TL; DR: Ndimayika Wireguard pa VPS, ndikulumikizana nayo kuchokera ku rauta yanga yaku OpenWRT, ndikupeza gawo langa lanyumba kuchokera pafoni yanga.
Ngati mumasunga zida zanu pa seva yakunyumba kapena muli ndi zida zambiri zoyendetsedwa ndi IP kunyumba, ndiye kuti mwina mukufuna kuzipeza kuchokera kuntchito, kuchokera ku basi, masitima apamtunda ndi metro. Nthawi zambiri, pa ntchito zofanana, IP imagulidwa kuchokera kwa wothandizira, pambuyo pake madoko a ntchito iliyonse amatumizidwa kunja.
M'malo mwake, ndidakhazikitsa VPN yokhala ndi mwayi wofikira ku LAN yanga yakunyumba. Ubwino wa yankho ili:
- chilungamo: Ndimadzimva kuti ndili kwathu muzochitika zilizonse.
- tisaletse: ikhazikitseni ndikuyiwala, palibe chifukwa choganizira kutumiza doko lililonse.
- mtengo: Ndili ndi VPS kale; pantchito zotere, VPN yamakono imakhala yaulere malinga ndi zofunikira.
- Chitetezo: palibe chomwe chimatuluka, mukhoza kuchoka ku MongoDB popanda mawu achinsinsi ndipo palibe amene adzabe deta yanu.
Monga nthawi zonse, pali downsides. Choyamba, muyenera kukonza kasitomala aliyense payekhapayekha, kuphatikiza pa seva. Zingakhale zovuta ngati muli ndi zida zambiri zomwe mukufuna kupeza mautumiki. Kachiwiri, mutha kukhala ndi LAN yokhala ndi mitundu yofanana kuntchito - muyenera kuthana ndi vutoli.
Tifunika:
- VPS (kwa ine pa Debian 10).
- OpenWRT rauta.
- Foni.
- Seva yakunyumba yokhala ndi webusayiti yoyesera.
- Mikono yowongoka.
Ukadaulo wa VPN womwe ndigwiritse ntchito ndi Wireguard. Yankho ili limakhalanso ndi mphamvu ndi zofooka, sindidzawafotokozera. Kwa VPN ndimagwiritsa ntchito subnet 192.168.99.0/24, ndi kunyumba kwanga 192.168.0.0/24.
Kusintha kwa VPS
Ngakhale VPS yomvetsa chisoni kwambiri ya ma ruble 30 pamwezi ndiyokwanira bizinesi, ngati muli ndi mwayi wokhala nayo. .
Ndimachita ntchito zonse pa seva ngati muzu pamakina oyera; ngati kuli kofunikira, onjezani `sudo` ndikusintha malangizowo.
Wireguard analibe nthawi yobweretsedwa khola, kotero ndimayendetsa `apt edit-sources` ndikuwonjezera ma backports m'mizere iwiri kumapeto kwa fayilo:
deb http://deb.debian.org/debian/ buster-backports main
# deb-src http://deb.debian.org/debian/ buster-backports main
Phukusili limayikidwa mwachizolowezi: apt update && apt install wireguard.
Kenako, timapanga makiyi awiri: wg genkey | tee /etc/wireguard/vps.private | wg pubkey | tee /etc/wireguard/vps.public. Bwerezani ntchitoyi kawiri pa chipangizo chilichonse chomwe chikuchita nawo dera. Sinthani njira yopita ku mafayilo ofunikira a chipangizo china ndipo musaiwale za chitetezo cha makiyi achinsinsi.
Tsopano tikukonzekera config. Ku fayilo /etc/wireguard/wg0.conf config imayikidwa:
[Interface]
Address = 192.168.99.1/24
ListenPort = 57953
PrivateKey = 0JxJPUHz879NenyujROVK0YTzfpmzNtbXmFwItRKdHs=
[Peer] # OpenWRT
PublicKey = 36MMksSoKVsPYv9eyWUKPGMkEs3HS+8yIUqMV8F+JGw=
AllowedIPs = 192.168.99.2/32,192.168.0.0/24
[Peer] # Smartphone
PublicKey = /vMiDxeUHqs40BbMfusB6fZhd+i5CIPHnfirr5m3TTI=
AllowedIPs = 192.168.99.3/32
Mu gawo [Interface] makonda a makinawo akuwonetsedwa, ndi mkati [Peer] - zoikamo kwa iwo amene adzalumikiza izo. MU AllowedIPs olekanitsidwa ndi koma, ma subnets omwe adzalangidwe kwa anzawo omwe akugwirizana nawo amatchulidwa. Chifukwa cha izi, anzawo a zida za "makasitomala" mu VPN subnet ayenera kukhala ndi chigoba /32, china chilichonse chidzayendetsedwa ndi seva. Popeza netiweki yakunyumba idzayendetsedwa kudzera ku OpenWRT, mu AllowedIPs Timawonjezera subnet yakunyumba ya anzawo omwe amagwirizana nawo. MU PrivateKey ΠΈ PublicKey wononga makiyi achinsinsi opangidwa ndi VPS ndi makiyi apagulu a anzawo moyenerera.
Pa VPS, zonse zomwe zatsala ndikuyendetsa lamulo lomwe lidzabweretse mawonekedwe ndikuwonjezera ku autorun: systemctl enable --now wg-quick@wg0. Mkhalidwe wamakono wolumikizira ukhoza kufufuzidwa ndi lamulo wg.
Kusintha kwa OpenWRT
Chilichonse chomwe mungafune pagawoli chili mu gawo la luci (OpenWRT web interface). Lowani ndikutsegula tabu ya Mapulogalamu mu System menyu. OpenWRT sichisunga chosungira pamakina, chifukwa chake muyenera kusintha mndandanda wamaphukusi omwe alipo podina batani lobiriwira Lowetsani mindandanda. Mukamaliza, lowetsani mu fyuluta luci-app-wireguard ndipo, kuyang'ana pawindo ndi mtengo wokongola wodalira, ikani phukusili.
Mu Networks menyu, sankhani Ma Interfaces ndikudina batani lobiriwira Onjezani Chiyankhulo Chatsopano pansi pa mndandanda wazomwe zilipo. Pambuyo polemba dzina (komanso wg0 kwa ine) ndikusankha protocol ya WireGuard VPN, mawonekedwe osintha okhala ndi ma tabo anayi amatsegulidwa.
Pa General Settings tabu, muyenera kulowa kiyi yachinsinsi ndi IP adilesi yokonzekera OpenWRT pamodzi ndi subnet.
Pa tabu ya Zikhazikiko za Firewall, gwirizanitsani mawonekedwe ndi netiweki yakomweko. Mwanjira iyi, maulumikizidwe ochokera ku VPN adzalowa momasuka mdera lanu.
Pa Peers tabu, dinani batani lokhalo, pambuyo pake lembani deta ya seva ya VPS mu mawonekedwe osinthidwa: kiyi yapagulu, Ma IP Ololedwa (muyenera kuyendetsa subnet yonse ya VPN ku seva). Mu Endpoint Host ndi Endpoint Port, lowetsani adilesi ya IP ya VPS ndi doko lomwe latchulidwa kale mu malangizo a ListenPort, motsatana. Yang'anani ma IP a Njira Yovomerezeka kuti mupeze njira zopangira. Ndipo onetsetsani kuti mwadzaza Persistent Keep Alive, apo ayi njira yochokera ku VPS kupita ku rauta idzasweka ngati yomalizayo ili kumbuyo kwa NAT.
Pambuyo pake, mutha kusunga zoikamo, ndiyeno patsamba lomwe lili ndi mndandanda wazolumikizana, dinani Sungani ndikuyika. Ngati ndi kotheka, yambitsani mawonekedwewo momveka bwino ndi batani la Restart.
Kupanga foni yamakono
Mufunika kasitomala wa Wireguard, ikupezeka mkati , ndi App Store. Mukatsegula pulogalamuyo, dinani chizindikiro chowonjezera ndipo mu gawo la Interface lowetsani dzina lolumikizirana, kiyi yachinsinsi (kiyi yapagulu idzangopangidwa yokha) ndi adilesi ya foni yokhala ndi /32 chigoba. Mu gawo la Peer, tchulani kiyi yapagulu ya VPS, ma adilesi awiri: doko la seva ya VPN monga Endpoint, ndi njira zopita ku VPN ndi subnet yakunyumba.
Chojambula cholimba kuchokera pafoni
Dinani pa floppy disk pakona, yatsani ndi ...
Wachita
Tsopano mutha kupeza zowunikira kunyumba, kusintha masinthidwe a rauta, kapena kuchita chilichonse pamlingo wa IP.
Zithunzi za m'deralo
Source: www.habr.com