N'ọtụtụ ọnọdụ, ijikọ rawụta na VPN adịghị esiri ike, mana ọ bụrụ na ịchọrọ ichebe netwọkụ niile ma n'otu oge ahụ jikwaa ọsọ njikọ kacha mma, mgbe ahụ ihe ngwọta kachasị mma bụ iji ọwara VPN. .
Ndị njem mikrotic gosipụtara na ọ bụ ihe ngwọta a pụrụ ịdabere na ya na nke na-agbanwe agbanwe, ma ọ dị mwute ikwu ka na-adịghị na-amaghị mgbe ọ ga-apụta na kedu arụmọrụ. Na nso nso a gbasara ihe ndị mmepe nke WireGuard VPN ọwara tụrụ aro , nke ga-eme ka ngwanrọ tunneling VPN ha bụrụ akụkụ nke kernel Linux, anyị nwere olileanya na nke a ga-enye aka na ntinye na RouterOS.
Mana maka ugbu a, ọ dị nwute, iji hazie WireGuard na rawụta Mikrotik, ịkwesịrị ịgbanwe ngwa ngwa.
Mikrotik na-egbuke egbuke, wụnye na ịhazi OpenWrt
Mbụ ị kwesịrị ijide n'aka na OpenWrt na-akwado ihe nlereanya gị. Hụ ma ihe nlereanya dabara aha ahịa na onyonyo ya .
Gaa na openwrt.com .
Maka ngwaọrụ a, anyị chọrọ faịlụ 2:
Ịkwesịrị ibudata faịlụ abụọ ahụ: wụnye и upgrade.
1. Ntọlite netwọkụ, budata na hazie ihe nkesa PXE
Budata maka Windows ọhụrụ version.
Wepu ya na folda dị iche. Na config.ini faịlụ tinye paramita rfc951=1 ngalaba [dhcp]. Oke a bụ otu maka ụdị Mikrotik niile.
Ka anyị gaa na ntọala netwọk: ịkwesịrị ịdebanye aha adreesị IP static n'otu n'ime oghere netwọkụ nke kọmputa gị.
adreesị IP: 192.168.1.10
Netwọk: 255.255.255.0
Na-agba ọsọ Obere ihe nkesa PXE n'aha onye nchịkwa wee họrọ n'ọhịa DHCP Server ihe nkesa nwere adreesị 192.168.1.10
Na ụfọdụ ụdị Windows, interface a nwere ike ịpụta naanị mgbe njikọ Ethernet gasịrị. Ana m akwado ijikọ rawụta wee gbanwee rawụta na PC ozugbo site na iji eriri patch.
Pịa bọtịnụ "..." (n'okpuru aka nri) wee kọwapụta folda ebe ibudatara faịlụ firmware maka Mikrotik.
Họrọ faịlụ nke aha ya kwụsịrị na "initramfs-kernel.bin ma ọ bụ elf"
2. Na-ebupụ rawụta site na ihe nkesa PXE
Anyị jikọọ PC na waya na ọdụ ụgbọ mmiri mbụ (wan, ịntanetị, poe in, ...) nke rawụta. Mgbe nke ahụ gasịrị, anyị na-ewere nha nha nha, tinye ya n'ime oghere na ihe odide "Tọgharia".
Anyị na-agbanye ike nke rawụta wee chere 20 sekọnd, wee hapụ nha nha.
N'ime nkeji na-esote, ozi ndị a kwesịrị ịpụta na mpio nke ntanye PXE:
Ọ bụrụ na ozi ahụ pụtara, ị nọ n'ụzọ ziri ezi!
Weghachite ntọala na nkwụnye netwọkụ wee tọọ ịnata adreesị nke ọma (site na DHCP).
Jikọọ na ọdụ ụgbọ mmiri LAN nke Mikrotik rawụta (2… 5 n'ọnọdụ anyị) na-eji otu eriri eriri. Naanị gbanwee ya site na ọdụ ụgbọ mmiri nke mbụ gaa na ọdụ ụgbọ mmiri nke abụọ. Mepee adreesị na ihe nchọgharị.
Banye na interface nlekọta OpenWRT wee gaa na ngalaba menu "System -> Backup/Flash Firmware"
Na mpaghara "Flash ọhụrụ firmware image" pịa bọtịnụ "Họrọ faịlụ (Chọgharịa)".
Ezipụta ụzọ gaa na faịlụ nke aha ya kwụsịrị na "-squashfs-sysupgrade.bin".
Mgbe nke ahụ gasịrị, pịa bọtịnụ "Flash Image".
Na windo na-esote, pịa bọtịnụ "Gaa n'ihu". Firmware ga-amalite nbudata na rawụta.
!!! Ọ BỤGHỊ ihe omume ewepụla ike nke rawụta n'oge usoro firmware !!!
Mgbe ịchachara ma malitegharịa rawụta, ị ga-enweta Mikrotik na ngwa ngwa OpenWRT.
Nsogbu na ngwọta nwere ike ime
Ọtụtụ ngwaọrụ Mikrotik ewepụtara na 2019 na-eji mgbawa ebe nchekwa FLASH-NOR nke ụdị GD25Q15 / Q16. Nsogbu bụ na mgbe ọ na-egbuke egbuke, data gbasara ụdị ngwaọrụ adịghị echekwa.
Ọ bụrụ na ị na-ahụ njehie "Faịlụ onyonyo ebugoro enweghị usoro akwadoro. Jide n'aka na ị họrọ usoro onyonyo ọnụọgụ maka ikpo okwu gị." mgbe ahụ o yikarịrị ka nsogbu ahụ dị na flash.
Ọ dị mfe ịlele nke a: gbaa iwu ka ịlele ID nlereanya na njedebe ngwaọrụ
root@OpenWrt: cat /tmp/sysinfo/board_nameMa ọ bụrụ na ị nweta azịza "amaghị", mgbe ahụ ịkwesịrị iji aka kọwaa ihe nlereanya ngwaọrụ na ụdị "rb-951-2nd"
Iji nweta ụdị ngwaọrụ, mee iwu ahụ
root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2ndMgbe ị nwetachara ụdị ngwaọrụ ahụ, jiri aka tinye ya:
echo 'rb-951-2nd' > /tmp/sysinfo/board_nameMgbe nke ahụ gasịrị, ịnwere ike ịgbanye ngwaọrụ ahụ site na ntanetị weebụ ma ọ bụ jiri iwu "sysupgrade".
Mepụta sava VPN na WireGuard
Ọ bụrụ na ị nweelarị ihe nkesa nwere ahaziri WireGuard, ị nwere ike ịfefe nzọụkwụ a.
M ga-eji ngwa ahụ melite sava VPN nkeonwe gbasara pusi m ugbua .
Na-ahazi onye ahịa WireGuard na OpenWRT
Jikọọ na rawụta site na SSH protocol:
ssh [email protected]Wụnye WireGuard:
opkg update
opkg install wireguardKwadebe nhazi ahụ (detuo koodu dị n'okpuru na faịlụ, jiri nke gị dochie ụkpụrụ akọwapụtara ma gbaa ọsọ na njedebe).
Ọ bụrụ na ị na-eji MyVPN, yabụ na nhazi dị n'okpuru naanị ịkwesịrị ịgbanwe WG_SERV - IP nkesa WG_KEY - igodo nzuzo site na faịlụ nhazi wireguard na WG_PUB - igodo ọha.
WG_IF="wg0"
WG_SERV="100.0.0.0" # ip адрес сервера
WG_PORT="51820" # порт wireguard
WG_ADDR="10.8.0.2/32" # диапазон адресов wireguard
WG_KEY="xxxxx" # приватный ключ
WG_PUB="xxxxx" # публичный ключ
# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart
# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restartNke a mezuru ntọala WireGuard! Ugbu a, njikọ VPN na-echekwa okporo ụzọ niile na ngwaọrụ niile ejikọrọ.
zoro
(ntụziaka dị maka ịtọlite L2TP, PPTP na firmware Mikrotik ọkọlọtọ)
isi: www.habr.com