Ebe ọ bụ na WireGuard nke Linux 5.6 kernel n'ọdịnihu, ekpebiri m ịhụ otu kacha mma isi jikọta VPN a na nke m .
Ngwa
- Raspberry Pi 3 nwere modul LTE na IP ọha. A ga-enwe ihe nkesa VPN (nke a na-akpọ ya onye na-aga ije)
- Ekwentị gam akporo ga-eji VPN maka nkwukọrịta niile
- Laptọọpụ Linux kwesịrị iji VPN naanị n'ime netwọkụ
Ngwaọrụ ọ bụla jikọtara na VPN ga-enwerịrị ike ijikọ na ngwaọrụ ọ bụla ọzọ. Dịka ọmụmaatụ, ekwentị kwesịrị inwe ike jikọọ na sava weebụ na laptọọpụ ma ọ bụrụ na ngwaọrụ abụọ a bụ akụkụ nke netwọk VPN. Ọ bụrụ na ntọlite dị mfe zuru oke, mgbe ahụ ị nwere ike iche maka ijikọ na VPN na desktọpụ (site na Ethernet).
N'iburu n'uche na njikọ wired na ikuku na-adịwanye nchebe ka oge na-aga (, и ), Ana m atụle nke ọma iji WireGuard maka ngwaọrụ m niile, n'agbanyeghị gburugburu ebe ha nọ.
Echichi ngwanro
WireGuard na-enye maka ọtụtụ nkesa Linux, Windows na macOS. A na-ebunye ngwa maka gam akporo na iOS site na katalọgụ ngwa.
Enwere m Fedora Linux 31 kachasị ọhụrụ na enwere m umengwụ ịgụ akwụkwọ ntuziaka tupu etinye ya. Naanị chọta ngwugwu wireguard-tools, tinye ha, wee ghara ịchọpụta ihe kpatara na ọ nweghị ihe na-arụ ọrụ. Nnyocha ọzọ gosiri na etinyeghị m ngwugwu ahụ wireguard-dkms (ya na onye ọkwọ ụgbọ ala netwọk), ọ bụghịkwa na ebe nchekwa nke nkesa m.
Ọ bụrụ na m gụrụ ntuziaka a, agara m ewere usoro ziri ezi:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Enwere m nkesa Raspbian Buster na Raspberry Pi m, enweelarị ngwugwu wireguard, tinye ya:
$ sudo apt install wireguardEtinyere m ngwa na ekwentị android m site na katalọgụ gọọmentị nke Ụlọ Ahịa Ngwa Google.
Ịwụnye igodo
Iji chọpụta ọnụ ọnụ, Wireguard na-eji atụmatụ igodo nzuzo/ọha dị mfe iji chọpụta ọnụ ọnụ VPN. Ị nwere ike ịmepụta igodo VPN ngwa ngwa site na iji iwu a:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyNke a na-enye anyị isi ụzọ ụzọ atọ (faịlụ isii). Anyị agaghị ezo aka na faịlụ na nhazi, mana detuo ọdịnaya ebe a: igodo ọ bụla bụ otu ahịrị na base64.
Ịmepụta faịlụ nhazi maka sava VPN (Raspberry Pi)
Nhazi ahụ dị nnọọ mfe, m kere faịlụ na-esonụ /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32Ihe ndetu abụọ:
- N'ebe ndị kwesịrị ekwesị ịkwesịrị itinye ahịrị site na faịlụ na igodo
- VPN m na-eji oke ime
10.200.200.0/24 - Maka otu
PostUp/PostDownEnwere m interface netwọk mpụga wwan0, ị nwere ike ịnwe nke dị iche (dịka ọmụmaatụ, eth0)
A na-ebulite netwọk VPN ngwa ngwa site na iwu a:
$ sudo wg-quick up wg0
Otu obere nkọwa: dị ka ihe nkesa DNS, ejiri m dnsmasq jikọọ na netwọk interface br0, M kwukwara ngwaọrụ wg0 na ndepụta nke ekwenyere ngwaọrụ. Na dnsmasq, a na-eme nke a site n'ịgbakwunye ahịrị ọhụrụ na interface netwọk na faịlụ nhazi /etc/dnsmasq.conf, dịka ọmụmaatụ:
interface=br0
interface=wg0Ọzọkwa, agbakwunyere m iwu iptable iji kwe ka okporo ụzọ gaa na ọdụ ụgbọ mmiri UDP na-ege ntị (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTUgbu a ihe niile na-arụ ọrụ, anyị nwere ike ịdebanye aha mmalite nke ọwara VPN:
$ sudo systemctl enable [email protected]Nhazi ndị ahịa laptọọpụ
Na laptọọpụ, mepụta faịlụ nhazi /etc/wireguard/wg0.conf nwere otu ntọala:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Ihe ndetu:
- Kama Edgewalker, ịkwesịrị ịkọwapụta IP ọha ma ọ bụ sava VPN ọha
- Site ịtọ
AllowedIPson10.200.200.0/24, naanị anyị na-eji VPN iji nweta netwọk dị n'ime. Okporo ụzọ gaa na adreesị IP/sava ndị ọzọ ga-aga n'ihu na-aga n'ihu na ọwa mepere emepe "mgbe niile". A ga-ejikwa sava DNS ahaziri nke ọma na laptọọpụ.
Maka nnwale na mmalite akpaaka, anyị na-eji otu iwu ahụ wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]Ịtọlite onye ahịa na ekwentị gam akporo
Maka ekwentị gam akporo, anyị na-emepụta faịlụ nhazi yiri ya (ka anyị kpọọ ya mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
N'adịghị ka nhazi laptọọpụ, ekwentị ga-eji sava VPN anyị dị ka ihe nkesa DNS ya (eriri DNS), yana gafere okporo ụzọ niile site na ọwara VPN (AllowedIPs = 0.0.0.0/0).
Kama iṅomi faịlụ ahụ na ngwaọrụ mkpanaka gị, ị nwere ike ịtụgharị ya na koodu QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confA ga-ewepụta koodu QR na njikwa dị ka ASCII. Enwere ike nyochaa ya na ngwa VPN Android wee guzobe ọwara VPN na-akpaghị aka.
nkwubi
Ịtọlite WireGuard bụ naanị anwansi ma e jiri ya tụnyere OpenVPN.
isi: www.habr.com