äœã®ããã«ïŒ
æš©åšäž»çŸ©æ¿æš©ã«ããã€ã³ã¿ãŒãããã®æ€é²ã匷åãããã«ã€ãããããã¯ãããæçšãªã€ã³ã¿ãŒããã ãªãœãŒã¹ããµã€ãã®æ°ãå¢ããŠããŸãã æè¡çãªæ
å ±ãå«ããŠã
ãããã£ãŠãã€ã³ã¿ãŒããããå®å
šã«äœ¿çšããããšãäžå¯èœã«ãªããã€ã³ã¿ãŒãããã«è¬³ãããŠããèšè«ã®èªç±ãšããåºæ¬çæš©å©ã䟵害ãããŸãã
èšäº19
誰ããæèŠãšè¡šçŸã®èªç±ã«å¯Ÿããæš©å©ãæã£ãŠããŸãã ãã®æš©å©ã«ã¯ãå¹²æžãåããããšãªãæèŠãä¿æããåœå¢ã«é¢ä¿ãªããããããã¡ãã£ã¢ãéããŠæ å ±ãã¢ã€ãã¢ãæ±ããåãåããäŒããèªç±ãå«ãŸããŸãã
ãã®ã¬ã€ãã§ã¯ã6 ã€ã®ã¹ãããã§ç¬èªã®ããªãŒãŠã§ã¢* ããããã€ããŸãã
ãã®ãŠã©ãŒã¯ã¹ã«ãŒã¯ãIT 以å€ã®äººã
ã«ãã§ããã ãããããããããããã«åªããŸããã å¿
èŠãªã®ã¯ã以äžã«èª¬æããæé ãç¹°ãè¿ãå¿èåã ãã§ãã
泚æ
- AWS ãæäŸãã
ç¡æ䜿çšæ 12 ãæéã15 ãæãããã®ãã©ãã£ãã¯ã®å¶é㯠XNUMX GB ã§ãã- ãã®ããã¥ã¢ã«ã®ææ°çã¯ã次ã®å Žæã«ãããŸãã
https://wireguard.isystem.io
ã¹ããŒãž
- ç¡æã® AWS ã¢ã«ãŠã³ãã«ãµã€ã³ã¢ãããã
- AWS ã€ã³ã¹ã¿ã³ã¹ãäœæãã
- AWS ã€ã³ã¹ã¿ã³ã¹ãžã®æ¥ç¶
- ã¯ã€ã€ãŒã¬ãŒãæ§æ
- VPN ã¯ã©ã€ã¢ã³ãã®æ§æ
- VPN ã€ã³ã¹ããŒã«ãæ£ãããã©ããã確èªãã
䟿å©ãªãªã³ã¯é
1. AWSã¢ã«ãŠã³ãã®ç»é²
ç¡æã® AWS ã¢ã«ãŠã³ãã«ãµã€ã³ã¢ããããã«ã¯ãå®éã®é»è©±çªå·ãšæå¹ãª Visa ãŸã㯠Mastercard ã¯ã¬ãžãã ã«ãŒããå¿
èŠã§ãã ç¡æã§æäŸãããããŒãã£ã«ã«ãŒãã䜿çšããããšããå§ãããŸã
1.1. AWS ãããžã¡ã³ãã³ã³ãœãŒã«ãéã
ãã©ãŠã¶ãéããŠæ¬¡ã®å Žæã«ç§»åããå¿
èŠããããŸãã
ãç»é²ããã¿ã³ãã¯ãªãã¯ããŸã
1.2. å人ããŒã¿ã®å ¥å
ããŒã¿ãå ¥åããŠãç¶è¡ããã¿ã³ãã¯ãªãã¯ããŠãã ãã
1.3. é£çµ¡å ã®è©³çŽ°ãèšå ¥ãã
é£çµ¡å æ å ±ãå ¥åããŸãã
1.4. æ¯æãæ å ±ã®æå®ã
ã«ãŒãçªå·ãæå¹æéãã«ãŒãææè ã®ååã
1.5. ã¢ã«ãŠã³ãã®èªèšŒ
ãã®æ®µéã§é»è©±çªå·ã確èªãããæ¯æãã«ãŒããã 1 ãã«ãçŽæ¥åŒãèœãšãããŸãã ããœã³ã³ç»é¢ã«4æ¡ã®ã³ãŒãã衚瀺ãããæå®ããé»è©±ã«ã¢ããŸã³ããé»è©±ãããããŸãã é話äžã¯ãç»é¢ã«è¡šç€ºãããã³ãŒãããã€ã€ã«ããå¿ èŠããããŸãã
1.6. æéãã©ã³ã®éžæã
éžæ - ããŒã·ãã¯ãã©ã³ïŒç¡æïŒ
1.7. 管çã³ã³ãœãŒã«ã«ãã°ã€ã³ãã
1.8. ããŒã¿ã»ã³ã¿ãŒã®å Žæã®éžæ
1.8.1. ã¹ããŒããã¹ã
ããŒã¿ã»ã³ã¿ãŒãéžæããåã«ã以äžããã¹ãããããšããå§ãããŸãã
- ã·ã³ã¬ããŒã«
- ããª
- ãã©ã³ã¯ãã«ã
- ã¹ããã¯ãã«ã
- ãã³ãã³
ãã³ãã³ã®ããŒã¿ã»ã³ã¿ãŒã¯é床ã®ç¹ã§æé«ã®çµæã瀺ããŠããŸãã ããã§ãããã«ã«ã¹ã¿ãã€ãºããããã«ãããéžæããŸããã
2. AWS ã€ã³ã¹ã¿ã³ã¹ãäœæãã
2.1 ä»®æ³ãã·ã³ã®äœæ
2.1.1. ã€ã³ã¹ã¿ã³ã¹ã¿ã€ãã®éžæ
ããã©ã«ãã§ã¯ãt2.micro ã€ã³ã¹ã¿ã³ã¹ãéžæãããŠããããããå¿ èŠãªãã®ã§ãããã¿ã³ãæŒãã ãã§ãã 次ãž: ã€ã³ã¹ã¿ã³ã¹ã®è©³çŽ°ãæ§æãã
2.1.2. ã€ã³ã¹ã¿ã³ã¹ãªãã·ã§ã³ã®èšå®
å°æ¥çã«ã¯ãæ°žç¶çãªãããªã㯠IP ãã€ã³ã¹ã¿ã³ã¹ã«æ¥ç¶ããããããã®æ®µéã§ã¯ãããªã㯠IP ã®èªåå²ãåœãŠããªãã«ãããã¿ã³ãæŒããŸãã 次ãž: ã¹ãã¬ãŒãžã®è¿œå
2.1.3. ã¹ãã¬ãŒãžæ¥ç¶
ãããŒããã£ã¹ã¯ãã®ãµã€ãºãæå®ããŸãã ç§ãã¡ã®ç®çã§ã¯ã16 GB ã§ååãªã®ã§ããã¿ã³ãæŒããŸãã 次ãžïŒã¿ã°ãè¿œå ãã
2.1.4. ã¿ã°ã®èšå®
è€æ°ã®ã€ã³ã¹ã¿ã³ã¹ãäœæããå Žåã¯ã管çã容æã«ããããã«ã¿ã°ã«ãã£ãŠã°ã«ãŒãåã§ããŸãã ãã®å Žåããã®æ©èœã¯äžèŠã§ããããã«ãã¿ã³ãæŒããŠãã ããã 次ãž: ã»ãã¥ãªãã£ã°ã«ãŒãã®æ§æ
2.1.5. ããŒããéã
ãã®ã¹ãããã§ã¯ãå¿
èŠãªããŒããéããŠãã¡ã€ã¢ãŠã©ãŒã«ãæ§æããŸãã éããŠããããŒãã®ã»ããã¯ã»ãã¥ãªã㣠ã°ã«ãŒããšåŒã°ããŸãã æ°ããã»ãã¥ãªã㣠ã°ã«ãŒããäœæããååãšèª¬æãä»ããUDP ããŒã (ã«ã¹ã¿ã UDP ã«ãŒã«) ãè¿œå ããå¿
èŠããããŸãã[Rort Range] ãã£ãŒã«ãã§ãç¯å²ããããŒãçªå·ãå²ãåœãŠãå¿
èŠããããŸãã
å¿ èŠäºé ããå ¥åã®äžããã¿ã³ãã¯ãªãã¯ããŠãã ãã 確èªããŠèµ·å
2.1.6. ãã¹ãŠã®èšå®ã®æŠèŠ
ãã®ããŒãžã«ã¯ã€ã³ã¹ã¿ã³ã¹ã®ãã¹ãŠã®èšå®ã®æŠèŠãããããã¹ãŠã®èšå®ãé©åã§ãããã©ããã確èªãããã¿ã³ãæŒããŸãã èµ·åãã
2.1.7. ã¢ã¯ã»ã¹ããŒã®äœæ
次ã«ãæ¢åã® SSH ããŒãäœæãŸãã¯è¿œå ããããã®ãã€ã¢ãã° ããã¯ã¹ã衚瀺ãããŸããããã䜿çšããŠãåŸã§ã€ã³ã¹ã¿ã³ã¹ã«ãªã¢ãŒãæ¥ç¶ããŸãã ãæ°ããããŒãã¢ã®äœæããªãã·ã§ã³ãéžæããŠæ°ããããŒãäœæããŸãã ååãä»ããŠãã¿ã³ãã¯ãªãã¯ããŸã ããŒãã¢ãããŠã³ããŒãçæãããããŒãããŠã³ããŒãããŸãã ããããããŒã«ã« ã³ã³ãã¥ãŒã¿äžã®å®å šãªå Žæã«ä¿åããŸãã ããŠã³ããŒããããããã¿ã³ãã¯ãªãã¯ããŸãã ã€ã³ã¹ã¿ã³ã¹ãèµ·å
2.1.7.1. ã¢ã¯ã»ã¹ããŒã®ä¿å
ããã§ã¯ãåã®ã¹ãããã§çæãããããŒãä¿åããã¹ãããã瀺ããŸãã ãã¿ã³ãæŒããåŸ ããŒãã¢ãããŠã³ããŒããããŒã¯ *.pem æ¡åŒµåãä»ãã蚌ææžãã¡ã€ã«ãšããŠä¿åãããŸãã ä»åã¯ååãä»ããŠã¿ãŸãã ã¯ã€ã€ãŒã¬ãŒã-awskey.pem
2.1.8. ã€ã³ã¹ã¿ã³ã¹äœæçµæã®æŠèŠ
次ã«ãäœæããã€ã³ã¹ã¿ã³ã¹ã®æ£åžžãªèµ·åã«é¢ããã¡ãã»ãŒãžã衚瀺ãããŸãã ãã¿ã³ãã¯ãªãã¯ãããšãã€ã³ã¹ã¿ã³ã¹ã®ãªã¹ãã«ç§»åã§ããŸãã ã€ã³ã¹ã¿ã³ã¹ã衚瀺ãã
2.2. å€éšIPã¢ãã¬ã¹ã®äœæ
2.2.1. å€éšIPã®äœæãéå§ãã
次ã«ãVPN ãµãŒããŒã«æ¥ç¶ããããã®æ°žç¶çãªå€éš IP ã¢ãã¬ã¹ãäœæããå¿ èŠããããŸãã ãããè¡ãã«ã¯ãç»é¢å·ŠåŽã®ããã²ãŒã·ã§ã³ ããã«ã§é ç®ãéžæããŸãã ãšã©ã¹ãã£ãã¯IP ã«ããŽãªãã ãããã¯ãŒã¯ãšã»ãã¥ãªã㣠ãã¿ã³ãæŒããŸã æ°ããã¢ãã¬ã¹ãå²ãåœãŠã
2.2.2. å€éš IP ã®äœæã®æ§æ
次ã®ã¹ãããã§ã¯ããªãã·ã§ã³ãæå¹ã«ããå¿ èŠããããŸã ã¢ããŸã³ããŒã« (ããã©ã«ãã§æå¹)ããã¿ã³ãã¯ãªãã¯ããŸãã å²ãåœãŠã
2.2.3. å€éš IP ã¢ãã¬ã¹ã®äœæçµæã®æŠèŠ
次ã®ç»é¢ã«ã¯ãåãåã£ãå€éš IP ã¢ãã¬ã¹ã衚瀺ãããŸãã æèšããããšããå§ãããŸãããæžãçããŠããããšãæšå¥šããŸãã ããã¯ãVPN ãµãŒããŒãããã«ã»ããã¢ããããŠäœ¿çšããéçšã§äœåºŠã圹ç«ã¡ãŸãã ãã®ã¬ã€ãã§ã¯ãäŸãšã㊠IP ã¢ãã¬ã¹ã䜿çšããŸãã 4.3.2.1ã ã¢ãã¬ã¹ãå ¥åããããã¿ã³ãæŒããŠãã ãã éãã
2.2.4. å€éšIPã¢ãã¬ã¹ã®ãªã¹ã
次ã«ãæ°žç¶çãªãããªã㯠IP ã¢ãã¬ã¹ (Elastic IP) ã®ãªã¹ãã衚瀺ãããŸãã
2.2.5. ã€ã³ã¹ã¿ã³ã¹ãžã®å€éš IP ã®å²ãåœãŠ
ãã®ãªã¹ãã§ãåãåã£ã IP ã¢ãã¬ã¹ãéžæããããŠã¹ã®å³ãã¿ã³ãæŒããŠããããããŠã³ ã¡ãã¥ãŒã衚瀺ããŸãã ãã®äžã§é ç®ãéžæããŸã ã¢ãœã·ãšã€ãã¢ãã¬ã¹å ã»ã©äœæããã€ã³ã¹ã¿ã³ã¹ã«å²ãåœãŠãŸãã
2.2.6. å€éšIPå²ãåœãŠèšå®
次ã®ã¹ãããã§ã¯ãããããããŠã³ ãªã¹ãããã€ã³ã¹ã¿ã³ã¹ãéžæãããã¿ã³ãæŒããŸãã 仲é
2.2.7. å€éš IP å²ãåœãŠçµæã®æŠèŠ
ãã®åŸãã€ã³ã¹ã¿ã³ã¹ãšãã®ãã©ã€ããŒã IP ã¢ãã¬ã¹ãæ°žç¶çãªãããªã㯠IP ã¢ãã¬ã¹ã«ãã€ã³ããããŠããããšãããããŸãã
ããã§ãæ°ããäœæããã€ã³ã¹ã¿ã³ã¹ã«å€éšã®ã³ã³ãã¥ãŒã¿ãŒãã SSH çµç±ã§æ¥ç¶ã§ããããã«ãªããŸããã
3. AWS ã€ã³ã¹ã¿ã³ã¹ã«æ¥ç¶ãã
3.1. Windows ã³ã³ãã¥ãŒã¿ãã SSH çµç±ã§æ¥ç¶ãã
Windows ã³ã³ãã¥ãŒã¿ã«æ¥ç¶ããã«ã¯ããŸãããã°ã©ã ãããŠã³ããŒãããŠã€ã³ã¹ããŒã«ããå¿
èŠããããŸã
3.1.1. Putty ã®ç§å¯ããŒãã€ã³ããŒããã
3.1.1.1. Putty ãã€ã³ã¹ããŒã«ããåŸãä»å±ã® PuTTYgen ãŠãŒãã£ãªãã£ãå®è¡ããŠãPEM 圢åŒã®èšŒææžããŒã Putty ã§ã®äœ¿çšã«é©ãã圢åŒã«ã€ã³ããŒãããå¿ èŠããããŸãã ãããè¡ãã«ã¯ããããã¡ãã¥ãŒã®é ç®ãéžæããŸã å€æ -> ããŒã®ã€ã³ããŒã
3.1.1.2. PEM 圢åŒã® AWS ããŒã®éžæ
次ã«ãæé 2.1.7.1 ã§ä¿åããã㌠(ãã®å Žåã¯ãã®åå) ãéžæããŸãã ã¯ã€ã€ãŒã¬ãŒã-awskey.pem
3.1.1.3. äž»èŠãªã€ã³ããŒã ãªãã·ã§ã³ã®èšå®
ãã®ã¹ãããã§ã¯ããã®ããŒã®ã³ã¡ã³ã (説æ) ãæå®ããã»ãã¥ãªãã£ã®ããã«ãã¹ã¯ãŒããšç¢ºèªãèšå®ããå¿ èŠããããŸãã æ¥ç¶ãããã³ã«èŠæ±ãããŸãã ãããã£ãŠãããŒãäžé©åãªäœ¿çšãããã¹ã¯ãŒãã§ä¿è·ããŸãã ãã¹ã¯ãŒããèšå®ããå¿ èŠã¯ãããŸããããããŒãæªè ã®æã«æž¡ã£ãå Žåãå®å šæ§ãäœäžããŸãã ãã¿ã³ãæŒããåŸ ç§å¯éµãä¿å
3.1.1.4. ã€ã³ããŒãããããŒã®ä¿å
ãã¡ã€ã«ã®ä¿åãã€ã¢ãã°ãéããç§å¯ããŒãæ¡åŒµåä»ãã®ãã¡ã€ã«ãšããŠä¿åããŸãã .ppk
ããã°ã©ã ã§ã®äœ¿çšã«é©ããŠããŸã ãã.
ããŒã®ååãæå®ããŸã (ãã®äŸã§ã¯ wireguard-awskey.ppk
ïŒãæŒããŠãã¿ã³ãæŒããŸã ä¿æããŸã.
3.1.2. Putty ã§ã®æ¥ç¶ã®äœæãšæ§æ
3.1.2.1. æ¥ç¶ãäœæãã
Putty ããã°ã©ã ãéããã«ããŽãªãéžæããŸã ã»ãã·ã§ã³ãéã (ããã©ã«ãã§ã¯éããŠããŸã)ãããŠãã£ãŒã«ã㧠ãã¹ãå ã¹ããã 2.2.3 ã§åãåã£ããµãŒããŒã®ãããªã㯠IP ã¢ãã¬ã¹ãå ¥åããŸãã ãã£ãŒã«ãå ä¿åãããã»ãã·ã§ã³ æ¥ç¶ã®ä»»æã®ååãå ¥åããŸã (ç§ã®å Žå㯠ã¯ã€ã€ãŒã¬ãŒã-AWS-ãã³ãã³ïŒãéžæãã ãã¿ã³ãæŒããŸãã Save è¡ã£ãå€æŽãä¿åããŸãã
3.1.2.2. ãŠãŒã¶ãŒã®èªåãã°ã€ã³ã®èšå®
ã«ããŽãªã®è©³çŽ° æ¥ç¶ããµãã«ããŽãªãéžæããŸã äžã€ ãšãã£ãŒã«ã㧠èªåãã°ã€ã³ ãŠãŒã¶ãŒå ãŠãŒã¶ãŒããŒã ãå ¥åããŠãã ãã Ubuntuã® Ubuntu ã䜿çšãã AWS äžã®ã€ã³ã¹ã¿ã³ã¹ã®æšæºãŠãŒã¶ãŒã§ãã
3.1.2.3. SSHçµç±ã§æ¥ç¶ããããã®ç§å¯ããŒã®éžæ
次ã«ãµãã«ããŽãªãŒã«ç§»åããŸã æ¥ç¶/SSH/èªèšŒ ãããŠçã®é£ã«ã¯ èªèšŒçšã®ç§å¯éµãã¡ã€ã« ãã¿ã³ãæŒã ãã©ãŠãºâŠ ãã¯ãªãã¯ããŠãããŒèšŒææžãå«ããã¡ã€ã«ãéžæããŸãã
3.1.2.4. ã€ã³ããŒããããããŒãéã
æé 3.1.1.4 ã§ã€ã³ããŒãããããŒãæå®ããŸãããã®å Žåã¯ãã¡ã€ã«ã§ãã ã¯ã€ã€ãŒã¬ãŒã-awskey.ppkãéžã³ã ãã¿ã³ãæŒã ãªãŒãã³.
3.1.2.5. èšå®ãä¿åããŠæ¥ç¶ãéå§ãã
ã«ããŽãªããŒãžã«æ»ã ã»ãã·ã§ã³ãéã ããäžåºŠãã¿ã³ãæŒããŠãã ãã Saveãåã®æé (3.1.2.2 ïœ 3.1.2.4) ã§è¡ã£ãå€æŽãä¿åããŸãã ãããŠãã¿ã³ãæŒããŸã Open äœæããŠæ§æãããªã¢ãŒã SSH æ¥ç¶ãéããŸãã
3.1.2.7. ãã¹ãéã®ä¿¡é Œã®ã»ããã¢ãã
次ã®ã¹ãããã§ã¯ãåããŠæ¥ç¶ããããšãããšãXNUMX å°ã®ã³ã³ãã¥ãŒã¿éã«ä¿¡é Œãæ§æãããŠããªããšããèŠåã衚瀺ããããªã¢ãŒã ã³ã³ãã¥ãŒã¿ãä¿¡é Œãããã©ãããå°ããããŸãã ãã¿ã³ãæŒããŸããã ã¯ããããã«ãããä¿¡é Œã§ãããã¹ãã®ãªã¹ãã«è¿œå ãããŸãã
3.1.2.8. ãã¹ã¯ãŒããå ¥åããŠããŒã«ã¢ã¯ã»ã¹ãã
ãã®åŸãã¿ãŒããã« ãŠã£ã³ããŠãéããã¹ããã 3.1.1.3 ã§ããŒã®ãã¹ã¯ãŒããèšå®ããå Žåã¯ãããŒã®ãã¹ã¯ãŒãã®å ¥åãæ±ããããŸãã ãã¹ã¯ãŒããå ¥åããŠããç»é¢äžã§äœãèµ·ãããŸããã ééã£ãŠãããŒã䜿çšã§ããŸã ããã¯ã¹ããŒã¹.
3.1.2.9. æ¥ç¶æåæã®ãŠã§ã«ã«ã ã¡ãã»ãŒãž
ãã¹ã¯ãŒãã®å ¥åã«æåãããšããªã¢ãŒã ã·ã¹ãã ãã³ãã³ããå®è¡ããæºåãã§ããŠããããšã瀺ããŠã§ã«ã«ã ããã¹ããã¿ãŒããã«ã«è¡šç€ºãããŸãã
4. Wireguard ãµãŒããŒã®æ§æ
以äžã§èª¬æããã¹ã¯ãªããã䜿çšã㊠Wireguard ãã€ã³ã¹ããŒã«ããã³äœ¿çšããããã®ææ°ã®æé ã¯ããªããžããªã«ãããŸãã
4.1. ã¯ã€ã€ãŒã¬ãŒãã®ã€ã³ã¹ããŒã«
ã¿ãŒããã«ã§æ¬¡ã®ã³ãã³ããå ¥åããŸã (ã¯ãªããããŒãã«ã³ããŒããããŠã¹ã®å³ãã¿ã³ãæŒããŠã¿ãŒããã«ã«è²Œãä»ããããšãã§ããŸã)ã
4.1.1. ãªããžããªã®ã¯ããŒã³äœæ
Wireguard ã€ã³ã¹ããŒã« ã¹ã¯ãªããã䜿çšããŠãªããžããªã®ã¯ããŒã³ãäœæããŸãã
git clone https://github.com/pprometey/wireguard_aws.git wireguard_aws
4.1.2. ã¹ã¯ãªããã®ãããã£ã¬ã¯ããªã«åãæ¿ãã
ã¯ããŒã³ããããªããžããªã®ãããã£ã¬ã¯ããªã«ç§»åããŸã
cd wireguard_aws
4.1.3 åæåã¹ã¯ãªããã®å®è¡
管çè (root ãŠãŒã¶ãŒ) ãšã㊠Wireguard ã€ã³ã¹ããŒã« ã¹ã¯ãªãããå®è¡ããŸãã
sudo ./initial.sh
ã€ã³ã¹ããŒã« ããã»ã¹ã§ã¯ãWireguard ã®æ§æã«å¿ èŠãªç¹å®ã®ããŒã¿ãèŠæ±ãããŸãã
4.1.3.1. æ¥ç¶ç¹å ¥å
å€éš IP ã¢ãã¬ã¹ãå
¥åããWireguard ãµãŒããŒã®ããŒããéããŸãã ã¹ããã 2.2.3 ã§ãµãŒããŒã®å€éš IP ã¢ãã¬ã¹ãååŸããã¹ããã 2.1.5 ã§ããŒããéããŸããã ããšãã°ãã³ãã³ã§åºåã£ãŠãããããŸãšããŠç€ºããŸãã 4.3.2.1:54321
ãã㊠ããŒãæŒããŸã å
¥åããŸã
åºåäŸ:
Enter the endpoint (external ip and port) in format [ipv4:port] (e.g. 4.3.2.1:54321): 4.3.2.1:54321
4.1.3.2. å éšIPã¢ãã¬ã¹ã®å ¥å
å®å
šãª VPN ãµããããäžã® Wireguard ãµãŒããŒã® IP ã¢ãã¬ã¹ãå
¥åããŸããIP ã¢ãã¬ã¹ãããããªãå Žåã¯ãEnter ããŒãæŒããŠããã©ã«ãå€ãèšå®ããŸã (10.50.0.1
)
åºåäŸ:
Enter the server address in the VPN subnet (CIDR format) ([ENTER] set to default: 10.50.0.1):
4.1.3.3. DNSãµãŒããŒã®æå®
DNS ãµãŒããŒã® IP ã¢ãã¬ã¹ãå
¥åããããEnter ããŒãæŒããŠããã©ã«ãå€ãèšå®ããŸãã 1.1.1.1
(Cloudflareãããªãã¯DNS)
åºåäŸ:
Enter the ip address of the server DNS (CIDR format) ([ENTER] set to default: 1.1.1.1):
4.1.3.4. WANã€ã³ã¿ãŒãã§ãŒã¹ã®æå®
次ã«ãVPN å
éšãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ããªãã¹ã³ããå€éšãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ã®ååãå
¥åããå¿
èŠããããŸãã Enter ããŒãæŒãã ãã§ãAWS ã®ããã©ã«ãå€ãèšå®ã§ããŸã (eth0
)
åºåäŸ:
Enter the name of the WAN network interface ([ENTER] set to default: eth0):
4.1.3.5. ã¯ã©ã€ã¢ã³ãåã®æå®
VPN ãŠãŒã¶ãŒã®ååãå
¥åããŸãã å®éãWireguard VPN ãµãŒããŒã¯ãå°ãªããšã XNUMX ã€ã®ã¯ã©ã€ã¢ã³ããè¿œå ããããŸã§èµ·åã§ããŸããã ä»åã¯ååãå
¥åããŸãã Alex@mobile
åºåäŸ:
Enter VPN user name: Alex@mobile
ãã®åŸãæ°ããè¿œå ãããã¯ã©ã€ã¢ã³ãã®æ§æãå«ã QR ã³ãŒããç»é¢ã«è¡šç€ºãããŸãããããæ§æããã«ã¯ãAndroid ãŸã㯠iOS ã® Wireguard ã¢ãã€ã« ã¯ã©ã€ã¢ã³ãã䜿çšããŠèªã¿åãå¿ èŠããããŸãã ãŸããã¯ã©ã€ã¢ã³ããæåã§èšå®ããå Žåã¯ãQR ã³ãŒãã®äžã«èšå®ãã¡ã€ã«ã®ããã¹ãã衚瀺ãããŸãã ãããè¡ãæ¹æ³ã«ã€ããŠã¯ä»¥äžã§èª¬æããŸãã
4.2. æ°ãã VPN ãŠãŒã¶ãŒã®è¿œå
æ°ãããŠãŒã¶ãŒãè¿œå ããã«ã¯ãã¿ãŒããã«ã§ã¹ã¯ãªãããå®è¡ããå¿
èŠããããŸã add-client.sh
sudo ./add-client.sh
ã¹ã¯ãªããã¯ãŠãŒã¶ãŒåãèŠæ±ããŸãã
åºåäŸ:
Enter VPN user name:
ãŸãããŠãŒã¶ãŒã®ååãã¹ã¯ãªãã ãã©ã¡ãŒã¿ãŒãšããŠæž¡ãããšãã§ããŸã (ãã®å Žåã Alex@mobile
):
sudo ./add-client.sh Alex@mobile
ã¹ã¯ãªããã®å®è¡ã®çµæããã¹ã«æ²¿ã£ãŠã¯ã©ã€ã¢ã³ãã®ååãå«ãŸãããã£ã¬ã¯ããªã« /etc/wireguard/clients/{ÐÐŒÑÐлОеМÑа}
ã¯ã©ã€ã¢ã³ãèšå®ãã¡ã€ã«ãäœæãããŸã /etc/wireguard/clients/{ÐÐŒÑÐлОеМÑа}/{ÐÐŒÑÐлОеМÑа}.conf
, 端æ«ç»é¢ã«ã¯ãã¢ãã€ã« ã¯ã©ã€ã¢ã³ããã»ããã¢ããããããã® QR ã³ãŒããšæ§æãã¡ã€ã«ã®å
容ã衚瀺ãããŸãã
4.2.1. ãŠãŒã¶ãŒèšå®ãã¡ã€ã«
次ã®ã³ãã³ãã䜿çšããŠãã¯ã©ã€ã¢ã³ããæåã§æ§æããããã«ã.conf ãã¡ã€ã«ã®å
容ãç»é¢ã«è¡šç€ºã§ããŸãã cat
sudo cat /etc/wireguard/clients/Alex@mobile/[email protected]
å®è¡çµæ:
[Interface]
PrivateKey = oDMWr0toPVCvgKt5oncLLRfHRit+jbzT5cshNUi8zlM=
Address = 10.50.0.2/32
DNS = 1.1.1.1
[Peer]
PublicKey = mLnd+mul15U0EP6jCH5MRhIAjsfKYuIU/j5ml8Z2SEk=
PresharedKey = wjXdcf8CG29Scmnl5D97N46PhVn1jecioaXjdvrEkAc=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 4.3.2.1:54321
ã¯ã©ã€ã¢ã³ãæ§æãã¡ã€ã«ã®èª¬æ:
[Interface]
PrivateKey = ÐÑОваÑÐœÑй клÑÑ ÐºÐ»ÐžÐµÐœÑа
Address = IP аЎÑÐµÑ ÐºÐ»ÐžÐµÐœÑа
DNS = ÐÐС ОÑпПлÑзÑеЌÑй клОеМÑПЌ
[Peer]
PublicKey = ÐÑблОÑÐœÑй клÑÑ ÑеÑвеÑа
PresharedKey = ÐбÑО клÑÑ ÑеÑвеÑа О клОеМÑа
AllowedIPs = РазÑеÑеММÑе аЎÑеÑа ÐŽÐ»Ñ Ð¿ÐŸÐŽÐºÐ»ÑÑÐµÐœÐžÑ (вÑе - 0.0.0.0/0, ::/0)
Endpoint = IP аЎÑÐµÑ Ðž пПÑÑ ÐŽÐ»Ñ Ð¿ÐŸÐŽÐºÐ»ÑÑеМОÑ
4.2.2. ã¯ã©ã€ã¢ã³ãèšå®çšã® QR ã³ãŒã
ã³ãã³ãã䜿çšããŠã以åã«äœæããã¯ã©ã€ã¢ã³ãã®æ§æ QR ã³ãŒãã端æ«ç»é¢ã«è¡šç€ºã§ããŸãã qrencode -t ansiutf8
(ãã®äŸã§ã¯ãAlex@mobile ãšããååã®ã¯ã©ã€ã¢ã³ãã䜿çšãããŠããŸã):
sudo cat /etc/wireguard/clients/Alex@mobile/[email protected] | qrencode -t ansiutf8
5. VPN ã¯ã©ã€ã¢ã³ãã®æ§æ
5.1. Android ã¢ãã€ã« ã¯ã©ã€ã¢ã³ãã®ã»ããã¢ãã
Android çšã®å
¬åŒ Wireguard ã¯ã©ã€ã¢ã³ãã¯æ¬¡ã®ãšããã§ãã
ãã®åŸãã¯ã©ã€ã¢ã³ãèšå®ã® QR ã³ãŒããèªã¿åã£ãŠèšå®ãã€ã³ããŒãã (4.2.2 é ãåç §)ãååãä»ããå¿ èŠããããŸãã
æ§æãæ£åžžã«ã€ã³ããŒããããããVPN ãã³ãã«ãæå¹ã«ããããšãã§ããŸãã æ¥ç¶ãæåãããšãAndroid ã·ã¹ãã ãã¬ã€ã®ããŒã®é ãå Žæã«ãã£ãŠç€ºãããŸãã
5.2. Windowsã¯ã©ã€ã¢ã³ãã®ã»ããã¢ãã
ãŸãããã°ã©ã ãããŠã³ããŒãããŠã€ã³ã¹ããŒã«ããå¿
èŠããããŸã
5.2.1. ã€ã³ããŒãæ§æãã¡ã€ã«ã®äœæ
å³ã¯ãªãã¯ããŠãã¹ã¯ãããã«ããã¹ã ãã¡ã€ã«ãäœæããŸãã
5.2.2. èšå®ãã¡ã€ã«ã®å 容ããµãŒããŒããã³ããŒããŸãã
次ã«ãPutty ã¿ãŒããã«ã«æ»ããã¹ããã 4.2.1 ã§èª¬æããããã«ãç®çã®ãŠãŒã¶ãŒã®æ§æãã¡ã€ã«ã®å
容ã衚瀺ããŸãã
次ã«ãPutty ã¿ãŒããã«ã§æ§æããã¹ããå³ã¯ãªãã¯ããŸããéžæãå®äºãããšãã¯ãªããããŒãã«èªåçã«ã³ããŒãããŸãã
5.2.3. æ§æãããŒã«ã«æ§æãã¡ã€ã«ã«ã³ããŒãã
ãã®ãã£ãŒã«ãã§ã¯ãåã«ãã¹ã¯ãããäžã«äœæããããã¹ã ãã¡ã€ã«ã«æ»ããæ§æããã¹ããã¯ãªããããŒããããã®ãã¡ã€ã«ã«è²Œãä»ããŸãã
5.2.4. ããŒã«ã«èšå®ãã¡ã€ã«ã®ä¿å
æ¡åŒµåãä»ããŠãã¡ã€ã«ãä¿åããŸã .conf (ãã®å Žå㯠london.conf
)
5.2.5. ããŒã«ã«èšå®ãã¡ã€ã«ã®ã€ã³ããŒã
次ã«ãæ§æãã¡ã€ã«ã TunSafe ããã°ã©ã ã«ã€ã³ããŒãããå¿ èŠããããŸãã
5.2.6. VPNæ¥ç¶ã®ã»ããã¢ãã
ãã®èšå®ãã¡ã€ã«ãéžæãããã¿ã³ãã¯ãªãã¯ããŠæ¥ç¶ããŸã ãååã.
6. æ¥ç¶ãæåãããã©ããã®ç¢ºèª
VPN ãã³ãã«ãä»ããæ¥ç¶ã®æåã確èªããã«ã¯ããã©ãŠã¶ãéããŠãµã€ãã«ã¢ã¯ã»ã¹ããå¿
èŠããããŸã
衚瀺ããã IP ã¢ãã¬ã¹ã¯ãã¹ããã 2.2.3 ã§åãåã£ããã®ãšäžèŽããå¿
èŠããããŸãã
ããã§ããã°ãVPN ãã³ãã«ã¯æ£åžžã«æ©èœããŠããŸãã
Linux ã¿ãŒããã«ãã次ã®ããã«å ¥åã㊠IP ã¢ãã¬ã¹ã確èªã§ããŸãã
curl http://zx2c4.com/ip
ãŸãã¯ãã«ã¶ãã¹ã¿ã³ã«ããå Žåã¯ãpornhub ã«ã¢ã¯ã»ã¹ããããšãã§ããŸãã
åºæïŒ habr.com