Feem ntau, txuas lub router mus rau VPN tsis yog qhov nyuaj, tab sis yog tias koj xav tiv thaiv tag nrho lub network thiab tib lub sijhawm tswj kev sib txuas kom zoo, ces qhov kev daws teeb meem zoo tshaj plaws yog siv VPN qhov. .
Routers mikrotic ua pov thawj los txhim khu kev qha thiab hloov tau yooj yim heev, tab sis hmoov tsis tseem tsis tau thiab nws tsis paub thaum twg nws yuav tshwm sim thiab nyob rau hauv dab tsi kev ua tau zoo. Tsis ntev los no hais txog dab tsi cov neeg tsim khoom ntawm WireGuard VPN qhov tau qhia , uas yuav ua rau lawv VPN tunneling software ib feem ntawm Linux ntsiav, peb vam tias qhov no yuav pab txhawb rau kev saws me nyuam hauv RouterOS.
Tab sis tam sim no, hmoov tsis, txhawm rau teeb tsa WireGuard ntawm Mikrotik router, koj yuav tsum hloov lub firmware.
Flashing Mikrotik, txhim kho thiab teeb tsa OpenWrt
Ua ntej koj yuav tsum xyuas kom meej tias OpenWrt txhawb koj tus qauv. Saib yog tias tus qauv phim nws lub npe lag luam thiab cov duab .
Mus rau openwrt.com .
Rau cov cuab yeej no, peb xav tau 2 cov ntaub ntawv:
Koj yuav tsum download tau ob cov ntaub ntawv: Nruab ΠΈ txawj tej yam ntxiv.
1. Network teeb tsa, rub tawm thiab teeb tsa PXE server
Rub rau Windows qhov tseeb version.
Unzip rau ib daim ntawv tais ceev tseg. Hauv cov ntaub ntawv config.ini ntxiv cov parameter rf951 = 1 ntu [dhcp]. Qhov kev ntsuas no yog tib yam rau txhua tus qauv Mikrotik.
Cia peb tsiv mus rau lub network teeb tsa: koj yuav tsum sau npe tus IP chaw nyob zoo li qub ntawm ib qho ntawm lub network interfaces ntawm koj lub computer.
IP chaw nyob: 192.168.1.10
Netmask: 255.255.255.0
Khiav Me me PXE Server sawv cev ntawm Administrator thiab xaiv hauv daim teb DHCP neeg rau zaub mov server nrog chaw nyob 192.168.1.10
Ntawm qee qhov versions ntawm Windows, qhov interface no tsuas yog tshwm sim tom qab kev sib txuas Ethernet. Kuv pom zoo kom txuas ib lub router thiab tam sim ntawd hloov lub router thiab PC siv ib txoj hlua txuas.
Nias lub pob "..." (hauv qab sab xis) thiab qhia meej lub nplaub tshev uas koj rub tawm cov ntaub ntawv firmware rau Mikrotik.
Xaiv cov ntaub ntawv uas nws lub npe xaus nrog "initramfs-kernel.bin lossis elf"
2. Booting lub router los ntawm PXE server
Peb txuas lub PC nrog lub xaim thiab thawj qhov chaw nres nkoj (wan, internet, poe hauv, ...) ntawm lub router. Tom qab ntawd, peb muab ib tug txhuam hniav, lo rau hauv lub qhov nrog inscription "Rov dua".
Peb qhib lub hwj chim ntawm lub router thiab tos 20 vib nas this, ces tso tus pas txhuam hniav.
Tsis pub dhau feeb tom ntej, cov lus hauv qab no yuav tsum tshwm sim hauv Tiny PXE Server qhov rai:
Yog hais tias cov lus tshwm, ces koj nyob rau hauv txoj kev coj!
Rov qab kho cov chaw ntawm lub network adapter thiab teem kom tau txais qhov chaw nyob dynamically (ntawm DHCP).
Txuas mus rau LAN chaw nres nkoj ntawm Mikrotik router (2β¦5 nyob rau hauv peb rooj plaub) siv tib thaj qaum. Tsuas yog hloov nws ntawm 1st chaw nres nkoj mus rau 2nd chaw nres nkoj. Qhib chaw nyob hauv qhov browser.
Nkag mus rau hauv OpenWRT tus thawj coj interface thiab mus rau "System -> Backup / Flash Firmware" ntu ntawv qhia zaub mov
Hauv seem "Flash tshiab firmware duab" ntu, nyem rau ntawm "Xaiv cov ntaub ntawv (Xaiv)" khawm.
Qhia txoj hauv kev rau cov ntaub ntawv uas nws lub npe xaus nrog "-squashfs-sysupgrade.bin".
Tom qab ntawd, nyem lub pob "Flash Image".
Hauv lub qhov rais tom ntej, nyem lub pob "Tom ntej". Lub firmware yuav pib rub tawm mus rau lub router.
!!! TSIS MUAJ IB TUG NEEG TSIS TXAUS SIAB RAU HAUV LUB Router thaum lub sij hawm FIRMWARE PROCESS !!!
Tom qab flashing thiab rebooting lub router, koj yuav tau txais Mikrotik nrog OpenWRT firmware.
Tej teeb meem thiab kev daws teeb meem
Ntau cov khoom siv Mikrotik tso tawm xyoo 2019 siv FLASH-NOR nco nti ntawm GD25Q15 / Q16 hom. Qhov teeb meem yog tias thaum flashing, cov ntaub ntawv hais txog tus qauv ntaus ntawv tsis tau txais kev cawmdim.
Yog tias koj pom qhov yuam kev "Cov ntaub ntawv duab uploaded tsis muaj hom kev txhawb nqa. Nco ntsoov tias koj xaiv hom duab dav dav rau koj lub platform. " ces feem ntau yuav qhov teeb meem yog nyob rau hauv flash.
Nws yog ib qho yooj yim los xyuas qhov no: khiav cov lus txib kom kuaj xyuas tus qauv ID hauv lub davhlau ya nyob twg
root@OpenWrt: cat /tmp/sysinfo/board_nameThiab yog tias koj tau txais cov lus teb "tsis paub", ces koj yuav tsum manually qhia tus qauv ntaus ntawv hauv daim ntawv "rb-951-2nd"
Kom tau txais cov qauv ntaus ntawv, khiav cov lus txib
root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2ndTom qab tau txais cov qauv ntaus ntawv, nruab nws manually:
echo 'rb-951-2nd' > /tmp/sysinfo/board_nameTom qab ntawd, koj tuaj yeem nyem lub cuab yeej los ntawm lub vev xaib interface lossis siv "sysupgrade" hais kom ua
Tsim ib lub VPN server nrog WireGuard
Yog tias koj twb muaj lub server nrog WireGuard teeb tsa, koj tuaj yeem hla cov kauj ruam no.
Kuv yuav siv daim ntawv thov los teeb tsa tus kheej VPN server txog tus miv kuv twb .
Configuring WireGuard Client ntawm OpenWRT
Txuas mus rau lub router ntawm SSH raws tu qauv:
ssh [email protected]Nruab WireGuard:
opkg update
opkg install wireguardNpaj cov kev teeb tsa (coj cov cai hauv qab no rau hauv cov ntaub ntawv, hloov cov nqi teev nrog koj tus kheej thiab khiav hauv lub davhlau ya nyob twg).
Yog tias koj siv MyVPN, tom qab ntawd hauv kev teeb tsa hauv qab no koj tsuas yog yuav tsum hloov pauv WG_SERV - Server IP WG_KEY - tus yuam sij ntiag tug los ntawm cov ntaub ntawv wireguard configuration thiab WG_PUB - public key.
WG_IF="wg0"
WG_SERV="100.0.0.0" # ip Π°Π΄ΡΠ΅Ρ ΡΠ΅ΡΠ²Π΅ΡΠ°
WG_PORT="51820" # ΠΏΠΎΡΡ wireguard
WG_ADDR="10.8.0.2/32" # Π΄ΠΈΠ°ΠΏΠ°Π·ΠΎΠ½ Π°Π΄ΡΠ΅ΡΠΎΠ² wireguard
WG_KEY="xxxxx" # ΠΏΡΠΈΠ²Π°ΡΠ½ΡΠΉ ΠΊΠ»ΡΡ
WG_PUB="xxxxx" # ΠΏΡΠ±Π»ΠΈΡΠ½ΡΠΉ ΠΊΠ»ΡΡ
# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart
# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restartQhov no ua tiav qhov teeb tsa WireGuard! Tam sim no tag nrho cov tsheb khiav ntawm tag nrho cov khoom siv txuas nrog yog tiv thaiv los ntawm kev sib txuas VPN.
ua tim khawv
(Ntxiv cov lus qhia muaj rau kev teeb tsa L2TP, PPTP ntawm tus qauv Mikrotik firmware)
Tau qhov twg los: www.hab.com