ProHoster > Блог > Kev tswj hwm > Teeb tsa VPN yooj yim nrog WireGuard thiab Raspberry Pi ua lub server

Teeb tsa VPN yooj yim nrog WireGuard thiab Raspberry Pi ua lub server

Txij thaum lub WireGuard ua ib feem ntawm lub hauv paus yav tom ntej Linux 5.6, kuv txiav txim siab saib yuav ua li cas thiaj li zoo tshaj plaws los koom ua ke VPN no nrog kuv LTE Router/Access Point ntawm Raspberry Pi.

Khoom siv

  • Raspberry Pi 3 nrog LTE module thiab pej xeem IP. Yuav muaj VPN server (tom qab no hu ua edgewalker)
  • Xov tooj qhib lawm Android, uas yuav tsum siv VPN rau txhua qhov kev sib txuas lus
  • Laptop Linux, uas tsuas yog yuav tsum siv VPN hauv lub network xwb

Txhua lub cuab yeej uas txuas rau VPN yuav tsum muaj peev xwm txuas mus rau lwm lub cuab yeej. Piv txwv li, ib lub xov tooj yuav tsum muaj peev xwm txuas mus rau lub web server ntawm lub laptop yog tias ob qho tib si yog ib feem ntawm VPN network. Yog tias qhov teeb tsa yooj yim txaus, ces koj tuaj yeem xav txog kev txuas mus rau VPN thiab lub desktop (ntawm Ethernet).

Xav txog tias kev sib txuas ntawm cov xov tooj thiab wireless tau dhau los ua kev nyab xeeb dua lub sijhawm (tsom tawm tsam, KRACK WPA2 hacking nres и Dragonblood nres tawm tsam WPA3), kuv xav siv tiag tiag WireGuard rau tag nrho kuv cov khoom siv, tsis hais lawv khiav hauv ib puag ncig twg.

Software installation

WireGuard muab pob khoom precompiled rau feem ntau ntawm cov kev faib tawm Linux, Windows и macOSCov ntawv thov rau Android thiab iOS tau xa los ntawm cov khw muag khoom app.

Kuv muaj Fedora tshiab kawg Linux 31, thiab ua ntej kuv teeb tsa kuv tub nkeeg dhau los nyeem phau ntawv qhia. Kuv nyuam qhuav pom cov pob khoom. wireguard-tools, ntsia lawv, thiab tom qab ntawd tsis tuaj yeem paub tias vim li cas tsis muaj dab tsi ua haujlwm. Kev tshawb nrhiav ntxiv tau qhia tias kuv tsis muaj lub pob teeb tsa wireguard-dkms (nrog tus tsav tsheb hauv lub network), thiab nws tsis nyob hauv qhov chaw cia khoom ntawm kuv qhov kev faib tawm.

Yog tias kuv tau nyeem cov lus qhia, kuv yuav tau ua cov kauj ruam zoo:

$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools

Kuv muaj Raspbian Buster faib teeb tsa ntawm kuv Raspberry Pi, twb muaj ib pob wireguard, nruab nws:

$ sudo apt install wireguard

Hauv xov tooj Android Kuv tau nruab daim ntawv thov WireGuard VPN los ntawm cov ntawv teev npe ntawm Google App Store.

Txhim kho cov yuam sij

Yuav ua li cas thiaj paub tseeb tias cov nodes Wireguard Siv ib txoj kev yooj yim private/public key scheme los authenticate VPN nodes. Koj tuaj yeem yooj yim tsim VPN keys nrog cov lus txib hauv qab no:

$ wg genkey | tee wg-laptop-private.key |  wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key |  wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key |  wg pubkey > wg-mobile-public.key

Qhov no muab peb tus khub tseem ceeb (rau cov ntaub ntawv). Peb yuav tsis xa mus rau cov ntaub ntawv hauv configs, tab sis luam cov ntsiab lus ntawm no: txhua tus yuam sij yog ib kab hauv base64.

Tsim cov ntaub ntawv Configuration rau VPN Server (Raspberry Pi)

Lub configuration yog heev yooj yim, kuv tsim cov ntaub ntawv hauv qab no /etc/wireguard/wg0.conf:

[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE

[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32

[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32

Ob peb sau ntawv:

  • Hauv qhov chaw tsim nyog koj yuav tsum tau ntxig cov kab los ntawm cov ntaub ntawv nrog cov yuam sij
  • Kuv VPN siv ntau yam sab hauv 10.200.200.0/24
  • Rau pab pawg PostUp/PostDown Kuv muaj lwm lub network interface wwan0, koj tuaj yeem muaj qhov sib txawv (piv txwv li, eth0)

Lub VPN network tau yooj yim coj los nrog cov lus txib hauv qab no:

$ sudo wg-quick up wg0

Ib qho me me: raws li DNS server, kuv siv dnsmasq txuas nrog lub network interface br0, Kuv kuj ntxiv cov khoom siv wg0 mus rau daim ntawv teev cov khoom siv tau tso cai. Hauv dnsmasq, qhov no yog ua los ntawm kev ntxiv kab tshiab nrog lub network interface rau cov ntaub ntawv teeb tsa /etc/dnsmasq.conf, piv txwv:

interface=br0
interface=wg0

Tsis tas li ntawd, kuv ntxiv txoj cai iptable tso cai rau kev khiav mus rau qhov chaw mloog UDP (51280):

$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT

Tam sim no txhua yam ua haujlwm, peb tuaj yeem sau npe tsis siv neeg tso tawm ntawm VPN qhov:

$ sudo systemctl enable wg-quick@wg0.service

Laptop neeg siv configuration

Ntawm lub laptop, tsim cov ntaub ntawv teeb tsa /etc/wireguard/wg0.conf nrog cov kev teeb tsa tib yam:

[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>

[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820

Sau ntawv:

  • Hloov chaw ntawm edgewalker, koj yuav tsum tau qhia meej rau pej xeem IP lossis VPN server host
  • Los ntawm kev teeb tsa AllowedIPs rau 10.200.200.0/24, peb tsuas yog siv lub VPN nkag mus rau hauv lub network sab hauv. Kev khiav mus rau tag nrho lwm qhov chaw nyob IP / servers yuav txuas ntxiv mus los ntawm "ib txwm" qhib raws. Cov kev teeb tsa ua ntej DNS server ntawm lub laptop tseem yuav raug siv.

Rau kev sim thiab tsis siv neeg tso tawm, peb siv tib cov lus txib wg-quick и systemd:

$ sudo wg-quick up wg0
$ sudo systemctl enable wg-quick@wg0.service

Teeb tsa tus neeg siv khoom rau Android-xov tooj

Rau cov xov tooj Android Peb tsim cov ntaub ntawv teeb tsa zoo sib xws (cia peb hu nws mobile.conf):

[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
        
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820

Tsis zoo li lub laptop configuration, lub xov tooj yuav tsum siv peb VPN server raws li nws DNS server (txoj hlua DNS), thiab dhau tag nrho cov tsheb khiav los ntawm VPN qhov (AllowedIPs = 0.0.0.0/0).

Es tsis txhob luam cov ntaub ntawv rau koj lub xov tooj ntawm tes, koj tuaj yeem hloov nws mus rau QR code:

$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf

Tus lej QR yuav raug tso tawm rau lub console ua ASCII. Koj tuaj yeem luam theej nws los ntawm lub app. Android VPN thiab teeb tsa lub qhov VPN tau.

xaus

hloov WireGuard tsuas yog khawv koob piv rau OpenVPN.

Tau qhov twg los: www.hab.com

Yuav txhim khu kev qha hosting rau cov chaw nrog DDoS tiv thaiv, VPS VDS servers 🔥 Yuav lub vev xaib hosting txhim khu kev qha nrog kev tiv thaiv DDoS, VPS VDS servers | ProHoster