I te nuinga o nga wa, ko te hono i te pouara ki te VPN ehara i te mea uaua, engari ki te hiahia koe ki te tiaki i te whatunga katoa me te wa ano kia mau tonu te tere hononga tino pai, ko te otinga pai ko te whakamahi i te kohanga VPN. .
Pouara Mikrotik i kitea he otinga pono me te tino ngawari, engari kaore kare ano, kaore ano i te mohiotia ahea ka puta me te aha te mahi. No tata nei e pa ana ki nga korero a nga kaihanga o te WireGuard VPN tunnel , ka waiho i a raatau raupaparorohiko VPN hei waahanga o te kakano Linux, ko te tumanako ka whai waahi tenei ki te whakaurunga ki RouterOS.
Engari mo tenei wa, kaore, ki te whirihora WireGuard i runga i te pouara Mikrotik, me whakarereke e koe te firmware.
Kohikohia te Mikrotik, te whakauru me te whirihora i te OpenWrt
Tuatahi me mohio koe kei te tautoko a OpenWrt i to tauira. Tirohia mena ka rite tetahi tauira ki tona ingoa hokohoko me tona ahua .
Haere ki openwrt.com .
Mo tenei taputapu, me 2 nga konae:
Me tango e koe nga konae e rua: tāuta и whakamohoa.
1. Tatūnga whatunga, tikiake me te tatūnga tūmau PXE
Tikiake mo Windows te putanga hou.
Wewetehia ki te kōpaki motuhake. I roto i te kōnae config.ini tāpiri i te tawhā rfc951=1 wahanga [dhcp]. He rite tenei tawhā mo nga tauira Mikrotik katoa.
Me neke atu ki nga tautuhinga whatunga: me rehita koe i tetahi wahitau IP pateko ki tetahi o nga hononga whatunga o to rorohiko.
Wāhitau IP: 192.168.1.10
Netmask: 255.255.255.0
Rere Tūmau PXE iti mo te Kaiwhakahaere me te whiriwhiri i te mara Tūmau DHCP tūmau me te wāhitau 192.168.1.10
I etahi putanga o Windows, ka puta noa tenei atanga i muri i te hononga Ethernet. Ka tūtohu ahau ki te hono i te pouara me te huri tonu i te pouara me te PC ma te whakamahi i te taura papaki.
Patohia te paatene "..." (raro matau) ka tohua te kōpaki i tangohia e koe nga konae firmware mo Mikrotik.
Kōwhiria he kōnae ka mutu tona ingoa ki te "initramfs-kernel.bin or elf"
2. Whakarewa i te pouara mai i te tūmau PXE
Ka honoa te PC ki te waea me te tauranga tuatahi (wan, ipurangi, poe in, ...) o te pouara. I muri i tera, ka tangohia e matou he niho niho, ka piri ki roto i te poka me te tuhi "Tautuhi".
Ka whakahurihia e matou te mana o te pouara ka tatari mo te 20 hēkona, ka tukuna te toothpick.
I roto i te meneti e whai ake nei, me puta nga karere e whai ake nei ki te matapihi Tiny PXE Server:
Mena ka puta te karere, kei te tika koe!
Whakahokia nga tautuhinga i runga i te urutau whatunga me te whakarite kia whiwhi hihiri te wahitau (ma te DHCP).
Hono atu ki nga tauranga LAN o te pouara Mikrotik (2…5 i roto i ta maatau keehi) ma te whakamahi i te taura papaki ano. Me huri noa mai i te tauranga tuatahi ki te tauranga tuarua. Tuwhera te wahitau i roto i te pūtirotiro.
Takiuru ki te atanga whakahaere OpenWRT ka haere ki te waahanga tahua "Pūnaha -> Pūrua/Flash Firmware"
I roto i te waahanga "Flash new firmware image", pawhiria te paatene "Tīpakohia te konae (Tirotiro)".
Tauwhāitihia te ara ki te konae ka mutu tona ingoa ki te "-squashfs-sysupgrade.bin".
I muri i taua, pāwhiri i te pātene "Flash Image".
I te matapihi e whai ake nei, paatohia te paatene "Haere". Ka timata te firmware ki te tango ki te pouara.
!!! I TE KAUPAPA KAUA KA WHAKATOKANGA TE MANA O TE ROUTER I TE WHAKAMAHI WHAKAMAHI !!!
I muri i te uira me te whakaara ano i te pouara, ka whiwhi koe i a Mikrotik me te OpenWRT firmware.
Nga raruraru me nga otinga ka taea
He maha nga taputapu Mikrotik i tukuna i te tau 2019 e whakamahi ana i te maramara mahara FLASH-NOR o te momo GD25Q15 / Q16. Ko te raruraru ko te wa e whiti ana, kaore e tiakina nga raraunga mo te tauira taputapu.
Mena ka kite koe i te hapa "Karekau he whakatakotoranga tautoko i te konae whakaahua kua tukuna. Kia mohio koe ki te whiriwhiri i te whakatakotoranga ahua whanui mo to papanga." katahi pea kei te uira te raru.
He ngawari ki te tirotiro i tenei: whakahaere i te whakahau ki te tirotiro i te ID tauira i te tauranga taputapu
root@OpenWrt: cat /tmp/sysinfo/board_nameA, ki te whiwhi koe i te whakautu "kaore e mohiotia", ka hiahia koe ki te tautuhi i te tauira taputapu i roto i te ahua "rb-951-2nd"
Hei tiki i te tauira taputapu, whakahaere i te whakahau
root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2ndI muri i te whiwhinga i te tauira taputapu, whakauruhia a ringa:
echo 'rb-951-2nd' > /tmp/sysinfo/board_nameI muri i tera, ka taea e koe te whakakorikori i te taputapu ma te atanga tukutuku ma te whakamahi ranei i te whakahau "sysupgrade".
Waihangatia he tūmau VPN me WireGuard
Mena kei a koe he tūmau kua whirihorahia a WireGuard, ka taea e koe te peke i tenei taahiraa.
Ka whakamahi ahau i te tono ki te whakatu i tetahi tūmau VPN whaiaro mo te ngeru kua ahau .
Te whirihora i te Kiritaki WireGuard ki OpenWRT
Tūhono ki te pouara mā te kawa SSH:
ssh [email protected]Tāuta WaeaGuard:
opkg update
opkg install wireguardWhakapaia te whirihoranga (tāruahia te waehere i raro nei ki te konae, whakakapihia nga uara kua tohua ki a koe ake ka rere ki te tauranga).
Mena kei te whakamahi koe i te MyVPN, na i roto i te whirihoranga i raro me huri noa koe WG_SERV - IP Tūmau WG_KEY - kī tūmataiti mai i te kōnae whirihoranga wireguard me WG_PUB - kī tūmatanui.
WG_IF="wg0"
WG_SERV="100.0.0.0" # ip адрес сервера
WG_PORT="51820" # порт wireguard
WG_ADDR="10.8.0.2/32" # диапазон адресов wireguard
WG_KEY="xxxxx" # приватный ключ
WG_PUB="xxxxx" # публичный ключ
# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart
# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restartKa whakaoti tenei i te tatūnga WireGuard! Inaianei kua tiakina nga waka katoa i runga i nga taputapu hono katoa e te hononga VPN.
tohutoro
(atu nga tohutohu e waatea ana mo te whakarite L2TP, PPTP i runga i te miihini Mikrotik paerewa)
Source: will.com