Ndi kuchuluka kwa kuwunika kwa intaneti ndi maulamuliro aulamuliro, kuchuluka kwazinthu zothandiza pa intaneti ndi masamba akutsekedwa. Kuphatikizapo zambiri zaukadaulo.
Chifukwa chake, zimakhala zosatheka kugwiritsa ntchito intaneti mokwanira ndikuphwanya ufulu wofunikira waufulu wolankhula, woperekedwa Universal Declaration of Human Rights.
Nkhani 19
Aliyense ali ndi danga lokhala ndi maganizo ake; ufuluwu ukuphatikiza ufulu wokhala ndi maganizo popanda kusokonezedwa ndi kufunafuna, kulandira ndi kufalitsa uthenga ndi malingaliro kudzera muwailesi iliyonse, mosatengera malire.
Mu bukhu ili, tiyika zida zathu zaulere * mu masitepe 6. Ntchito ya VPN zochokera pa luso Woteteza, mu zomangamanga zamtambo Mapulogalamu a Webusaiti a Amazon (AWS), pogwiritsa ntchito akaunti yaulere (kwa miyezi 12), pamwambo (makina enieni) oyendetsedwa ndi Ubuntu Server 18.04LTS.
Ndayesera kupanga njira iyi kukhala yochezeka kwa anthu omwe si a IT momwe ndingathere. Chinthu chokha chimene chimafunika ndi kulimbikira kubwereza ndondomeko zomwe zafotokozedwa pansipa.
ndemanga
AWS imapereka ntchito yopanda malire kwa nthawi ya miyezi 12, ndi malire a 15 gigabytes a magalimoto pamwezi.
Musanasankhe malo a data, tikulimbikitsidwa kuti tiyese https://speedtest.net liwiro lofikira malo ofikira apafupi, komwe ndili ndi zotsatira zotsatirazi:
Π‘ΠΈΠ½Π³Π°ΠΏΡΡ
Paris
Frankfurt
Stockholm
London
Deta ya data ku London ikuwonetsa zotsatira zabwino kwambiri pa liwiro. Chifukwa chake ndidasankha kuti musinthe mwamakonda.
2. Pangani chitsanzo cha AWS
2.1 Pangani makina enieni
2.1.1. Kusankha mtundu wachitsanzo
Mwachikhazikitso, chitsanzo cha t2.micro chimasankhidwa, zomwe timafunikira, ingodinani batani Kenako: Konzani Tsatanetsatane wa Instance
2.1.2. Kukhazikitsa Zosankha Zachitsanzo
M'tsogolomu, tidzalumikiza IP yokhazikika yapagulu ku chitsanzo chathu, kotero pakadali pano tikuzimitsa kugawa kwapagulu kwa IP, ndikudina batani. Kenako: Onjezani Chosungira
2.1.3. Kulumikizana kosungira
Tchulani kukula kwa "hard disk". Pazolinga zathu, ma gigabytes 16 ndi okwanira, ndipo timakanikiza batani Kenako: Add Tags
2.1.4. Kupanga ma tag
Ngati tidapanga zingapo, ndiye kuti zitha kugawidwa ndi ma tag kuti zithandizire kuyendetsa. Pankhaniyi, magwiridwe antchito ndi ochulukirapo, dinani batani nthawi yomweyo Kenako: Konzani Gulu la Chitetezo
2.1.5. Kutsegula madoko
Mu sitepe iyi, timakonza firewall potsegula madoko ofunikira. Gulu la madoko otseguka limatchedwa Gulu la Chitetezo. Tiyenera kupanga gulu latsopano lachitetezo, kulipatsa dzina, kufotokozera, kuwonjezera doko la UDP (Custom UDP Rule), m'gawo la Rort Range, perekani nambala ya doko kuchokera pamndandanda. madoko amphamvu 49152-65535. Pankhaniyi, ndinasankha doko nambala 54321.
Pambuyo podzaza deta yofunikira, dinani batani Ndemanga ndi Kukhazikitsa
2.1.6. Chidule cha zokonda zonse
Patsamba ili pali chidule cha zosintha zonse zachitsanzo chathu, timayang'ana ngati makonda onse ali mu dongosolo, ndikusindikiza batani. Yambani
Chiwonetsero apa ndi sitepe yosungira makiyi opangidwa kuchokera pa sitepe yapitayi. Tikamaliza kukanikiza batani Tsitsani Key Pair, kiyi imasungidwa ngati fayilo ya satifiketi yokhala ndi *.pem extension. Pankhani imeneyi, ndinaipatsa dzina wireguard-awskey.pem
2.1.8. Mwachidule za Zotsatira Zakupangidwa Kwachiwonetsero
Kenako, tikuwona uthenga wokhudza kukhazikitsidwa bwino kwa chitsanzo chomwe tangopanga kumene. Titha kupita ku mndandanda wa zochitika zathu podina batani mawonekedwe
2.2. Kupanga adilesi yakunja ya IP
2.2.1. Kuyambira kupanga IP yakunja
Kenako, tifunika kupanga adilesi yakunja yakunja ya IP yomwe tidzalumikizane ndi seva yathu ya VPN. Kuti muchite izi, pagawo loyang'anira kumanzere kwa chinsalu, sankhani chinthucho Zotanuka IPs kuchokera mgulu NETWORK & SECTURITY ndipo dinani batani Perekani adilesi yatsopano
2.2.2. Kukonzekera kupangidwa kwa IP yakunja
Mu sitepe yotsatira, tiyenera kuyatsa kusankha Amazon pool (yothandizidwa mwachisawawa), ndikudina batani Gawani
2.2.3. Mwachidule za zotsatira zopanga adilesi yakunja ya IP
Chophimba chotsatira chidzawonetsa adilesi yakunja ya IP yomwe tidalandira. Ndikoyenera kuloweza pamtima, ndipo ndi bwino ngakhale kulilemba. idzathandiza kangapo pakukhazikitsanso ndikugwiritsa ntchito seva ya VPN. Mu bukhuli, ndimagwiritsa ntchito adilesi ya IP monga chitsanzo. 4.3.2.1. Mukalowa adilesi, dinani batani Close
2.2.4. Mndandanda wama adilesi akunja a IP
Kenako, tapatsidwa mndandanda wama adilesi athu a IP okhazikika (elastics IP).
2.2.5. Kupereka IP Yakunja kwa Instance
Pamndandandawu, timasankha adilesi ya IP yomwe tidalandira, ndikudina batani lakumanja la mbewa kuti mubweretse menyu yotsitsa. Mmenemo, sankhani chinthucho adilesi yothandiziraperekani ku chitsanzo chomwe tidapanga kale.
2.2.7. Mwachidule za Zotsatira za Ntchito Zakunja za IP
Pambuyo pake, titha kuwona kuti chitsanzo chathu ndi adilesi yake yachinsinsi ya IP imalumikizidwa ku adilesi yathu yapagulu yapagulu.
Tsopano titha kulumikizana ndi chitsanzo chathu chatsopano kuchokera kunja, kuchokera pakompyuta yathu kudzera pa SSH.
3. Lumikizani ku chitsanzo cha AWS
SSH ndi protocol yotetezeka yazida zakutali zamakompyuta.
3.1. Kulumikiza kudzera pa SSH kuchokera pa kompyuta ya Windows
Kuti mulumikizane ndi kompyuta ya Windows, choyamba muyenera kukopera ndikuyika pulogalamuyo Putty.
3.1.1. Lowetsani kiyi yachinsinsi ya Putty
3.1.1.1. Mukakhazikitsa Putty, muyenera kuyendetsa chida cha PuTTYgen chomwe chimabwera nacho kuti mulowetse kiyi ya satifiketi mu mtundu wa PEM kukhala mtundu woyenera kugwiritsidwa ntchito ku Putty. Kuti muchite izi, sankhani chinthucho mumenyu yapamwamba Zosintha-> Chofunikira Cholowetsa
3.1.1.2. Kusankha AWS Key mu PEM Format
Kenako, sankhani kiyi yomwe tidasunga kale mu gawo 2.1.7.1, kwa ife dzina lake wireguard-awskey.pem
3.1.1.3. Kukhazikitsa zosankha zazikulu zolowetsa
Pa sitepe iyi, tiyenera kufotokoza ndemanga pa kiyi (mafotokozedwe) ndikukhazikitsa mawu achinsinsi ndi chitsimikiziro cha chitetezo. Idzafunsidwa nthawi iliyonse mukalumikiza. Chifukwa chake, timateteza kiyi ndi mawu achinsinsi kuti asagwiritsidwe ntchito mosayenera. Simuyenera kukhazikitsa mawu achinsinsi, koma ndi otetezeka kwambiri ngati fungulo ligwera m'manja olakwika. Tikamaliza dinani batani Sungani kiyi yachinsinsi
3.1.1.4. Kusunga kiyi yotumizidwa kunja
Kukambirana kwa fayilo kumatsegulidwa ndipo timasunga kiyi yathu yachinsinsi ngati fayilo yokhala ndi zowonjezera .ppkoyenera kugwiritsidwa ntchito mu pulogalamuyi Putty.
Tchulani dzina la kiyi (kwa ife wireguard-awskey.ppk) ndikudina batani kusunga.
3.1.2. Kupanga ndi kukonza kulumikizana mu Putty
3.1.2.1. Pangani kulumikizana
Tsegulani pulogalamu ya Putty, sankhani gulu Gawo (ndi lotseguka mwachisawawa) ndi m'munda Dzina Lokhala lowetsani adilesi ya IP yapagulu ya seva yathu, yomwe tidalandira mu gawo 2.2.3. M'munda Gawo Lopulumutsidwa lowetsani dzina losasinthika la kulumikizana kwathu (kwa ine wireguard-aws-london), ndiyeno dinani batani Save kusunga zosintha zomwe tapanga.
3.1.2.2. Kukhazikitsa wosuta autologin
Zambiri mgulu Kulumikizana, sankhani gulu laling'ono Deta ndi mβmunda Lowani nokha lolowera lowetsani dzina lolowera Ubuntu ndiye wogwiritsa ntchito wamba pa AWS ndi Ubuntu.
3.1.2.3. Kusankha kiyi yachinsinsi yolumikizira kudzera pa SSH
Kenako pitani ku subcategory Kulumikizana/SSH/Auth ndi pafupi ndi munda Fayilo yachinsinsi yachinsinsi kuti mutsimikizire dinani batani Sakatulani ... kusankha fayilo yokhala ndi satifiketi yofunikira.
3.1.2.4. Kutsegula kiyi yotumizidwa kunja
Tchulani fungulo lomwe tidaitanitsa kale pa sitepe 3.1.1.4, kwa ife ndi fayilo wireguard-awskey.ppk, ndi kukanikiza batani Tsegulani.
Thamangani ngati woyang'anira (wogwiritsa ntchito mizu) script ya Wireguard install
sudo ./initial.sh
Kukhazikitsa kudzapempha deta ina yofunikira kuti muyike Wireguard
4.1.3.1. Malo olumikizirana
Lowetsani adilesi yakunja ya IP ndikutsegula doko la seva ya Wireguard. Tili ndi adilesi yakunja ya IP ya seva mu gawo 2.2.3, ndikutsegula doko mu sitepe 2.1.5. Timawawonetsa pamodzi, kuwalekanitsa ndi colon, mwachitsanzo 4.3.2.1:54321ndiyeno dinani batani Lowani Zitsanzo zotuluka:
Enter the endpoint (external ip and port) in format [ipv4:port] (e.g. 4.3.2.1:54321): 4.3.2.1:54321
4.1.3.2. Kulowetsa adilesi ya IP yamkati
Lowetsani adilesi ya IP ya seva ya Wireguard pagawo lotetezedwa la VPN, ngati simukudziwa kuti ndi chiyani, ingodinani batani la Enter kuti muyike mtengo wokhazikika (10.50.0.1) Zitsanzo zotuluka:
Enter the server address in the VPN subnet (CIDR format) ([ENTER] set to default: 10.50.0.1):
4.1.3.3. Kufotokozera seva ya DNS
Lowetsani adilesi ya IP ya seva ya DNS, kapena ingodinani batani la Enter kuti muyike mtengo wokhazikika 1.1.1.1 (Cloudflare public DNS) Zitsanzo zotuluka:
Enter the ip address of the server DNS (CIDR format) ([ENTER] set to default: 1.1.1.1):
4.1.3.4. Kufotokozera mawonekedwe a WAN
Chotsatira, muyenera kuyika dzina la mawonekedwe akunja akunja omwe angamvetsere pa intaneti ya VPN yamkati. Ingodinani Enter kuti muyike mtengo wokhazikika wa AWS (eth0) Zitsanzo zotuluka:
Enter the name of the WAN network interface ([ENTER] set to default: eth0):
4.1.3.5. Kutchula dzina la kasitomala
Lowetsani dzina la wogwiritsa ntchito VPN. Chowonadi ndi chakuti seva ya Wireguard VPN sichitha kuyambitsa mpaka kasitomala m'modzi wawonjezedwa. Pankhaniyi, ndinalemba dzina Alex@mobile Zitsanzo zotuluka:
Enter VPN user name: Alex@mobile
Pambuyo pake, nambala ya QR yokhala ndi kasinthidwe ka kasitomala wongowonjezedwayo iyenera kuwonetsedwa pazenera, yomwe iyenera kuwerengedwa pogwiritsa ntchito kasitomala wam'manja wa Wireguard pa Android kapena iOS kuti akonze. Komanso pansi pa nambala ya QR, zolemba za fayilo yosinthira zidzawonetsedwa ngati kasitomala angasinthidwe pamanja. Momwe mungachitire izi tikambirana pansipa.
Chifukwa cha kuphedwa kwa script, mu bukhuli ndi dzina la kasitomala panjira /etc/wireguard/clients/{ΠΠΌΡΠΠ»ΠΈΠ΅Π½ΡΠ°} kasitomala kasinthidwe file adzapangidwa /etc/wireguard/clients/{ΠΠΌΡΠΠ»ΠΈΠ΅Π½ΡΠ°}/{ΠΠΌΡΠΠ»ΠΈΠ΅Π½ΡΠ°}.conf, ndipo chiwonetsero chazithunzi chidzawonetsa nambala ya QR yokhazikitsira makasitomala am'manja ndi zomwe zili mufayilo yosinthira.
4.2.1. Fayilo yosinthira wosuta
Mutha kuwonetsa zomwe zili mufayilo ya .conf pazenera, pakukonza pamanja kwa kasitomala, pogwiritsa ntchito lamulo cat
Pambuyo pake, muyenera kuitanitsa kasinthidwe powerenga nambala ya QR ndi kasinthidwe ka kasitomala (onani ndime 4.2.2) ndikupatseni dzina:
Mukatha kuitanitsa kasinthidwe, mutha kuloleza njira ya VPN. Kulumikizana kopambana kudzawonetsedwa ndi chinsinsi chachinsinsi mu tray ya Android system
5.2. Kukhazikitsa kwa kasitomala wa Windows
Choyamba muyenera kukopera kwabasi pulogalamu TunSafe kwa Windows ndiye kasitomala wa Wireguard wa Windows.
5.2.1. Kupanga fayilo yosinthira kuchokera kunja
Dinani kumanja kuti mupange fayilo yolemba pa desktop.
5.2.2. Koperani zomwe zili mufayilo yosinthira kuchokera pa seva
Kenako timabwerera ku Putty terminal ndikuwonetsa zomwe zili mufayilo yosinthira yomwe mukufuna, monga tafotokozera mu gawo 4.2.1.
Kenako, dinani kumanja mawu osinthira mu Putty terminal, kusankha kukamalizidwa, kumangokopera pa bolodi.
5.2.3. Kukopera kasinthidwe ku fayilo yosinthira kwanuko
M'munda uno, timabwerera ku fayilo yomwe tidapanga kale pakompyuta, ndikuyika zolembazo kuchokera pa clipboard.
5.2.4. Kusunga fayilo yosinthira kwanuko
Sungani fayilo ndikuwonjezera .conf (mu nkhani iyi london.conf)
5.2.5. Kuitanitsa fayilo yosinthira kwanuko
Kenako, muyenera kulowetsa fayilo yosinthira mu pulogalamu ya TunSafe.