Aku; DR: Hoʻokomo wau i ka Wireguard ma kahi VPS, hoʻohui iā ia mai koʻu hale router ma OpenWRT, a komo i kaʻu subnet home mai kaʻu kelepona.
Inā mālama ʻoe i kāu ʻōnaehana pilikino ma kahi kikowaena home a i ʻole he nui nā polokalamu IP-controlled ma ka home, a laila makemake paha ʻoe e loaʻa iā lākou mai ka hana, mai ke kaʻa, kaʻaahi a me ka metro. ʻO ka pinepine, no nā hana like, kūʻai ʻia ʻo IP mai ka mea hoʻolako, a laila hoʻouna ʻia nā awa o kēlā me kēia lawelawe i waho.
Akā, hoʻonohonoho wau i kahi VPN me ke komo ʻana i koʻu home LAN. ʻO nā mea maikaʻi o kēia hopena:
- mäliko: Manaʻo wau ma ka home ma lalo o nā kūlana.
- hoopau i: hoʻonoho a poina iā ia, ʻaʻole pono e noʻonoʻo e hoʻouna i kēlā me kēia awa.
- kuai: Loaʻa iaʻu kahi VPS; no ia mau hana, ʻaneʻane manuahi ka VPN hou i nā ʻōlelo o nā kumuwaiwai.
- Ka maluhia: ʻaʻohe mea e paʻa, hiki iā ʻoe ke haʻalele iā MongoDB me ka ʻole o ka ʻōlelo huna a ʻaʻohe mea e ʻaihue i kāu ʻikepili.
E like me nā manawa a pau, aia nā ʻaoʻao. ʻO ka mea mua, pono ʻoe e hoʻonohonoho kaʻawale i kēlā me kēia mea kūʻai aku, me ka ʻaoʻao kikowaena. Hiki ke maʻalahi inā loaʻa iā ʻoe kahi helu nui o nā polokalamu āu e makemake ai e komo i nā lawelawe. ʻO ka lua, loaʻa paha iā ʻoe kahi LAN me ka laulā like ma ka hana - pono ʻoe e hoʻoponopono i kēia pilikia.
Makemake mākou:
- VPS (i koʻu hihia ma Debian 10).
- OpenWRT router.
- Kelepona.
- Ke kikowaena home me kekahi lawelawe pūnaewele no ka hoʻāʻo ʻana.
- Nā lima pololei.
ʻO ka ʻenehana VPN aʻu e hoʻohana ai ʻo Wireguard. He mau ikaika a me nā nāwaliwali kēia hoʻonā, ʻaʻole wau e wehewehe iā lākou. No VPN hoʻohana au i kahi subnet 192.168.99.0/24
, a ma ko'u hale 192.168.0.0/24
.
Hoʻonohonoho VPS
ʻO ka VPS pōʻino loa no ka 30 rubles i ka mahina ua lawa ia no ka ʻoihana, inā ua laki ʻoe e loaʻa hoʻokahi.
Hana wau i nā hana āpau ma ke kikowaena ma ke ʻano he aʻa ma kahi mīkini maʻemaʻe; inā pono, hoʻohui i ka 'sudo' a hoʻololi i nā ʻōlelo kuhikuhi.
ʻAʻole i loaʻa i ka Wireguard ka manawa e lawe ʻia i loko o ka hale paʻa, no laila holo wau i 'apt edit-sources' a hoʻohui i nā backports i ʻelua laina ma ka hopena o ka faila:
deb http://deb.debian.org/debian/ buster-backports main
# deb-src http://deb.debian.org/debian/ buster-backports main
Hoʻokomo ʻia ka pūʻolo ma ke ʻano maʻamau: apt update && apt install wireguard
.
A laila, hana mākou i kahi kī kī: wg genkey | tee /etc/wireguard/vps.private | wg pubkey | tee /etc/wireguard/vps.public
. E hana hou i kēia hana ʻelua no kēlā me kēia mea e komo ana i ke kaapuni. E hoʻololi i ke ala i nā faila kī no kahi mea ʻē aʻe a mai poina e pili ana i ka palekana o nā kī pilikino.
I kēia manawa hoʻomākaukau mākou i ka config. E waiho /etc/wireguard/wg0.conf
Hoʻokomo ʻia ka config:
[Interface]
Address = 192.168.99.1/24
ListenPort = 57953
PrivateKey = 0JxJPUHz879NenyujROVK0YTzfpmzNtbXmFwItRKdHs=
[Peer] # OpenWRT
PublicKey = 36MMksSoKVsPYv9eyWUKPGMkEs3HS+8yIUqMV8F+JGw=
AllowedIPs = 192.168.99.2/32,192.168.0.0/24
[Peer] # Smartphone
PublicKey = /vMiDxeUHqs40BbMfusB6fZhd+i5CIPHnfirr5m3TTI=
AllowedIPs = 192.168.99.3/32
Ma ka pauku [Interface]
hōʻike ʻia nā hoʻonohonoho o ka mīkini ponoʻī, a i loko [Peer]
- nā hoʻonohonoho no ka poʻe e hoʻopili iā ia. IN AllowedIPs
hoʻokaʻawale ʻia e nā koma, ua kuhikuhi ʻia nā subnets e hoʻokele ʻia i ka hoa pili. Ma muli o kēia, pono e loaʻa i nā hoa o nā mea "mea kūʻai aku" i ka subnet VPN he mask /32
, e hoʻokele ʻia nā mea ʻē aʻe e ke kikowaena. No ka mea e hoʻokele ʻia ka pūnaewele home ma OpenWRT, ma AllowedIPs
Hoʻohui mākou i ka subnet home o ka hoa pili. IN PrivateKey
и PublicKey
e hoʻopau i ke kī pilikino i hana ʻia no ka VPS a me nā kī lehulehu o nā hoa e like me ia.
Ma ka VPS, ʻo nā mea a pau i koe e holo i ke kauoha e hāpai i ka interface a hoʻohui iā ia i autorun: systemctl enable --now wg-quick@wg0
. Hiki ke nānā ʻia ke kūlana pili i kēia manawa me ke kauoha wg
.
Hoʻonohonoho OpenWRT
ʻO nā mea a pau āu e pono ai no kēia pae aia i loko o ka module luci (OpenWRT web interface). E komo a wehe i ka ʻaoʻao Pūnaewele ma ka papa kuhikuhi System. ʻAʻole mālama ʻo OpenWRT i kahi huna ma ka mīkini, no laila pono ʻoe e hōʻano hou i ka papa inoa o nā pūʻolo i loaʻa ma ke kaomi ʻana i ka pihi ʻōmaʻomaʻo Update lists. Ma hope o ka pau ʻana, e hoʻokele i ka kānana luci-app-wireguard
a, e nānā ana i ka puka makani me kahi lāʻau hilinaʻi nani, e hoʻokomo i kēia pūʻolo.
Ma ka papa kuhikuhi Networks, koho i nā Interfaces a kaomi i ka pihi ʻōmaʻomaʻo Add New Interface ma lalo o ka papa inoa o nā mea i loaʻa. Ma hope o ka hoʻokomo ʻana i ka inoa (no wg0
i koʻu hihia) a me ke koho ʻana i ka protocol WireGuard VPN, wehe ʻia kahi palapala hoʻonohonoho me nā ʻaoʻao ʻehā.
Ma ka General Settings tab, pono ʻoe e hoʻokomo i ke kī pilikino a me ka helu IP i hoʻomākaukau ʻia no OpenWRT me ka subnet.
Ma ka ʻaoʻao ʻaoʻao Firewall Settings, hoʻohui i ka interface i ka pūnaewele kūloko. Ma kēia ala, e komo manuahi nā pilina mai ka VPN i ka wahi kūloko.
Ma ka ʻaoʻao Peers, kaomi i ke pihi wale nō, ma hope o ka hoʻopiha ʻana i ka ʻikepili server VPS i ka palapala hou: kī lehulehu, ʻAe ʻia nā IP (pono ʻoe e ala i ka subnet VPN holoʻokoʻa i ke kikowaena). Ma ka Endpoint Host a me Endpoint Port, e hoʻokomo i ka IP address o ka VPS me ke awa i hōʻike mua ʻia ma ke kuhikuhi ListenPort, kēlā me kēia. E nānā i nā IP i ʻae ʻia no nā ala e hana ʻia. A e hoʻopiha i ka Persistent Keep Alive, inā ʻaʻole e haki ka tunnel mai ka VPS a i ke alalai inā aia ka hope ma hope o NAT.
Ma hope o kēia, hiki iā ʻoe ke mālama i nā hoʻonohonoho, a laila ma ka ʻaoʻao me ka papa inoa o nā interface, kaomi Save a pili. Inā pono, e hoʻomaka i ka interface me ke pihi Hoʻomaka.
Hoʻonohonoho i kahi kelepona
Pono ʻoe i ka mea kūʻai aku ʻo Wireguard, aia ia i loko
Kiʻi kiʻi wiwo ʻole mai ke kelepona
E kaomi i ka floppy disk ma ke kihi, e ho'ā a...
Ua hanaʻia
I kēia manawa hiki iā ʻoe ke komo i ka nānā ʻana i ka home, hoʻololi i nā hoʻonohonoho router, a i ʻole hana i kekahi mea ma ka pae IP.
Kiʻi paʻi kiʻi mai ka wahi kūloko
Source: www.habr.com