Ebe ọ bụ na WireGuard isi ihe ga-eme n'ọdịnihu Linux 5.6, ekpebiri m ịhụ otu kacha mma isi jikọta VPN a na nke m .
Ngwa
- Raspberry Pi 3 nwere modul LTE na IP ọha. A ga-enwe ihe nkesa VPN (nke a na-akpọ ya onye na-aga ije)
- Ekwentị gbanyere Android, nke ga-eji VPN maka nkwukọrịta niile
- Laptọọpụ Linux, nke kwesịrị iji naanị VPN n'ime netwọk ahụ
Ngwaọrụ ọ bụla jikọtara na VPN ga-enwerịrị ike ijikọ na ngwaọrụ ọ bụla ọzọ. Dịka ọmụmaatụ, ekwentị kwesịrị inwe ike jikọọ na sava weebụ na laptọọpụ ma ọ bụrụ na ngwaọrụ abụọ a bụ akụkụ nke netwọk VPN. Ọ bụrụ na ntọlite dị mfe zuru oke, mgbe ahụ ị nwere ike iche maka ijikọ na VPN na desktọpụ (site na Ethernet).
N'iburu n'uche na njikọ wired na ikuku na-adịwanye nchebe ka oge na-aga (, и ), Ana m atụlesi ike iji WireGuard maka ngwaọrụ m niile, n'agbanyeghị gburugburu ebe ha na-arụ ọrụ.
Echichi ngwanro
WireGuard na-enye maka ọtụtụ nkesa Linux, Windows и macOSNgwa maka Android na iOS ka a na-ebuga site na ụlọ ahịa ngwa.
Enwere m Fedora kachasị ọhụrụ Linux 31, tupu m etinye ya, enwere m oke umengwụ ịgụ akwụkwọ ntuziaka ahụ. Achọtara m ngwugwu ndị ahụ. wireguard-tools, tinye ha, wee ghara ịchọpụta ihe kpatara na ọ nweghị ihe na-arụ ọrụ. Nnyocha ọzọ gosiri na etinyeghị m ngwugwu ahụ wireguard-dkms (ya na onye ọkwọ ụgbọ ala netwọk), ọ bụghịkwa na ebe nchekwa nke nkesa m.
Ọ bụrụ na m gụrụ ntuziaka a, agara m ewere usoro ziri ezi:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools Enwere m nkesa Raspbian Buster na Raspberry Pi m, enweelarị ngwugwu wireguard, tinye ya:
$ sudo apt install wireguardNa ekwentị Android Etinyere m ngwa ahụ site na katalọgụ gọọmentị nke Ụlọ Ahịa Ngwa Google.
Ịwụnye igodo
Iji kwado nodes Wireguard Na-eji usoro igodo nzuzo/ọha dị mfe iji kwado nodes VPN. Ị nwere ike ịmepụta igodo VPN ngwa ngwa site na iji iwu a:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyNke a na-enye anyị isi ụzọ ụzọ atọ (faịlụ isii). Anyị agaghị ezo aka na faịlụ na nhazi, mana detuo ọdịnaya ebe a: igodo ọ bụla bụ otu ahịrị na base64.
Ịmepụta faịlụ nhazi maka sava VPN (Raspberry Pi)
Nhazi ahụ dị nnọọ mfe, m kere faịlụ na-esonụ /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32Ihe ndetu abụọ:
- N'ebe ndị kwesịrị ekwesị ịkwesịrị itinye ahịrị site na faịlụ na igodo
- VPN m na-eji oke ime
10.200.200.0/24 - Maka otu
PostUp/PostDownEnwere m interface netwọk mpụga wwan0, ị nwere ike ịnwe nke dị iche (dịka ọmụmaatụ, eth0)
A na-ebulite netwọk VPN ngwa ngwa site na iwu a:
$ sudo wg-quick up wg0 Otu obere nkọwa: dị ka ihe nkesa DNS, ejiri m dnsmasq jikọọ na netwọk interface br0, M kwukwara ngwaọrụ wg0 na ndepụta nke ekwenyere ngwaọrụ. Na dnsmasq, a na-eme nke a site n'ịgbakwunye ahịrị ọhụrụ na interface netwọk na faịlụ nhazi /etc/dnsmasq.conf, dịka ọmụmaatụ:
interface=br0
interface=wg0Ọzọkwa, agbakwunyere m iwu iptable iji kwe ka okporo ụzọ gaa na ọdụ ụgbọ mmiri UDP na-ege ntị (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTUgbu a ihe niile na-arụ ọrụ, anyị nwere ike ịdebanye aha mmalite nke ọwara VPN:
$ sudo systemctl enable wg-quick@wg0.serviceNhazi ndị ahịa laptọọpụ
Na laptọọpụ, mepụta faịlụ nhazi /etc/wireguard/wg0.conf nwere otu ntọala:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Ihe ndetu:
- Kama Edgewalker, ịkwesịrị ịkọwapụta IP ọha ma ọ bụ sava VPN ọha
- Site ịtọ
AllowedIPson10.200.200.0/24, naanị anyị na-eji VPN iji nweta netwọk dị n'ime. Okporo ụzọ gaa na adreesị IP/sava ndị ọzọ ga-aga n'ihu na-aga n'ihu na ọwa mepere emepe "mgbe niile". A ga-ejikwa sava DNS ahaziri nke ọma na laptọọpụ.
Maka nnwale na mmalite akpaaka, anyị na-eji otu iwu ahụ wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable wg-quick@wg0.serviceỊtọlite onye ahịa maka Android-ekwentị
Maka ekwentị Android Anyị na-emepụta faịlụ nhazi yiri nke ahụ (ka anyị kpọọ ya mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820 N'adịghị ka nhazi laptọọpụ, ekwentị ga-eji sava VPN anyị dị ka ihe nkesa DNS ya (eriri DNS), yana gafere okporo ụzọ niile site na ọwara VPN (AllowedIPs = 0.0.0.0/0).
Kama iṅomi faịlụ ahụ na ngwaọrụ mkpanaka gị, ị nwere ike ịtụgharị ya na koodu QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confA ga-ewepụta koodu QR na njikwa ahụ dị ka ASCII. Enwere ike iji ngwa ahụ nyochaa ya. Android VPN ma hazie ọwara VPN na akpaghị aka.
nkwubi
ukpụhọde WireGuard naanị anwansi ma e jiri ya tụnyere OpenVPN.
isi: www.habr.com
