monga WireGuard maziko amtsogolo Linux 5.6, ndaganiza zowona momwe ndingagwirizanitsire VPN iyi ndi yanga .
Zida
- Raspberry Pi 3 yokhala ndi gawo la LTE ndi adilesi yapagulu ya IP. Padzakhala seva ya VPN pano (pambuyo pake pamawu omwe amatchedwa edgewalker)
- Foni yayatsidwa Android, yomwe iyenera kugwiritsa ntchito VPN pa mauthenga onse
- kope Linux, yomwe iyenera kugwiritsa ntchito VPN mkati mwa netiweki yokha
Chida chilichonse chomwe chimalumikizidwa ndi VPN chiyenera kulumikizana ndi zida zina zonse. Mwachitsanzo, foni iyenera kulumikizidwa ndi seva yapaintaneti pa laputopu ngati zida zonse zili gawo la netiweki ya VPN. Ngati kukhazikitsidwa kumakhala kosavuta, ndiye kuti mutha kuganiza zolumikiza desktop ku VPN (kudzera pa Ethernet).
Poganizira kuti kulumikizana kwa mawaya ndi opanda zingwe kukucheperachepera pakapita nthawi (, и ), ndikuganiza mozama kugwiritsa ntchito WireGuard pa zipangizo zanga zonse, mosasamala kanthu za malo omwe zimagwira ntchito.
Kukhazikitsa mapulogalamu
WireGuard amapereka pa magawidwe ambiri Linux, Windows и macOSMafomu ofunsira Android ndipo iOS imaperekedwa kudzera m'masitolo osungira mapulogalamu.
Ndili ndi Fedora yaposachedwa Linux 31, ndipo ndisanayambe kuyika ndinachita ulesi kwambiri kuti ndiwerenge buku la malangizo. Ndangopeza ma phukusi. wireguard-tools, adaziyika, ndiyeno sanathe kudziwa chifukwa chake palibe chomwe chikugwira ntchito. Kufufuza kwina kunawonetsa kuti ndilibe phukusi loyikapo wireguard-dkms (ndi driver driver), koma sizinali m'malo omwe ndimagawa.
Ndikadawerenga malangizowo, ndikadachita zoyenera:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools Ndili ndi kugawa kwa Raspbian Buster komwe kumayikidwa pa Raspberry Pi yanga, pali kale phukusi pamenepo wireguard, khazikitsani:
$ sudo apt install wireguardPa foni Android Ndayika pulogalamuyo kuchokera pagulu lovomerezeka la Google App Store.
Kuyika makiyi
Kuti mutsimikizire ma node Wireguard Imagwiritsa ntchito njira yosavuta yachinsinsi/yapagulu yotsimikizira ma node a VPN. Mutha kupanga makiyi a VPN mosavuta ndi lamulo lotsatirali:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyIzi zimatipatsa ma awiri awiri ofunikira (mafayilo asanu ndi limodzi). Sitidzanena za mafayilo omwe ali mu configs, koma koperani zomwe zili pano: fungulo lirilonse ndi mzere umodzi mu base64.
Kupanga fayilo yosinthira ya seva ya VPN (Raspberry Pi)
Kukonzekera ndikosavuta, ndidapanga fayilo yotsatirayi /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32Zolemba zingapo:
- M'malo oyenera muyenera kuyika mizere kuchokera pamafayilo okhala ndi makiyi
- VPN yanga ikugwiritsa ntchito bandi yamkati
10.200.200.0/24 - Za matimu
PostUp/PostDownNdili ndi mawonekedwe akunja a netiweki wwan0, mutha kukhala ndi ina (mwachitsanzo, eth0)
Netiweki ya VPN imakwezedwa mosavuta ndi lamulo ili:
$ sudo wg-quick up wg0 Chinthu chimodzi chaching'ono: monga seva ya DNS yomwe ndimagwiritsa ntchito dnsmasq kumangirizidwa ku mawonekedwe a netiweki br0, Ndinawonjezeranso zipangizo wg0 pamndandanda wa zida zololedwa. Mu dnsmasq izi zimachitika powonjezera mzere watsopano wa mawonekedwe a netiweki ku fayilo yosinthira /etc/dnsmasq.conf, mwachitsanzo:
interface=br0
interface=wg0Kuphatikiza apo, ndinawonjezera lamulo la iptable lololeza magalimoto kupita ku doko lomvera la UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTTsopano popeza zonse zikugwira ntchito, titha kukhazikitsa njira yodziyimira yokha ya VPN:
$ sudo systemctl enable wg-quick@wg0.serviceKusintha kwa kasitomala pa laputopu
Pangani fayilo yosinthira pa laputopu /etc/wireguard/wg0.conf ndi makonda omwewo:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Mfundo:
- M'malo mwa edgewalker muyenera kufotokozera anthu onse a IP kapena seva ya VPN
- Ataika
AllowedIPspa10.200.200.0/24, timangogwiritsa ntchito VPN kuti tipeze netiweki yamkati. Magalimoto kupita ku ma adilesi ena onse a IP / ma seva apitiliza kudutsa njira zotseguka "zabwinobwino". Idzagwiritsanso ntchito seva ya DNS yokonzedweratu pa laputopu.
Poyesa ndikuyambitsa zokha timagwiritsa ntchito malamulo omwewo wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable wg-quick@wg0.serviceKukhazikitsa kasitomala wa Android-foni
Pa foni Android Timapanga fayilo yofanana kwambiri yosinthira (tiyeni tiyitchule mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820 Mosiyana ndi kasinthidwe pa laputopu, foni iyenera kugwiritsa ntchito seva yathu ya VPN ngati seva ya DNS (mzere DNS), ndikudutsanso magalimoto onse kudzera mumsewu wa VPN (AllowedIPs = 0.0.0.0/0).
M'malo mokopera fayilo ku foni yanu yam'manja, mutha kuyisintha kukhala nambala ya QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confKhodi ya QR idzatulutsidwa ku console ngati ASCII. Ikhoza kuskenwa kuchokera ku pulogalamuyi. Android VPN ndikusintha njira ya VPN yokha.
Pomaliza
kusintha WireGuard zamatsenga chabe poyerekeza ndi OpenVPN.
Source: www.habr.com
