Mai i te WireGuard matua o te heke mai Linux 5.6, i whakatau ahau ki te tirotiro me pēhea te whakauru i tēnei VPN ki taku .
Tuhinga
- Raspberry Pi 3 me te kōwae LTE me te wāhitau IP tūmatanui. Ka noho he tūmau VPN i konei (i muri mai i roto i te tuhinga e kiia ana kaitahurihuri)
- Waea kei runga Android, me whakamahi i te VPN mō ngā whakawhitiwhitinga katoa
- Ноутбук Linux, e tika ana kia whakamahia te VPN i roto i te whatunga anake
Ko nga taputapu katoa e hono ana ki te VPN me kaha ki te hono atu ki etahi atu taputapu katoa. Hei tauira, ka taea e te waea te hono atu ki te tūmau tukutuku i runga i te pona mena he waahanga nga taputapu e rua o te whatunga VPN. Mena he maamaa noa te tatūnga, ka taea e koe te whakaaro mo te hono i te papamahi ki te VPN (ma Ethernet).
Ki te whakaaro kei te iti haere nga hononga waea me te ahokore i roto i te waa (, и ), kei te tino whakaaroaro ahau ki te whakamahi WireGuard mō aku taputapu katoa, ahakoa te taiao e whakamahia ana.
Tāutanga Pūmanawa
WireGuard whakarato mō te nuinga o ngā tohatoha Linux, Windows и macOSNgā tono mō Android ā, ka tukuna a iOS mā roto i ngā toa taupānga.
Kei a au te Fedora hou rawa atu Linux 31, ā, i mua i te tāutanga i mangere rawa ahau ki te pānui i te pukapuka ā-ringa. I kitea noa e au ngā mōkihi. wireguard-tools, i whakauruhia, katahi ka kore e mohio he aha te mea i mahi. Ko etahi atu whakatewhatewha ka kitea kaore au i te whakauru i te kete wireguard-dkms (me te taraiwa whatunga), engari kaore i roto i te putunga o taku tohatoha.
Mena kua panui ahau i nga tohutohu, kua tika taku mahi:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools Kei a au te tohatoha Raspbian Buster kua whakauruhia ki runga i taku Raspberry Pi, he kete kei reira wireguard, tāutahia:
$ sudo apt install wireguardI runga waea Android I tāutahia e au te taupānga mai i te raarangi mana o Google App Store.
Te whakaurunga o nga taviri
Hei whakamana i ngā pūnga Wireguard Ka whakamahi i tētahi kaupapa kī tūmataiti/tūmatanui māmā hei manatoko i ngā pūnga VPN. Ka taea e koe te whakaputa ngāwari i ngā kī VPN mā te whakahau e whai ake nei:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyE toru nga takirua matua (e ono nga konae). E kore matou e korero ki nga konae kei roto i nga whirihora, engari ka kape i nga korero ki konei: ko ia matua he rarangi kotahi i te base64.
Te hanga i te konae whirihora mo te tūmau VPN (Raspberry Pi)
He tino ngawari te whirihoranga, i hanga e ahau te konae e whai ake nei /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32E rua nga korero:
- I nga waahi e tika ana me whakauru koe i nga raina mai i nga konae me nga taviri
- Kei te whakamahi taku VPN i te roopu o roto
10.200.200.0/24 - Mo nga kapa
PostUp/PostDownKei a au te atanga whatunga o waho wwan0, he rereke pea taau (hei tauira, eth0)
Ko te whatunga VPN he ngawari ki te whakaara me te whakahau e whai ake nei:
$ sudo wg-quick up wg0 Ko tetahi korero iti: ko te tūmau DNS i whakamahia e au dnsmasq herea ki te atanga whatunga br0, I tapiritia ano e ahau nga taputapu wg0 ki te rarangi o nga taputapu kua whakaaetia. I roto i te dnsmasq ka mahia tenei ma te taapiri i tetahi raina atanga whatunga hou ki te konae whirihoranga /etc/dnsmasq.conf, hei tauira:
interface=br0
interface=wg0I tua atu, i taapirihia e ahau he ture iptable hei tuku i nga waka ki te tauranga whakarongo UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTInaianei kei te mahi nga mea katoa, ka taea e taatau te whakarite i te whakarewanga aunoa o te kauhanga VPN:
$ sudo systemctl enable wg-quick@wg0.servicewhirihoranga kiritaki i runga pona
Waihangahia he konae whirihoranga ki runga pona /etc/wireguard/wg0.conf me nga tautuhinga rite:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Tuhipoka:
- Engari i te edgewalker me tohu koe i te IP tūmatanui, te kaihautu tūmau VPN rānei
- Na te whakatakoto
AllowedIPsi runga i10.200.200.0/24, ka whakamahi noa matou i te VPN ki te uru atu ki te whatunga o roto. Ka haere tonu nga waka ki etahi atu wahitau IP/tūmau katoa ma nga huarahi tuwhera "noa". Ka whakamahi hoki i te tūmau DNS kua whirihora i mua i runga i te pona.
Mo te whakamatautau me te whakarewa aunoa ka whakamahia e matou nga whakahau ano wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable wg-quick@wg0.serviceTe whakarite i te kiritaki mō Android-waea
No te waea Android Ka hangaia e mātou he kōnae whirihoranga tino rite (me kī tātou ko mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820 Kaore i rite ki te whirihoranga i runga i te pona, me whakamahi te waea i ta maatau tūmau VPN hei tūmau DNS (raina DNS), me te whakawhiti hoki i nga waka katoa i roto i te kauhanga VPN (AllowedIPs = 0.0.0.0/0).
Engari ki te kape i te konae ki to taputapu pūkoro, ka taea e koe te huri ki te waehere QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confKa tukuna te waehere QR ki te papatohu hei ASCII. Ka taea te matawai mai i te taupānga. Android VPN ka whirihora aunoa i te kauhanga VPN.
mutunga
whakatikatikanga WireGuard he makutu noa iho ki te whakataurite ki OpenVPN.
Source: will.com
