ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Teeb tsa VPN yooj yim nrog WireGuard thiab Raspberry Pi ua tus neeg rau zaub mov

Teeb tsa VPN yooj yim nrog WireGuard thiab Raspberry Pi ua tus neeg rau zaub mov

Txij li WireGuard ua ib feem ntawm ntawm yav tom ntej Linux 5.6 kernel, kuv txiav txim siab saib yuav ua li cas zoo tshaj plaws los koom ua ke no VPN nrog kuv LTE Router/Access Point ntawm Raspberry Pi.

Khoom siv

  • Raspberry Pi 3 nrog LTE module thiab pej xeem IP. Yuav muaj VPN server (tom qab no hu ua edgewalker)
  • Lub xov tooj Android uas yuav tsum siv VPN rau txhua qhov kev sib txuas lus
  • Linux laptop uas yuav tsum tau siv VPN nkaus xwb hauv lub network

Txhua lub cuab yeej uas txuas rau VPN yuav tsum muaj peev xwm txuas mus rau lwm lub cuab yeej. Piv txwv li, ib lub xov tooj yuav tsum muaj peev xwm txuas mus rau lub web server ntawm lub laptop yog tias ob qho tib si yog ib feem ntawm VPN network. Yog tias qhov teeb tsa yooj yim txaus, ces koj tuaj yeem xav txog kev txuas mus rau VPN thiab lub desktop (ntawm Ethernet).

Xav txog tias kev sib txuas ntawm cov xov tooj thiab wireless tau dhau los ua kev nyab xeeb dua lub sijhawm (tsom tawm tsam, KRACK WPA2 hacking nres ΠΈ Dragonblood nres tawm tsam WPA3), Kuv tabtom txiav txim siab siv WireGuard rau tag nrho kuv cov khoom siv, txawm tias lawv nyob hauv ib puag ncig zoo li cas.

Software installation

WireGuard muab pob khoom precompiled rau feem ntau Linux, Windows thiab macOS kev faib tawm. Apps rau Android thiab iOS yog xa los ntawm app catalogs.

Kuv muaj qhov tseeb Fedora Linux 31 thiab kuv tub nkees heev nyeem phau ntawv ua ntej txhim kho. Tsuas pom cov pob wireguard-tools, ntsia lawv, thiab tom qab ntawd tsis tuaj yeem paub tias vim li cas tsis muaj dab tsi ua haujlwm. Kev tshawb nrhiav ntxiv tau qhia tias kuv tsis muaj lub pob teeb tsa wireguard-dkms (nrog tus tsav tsheb hauv lub network), thiab nws tsis nyob hauv qhov chaw cia khoom ntawm kuv qhov kev faib tawm.

Yog tias kuv tau nyeem cov lus qhia, kuv yuav tau ua cov kauj ruam zoo:

$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools

Kuv muaj Raspbian Buster faib teeb tsa ntawm kuv Raspberry Pi, twb muaj ib pob wireguard, nruab nws:

$ sudo apt install wireguard

Kuv ntsia lub app ntawm kuv lub xov tooj hauv HlauGuard VPN los ntawm cov ntawv teev npe ntawm Google App Store.

Txhim kho cov yuam sij

Txhawm rau txheeb xyuas cov nodes, Wireguard siv lub tswv yim yooj yim ntiag tug / pej xeem cov tswv yim txhawm rau txheeb xyuas qhov VPN nodes. Koj tuaj yeem tsim cov yuam sij VPN yooj yim nrog cov lus txib hauv qab no:

$ wg genkey | tee wg-laptop-private.key |  wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key |  wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key |  wg pubkey > wg-mobile-public.key

Qhov no muab peb tus khub tseem ceeb (rau cov ntaub ntawv). Peb yuav tsis xa mus rau cov ntaub ntawv hauv configs, tab sis luam cov ntsiab lus ntawm no: txhua tus yuam sij yog ib kab hauv base64.

Tsim cov ntaub ntawv Configuration rau VPN Server (Raspberry Pi)

Lub configuration yog heev yooj yim, kuv tsim cov ntaub ntawv hauv qab no /etc/wireguard/wg0.conf:

[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE

[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32

[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32

Ob peb sau ntawv:

  • Hauv qhov chaw tsim nyog koj yuav tsum tau ntxig cov kab los ntawm cov ntaub ntawv nrog cov yuam sij
  • Kuv VPN siv ntau yam sab hauv 10.200.200.0/24
  • Rau pab pawg PostUp/PostDown Kuv muaj lwm lub network interface wwan0, koj tuaj yeem muaj qhov sib txawv (piv txwv li, eth0)

Lub VPN network tau yooj yim coj los nrog cov lus txib hauv qab no:

$ sudo wg-quick up wg0

Ib qho me me: raws li DNS server, kuv siv dnsmasq txuas nrog lub network interface br0, Kuv kuj ntxiv cov khoom siv wg0 mus rau daim ntawv teev cov khoom siv tau tso cai. Hauv dnsmasq, qhov no yog ua los ntawm kev ntxiv kab tshiab nrog lub network interface rau cov ntaub ntawv teeb tsa /etc/dnsmasq.conf, piv txwv:

interface=br0
interface=wg0

Tsis tas li ntawd, kuv ntxiv txoj cai iptable tso cai rau kev khiav mus rau qhov chaw mloog UDP (51280):

$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT

Tam sim no txhua yam ua haujlwm, peb tuaj yeem sau npe tsis siv neeg tso tawm ntawm VPN qhov:

$ sudo systemctl enable [email protected]

Laptop neeg siv configuration

Ntawm lub laptop, tsim cov ntaub ntawv teeb tsa /etc/wireguard/wg0.conf nrog cov kev teeb tsa tib yam:

[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>

[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820

Sau ntawv:

  • Hloov chaw ntawm edgewalker, koj yuav tsum tau qhia meej rau pej xeem IP lossis VPN server host
  • Los ntawm kev teeb tsa AllowedIPs rau 10.200.200.0/24, peb tsuas yog siv lub VPN nkag mus rau hauv lub network sab hauv. Kev khiav mus rau tag nrho lwm qhov chaw nyob IP / servers yuav txuas ntxiv mus los ntawm "ib txwm" qhib raws. Cov kev teeb tsa ua ntej DNS server ntawm lub laptop tseem yuav raug siv.

Rau kev sim thiab tsis siv neeg tso tawm, peb siv tib cov lus txib wg-quick ΠΈ systemd:

$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]

Teeb tsa tus neeg siv khoom ntawm lub xov tooj Android

Rau ib lub xov tooj Android, peb tsim cov ntaub ntawv teeb tsa zoo sib xws (cia hu rau nws mobile.conf):

[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
        
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820

Tsis zoo li lub laptop configuration, lub xov tooj yuav tsum siv peb VPN server raws li nws DNS server (txoj hlua DNS), thiab dhau tag nrho cov tsheb khiav los ntawm VPN qhov (AllowedIPs = 0.0.0.0/0).

Es tsis txhob luam cov ntaub ntawv rau koj lub xov tooj ntawm tes, koj tuaj yeem hloov nws mus rau QR code:

$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf

QR code yuav tso tawm rau lub console li ASCII. Nws tuaj yeem luam tawm los ntawm Android VPN app thiab teeb tsa lub VPN qhov tau txais.

xaus

Kev teeb tsa WireGuard tsuas yog tej yam yees siv piv rau OpenVPN.

Tau qhov twg los: www.hab.com

Ntxiv ib saib