TL; DR: Kuv nruab Wireguard ntawm VPS, txuas rau nws los ntawm kuv lub tsev router ntawm OpenWRT, thiab nkag mus rau kuv lub tsev subnet ntawm kuv lub xov tooj.
Yog tias koj khaws koj tus kheej cov txheej txheem ntawm lub tsev neeg rau zaub mov lossis muaj ntau yam khoom siv IP tswj hwm hauv tsev, ces tej zaum koj yuav xav tau nkag mus rau lawv los ntawm kev ua haujlwm, los ntawm tsheb npav, tsheb ciav hlau thiab metro. Feem ntau, rau cov haujlwm zoo sib xws, IP yog yuav los ntawm tus kws kho mob, tom qab ntawd cov chaw nres nkoj ntawm txhua qhov kev pabcuam raug xa mus rau sab nraud.
Hloov chaw, kuv teeb tsa VPN nrog kev nkag mus rau kuv lub tsev LAN. Qhov zoo ntawm qhov kev daws teeb meem no:
- transparency: Kuv xav tias nyob hauv tsev nyob rau txhua qhov xwm txheej.
- Qhov Yooj Yim: teeb tsa thiab tsis nco qab nws, tsis tas yuav xav txog kev xa mus rau txhua qhov chaw nres nkoj.
- Nqi: Kuv twb muaj VPS lawm; rau cov haujlwm zoo li no, VPN niaj hnub no yuav luag dawb ntawm cov peev txheej.
- Kev ruaj ntseg: tsis muaj dab tsi tawm, koj tuaj yeem tawm MongoDB yam tsis muaj tus password thiab tsis muaj leej twg yuav nyiag koj cov ntaub ntawv.
Raws li ib txwm muaj, muaj downsides. Ua ntej, koj yuav tau teeb tsa txhua tus neeg siv khoom sib cais, suav nrog rau sab server. Nws tuaj yeem tsis yooj yim yog tias koj muaj ntau cov khoom siv uas koj xav nkag mus rau cov kev pabcuam. Qhov thib ob, koj tuaj yeem muaj LAN nrog ntau yam ntawm kev ua haujlwm - koj yuav tau daws qhov teeb meem no.
Peb xav tau:
- VPS (hauv kuv rooj plaub ntawm Debian 10).
- OpenWRT router.
- Xov tooj.
- Tsev neeg rau zaub mov nrog qee qhov kev pabcuam hauv web rau kev sim.
- Ncaj caj npab.
VPN thev naus laus zis kuv yuav siv yog Wireguard. Qhov kev daws teeb meem no kuj muaj qhov zoo thiab qhov tsis zoo, kuv yuav tsis piav qhia rau lawv. Rau VPN kuv siv subnet 192.168.99.0/24, thiab ntawm kuv lub tsev 192.168.0.0/24.
VPS configuration
Txawm tias qhov nyuaj siab tshaj VPS rau 30 rubles ib hlis yog txaus rau kev lag luam, yog tias koj muaj hmoo txaus kom muaj ib qho .
Kuv ua txhua yam haujlwm ntawm lub server raws li hauv paus ntawm lub tshuab huv; yog tias tsim nyog, ntxiv 'sudo' thiab hloov cov lus qhia.
Wireguard tsis muaj sij hawm coj mus rau hauv qhov ruaj khov, yog li kuv khiav 'apt hloov kho-qhov chaw' thiab ntxiv backports hauv ob kab ntawm qhov kawg ntawm cov ntaub ntawv:
deb http://deb.debian.org/debian/ buster-backports main
# deb-src http://deb.debian.org/debian/ buster-backports main
Lub pob yog ntsia raws li ib txwm: apt update && apt install wireguard.
Tom ntej no, peb tsim ib khub tseem ceeb: wg genkey | tee /etc/wireguard/vps.private | wg pubkey | tee /etc/wireguard/vps.public. Rov ua qhov haujlwm no ob zaug ntxiv rau txhua lub cuab yeej koom nrog hauv Circuit Court. Hloov txoj hauv kev mus rau cov ntaub ntawv tseem ceeb rau lwm lub cuab yeej thiab tsis txhob hnov ββββqab txog kev ruaj ntseg ntawm tus yuam sij ntiag tug.
Tam sim no peb npaj lub config. Ua ntaub ntawv /etc/wireguard/wg0.conf config yog muab tso rau:
[Interface]
Address = 192.168.99.1/24
ListenPort = 57953
PrivateKey = 0JxJPUHz879NenyujROVK0YTzfpmzNtbXmFwItRKdHs=
[Peer] # OpenWRT
PublicKey = 36MMksSoKVsPYv9eyWUKPGMkEs3HS+8yIUqMV8F+JGw=
AllowedIPs = 192.168.99.2/32,192.168.0.0/24
[Peer] # Smartphone
PublicKey = /vMiDxeUHqs40BbMfusB6fZhd+i5CIPHnfirr5m3TTI=
AllowedIPs = 192.168.99.3/32
Hauv seem [Interface] cov chaw ntawm lub tshuab nws tus kheej tau qhia, thiab hauv [Peer] - teeb tsa rau cov uas yuav txuas rau nws. IN AllowedIPs cais los ntawm commas, cov subnets uas yuav raug xa mus rau cov neeg sib raug zoo tau teev tseg. Vim li no, cov phooj ywg ntawm "tus neeg siv khoom" hauv VPN subnet yuav tsum muaj daim npog ntsej muag /32, txhua yam ntxiv yuav raug xa los ntawm server. Txij li thaum lub network hauv tsev yuav raug xa mus los ntawm OpenWRT, hauv AllowedIPs Peb ntxiv lub tsev subnet ntawm cov neeg sib raug zoo. IN PrivateKey ΠΈ PublicKey decompose tus yuam sij ntiag tug tsim rau VPS thiab cov yuam sij pej xeem ntawm cov phooj ywg raws li.
Ntawm VPS, txhua yam uas tseem tshuav yog khiav cov lus txib uas yuav coj mus rau lub interface thiab ntxiv rau autorun: systemctl enable --now wg-quick@wg0. Cov xwm txheej txuas tam sim no tuaj yeem kuaj xyuas nrog cov lus txib wg.
OpenWRT Configuration
Txhua yam koj xav tau rau theem no yog nyob rau hauv luci module (OpenWRT web interface). Nkag mus thiab qhib Software tab hauv System menu. OpenWRT tsis khaws ib lub cache ntawm lub tshuab, yog li koj yuav tsum tau hloov kho cov npe ntawm cov pob khoom muaj los ntawm kev nyem rau ntawm ntsuab Hloov cov npe khawm. Tom qab ua tiav, tsav mus rau hauv lub lim luci-app-wireguard thiab, saib lub qhov rais nrog ib tsob ntoo zoo nkauj nyob, nruab cov pob no.
Hauv Networks ntawv qhia zaub mov, xaiv Interfaces thiab nyem ntsuab Ntxiv Tshiab Interface khawm nyob rau hauv cov npe ntawm cov uas twb muaj lawm. Tom qab nkag mus rau lub npe (tseem wg0 hauv kuv rooj plaub) thiab xaiv WireGuard VPN raws tu qauv, daim ntawv teeb tsa nrog plaub tab qhib.
Ntawm qhov General Settings tab, koj yuav tsum nkag mus rau tus yuam sij ntiag tug thiab IP chaw nyob npaj rau OpenWRT nrog rau cov subnet.
Ntawm Firewall Settings tab, txuas lub interface mus rau lub network hauv zos. Txoj kev no, kev sib txuas los ntawm VPN yuav nkag mus rau hauv cheeb tsam.
Ntawm cov phooj ywg tab, nyem lub pob nkaus xwb, tom qab ntawd koj sau cov ntaub ntawv VPS server hauv daim ntawv tshiab: tus yuam sij pej xeem, Tso cai IPs (koj yuav tsum xa tag nrho VPN subnet rau lub server). Hauv Endpoint Host thiab Endpoint Chaw nres nkoj, nkag mus rau IP chaw nyob ntawm VPS nrog qhov chaw nres nkoj yav dhau los tau teev tseg hauv ListenPort cov lus qhia, feem. Kos Route Allowed IPs rau txoj kev tsim. Thiab nco ntsoov sau rau Persistent Keep Alive, txwv tsis pub lub qhov los ntawm VPS mus rau lub router yuav tawg yog tias tom kawg yog tom qab NAT.
Tom qab ntawd, koj tuaj yeem txuag cov chaw, thiab tom qab ntawd ntawm nplooj ntawv nrog cov npe ntawm cov interfaces, nyem Txuag thiab siv. Yog tias tsim nyog, qhia meej meej tso lub interface nrog lub khawm Restart.
Teeb tsa lub smartphone
Koj yuav xav tau tus neeg siv khoom Wireguard, nws muaj nyob rau hauv , thiab App Store. Tom qab qhib daim ntawv thov, nias lub cim ntxiv thiab hauv ntu Interface nkag mus rau lub npe txuas, tus yuam sij ntiag tug (tus yuam sij pej xeem yuav raug tsim tawm) thiab chaw nyob hauv xov tooj nrog /32 daim npog ntsej muag. Hauv tshooj Peer, qhia meej VPS pej xeem tus yuam sij, tus khub chaw nyob: VPN server chaw nres nkoj raws li qhov kawg, thiab txoj hauv kev mus rau VPN thiab hauv tsev subnet.
Bold screenshot ntawm lub xov tooj
Nyem rau ntawm lub floppy disk nyob rau hauv lub ces kaum, tig nws thiab ...
Ua li cas
Tam sim no koj tuaj yeem nkag mus saib xyuas hauv tsev, hloov chaw router, lossis ua txhua yam ntawm qib IP.
Screenshots los ntawm cheeb tsam
Tau qhov twg los: www.hab.com