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2nd

Ma hope o ka loaʻa ʻana o ke kumu hoʻohālike, e hoʻokomo iā ia me ka lima:

echo 'rb-951-2nd' > /tmp/sysinfo/board_name

Ma hope o kēlā, hiki iā ʻoe ke uila i ka hāmeʻa ma o ka pūnaewele pūnaewele a i ʻole ka hoʻohana ʻana i ke kauoha "sysupgrade".

E hana i kahi kikowaena VPN me WireGuard

Inā loaʻa iā ʻoe kahi kikowaena me WireGuard i hoʻonohonoho ʻia, hiki iā ʻoe ke lele i kēia kaʻina.
E hoʻohana wau i ka noi e hoʻonohonoho i kahi kikowaena VPN pilikino MyVPN.RUN e pili ana i ka pōpoki aʻu i hala hoʻopuka i kahi loiloi.

Ke hoʻonohonoho nei i ka mea kūʻai aku WireGuard ma OpenWRT

Hoʻohui i ke alalai ma o ka protocol SSH:

ssh [email protected]

E hoʻouka i ka WireGuard:

opkg update
opkg install wireguard

E hoʻomākaukau i ka hoʻonohonoho (kope i ke code ma lalo i kahi faila, e hoʻololi i nā waiwai i ʻōlelo ʻia me kāu ponoʻī a holo i ka pahu).

Inā ʻoe e hoʻohana ana i ka MyVPN, a laila ma ka hoʻonohonoho ma lalo e pono ʻoe e hoʻololi WG_SERV - IP kikowaena WG_KEY - kī pilikino mai ka faila hoʻonohonoho wireguard a WG_PUB - kī lehulehu.

WG_IF="wg0"
WG_SERV="100.0.0.0" # ip адрес сервера
WG_PORT="51820" # порт wireguard
WG_ADDR="10.8.0.2/32" # диапазон адресов wireguard

WG_KEY="xxxxx" # приватный ключ
WG_PUB="xxxxx" # публичный ключ 

# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart

# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"

uci add_list network.${WG_IF}.addresses="${WG_ADDR}"

# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restart

Hoʻopau kēia i ka hoʻonohonoho WireGuard! I kēia manawa ua pale ʻia nā kaʻa āpau ma nā mea pili āpau e kahi pilina VPN.

kūmole

Puna #1
Nā ʻōlelo kuhikuhi i hoʻololi ʻia ma MyVPN (nā ʻōlelo aʻoaʻo i loaʻa no ka hoʻonohonoho ʻana iā L2TP, PPTP ma ka firmware Mikrotik maʻamau)
OpenWrt WireGuard Client

Source: www.habr.com

Hoʻonohonoho ʻia ʻo WireGuard ma kahi router Mikrotik e holo ana i OpenWrt