Ona o le WireGuard o le Linux kernel 5.6 o loʻo oʻo mai, na ou filifili e vaʻai pe faʻapefea ona sili atu le tuʻufaʻatasia o lenei VPN ma laʻu .
Meafaigaluega
- Raspberry Pi 3 ma le LTE module ma le tuatusi IP lautele. O le ai ai se VPN server iinei (o loʻo mulimuli mai i le tusitusiga e taʻua tagata fa'atauva'a)
- O se telefoni Android e tatau ona faʻaogaina se VPN mo fesoʻotaʻiga uma
- Linux komepiuta feaveai e tatau ona faʻaaogaina se VPN i totonu ole fesoʻotaiga
O masini uma e fesoʻotaʻi i le VPN e tatau ona mafai ona faʻafesoʻotaʻi i isi masini uma. Mo se faʻataʻitaʻiga, e tatau ona mafai e se telefoni ona faʻafesoʻotaʻi i se upega tafaʻilagi i luga o se komepiuta pe afai o masini uma e lua o se vaega o le VPN network. Afai o le seti e foliga mai e faigofie tele, ona mafai lea ona e mafaufau e faʻafesoʻotaʻi le laulau i le VPN (e ala i Ethernet).
Mafaufau o feso'ota'iga uaea ma uaealesi ua fa'aitiitia ma fa'aitiitia le saogalemu i le aluga o taimi (, и ), O loʻo ou mafaufau loloto e faʻaaoga WireGuard mo aʻu masini uma, e tusa lava po o le a le siosiomaga latou te i ai.
Polokalame faʻapipiʻi
Ua saunia e WireGuard mo le tele o tufatufaga Linux, Windows ma macOS. O polokalame Android ma iOS o lo'o tu'uina atu e ala i tusi fa'atonu.
O loʻo ia te aʻu le Fedora Linux 31 lata mai, ma sa ou paie e faitau le tusi lesona aʻo leʻi faʻapipiʻi. Faatoa maua lava afifi wireguard-tools, fa'apipi'i, ona le mafai lea ona iloa pe aisea na leai ai se mea o galue. O nisi su'esu'ega na iloa ai e le'i fa'apipi'iina le afifi wireguard-dkms (faatasi ai ma se avetaʻavale fesoʻotaʻiga), ae e leʻi i totonu o le fale teu oloa o laʻu tufatufaga.
Ana ou faitau i faatonuga, semanu ou te faia laasaga sao:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
O loʻo i ai laʻu faʻasalalauga Raspbian Buster faʻapipiʻi i luga o laʻu Raspberry Pi, ua uma ona i ai se afifi iina wireguard, fa'apipi'i:
$ sudo apt install wireguardI luga o laʻu telefoni Android na ou faʻapipiʻiina le talosaga mai le fa'amaumauga aloaia a Google App Store.
Fa'apipi'i o ki
Mo le faʻamaoniga a tupulaga, e faʻaogaina e le Wireguard se faʻataʻitaʻiga faʻapitoa / faʻapitoa lautele e faʻamaonia ai a latou uo VPN. E faigofie ona e fatuina ki VPN e faʻaaoga ai le poloaiga lenei:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyO le mea lea e maua mai ai taitoalua autu e tolu (ono faila). Matou te le faʻasino i faila i totonu o le configs, ae kopi mea o loʻo i ai iinei: o ki taʻitasi e tasi le laina i base64.
Fausiaina o se faila fetuutuunai mo le VPN server (Raspberry Pi)
O le faʻatulagaga e faigofie tele, na ou fatuina le faila lea /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32O nai faʻamatalaga:
- I nofoaga talafeagai e te manaʻomia e faʻapipiʻi laina mai faila ma ki
- O lo'o fa'aogaina e la'u VPN le fa'aili totonu
10.200.200.0/24 - Mo 'au
PostUp/PostDownO loʻo ia te aʻu le fesoʻotaʻiga fesoʻotaʻiga i fafo wwan0, atonu e iai sau mea ese (mo se faʻataʻitaʻiga, eth0)
Ole fesoʻotaʻiga VPN e faigofie ona faʻatupuina ile faʻatonuga lea:
$ sudo wg-quick up wg0
Tasi faʻamatalaga laiti: pei o le DNS server na ou faʻaaogaina dnsmasq nonoa i se feso'otaiga feso'ota'iga br0, sa ou faaopoopo foi masini wg0 i le lisi o masini faatagaina. I le dnsmasq e faia lenei mea e ala i le faʻaopoopoina o se laina fesoʻotaʻiga fesoʻotaʻiga fou i le faila faila /etc/dnsmasq.conf, mo se faataitaiga:
interface=br0
interface=wg0E le gata i lea, na ou faʻaopoopoina se tulafono iptable e faʻatagaina ai fefaʻatauaiga i le UDP faʻalogo uafu (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTI le taimi nei o loʻo galue mea uma, e mafai ona matou faʻatulagaina le faʻalauiloaina otometi o le VPN tunnel:
$ sudo systemctl enable [email protected]Fetufa'aiga tagata fa'atau ile komepiuta feavea'i
Fausia se faila seti i luga o se komepiuta feaveai /etc/wireguard/wg0.conf ma tulaga tutusa:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Faamatalaga:
- Nai lo le edgewalker e tatau ona e faʻamaonia le IP lautele poʻo le VPN server host
- E ala i le setiina
AllowedIPsi10.200.200.0/24, matou te faʻaaogaina VPN e maua ai le fesoʻotaʻiga i totonu. Fefa'ataua'iga i isi tuatusi IP uma / 'au'aunaga o le a fa'aauau pea ona alu i ala "masani" tatala. O le a faʻaaogaina foi le DNS server na faʻapipiʻiina i luga o le komepiuta.
Mo le suʻega ma le faʻalauiloaina otometi matou te faʻaogaina tulafono tutusa wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]Fa'atulaga se tagata fa'atau ile telefoni Android
Mo se telefoni Android matou te fatuina se faila faʻatulagaina tutusa (tatou taʻua mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
E le pei o le faʻatulagaina i luga o le komepiuta, e tatau i le telefoni ona faʻaogaina la matou VPN server e avea ma DNS server (line DNS), ma pasia uma feoaiga i totonu o le VPN tunnel (AllowedIPs = 0.0.0.0/0).
Nai lo le kopiina o le faila i lau masini feaveaʻi, e mafai ona e faaliliuina i se QR code:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confO le QR code o le a faʻaalia i le faʻamafanafanaga e pei o le ASCII. E mafai ona suʻeina mai le Android VPN app ma o le a otometi lava ona faʻatutuina se VPN tunnel.
iʻuga
O le setiina o le WireGuard e faigofie lava pe a faʻatusatusa i le OpenVPN.
puna: www.habr.com