Hauv phau ntawv qhia no, peb yuav xa peb tus kheej freeware * hauv 6 kauj ruam. Kev pabcuam VPN raws li kev siv tshuab Hlau Saib Xyuas, nyob rau hauv huab infrastructure Amazon Web Services (AWS), siv tus account dawb (rau 12 lub hlis), ntawm qhov piv txwv (lub tshuab virtual) tswj los ntawm Ubuntu Server 18.04LTS.
Kuv tau sim ua qhov kev taug kev no ua phooj ywg rau cov neeg tsis yog IT raws li qhov ua tau. Qhov tsuas yog qhov uas yuav tsum tau ua yog kev ua siab ntev hauv kev rov ua cov kauj ruam tau piav qhia hauv qab no.
Kev sau npe rau AWS pub dawb yuav tsum muaj tus lej xov tooj tiag tiag thiab daim npav Visa lossis Mastercard siv tau. Kuv pom zoo kom siv daim npav virtual uas tau muab pub dawb Yandex.Money los yog qiv wallet. Txhawm rau txheeb xyuas qhov siv tau ntawm daim npav, $ 1 raug txiav tawm thaum lub sijhawm sau npe, tom qab ntawd rov qab los.
Sau cov ntaub ntawv thiab nyem rau ntawm lub pob "Txuas ntxiv".
1.3. Sau cov ntaub ntawv tiv tauj
Sau cov ntaub ntawv tiv tauj.
1.4. Kev qhia txog kev them nyiaj.
Daim npav naj npawb, hnub tas sij hawm thiab lub npe ntawm tus neeg tuav daim npav.
1.5. Kev txheeb xyuas tus account
Nyob rau theem no, tus lej xov tooj raug lees paub thiab $ 1 ncaj qha debited los ntawm daim npav them nyiaj. Ib tus lej 4-tus lej tau tshwm sim ntawm lub khoos phis tawj screen, thiab lub xov tooj teev tau txais kev hu los ntawm Amazon. Thaum hu, koj yuav tsum hu rau tus lej uas pom ntawm qhov screen.
1.6. Kev xaiv ntawm tariff txoj kev npaj.
Xaiv - Cov phiaj xwm yooj yim (dawb)
1.7. Nkag mus rau qhov kev tswj hwm console
1.8. Xaiv qhov chaw ntawm cov ntaub ntawv chaw
1.8.1 ib. Kev ntsuas ceev
Ua ntej xaiv qhov chaw zov me nyuam, nws raug nquahu kom sim los ntawm https://speedtest.net kev ceev ntawm kev nkag mus rau cov chaw nyob ze tshaj plaws, hauv kuv qhov chaw cov txiaj ntsig hauv qab no:
Singapore
Paris
Frankfurt
Stockholm
London
Cov ntaub ntawv chaw nyob hauv London qhia tau zoo tshaj plaws ntawm kev ceev. Yog li kuv xaiv nws rau kev hloov kho ntxiv.
2. Tsim ib qho piv txwv AWS
2.1 Tsim lub tshuab virtual
2.1.1. Xaiv hom piv txwv
Los ntawm lub neej ntawd, t2.micro piv txwv raug xaiv, uas yog qhov peb xav tau, tsuas yog nias lub pob Tom ntej: Configure Instance Details
2.1.2. Setting Instance Options
Nyob rau hauv lub neej yav tom ntej, peb yuav txuas tus IP rau pej xeem mus tas li rau peb qhov piv txwv, yog li nyob rau theem no peb kaw nws pib ua haujlwm ntawm tus IP pej xeem, thiab nias lub pob Tom ntej: Ntxiv Cia
2.1.3. Kev sib txuas cia
Qhia qhov loj me ntawm "hard disk". Rau peb lub hom phiaj, 16 gigabytes txaus, thiab peb nias lub pob Tom ntej: Ntxiv Cim
2.1.4. Kev teeb tsa tag
Yog tias peb tsim ntau qhov xwm txheej, ces lawv tuaj yeem muab ua pawg los ntawm cov cim npe los pab tswj kev tswj hwm. Nyob rau hauv cov ntaub ntawv no, qhov no functionality yog superfluous, tam sim ntawd nias lub khawm Tom ntej: Configure Security Group
2.1.5. Qhib cov chaw nres nkoj
Hauv cov kauj ruam no, peb teeb tsa lub firewall los ntawm kev qhib cov chaw nres nkoj xav tau. Cov txheej txheem qhib cov chaw nres nkoj hu ua Security Group. Peb yuav tsum tsim ib pawg kev ruaj ntseg tshiab, muab nws lub npe, piav qhia, ntxiv UDP chaw nres nkoj (Txoj Cai UDP), hauv Rort Range teb, muab tus lej chaw nres nkoj los ntawm ntau yam dynamic ports 49152-65535. Hauv qhov no, kuv xaiv qhov chaw nres nkoj 54321.
Tom qab sau cov ntaub ntawv xav tau, nyem rau ntawm lub pob Tshuaj xyuas thiab tso tawm
Ntawm nplooj ntawv no muaj cov ntsiab lus ntawm txhua qhov chaw ntawm peb qhov piv txwv, peb xyuas seb txhua qhov chaw nyob hauv kev txiav txim, thiab nias lub pob Tua tawm
2.1.7. Tsim Access Keys
Tom ntej no los ntawm lub thawv sib tham muab los tsim lossis ntxiv tus yuam sij SSH uas twb muaj lawm, uas peb yuav tom qab txuas mus rau peb qhov piv txwv. Peb xaiv qhov "Tsim ib khub tseem ceeb tshiab" kev xaiv los tsim tus yuam sij tshiab. Muab nws lub npe thiab nyem lub pob Download Key Pairmus download tau cov yuam sij generated. Txuag lawv mus rau qhov chaw nyab xeeb ntawm koj lub computer hauv zos. Thaum downloaded, nyem lub pob. Launch Instances
2.1.7.1 ib. Txuag Access Keys
Qhia ntawm no yog cov kauj ruam ntawm kev txuag cov yuam sij generated los ntawm cov kauj ruam dhau los. Tom qab peb nias lub pob Download Key Pair, tus yuam sij tau txais kev cawmdim raws li daim ntawv pov thawj cov ntaub ntawv nrog *.pem extension. Hauv qhov no, kuv tau muab nws lub npe wireguard-awskey.pem
Tom ntej no, peb pom cov lus hais txog kev ua tiav ntawm qhov piv txwv peb nyuam qhuav tsim. Peb tuaj yeem mus rau daim ntawv teev npe ntawm peb qhov xwm txheej los ntawm txhaj rau ntawm lub pob saib piv txwv
2.2. Tsim tus IP chaw nyob sab nraud
2.2.1. Pib tsim tus IP sab nraud
Tom ntej no, peb yuav tsum tsim kom muaj qhov chaw nyob IP mus tas li los ntawm qhov uas peb yuav txuas rau peb lub server VPN. Ua li no, nyob rau hauv lub vaj huam sib luag navigation nyob rau sab laug ntawm lub vijtsam, xaiv cov khoom Elastic IPs los ntawm qeb NETWORK & SECTURITY thiab nias lub pob Muab qhov chaw nyob tshiab
2.2.2. Configuring tus creation ntawm tus IP sab nraud
Hauv cov kauj ruam tom ntej, peb yuav tsum ua kom muaj kev xaiv Amazon pas dej (enabled los ntawm lub neej ntawd), thiab nyem rau ntawm lub pob Txhab
2.2.3. Txheej txheem cej luam ntawm cov txiaj ntsig ntawm kev tsim qhov chaw nyob IP sab nraud
Lub vijtsam tom ntej yuav tso saib qhov chaw nyob IP sab nraud uas peb tau txais. Nws raug pom zoo kom nco nws, thiab nws yog qhov zoo dua los sau nws. nws yuav tuaj yeem siv tau ntau dua ib zaug hauv cov txheej txheem txuas ntxiv thiab siv VPN server. Hauv phau ntawv qhia no, kuv siv qhov chaw nyob IP ua piv txwv. 4.3.2.1. Thaum koj tau nkag mus rau qhov chaw nyob, nias lub pob Close
2.2.4. Daim ntawv teev cov chaw nyob IP sab nraud
Tom ntej no, peb tau nthuav tawm nrog cov npe ntawm peb qhov chaw nyob IP chaw nyob ruaj khov (elastics IP).
2.2.5. Muab tus IP sab nraud rau ib qho piv txwv
Hauv daim ntawv teev npe no, peb xaiv qhov chaw nyob IP uas peb tau txais, thiab nias lub pob nas txoj cai coj mus rau cov ntawv qhia zaub mov poob. Hauv nws, xaiv qhov khoom chaw nyob sib koommuab nws rau qhov piv txwv peb tau tsim ua ntej.
2.2.6. Kev teeb tsa IP sab nraud
Hauv cov kauj ruam tom ntej, xaiv peb qhov piv txwv los ntawm daim ntawv teev npe poob, thiab nias lub pob Associate
2.2.7. Txheej txheem cej luam ntawm External IP Assignment Results
Tom qab ntawd, peb tuaj yeem pom tias peb qhov piv txwv thiab nws qhov chaw nyob tus IP raug khi rau peb qhov chaw nyob IP mus tas li.
Tam sim no peb tuaj yeem txuas rau peb cov qauv tsim tshiab los ntawm sab nraud, los ntawm peb lub computer ntawm SSH.
3. Txuas mus rau ib qho piv txwv AWS
SSH yog tus txheej txheem ruaj ntseg rau cov chaw taws teeb tswj ntawm lub khoos phis tawj.
3.1. Txuas ntawm SSH los ntawm lub khoos phis tawj Windows
Txhawm rau txuas rau lub khoos phis tawj Windows, koj yuav tsum xub rub tawm thiab nruab qhov program Putty.
3.1.1. Ntshuam tus yuam sij rau Putty
3.1.1.1 ib. Tom qab txhim kho Putty, koj yuav tsum tau khiav PuTTYgen cov nqi hluav taws xob uas los nrog nws los import cov ntawv pov thawj tseem ceeb hauv PEM hom ntawv rau hauv hom tsim nyog siv hauv Putty. Txhawm rau ua qhov no, xaiv cov khoom hauv cov ntawv qhia zaub mov saum toj kawg nkaus Conversions-> Import Key
3.1.1.2. Xaiv AWS Key in PEM Format
Tom ntej no, xaiv tus yuam sij uas peb yav tas los tau txais kev cawmdim hauv kauj ruam 2.1.7.1, hauv peb rooj plaub nws lub npe wireguard-awskey.pem
3.1.1.3. Kev teeb tsa tseem ceeb ntshuam xaiv
Hauv cov kauj ruam no, peb yuav tsum qhia meej cov lus qhia rau tus yuam sij no (pib piav qhia) thiab teeb tsa tus password thiab kev pom zoo rau kev nyab xeeb. Nws yuav raug thov txhua zaus koj txuas. Yog li, peb tiv thaiv tus yuam sij nrog tus password los ntawm kev siv tsis tsim nyog. Koj tsis tas yuav teeb tus password, tab sis nws tsis ruaj ntseg yog tias tus yuam sij poob rau hauv tes tsis raug. Tom qab peb nias lub pob Txuag tus yuam sij
3.1.1.4 ib. Txuag tus yuam sij import
Lub rooj sib tham khaws cov ntaub ntawv qhib thiab peb khaws peb tus yuam sij ntiag tug raws li cov ntaub ntawv nrog qhov txuas ntxiv .ppkhaum rau siv nyob rau hauv qhov kev pab cuam Putty.
Qhia lub npe ntawm tus yuam sij (hauv peb rooj plaub wireguard-awskey.ppk) thiab nias lub pob khaws.
3.1.2. Tsim thiab teeb tsa kev sib txuas hauv Putty
3.1.2.1. Tsim kev sib txuas
Qhib qhov kev pab cuam Putty, xaiv ib qeb kev sib kho (nws yog qhib los ntawm lub neej ntawd) thiab hauv daim teb Tus Tswv Tsev Npe nkag mus rau pej xeem IP chaw nyob ntawm peb cov neeg rau zaub mov, uas peb tau txais hauv kauj ruam 2.2.3. Hauv teb Rua Sib Ntsib sau lub npe arbitrary rau peb kev sib txuas (hauv kuv rooj plaub wireguard-aws-london), thiab tom qab ntawd nias lub pob Txuag kom txuag tau cov kev hloov pauv uas peb tau ua.
Tom qab ntawd mus rau lub subcategory Connection/SSH/Auth thiab tom ntej no mus rau teb Cov ntaub ntawv tseem ceeb ntiag tug rau kev lees paub nias lub pob Xauj ... xaiv cov ntaub ntawv nrog daim ntawv pov thawj tseem ceeb.
3.1.2.4 ib. Qhib tus yuam sij import
Qhia qhov tseem ceeb uas peb tau import ua ntej ntawm kauj ruam 3.1.1.4, hauv peb cov ntaub ntawv nws yog cov ntaub ntawv wireguard-awskey.ppk, thiab nias lub pob Qhib.
3.1.2.5. Txuag chaw thiab pib kev sib txuas
Rov qab mus rau nplooj ntawv qeb kev sib kho nias lub khawm dua Txuag, kom txuag tau qhov kev hloov pauv uas peb tau ua dhau los hauv cov kauj ruam dhau los (3.1.2.2 - 3.1.2.4). Thiab ces peb nias lub pob Qhib qhib qhov chaw taws teeb SSH txuas peb tsim thiab teeb tsa.
3.1.2.7. Teeb tsa kev ntseeg siab ntawm cov tswv
Hauv cov kauj ruam tom ntej, thawj zaug peb sim txuas, peb tau txais lus ceeb toom, peb tsis muaj kev ntseeg siab ntawm ob lub khoos phis tawj, thiab nug seb puas yuav ntseeg lub khoos phis tawj nyob deb. Peb mam li nias lub khawm Yog, yog li ntxiv nws mus rau cov npe ntawm cov neeg ntseeg siab.
3.1.2.8 ib. Nkag mus rau tus password kom nkag mus rau tus yuam sij
Tom qab ntawd, lub qhov rais davhlau ya nyob twg qhib, qhov twg koj raug nug rau tus password rau tus yuam sij, yog tias koj teeb tsa ua ntej ntawm kauj ruam 3.1.1.3. Thaum nkag mus rau tus password, tsis muaj dab tsi tshwm sim ntawm qhov screen. Yog tias koj ua yuam kev, koj tuaj yeem siv tus yuam sij Backspace.
3.1.2.9. Zoo siab txais tos cov lus ntawm kev sib txuas ua tiav
Tom qab ua tiav nkag mus rau tus password, peb tau pom cov ntawv txais tos hauv lub davhlau ya nyob twg, uas qhia peb tias cov chaw taws teeb tswj tau npaj txhij los ua peb cov lus txib.
4. Configuring Wireguard Server
Cov lus qhia tshiab tshaj plaws rau kev txhim kho thiab siv Wireguard siv cov ntawv sau tau piav qhia hauv qab no tuaj yeem pom hauv qhov chaw cia khoom: https://github.com/isystem-io/wireguard-aws
4.1. Txhim kho WireGuard
Hauv lub davhlau ya nyob twg, nkag mus rau cov lus txib hauv qab no (koj tuaj yeem luam rau hauv daim ntawv teev npe, thiab muab tshuaj txhuam rau hauv lub davhlau ya nyob twg los ntawm nias lub khawm nas):
4.1.1. Cloning ib repository
Clone lub repository nrog Wireguard installation scripts
4.1.2. Hloov mus rau daim ntawv teev npe nrog cov ntawv sau
Mus rau cov npe nrog cov cloned repository
cd wireguard_aws
4.1.3 Khiav cov ntawv sau pib
Khiav raws li tus thawj tswj hwm (tus neeg siv hauv paus) Wireguard installation tsab ntawv
sudo ./initial.sh
Cov txheej txheem kev teeb tsa yuav nug txog qee cov ntaub ntawv xav tau los teeb tsa Wireguard
4.1.3.1. Kev sib txuas point input
Nkag mus rau qhov chaw nyob IP sab nraud thiab qhib chaw nres nkoj ntawm Wireguard server. Peb tau txais qhov chaw nyob IP sab nraud ntawm tus neeg rau zaub mov hauv kauj ruam 2.2.3, thiab qhib qhov chaw nres nkoj hauv kauj ruam 2.1.5. Peb qhia lawv ua ke, cais lawv nrog ib txoj hnyuv, piv txwv li 4.3.2.1:54321thiab ces nias tus yuam sij Sau Qauv tso zis:
Enter the endpoint (external ip and port) in format [ipv4:port] (e.g. 4.3.2.1:54321): 4.3.2.1:54321
4.1.3.2. Nkag mus rau qhov chaw nyob IP sab hauv
Nkag mus rau IP chaw nyob ntawm Wireguard server ntawm qhov ruaj ntseg VPN subnet, yog tias koj tsis paub tias nws yog dab tsi, tsuas yog nias tus yuam sij Enter los teeb tsa tus nqi pib (10.50.0.1) Qauv tso zis:
Enter the server address in the VPN subnet (CIDR format) ([ENTER] set to default: 10.50.0.1):
4.1.3.3. Qhia meej rau DNS Server
Nkag mus rau IP chaw nyob ntawm DNS server, lossis tsuas yog nias tus yuam sij Enter los teeb tsa tus nqi qub 1.1.1.1 (Cloudflare pej xeem DNS) Qauv tso zis:
Enter the ip address of the server DNS (CIDR format) ([ENTER] set to default: 1.1.1.1):
4.1.3.4. Qhia meej txog WAN interface
Tom ntej no, koj yuav tsum nkag mus rau lub npe ntawm lub network sab nraud interface uas yuav mloog ntawm VPN sab hauv network interface. Tsuas yog nias Enter los teeb tsa tus nqi pib rau AWS (eth0) Qauv tso zis:
Enter the name of the WAN network interface ([ENTER] set to default: eth0):
4.1.3.5. Qhia tus neeg siv lub npe
Sau lub npe ntawm tus neeg siv VPN. Qhov tseeb yog tias Wireguard VPN server yuav tsis tuaj yeem pib kom txog thaum tsawg kawg ib tus neeg siv tau ntxiv. Hauv qhov no, kuv nkag mus rau lub npe Alex@mobile Qauv tso zis:
Enter VPN user name: Alex@mobile
Tom qab ntawd, QR code nrog kev teeb tsa ntawm cov neeg siv khoom tshiab yuav tsum tau muab tso rau ntawm qhov screen, uas yuav tsum tau nyeem siv Wireguard mobile tus thov kev pab ntawm Android lossis iOS los teeb tsa nws. Thiab tseem nyob hauv qab QR code, cov ntawv nyeem ntawm cov ntaub ntawv teeb tsa yuav raug tso tawm nyob rau hauv rooj plaub ntawm kev teeb tsa ntawm cov neeg siv khoom. Yuav ua li cas thiaj yuav tau tham hauv qab no.
4.2. Ntxiv tus neeg siv VPN tshiab
Txhawm rau ntxiv tus neeg siv tshiab, koj yuav tsum ua tiav tsab ntawv hauv lub davhlau ya nyob twg add-client.sh
sudo ./add-client.sh
Tsab ntawv nug rau tus neeg siv lub npe: Qauv tso zis:
Enter VPN user name:
Tsis tas li ntawd, lub npe ntawm cov neeg siv tuaj yeem dhau los ua cov ntawv sau (hauv qhov no Alex@mobile):
sudo ./add-client.sh Alex@mobile
Raws li qhov tshwm sim ntawm tsab ntawv ua tiav, nyob rau hauv cov npe nrog tus neeg siv khoom lub npe raws txoj kev /etc/wireguard/clients/{ΠΠΌΡΠΠ»ΠΈΠ΅Π½ΡΠ°} tus neeg siv cov ntaub ntawv configuration yuav raug tsim /etc/wireguard/clients/{ΠΠΌΡΠΠ»ΠΈΠ΅Π½ΡΠ°}/{ΠΠΌΡΠΠ»ΠΈΠ΅Π½ΡΠ°}.conf, thiab lub davhlau ya nyob twg npo yuav tso saib QR code rau kev teeb tsa cov neeg siv khoom siv mobile thiab cov ntsiab lus ntawm cov ntaub ntawv teeb tsa.
4.2.2. QR code rau cov neeg siv khoom configuration
Koj tuaj yeem tso saib qhov teeb tsa QR code rau tus neeg siv khoom tsim yav dhau los ntawm lub davhlau ya nyob twg siv cov lus txib qrencode -t ansiutf8 (hauv qhov piv txwv no, tus neeg siv npe hu ua Alex@mobile yog siv):
Tom qab ntawd, koj yuav tsum tau import cov kev teeb tsa los ntawm kev nyeem QR code nrog tus neeg siv khoom teeb tsa (saib nqe lus 4.2.2) thiab muab nws lub npe:
Tom qab ua tiav importing lub teeb tsa, koj tuaj yeem qhib lub VPN qhov. Kev sib txuas ua tiav yuav raug qhia los ntawm ib qho tseem ceeb stash hauv Android system tais
5.2. Windows client setup
Ua ntej koj yuav tsum rub tawm thiab nruab qhov program TunSafe rau Windows yog Wireguard tus thov kev pab rau Windows.
5.2.1. Tsim cov ntaub ntawv ntshuam configuration
Right-click los tsim cov ntawv nyeem ntawm lub desktop.
5.2.2. Luam cov ntsiab lus ntawm cov ntaub ntawv teeb tsa los ntawm lub server
Tom qab ntawd peb rov qab mus rau Putty davhlau ya nyob twg thiab tso saib cov ntsiab lus ntawm cov ntaub ntawv teeb tsa ntawm tus neeg siv xav tau, raws li tau piav qhia hauv kauj ruam 4.2.1.
Tom ntej no, right-click the configuration text in the Putty terminal, tom qab kev xaiv tiav, nws yuav cia li muab luam rau hauv daim ntawv teev cia.
Hauv daim teb no, peb rov qab mus rau cov ntawv nyeem uas peb tau tsim ua ntej ntawm lub desktop, thiab muab cov ntawv teeb tsa rau hauv nws los ntawm cov ntawv teev cia.