
I te nuinga o nga wa, ko te hono i te pouara ki te VPN ehara i te mea uaua, engari ki te hiahia koe ki te tiaki i te whatunga katoa me te wa ano kia mau tonu te tere hononga tino pai, ko te otinga pai ko te whakamahi i te kohanga VPN. .
Pouara Mikrotik i kitea he otinga pono me te tino ngawari, engari kaore kare ano, kaore ano i te mohiotia ahea ka puta me te aha te mahi. No tata nei ko ngā kaiwhakawhanake o te kauhanga VPN WireGuard whakaaro , ka waiho ko tā rātou pūmanawa whakarara VPN hei wāhanga matua Linux, ko te tumanako ka āwhina tēnei i te whakatinanatanga ki RouterOS.
Engari i nāianei, heoi anō, mō te whakatūnga WireGuard Me huri te pūmanawa i runga i te pouara Mikrotik.
Kohikohia te Mikrotik, te whakauru me te whirihora i te OpenWrt
Tuatahi me mohio koe kei te tautoko a OpenWrt i to tauira. Tirohia mena ka rite tetahi tauira ki tona ingoa hokohoko me tona ahua .
Haere ki openwrt.com .
Mo tenei taputapu, me 2 nga konae:
Me tango e koe nga konae e rua: tāuta и whakamohoa.

1. Tatūnga whatunga, tikiake me te tatūnga tūmau PXE
Tikiake ki Windows putanga hou rawa atu.
Wewetehia ki te kōpaki motuhake. I roto i te kōnae config.ini tāpiri i te tawhā rfc951=1 wahanga [dhcp]. He rite tenei tawhā mo nga tauira Mikrotik katoa.

Me neke atu ki nga tautuhinga whatunga: me rehita koe i tetahi wahitau IP pateko ki tetahi o nga hononga whatunga o to rorohiko.

Wāhitau IP: 192.168.1.10
Netmask: 255.255.255.0

Rere Tūmau PXE iti mo te Kaiwhakahaere me te whiriwhiri i te mara Tūmau DHCP tūmau me te wāhitau 192.168.1.10
I ētahi putanga Windows Tērā pea ka puta noa tēnei atanga i muri i te hononga Ethernet. Ka tūtohu ahau kia honoa te pouara me te hono tonu i te pouara me te PC mā te whakamahi i te taura whakapiri.

Patohia te paatene "..." (raro matau) ka tohua te kōpaki i tangohia e koe nga konae firmware mo Mikrotik.
Kōwhiria he kōnae ka mutu tona ingoa ki te "initramfs-kernel.bin or elf"

2. Whakarewa i te pouara mai i te tūmau PXE
Ka honoa te PC ki te waea me te tauranga tuatahi (wan, ipurangi, poe in, ...) o te pouara. I muri i tera, ka tangohia e matou he niho niho, ka piri ki roto i te poka me te tuhi "Tautuhi".

Ka whakahurihia e matou te mana o te pouara ka tatari mo te 20 hēkona, ka tukuna te toothpick.
I roto i te meneti e whai ake nei, me puta nga karere e whai ake nei ki te matapihi Tiny PXE Server:

Mena ka puta te karere, kei te tika koe!
Whakahokia nga tautuhinga i runga i te urutau whatunga me te whakarite kia whiwhi hihiri te wahitau (ma te DHCP).
Hono atu ki nga tauranga LAN o te pouara Mikrotik (2…5 i roto i ta maatau keehi) ma te whakamahi i te taura papaki ano. Me huri noa mai i te tauranga tuatahi ki te tauranga tuarua. Tuwhera te wahitau i roto i te pūtirotiro.

Takiuru ki te atanga whakahaere OpenWRT ka haere ki te waahanga tahua "Pūnaha -> Pūrua/Flash Firmware"

I roto i te waahanga "Flash new firmware image", pawhiria te paatene "Tīpakohia te konae (Tirotiro)".

Tauwhāitihia te ara ki te konae ka mutu tona ingoa ki te "-squashfs-sysupgrade.bin".

I muri i taua, pāwhiri i te pātene "Flash Image".
I te matapihi e whai ake nei, paatohia te paatene "Haere". Ka timata te firmware ki te tango ki te pouara.

!!! I TE KAUPAPA KAUA KA WHAKATOKANGA TE MANA O TE ROUTER I TE WHAKAMAHI WHAKAMAHI !!!

I muri i te uira me te whakaara ano i te pouara, ka whiwhi koe i a Mikrotik me te OpenWRT firmware.
Nga raruraru me nga otinga ka taea
He maha nga taputapu Mikrotik i tukuna i te tau 2019 e whakamahi ana i te maramara mahara FLASH-NOR o te momo GD25Q15 / Q16. Ko te raruraru ko te wa e whiti ana, kaore e tiakina nga raraunga mo te tauira taputapu.
Mena ka kite koe i te hapa "Karekau he whakatakotoranga tautoko i te konae whakaahua kua tukuna. Kia mohio koe ki te whiriwhiri i te whakatakotoranga ahua whanui mo to papanga." katahi pea kei te uira te raru.
He ngawari ki te tirotiro i tenei: whakahaere i te whakahau ki te tirotiro i te ID tauira i te tauranga taputapu
root@OpenWrt: cat /tmp/sysinfo/board_name
A, ki te whiwhi koe i te whakautu "kaore e mohiotia", ka hiahia koe ki te tautuhi i te tauira taputapu i roto i te ahua "rb-951-2nd"
Hei tiki i te tauira taputapu, whakahaere i te whakahau
root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2nd
I muri i te whiwhinga i te tauira taputapu, whakauruhia a ringa:
echo 'rb-951-2nd' > /tmp/sysinfo/board_name
I muri i tera, ka taea e koe te whakakorikori i te taputapu ma te atanga tukutuku ma te whakamahi ranei i te whakahau "sysupgrade".
Waihangahia he tūmau VPN me WireGuard
Mena kua whirihorahia e koe tētahi tūmau WireGuard, kātahi ka taea e koe te peke i tēnei wāhi.
Ka whakamahi ahau i te tono ki te whakatu i tetahi tūmau VPN whaiaro mo te ngeru kua ahau .
whakatikatikanga WireGuard Kiritaki i runga i te OpenWRT
Tūhono ki te pouara mā te kawa SSH:
ssh root@192.168.1.1
Tāuta WireGuard:
opkg update
opkg install wireguard
Whakapaia te whirihoranga (tāruahia te waehere i raro nei ki te konae, whakakapihia nga uara kua tohua ki a koe ake ka rere ki te tauranga).
Mena kei te whakamahi koe i te MyVPN, na i roto i te whirihoranga i raro me huri noa koe WG_SERV - IP Tūmau WG_KEY — kī tūmataiti mai i te kōnae whirihoranga wireguard и WG_PUB - kī tūmatanui.
WG_IF="wg0"
WG_SERV="100.0.0.0" # ip адрес сервера
WG_PORT="51820" # порт wireguard
WG_ADDR="10.8.0.2/32" # диапазон адресов wireguard
WG_KEY="xxxxx" # приватный ключ
WG_PUB="xxxxx" # публичный ключ
# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart
# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restart
Koinā te whakaritenga WireGuard Kua oti! Inaianei kua tiakina ngā waka katoa i runga i ngā taputapu hono katoa e te hononga VPN.
tohutoro
(atu nga tohutohu e waatea ana mo te whakarite L2TP, PPTP i runga i te miihini Mikrotik paerewa)
Source: will.com
