Nthawi zambiri, kulumikiza rauta ku VPN sikovuta, koma ngati mukufuna kuteteza maukonde onse ndipo nthawi yomweyo kusunga liwiro mulingo woyenera kugwirizana, ndiye njira yabwino ndi ntchito VPN ngalande.
Ma routers Mikrotik zidakhala zodalirika komanso zosinthika, koma mwatsoka
Koma pakadali pano, mwatsoka, kukonza WireGuard pa Mikrotik rauta, muyenera kusintha firmware.
Kuwala kwa Mikrotik, kukhazikitsa ndi kukonza OpenWrt
Choyamba muyenera kuonetsetsa kuti OpenWrt imathandizira mtundu wanu. Onani ngati chitsanzo chikufanana ndi dzina lake la malonda ndi chithunzi
Pitani ku openwrt.com
Pa chipangizochi, tikufuna mafayilo awiri:
Muyenera kutsitsa mafayilo onse awiri: Sakani и Mokweza.
1. Kukhazikitsa netiweki, tsitsani ndi kukhazikitsa seva ya PXE
Tsitsani
Tsegulani ku chikwatu chosiyana. Mu fayilo ya config.ini yonjezerani chizindikiro rfc951=1 gawo [dhcp]. Izi ndizofanana pamitundu yonse ya Mikrotik.
Tiyeni tipitirire ku zoikamo za netiweki: muyenera kulembetsa adilesi ya ip yokhazikika pa imodzi mwamakompyuta anu.
IP adilesi: 192.168.1.10
Netmask: 255.255.255.0
Thamangani Seva yaying'ono ya PXE m'malo mwa Administrator ndikusankha m'munda DHCP Seva seva yokhala ndi adilesi 192.168.1.10
M'matembenuzidwe ena a Windows, mawonekedwewa amatha kuwoneka pokhapokha atalumikizidwa ndi Ethernet. Ndikupangira kulumikiza rauta ndikusintha mwachangu rauta ndi PC pogwiritsa ntchito chingwe.
Dinani batani "..." (pansi kumanja) ndikutchula chikwatu chomwe mudatsitsa mafayilo amtundu wa Mikrotik.
Sankhani fayilo yomwe dzina lake limathera ndi "initramfs-kernel.bin kapena elf"
2. Kuyatsa rauta kuchokera pa seva ya PXE
Timagwirizanitsa PC ndi waya ndi doko loyamba (wan, intaneti, poe in, ...) la router. Pambuyo pake, timatenga chotokosera mano, ndikuchiyika mu dzenje ndi mawu akuti "Bwezerani".
Timayatsa mphamvu ya rauta ndikudikirira masekondi 20, ndikumasula chotokosera.
Mumphindi yotsatira, mauthenga otsatirawa ayenera kuwonekera pawindo la Tiny PXE Server:
Ngati uthengawo ukuwoneka, ndiye kuti muli panjira yoyenera!
Bwezerani zoikika pa adaputala ya netiweki ndikukhazikitsa kuti mulandire adilesiyo mwamphamvu (kudzera pa DHCP).
Lumikizani ku madoko a LAN a rauta ya Mikrotik (2…5 mwa ife) pogwiritsa ntchito chingwe chomwechi. Ingosinthani kuchoka ku doko loyamba kupita ku doko lachiwiri. Tsegulani adilesi
Lowani ku mawonekedwe oyang'anira OpenWRT ndikupita kugawo la "System -> Backup/Flash Firmware"
Pagawo la "Flash new firmware image", dinani "Sankhani fayilo (Sakatulani)" batani.
Tchulani njira yopita ku fayilo yomwe dzina lake limathera ndi "-squashfs-sysupgrade.bin".
Pambuyo pake, dinani batani la "Flash Image".
Pazenera lotsatira, dinani batani la "Pitirizani". Firmware idzayamba kutsitsa ku rauta.
!!! POSACHITIKA MUSAMALEKEZE MPHAMVU YA ROUTER PANTHAWI YA FIRMWARE !!!
Pambuyo pakuwunikira ndikuyambitsanso rauta, mudzalandira Mikrotik ndi OpenWRT firmware.
Mavuto ndi njira zomwe zingatheke
Zida zambiri za Mikrotik zomwe zidatulutsidwa mu 2019 zimagwiritsa ntchito chip memory FLASH-NOR chamtundu wa GD25Q15 / Q16. Vuto ndiloti pakuwunikira, deta yokhudzana ndi chipangizochi sichisungidwa.
Ngati muwona cholakwika "Fayilo yazithunzi yomwe idakwezedwa ilibe mawonekedwe othandizidwa. Onetsetsani kuti mwasankha mtundu wazithunzi za pulatifomu yanu." ndiye mwina vuto liri mu flash.
Ndikosavuta kuyang'ana izi: yendetsani lamulo kuti muwone ID yachitsanzo mu terminal ya chipangizo
root@OpenWrt: cat /tmp/sysinfo/board_name
Ndipo ngati mupeza yankho "losadziwika", muyenera kufotokozera pamanja chipangizochi mu mawonekedwe a "rb-951-2nd"
Kuti mupeze mtundu wa chipangizocho, yendetsani lamulo
root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2nd
Mukalandira mtundu wa chipangizocho, yikani pamanja:
echo 'rb-951-2nd' > /tmp/sysinfo/board_name
Pambuyo pake, mutha kuwunikira chipangizocho kudzera pa intaneti kapena kugwiritsa ntchito lamulo la "sysupgrade".
Pangani seva ya VPN ndi WireGuard
Ngati muli ndi seva yokhala ndi WireGuard yokonzedwa, mutha kudumpha izi.
Ndigwiritsa ntchito pulogalamuyo kukhazikitsa seva yanu ya VPN
Kukonza Client WireGuard pa OpenWRT
Lumikizani ku rauta kudzera pa protocol ya SSH:
ssh [email protected]
Ikani WireGuard:
opkg update
opkg install wireguard
Konzani kasinthidwe (koperani nambala yomwe ili pansipa ku fayilo, sinthani zomwe zatchulidwazo ndi zanu ndikuyendetsa mu terminal).
Ngati mukugwiritsa ntchito MyVPN, ndiye mumasinthidwe omwe ali pansipa muyenera kusintha WG_SERV - Seva IP WG_KEY - kiyi yachinsinsi kuchokera pa fayilo yosintha ya wireguard ndi WG_PUB - kiyi yapagulu.
WG_IF="wg0"
WG_SERV="100.0.0.0" # ip адрес сервера
WG_PORT="51820" # порт wireguard
WG_ADDR="10.8.0.2/32" # диапазон адресов wireguard
WG_KEY="xxxxx" # приватный ключ
WG_PUB="xxxxx" # публичный ключ
# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart
# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restart
Izi zimamaliza kukhazikitsidwa kwa WireGuard! Tsopano magalimoto onse pazida zonse zolumikizidwa amatetezedwa ndi kulumikizana kwa VPN.
powatsimikizira
Source: www.habr.com