Chifukwa WireGuard
Zida
- Raspberry Pi 3 yokhala ndi gawo la LTE ndi adilesi yapagulu ya IP. Padzakhala seva ya VPN pano (pambuyo pake pamawu omwe amatchedwa edgewalker)
- Foni ya Android yomwe imayenera kugwiritsa ntchito VPN pazolumikizana zonse
- Laputopu ya Linux yomwe imayenera kugwiritsa ntchito VPN mkati mwa netiweki
Chida chilichonse chomwe chimalumikizidwa ndi VPN chiyenera kulumikizana ndi zida zina zonse. Mwachitsanzo, foni iyenera kulumikizidwa ndi seva yapaintaneti pa laputopu ngati zida zonse zili gawo la netiweki ya VPN. Ngati kukhazikitsidwa kumakhala kosavuta, ndiye kuti mutha kuganiza zolumikiza desktop ku VPN (kudzera pa Ethernet).
Poganizira kuti kulumikizana kwa mawaya ndi opanda zingwe kukucheperachepera pakapita nthawi (
Kukhazikitsa mapulogalamu
WireGuard amapereka
Ndili ndi Fedora Linux 31 yaposachedwa, ndipo ndinali waulesi kuwerenga bukuli ndisanayike. Ndangopeza mapaketi wireguard-tools
, adaziyika, ndiyeno sanathe kudziwa chifukwa chake palibe chomwe chikugwira ntchito. Kufufuza kwina kunawonetsa kuti ndilibe phukusi loyikapo wireguard-dkms
(ndi driver driver), koma sizinali m'malo omwe ndimagawa.
Ndikadawerenga malangizowo, ndikadachita zoyenera:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Ndili ndi kugawa kwa Raspbian Buster komwe kumayikidwa pa Raspberry Pi yanga, pali kale phukusi pamenepo wireguard
, khazikitsani:
$ sudo apt install wireguard
Pa foni yanga ya Android ndidayika pulogalamuyo
Kuyika makiyi
Potsimikizira anzawo, Wireguard amagwiritsa ntchito njira yosavuta yachinsinsi/pagulu kuti atsimikizire anzawo a VPN. Mutha kupanga makiyi a VPN mosavuta pogwiritsa ntchito lamulo ili:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.key
Izi zimatipatsa ma awiri awiri ofunikira (mafayilo asanu ndi limodzi). Sitidzanena za mafayilo omwe ali mu configs, koma koperani zomwe zili pano: fungulo lirilonse ndi mzere umodzi mu base64.
Kupanga fayilo yosinthira ya seva ya VPN (Raspberry Pi)
Kukonzekera ndikosavuta, ndidapanga fayilo yotsatirayi /etc/wireguard/wg0.conf
:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32
Zolemba zingapo:
- M'malo oyenera muyenera kuyika mizere kuchokera pamafayilo okhala ndi makiyi
- VPN yanga ikugwiritsa ntchito bandi yamkati
10.200.200.0/24
- Za matimu
PostUp
/PostDown
Ndili ndi mawonekedwe akunja a netiweki wwan0, mutha kukhala ndi ina (mwachitsanzo, eth0)
Netiweki ya VPN imakwezedwa mosavuta ndi lamulo ili:
$ sudo wg-quick up wg0
Chinthu chimodzi chaching'ono: monga seva ya DNS yomwe ndimagwiritsa ntchito dnsmasq
kumangirizidwa ku mawonekedwe a netiweki br0
, Ndinawonjezeranso zipangizo wg0
pamndandanda wa zida zololedwa. Mu dnsmasq izi zimachitika powonjezera mzere watsopano wa mawonekedwe a netiweki ku fayilo yosinthira /etc/dnsmasq.conf
, mwachitsanzo:
interface=br0
interface=wg0
Kuphatikiza apo, ndinawonjezera lamulo la iptable lololeza magalimoto kupita ku doko lomvera la UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT
Tsopano popeza zonse zikugwira ntchito, titha kukhazikitsa njira yodziyimira yokha ya VPN:
$ sudo systemctl enable [email protected]
Kusintha kwa kasitomala pa laputopu
Pangani fayilo yosinthira pa laputopu /etc/wireguard/wg0.conf
ndi makonda omwewo:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820
Mfundo:
- M'malo mwa edgewalker muyenera kufotokozera anthu onse a IP kapena seva ya VPN
- Ataika
AllowedIPs
pa10.200.200.0/24
, timangogwiritsa ntchito VPN kuti tipeze netiweki yamkati. Magalimoto kupita ku ma adilesi ena onse a IP / ma seva apitiliza kudutsa njira zotseguka "zabwinobwino". Idzagwiritsanso ntchito seva ya DNS yokonzedweratu pa laputopu.
Poyesa ndikuyambitsa zokha timagwiritsa ntchito malamulo omwewo wg-quick
ΠΈ systemd
:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]
Kukhazikitsa kasitomala pa foni ya Android
Pa foni ya Android timapanga fayilo yofananira yofananira (tiyeni tiyitchule mobile.conf
):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
Mosiyana ndi kasinthidwe pa laputopu, foni iyenera kugwiritsa ntchito seva yathu ya VPN ngati seva ya DNS (mzere DNS
), ndikudutsanso magalimoto onse kudzera mumsewu wa VPN (AllowedIPs = 0.0.0.0/0
).
M'malo mokopera fayilo ku foni yanu yam'manja, mutha kuyisintha kukhala nambala ya QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf
Khodi ya QR idzatuluka ku console ngati ASCII. Itha kufufuzidwa kuchokera pa pulogalamu ya Android VPN ndipo ingokhazikitsa njira ya VPN.
Pomaliza
Kukhazikitsa WireGuard ndi zamatsenga chabe poyerekeza ndi OpenVPN.
Source: www.habr.com