Ebe ọ bụ na WireGuard
Ngwa
- Raspberry Pi 3 nwere modul LTE na IP ọha. A ga-enwe ihe nkesa VPN (nke a na-akpọ ya onye na-aga ije)
- Ekwentị gam akporo ga-eji VPN maka nkwukọrịta niile
- Laptọọpụ Linux kwesịrị iji VPN naanị n'ime netwọkụ
Ngwaọrụ ọ bụla jikọtara na VPN ga-enwerịrị ike ijikọ na ngwaọrụ ọ bụla ọzọ. Dịka ọmụmaatụ, ekwentị kwesịrị inwe ike jikọọ na sava weebụ na laptọọpụ ma ọ bụrụ na ngwaọrụ abụọ a bụ akụkụ nke netwọk VPN. Ọ bụrụ na ntọlite dị mfe zuru oke, mgbe ahụ ị nwere ike iche maka ijikọ na VPN na desktọpụ (site na Ethernet).
N'iburu n'uche na njikọ wired na ikuku na-adịwanye nchebe ka oge na-aga (
Echichi ngwanro
WireGuard na-enye
Enwere m Fedora Linux 31 kachasị ọhụrụ na enwere m umengwụ ịgụ akwụkwọ ntuziaka tupu etinye ya. Naanị chọta ngwugwu wireguard-tools
, tinye ha, wee ghara ịchọpụta ihe kpatara na ọ nweghị ihe na-arụ ọrụ. Nnyocha ọzọ gosiri na etinyeghị m ngwugwu ahụ wireguard-dkms
(ya na onye ọkwọ ụgbọ ala netwọk), ọ bụghịkwa na ebe nchekwa nke nkesa m.
Ọ bụrụ na m gụrụ ntuziaka a, agara m ewere usoro ziri ezi:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Enwere m nkesa Raspbian Buster na Raspberry Pi m, enweelarị ngwugwu wireguard
, tinye ya:
$ sudo apt install wireguard
Etinyere m ngwa na ekwentị android m
Ịwụnye igodo
Iji chọpụta ọnụ ọnụ, Wireguard na-eji atụmatụ igodo nzuzo/ọha dị mfe iji chọpụta ọnụ ọnụ VPN. Ị nwere ike ịmepụta igodo VPN ngwa ngwa site na iji iwu a:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.key
Nke a na-enye anyị isi ụzọ ụzọ atọ (faịlụ isii). Anyị agaghị ezo aka na faịlụ na nhazi, mana detuo ọdịnaya ebe a: igodo ọ bụla bụ otu ahịrị na base64.
Ịmepụta faịlụ nhazi maka sava VPN (Raspberry Pi)
Nhazi ahụ dị nnọọ mfe, m kere faịlụ na-esonụ /etc/wireguard/wg0.conf
:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32
Ihe ndetu abụọ:
- N'ebe ndị kwesịrị ekwesị ịkwesịrị itinye ahịrị site na faịlụ na igodo
- VPN m na-eji oke ime
10.200.200.0/24
- Maka otu
PostUp
/PostDown
Enwere m interface netwọk mpụga wwan0, ị nwere ike ịnwe nke dị iche (dịka ọmụmaatụ, eth0)
A na-ebulite netwọk VPN ngwa ngwa site na iwu a:
$ sudo wg-quick up wg0
Otu obere nkọwa: dị ka ihe nkesa DNS, ejiri m dnsmasq
jikọọ na netwọk interface br0
, M kwukwara ngwaọrụ wg0
na ndepụta nke ekwenyere ngwaọrụ. Na dnsmasq, a na-eme nke a site n'ịgbakwunye ahịrị ọhụrụ na interface netwọk na faịlụ nhazi /etc/dnsmasq.conf
, dịka ọmụmaatụ:
interface=br0
interface=wg0
Ọzọkwa, agbakwunyere m iwu iptable iji kwe ka okporo ụzọ gaa na ọdụ ụgbọ mmiri UDP na-ege ntị (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT
Ugbu a ihe niile na-arụ ọrụ, anyị nwere ike ịdebanye aha mmalite nke ọwara VPN:
$ sudo systemctl enable [email protected]
Nhazi ndị ahịa laptọọpụ
Na laptọọpụ, mepụta faịlụ nhazi /etc/wireguard/wg0.conf
nwere otu ntọala:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820
Ihe ndetu:
- Kama Edgewalker, ịkwesịrị ịkọwapụta IP ọha ma ọ bụ sava VPN ọha
- Site ịtọ
AllowedIPs
on10.200.200.0/24
, naanị anyị na-eji VPN iji nweta netwọk dị n'ime. Okporo ụzọ gaa na adreesị IP/sava ndị ọzọ ga-aga n'ihu na-aga n'ihu na ọwa mepere emepe "mgbe niile". A ga-ejikwa sava DNS ahaziri nke ọma na laptọọpụ.
Maka nnwale na mmalite akpaaka, anyị na-eji otu iwu ahụ wg-quick
и systemd
:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]
Ịtọlite onye ahịa na ekwentị gam akporo
Maka ekwentị gam akporo, anyị na-emepụta faịlụ nhazi yiri ya (ka anyị kpọọ ya mobile.conf
):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
N'adịghị ka nhazi laptọọpụ, ekwentị ga-eji sava VPN anyị dị ka ihe nkesa DNS ya (eriri DNS
), yana gafere okporo ụzọ niile site na ọwara VPN (AllowedIPs = 0.0.0.0/0
).
Kama iṅomi faịlụ ahụ na ngwaọrụ mkpanaka gị, ị nwere ike ịtụgharị ya na koodu QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf
A ga-ewepụta koodu QR na njikwa dị ka ASCII. Enwere ike nyochaa ya na ngwa VPN Android wee guzobe ọwara VPN na-akpaghị aka.
nkwubi
Ịtọlite WireGuard bụ naanị anwansi ma e jiri ya tụnyere OpenVPN.
isi: www.habr.com