αααααΆααα WireGuard
α§ααααα
- Raspberry Pi 3 ααΆαα½ααααΌαα»α LTE αα·αα’αΆααααααΆα IP ααΆααΆαααα ααΆααΉαααΆααααΆαααΈααα VPN αα ααΈααα (ααα ααααα αααα»αα’αααααααΆααααΌαααΆαα α α’αααααΎαααα)
- ααΌαααααα Android αααααααΌαααααααΎ VPN αααααΆααααααΆααααααααΆααα’ααα
- αα»αααααΌααααα½αααααΈαα»α ααααα½αααααΎαα VPN αα αααα»ααααααΆα
ααΆααα§ααααααααααααΆαααα
VPN ααααΌαααα’αΆα
ααααΆαααα
α§αααααααααααααααΆααα’ααα α§ααΆα ααα ααΌααααααα½αααα’αΆα
ααααΆαααα
αααΆαααΈααααααααΆααα
ααΎαα»αααααΌααααα½ααα ααααα·αααΎα§αααααααΆααααΈαααΆααααααααααααΆα VPN α ααααα·αααΎααΆααααα
ααααααα
ααΆααΆαααα αααα’αααα’αΆα
αα·αα’αααΈααΆαααααΆαααααααα»αα
VPN (ααΆααααα’ααΈααΊααα·α)α
αααβαα·α
αΆαααΆβααΆβααΆαβαααααΆααβααΆαβαααα αα·αβα₯αβααααβααΆααααβααΆαβαα»ααααα·ααΆαβααΆααααβαα·α
βαα
αβααΆαβαααααααΆ (
ααΆαααα‘αΎααααααα·ααΈ
WireGuard ααααα
αααα»αααΆα Fedora Linux 31 α
α»αααααααααα’αα α αΎααααα»ααααα·αααααααα»αααΆαα’αΆαααααα
ααααΆααα»ααααααα‘αΎαα ααΎαααααααΎααααα
αα wireguard-tools
ααα‘αΎααα½αααΆ α αΎααααααΆαααααα·αα’αΆα
ααΉαααΆα ααα»α’αααΈααΆαααΆααααΆαα’αααΈααααΎαααΆαα ααΆααααΎαα’αααααααααααααΆααααα αΆαααΆαααα»ααα·αααΆααααα
ααααα‘αΎαααα wireguard-dkms
(ααΆαα½ααααααα·ααΈαααααΆαααααΆα) ααα»ααααααΆαα·ααα
αααα»αααααΆααααααΆαα
ααα
αΆααααααααα»αααα
ααααα·αααΎαααα»αααΆαα’αΆαααΆαααααΆα αααα»αααΉαα αΆαααα·ααΆαααΆαααααΉαααααΌαα
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
αααα»αααΆαααΆαα
ααα
αΆα Raspbian Buster αααααΆαααα‘αΎααα
ααΎ Raspberry Pi αααααααα»α ααΆααααα
αααα½α
α αΎααα
ααΈααα wireguard
, ααα‘αΎαααΆα
$ sudo apt install wireguard
αα
ααΎααΌαααααα Android αααααααα»ααααα»αααΆαααα‘αΎααααααα·ααΈ
ααΆαααα‘αΎααα
αααααΆααααΆααααααααααΆααααΆαααΌα ααααΆ Wireguard ααααΎαααααααΆαααααα―ααα/ααΆααΆαααααΆαααα ααΎααααΈαααααααααΆααααΆαααααΉαααααΌααααααα·αααααααα· VPN α α’αααα’αΆα αααααΎααα VPN ααΆααααΆαααΆααααα½ααααααααΎααΆααααααααΆααΆααααααα
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.key
ααααααααα±ααααΎαααΌαααΌαααααΉαα ααα½αααΈ (α―αααΆαααααΆααα½α) α ααΎαααΉααα·ααααα ααΎα―αααΆααα αααα»αααΆααααααααααα ααα»ααααα ααααααΆαα·ααΆαα ααΈαααα αααααΉαααΈαα½ααααΊαα½ααααααΆαααααα»α base64α
ααΆααααααΎαα―αααΆαααααααα ααΆαααααααααααααΆαααααΆαααΈααα VPN (Raspberry Pi)
ααΆαααααααα
ααΆααααααααααΊααΆααααααΆαα, αααα»αααΆααααααΎαα―αααΆαααΆαααααα /etc/wireguard/wg0.conf
:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32
αααααα αααΆαααΈαααΈα
- αα ααααααααααααα’αααααααΌααααα αΌααααααΆααααΈα―αααΆααααααααΎααααΆααα α»α
- VPN αααααααα»ααααα»αααααΎαααα»αααΆααααα»α
10.200.200.0/24
- αααααΆαααααα»α
PostUp
/PostDown
αααα»αααΆαα ααα»α αααααΆαααααααΆαααΆααααα wwan0 α’αααα’αΆα ααΆααα½ααααααααα (α§ααΆα ααα eth0)
αααααΆα VPN ααααΌαααΆαααΎαα‘αΎααααΆαααΆααααα½ααααααααΎααΆααααααααΆααΆααααααα
$ sudo wg-quick up wg0
ααααααΆααααα’α·αααΌα
αα½αα ααΆαααΆαααΈααα DNS ααααααα»αααΆαααααΎ dnsmasq
ααααΆαααα
α
ααα»α
αααααΆαααααααΆα br0
αααα»αααααΆαααααααα§ααααααααααα wg0
αα
αααααΈα§ααααααααααΆαα’αα»ααααΆαα αα
αααα»α dnsmasq αααααααΌαααΆαααααΎααααααααααααααΆααα
ααα»α
αααααΆαααααααΆαααααΈαα
α―αααΆαααααααα
ααΆαααααααα /etc/dnsmasq.conf
α§ααΆα ααα:
interface=br0
interface=wg0
ααΎαααΈαααααααααα»αααΆαααααααα αααΆαα iptable ααΎααααΈα’αα»ααααΆαα±ααα ααΆα ααα ααΆααα αααααααΆαα UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT
α₯α‘αΌααααα’αααΈααααα»αααααΎαααΆα ααΎαα’αΆα αααα αααΆαααΎαααααΎαααΆααααααααααααααααα·ααααααΌαααΌααααααααΈ VPNα
$ sudo systemctl enable [email protected]
ααΆαααααααα ααΆααααααααα’αα·αα·αααα ααΎαα»αααααΌααααα½ααα
αααααΎαα―αααΆαααααααα
ααΆαααααααααα
ααΎαα»αααααΌααααα½ααα /etc/wireguard/wg0.conf
ααΆαα½αααΉαααΆααααααααΌα
ααααΆα
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820
α αααΆα:
- αααα½αα±αα edgewalker α’αααααααΌααααααΆαα IP ααΆααΆααα α¬αααΆαααΈααα VPN
- αααααΆαααααα
AllowedIPs
αα ααΎ10.200.200.0/24
ααΎαααααΎαα VPN ααΎααααΈα αΌαααααΎαααααΆαααΆααααα»αα α ααΆα ααααα ααΆααα’αΆααααααΆα IP/αααΆαααΈαααααααααααααΆααα’ααααΉααααααα ααΆαααααααααΆαααΎα "ααααααΆ"α ααΆααααΉαααααΎαααΆαααΈααα DNS αααααΆαααααααα»αααΆαα»ααα ααΎαα»αααααΌααααα½ααααααααα
αααααΆααααΆαααααΎααααα αα·αααΆαααΎαααααΎαααΆααααααααααααααααα· ααΎαααααΎααΆααααααααΆααΌα
ααααΆα wg-quick
ΠΈ systemd
:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]
ααα‘αΎααααΆαααΈαααααααα ααΎααΌαααααα Android
αααααΆααααΌαααααα Android ααΎααααααΎαα―αααΆαααααααα
ααΆααααααααααααααααααΆ (ααΌαα α
ααΆααΆ mobile.conf
):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
αα·αααΌα
ααΆαααααααα
ααΎαα»αααααΌααααα½ααααα ααΌααααααααααΌαααααααΎαααΆαααΈααα VPN ααααααΎαααΆαααΆαααΈααα DNS (αααααΆαα DNS
) α αΎαααααααααΆααα
ααΆα
αααααΆααα’ααααΆααααααααΌαααΌααααααααΈ VPN (AllowedIPs = 0.0.0.0/0
).
αααα½αα±ααααΆαα ααααα―αααΆααα α§αααααα αααααααα’ααα α’αααα’αΆα αααααααααΆαα ααΆααΌα QRα
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf
αααααΌα QR ααΉαα αααα ααΆαααα»αααΌαααΆ ASCII α ααΆα’αΆα ααααΌαααΆααααααααΈαααααα·ααΈ Android VPN α αΎαααΉαααα‘αΎαααααΌαααΌααααααααΈ VPN αααααααααααααααα·α
ααα ααααΈααααα·ααααΆα
ααΆαααα‘αΎα WireGuard ααΊααΆααααααααααααααααΎαααααααααα
ααΉα OpenVPN α
ααααα: www.habr.com