No te mea WireGuard
Tuhinga
- Raspberry Pi 3 me te kōwae LTE me te wāhitau IP tūmatanui. Ka noho he tūmau VPN i konei (i muri mai i roto i te tuhinga e kiia ana kaitahurihuri)
- He waea Android me whakamahi VPN mo nga whakawhitinga korero katoa
- Pona Linux me whakamahi noa i te VPN i roto i te whatunga
Ko nga taputapu katoa e hono ana ki te VPN me kaha ki te hono atu ki etahi atu taputapu katoa. Hei tauira, ka taea e te waea te hono atu ki te tūmau tukutuku i runga i te pona mena he waahanga nga taputapu e rua o te whatunga VPN. Mena he maamaa noa te tatūnga, ka taea e koe te whakaaro mo te hono i te papamahi ki te VPN (ma Ethernet).
Ki te whakaaro kei te iti haere nga hononga waea me te ahokore i roto i te waa (
Tāutanga Pūmanawa
Ka whakaratohia e WireGuard
Kei a au te Fedora Linux 31 hou, a he mangere ahau ki te panui i te pukapuka i mua i te whakauru. I kitea noa nga kete wireguard-tools
, i whakauruhia, katahi ka kore e mohio he aha te mea i mahi. Ko etahi atu whakatewhatewha ka kitea kaore au i te whakauru i te kete wireguard-dkms
(me te taraiwa whatunga), engari kaore i roto i te putunga o taku tohatoha.
Mena kua panui ahau i nga tohutohu, kua tika taku mahi:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Kei a au te tohatoha Raspbian Buster kua whakauruhia ki runga i taku Raspberry Pi, he kete kei reira wireguard
, tāutahia:
$ sudo apt install wireguard
I runga i taku waea Android i whakauruhia e ahau te tono
Te whakaurunga o nga taviri
Mo te motuhēhēnga hoa, ka whakamahi a Wireguard i tetahi kaupapa matua motuhake/tangata whanui hei whakamotuhēhē i ngā hoa VPN. Ka taea e koe te hanga i nga taviri VPN ma te whakamahi i te whakahau e whai ake nei:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.key
E toru nga takirua matua (e ono nga konae). E kore matou e korero ki nga konae kei roto i nga whirihora, engari ka kape i nga korero ki konei: ko ia matua he rarangi kotahi i te base64.
Te hanga i te konae whirihora mo te tūmau VPN (Raspberry Pi)
He tino ngawari te whirihoranga, i hanga e ahau te konae e whai ake nei /etc/wireguard/wg0.conf
:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32
E rua nga korero:
- I nga waahi e tika ana me whakauru koe i nga raina mai i nga konae me nga taviri
- Kei te whakamahi taku VPN i te roopu o roto
10.200.200.0/24
- Mo nga kapa
PostUp
/PostDown
Kei a au te atanga whatunga o waho wwan0, he rereke pea taau (hei tauira, eth0)
Ko te whatunga VPN he ngawari ki te whakaara me te whakahau e whai ake nei:
$ sudo wg-quick up wg0
Ko tetahi korero iti: ko te tūmau DNS i whakamahia e au dnsmasq
herea ki te atanga whatunga br0
, I tapiritia ano e ahau nga taputapu wg0
ki te rarangi o nga taputapu kua whakaaetia. I roto i te dnsmasq ka mahia tenei ma te taapiri i tetahi raina atanga whatunga hou ki te konae whirihoranga /etc/dnsmasq.conf
, hei tauira:
interface=br0
interface=wg0
I tua atu, i taapirihia e ahau he ture iptable hei tuku i nga waka ki te tauranga whakarongo UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT
Inaianei kei te mahi nga mea katoa, ka taea e taatau te whakarite i te whakarewanga aunoa o te kauhanga VPN:
$ sudo systemctl enable [email protected]
whirihoranga kiritaki i runga pona
Waihangahia he konae whirihoranga ki runga pona /etc/wireguard/wg0.conf
me nga tautuhinga rite:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820
Tuhipoka:
- Engari i te edgewalker me tohu koe i te IP tūmatanui, te kaihautu tūmau VPN rānei
- Na te whakatakoto
AllowedIPs
i runga i10.200.200.0/24
, ka whakamahi noa matou i te VPN ki te uru atu ki te whatunga o roto. Ka haere tonu nga waka ki etahi atu wahitau IP/tūmau katoa ma nga huarahi tuwhera "noa". Ka whakamahi hoki i te tūmau DNS kua whirihora i mua i runga i te pona.
Mo te whakamatautau me te whakarewa aunoa ka whakamahia e matou nga whakahau ano wg-quick
и systemd
:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]
Te whakatu i tetahi kaihoko ki runga waea Android
Mo te waea Android ka hangaia e matou he konae whirihoranga tino rite (me karangahia mobile.conf
):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
Kaore i rite ki te whirihoranga i runga i te pona, me whakamahi te waea i ta maatau tūmau VPN hei tūmau DNS (raina DNS
), me te whakawhiti hoki i nga waka katoa i roto i te kauhanga VPN (AllowedIPs = 0.0.0.0/0
).
Engari ki te kape i te konae ki to taputapu pūkoro, ka taea e koe te huri ki te waehere QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf
Ka puta te waehere QR ki te papatohu hei ASCII. Ka taea te karapa mai i te taupānga Android VPN ka whakatu aunoa i tetahi kohanga VPN.
mutunga
Ko te whakatu WireGuard he makutu noa ki te OpenVPN.
Source: will.com