Nokuti chii?
Nekuwedzera kuri kuita censorship yeInternet nehurumende dzehutongi, huwandu huri kuwedzera hwezviwanikwa zveInternet zvinobatsira uye masayiti ari kuvharwa. Kusanganisira ruzivo rwehunyanzvi.
Nekudaro, zvinove zvisingagoneke kushandisa zvizere Indaneti uye zvinotyora kodzero yakakosha yerusununguko rwekutaura, yakanyorwa
Chisungo 19
(Chekutanga) - Munhu wese anekodzero yokuva nerusununguko rwokufunga zvaanoda uye zvaanotaura; kodzero iyi inosanganisira rusununguko rwekuva nemafungiro pasina kukanganiswa uye kutsvaga, kugamuchira nekupa ruzivo nemafungiro kuburikidza nechero nhepfenyuro uye zvisinei nemiganhu.
Mugwaro iri, tichaisa yedu yemaharaware* mumatanho matanhatu.
Ndakaedza kuita iyi yekufamba senge ine hushamwari kune vasiri-IT vanhu sezvinobvira. Chinhu choga chinodiwa kutsungirira mukudzokorora matanho anotsanangurwa pasi apa.
taura pfungwa
- AWS inopa
mahara kushandiswa tier kwenguva yemwedzi gumi nemiviri, ine muganhu we12 gigabytes yemotokari pamwedzi.- Shanduro yemazuva ano yebhuku rino inogona kuwanikwa pa
https://wireguard.isystem.io
Nhanho
- Saina kune yemahara AWS account
- Gadzira muenzaniso weAWS
- Kubatanidza kune AWS muenzaniso
- Wireguard Configuration
- Kugadzirisa VPN Vatengi
- Kuongorora kurongeka kweiyo VPN yekumisikidza
Useful links
1. Kunyoresa account yeAWS
Kusaina account yemahara yeAWS kunoda nhamba yefoni chaiyo uye Visa kana Mastercard kadhi rechikwereti. Ndinokurudzira kushandisa makadhi chaiwo anopihwa mahara
1.1. Kuvhura iyo AWS Management Console
Iwe unofanirwa kuvhura browser uye enda ku:
Dzvanya pa "Register" bhatani
1.2. Kuzadza data rako pachako
Zadza iyo data uye tinya bhatani rekuti "Ramba".
1.3. Kuzadza contact details
Zadza contact information.
1.4. Kutsanangura ruzivo rwekubhadhara.
Nhamba yekadhi, zuva rekupera uye zita remuridzi wemakadhi.
1.5. Account Verification
Panguva ino, nhamba yefoni inosimbiswa uye $ 1 inobviswa zvakananga kubva pakadhi rekubhadhara. Iyo 4-manhamba kodhi inoratidzwa pakombuta, uye iyo yakatsanangurwa foni inogamuchira kubva kuAmazon. Panguva yekufona, unofanirwa kufonera kodhi inoratidzwa pachiratidziri.
1.6. Sarudzo yehurongwa hwemitero.
Sarudza - Hurongwa hwekutanga (yemahara)
1.7. Pinda kune manejimendi console
1.8. Kusarudza nzvimbo yedata data
1.8.1. Speed ββββtesting
Usati wasarudza nzvimbo yedata, zvinokurudzirwa kuti uedze kuburikidza
- Π‘ΠΈΠ½Π³Π°ΠΏΡΡ
- Paris
- Frankfurt
- Stockholm
- London
Iyo data centre muLondon inoratidza zvakanakisa mhedzisiro maererano nekumhanya. Saka ndakaisarudza kuti iwedzere kugadzirisa.
2. Gadzira muenzaniso weAWS
2.1 Gadzira muchina chaiwo
2.1.1. Kusarudza rudzi rwemuenzaniso
By default, iyo t2.micro muenzaniso inosarudzwa, izvo zvatinoda, ingodzvanya bhatani Tevere: Rongedza Instance Details
2.1.2. Kuisa Instance Options
Mune ramangwana, isu tichabatanidza yekusingaperi yeruzhinji IP kune yedu muenzaniso, saka panguva ino tinodzima otomatiki-kupa yeruzhinji IP, uye tinya bhatani. Tevere: Wedzera Kuchengeta
2.1.3. Storage connection
Taura saizi ye "hard disk". Nezvinangwa zvedu, 16 gigabytes yakakwana, uye isu tinodzvanya bhatani Next: Wedzera Matagi
2.1.4. Kugadzika ma tags
Kana tikagadzira akati wandei, saka anogona kuiswa mumapoka nematagi kuti afambise manejimendi. Muchiitiko ichi, kushanda uku kwakanyanyisa, pakarepo tinya bhatani Tevere: Gadzira Chengetedzo Boka
2.1.5. Kuvhura zviteshi
Mune ino nhanho, isu tinogadzirisa firewall nekuvhura madoko anodiwa. Iyo seti yeakavhurika ports inonzi Security Group. Isu tinofanirwa kugadzira boka idzva rekuchengetedza, kuripa zita, tsananguro, kuwedzera chiteshi cheUDP (Custom UDP Rule), mundima yeRort Range, unofanirwa kugovera nhamba yechiteshi kubva padanho.
Mushure mekuzadza data rinodiwa, tinya bhatani Ongorora uye Tanga
2.1.6. Kutarisisa kwese kuseta
Papeji rino pane mhedziso yeese magadzirirwo emuenzaniso wedu, isu tinotarisa kana ese magadzirirwo akarongeka, uye tinya bhatani. Tanga
2.1.7. Kugadzira Access Keys
Inotevera inouya bhokisi rebhokisi rinopa kugadzira kana kuwedzera iripo SSH kiyi, iyo yatichazobatana nayo kure kure nemuenzaniso wedu. Isu tinosarudza iyo "Gadzira nyowani kiyi peya" sarudzo yekugadzira kiyi nyowani. Ipe zita uye tinya bhatani Dhaunirodha Key Pairkurodha makiyi akagadzirwa. Zvichengete kunzvimbo yakachengeteka pakombuta yako yemuno. Kana wangodhaunirodha, tinya bhatani. Kutanga Instances
2.1.7.1. Kuchengetedza Makiyi Ekupinda
Inoratidzwa pano idanho rekuchengetedza makiyi akagadzirwa kubva padanho rapfuura. Tapedza takadzvanya bhatani Dhaunirodha Key Pair, kiyi inochengetwa sechitupa faira ine *.pem extension. Panyaya iyi, ndakazvipa zita wireguard-awskey.pem
2.1.8. Mhedziso yeZviwanikwa Zvekugadzira
Tevere, tinoona meseji nezve kuvhurwa kwakabudirira kwemuenzaniso watichangogadzira. Tinogona kuenda kune runyorwa rwezviitiko zvedu nekudzvanya bhatani kuona zviitiko
2.2. Kugadzira yekunze IP kero
2.2.1. Kutanga kugadzirwa kwekunze IP
Tevere, isu tinofanirwa kugadzira kero yekunze yekunze IP iyo yatinozobatanidza kune yedu VPN server. Kuti uite izvi, mupaneri yekufambisa iri kuruboshwe rwechidzitiro, sarudza chinhu Yakavharwa IPs kubva muchikwata NETWORK & SECTURITY wobva wadzvanya bhatani Govera kero itsva
2.2.2. Kugadzirisa kugadzirwa kwekunze IP
Munhanho inotevera, isu tinofanirwa kugonesa sarudzo Amazon dziva (inogoneswa neiyo default), uye tinya bhatani Govera
2.2.3. Mhedziso yemhedzisiro yekugadzira yekunze IP kero
Iyo inotevera skrini icharatidza yekunze IP kero yatakagamuchira. Inokurudzirwa kuichengeta mumusoro, uye zviri nani kunyange kuinyora pasi. ichauya inobatsira kanopfuura kamwe mukuita kwekuwedzera kuseta uye kushandisa VPN server. Mugwaro iri, ini ndinoshandisa IP kero semuenzaniso. 4.3.2.1. Kana wangoisa kero, tinya bhatani pedyo
2.2.4. Rondedzero yemakero ekunze eIP
Tevere, isu tinounzwa nerunyorwa rwedu yeruzhinji IP kero (elastics IP).
2.2.5. Kugovera Yekunze IP kune imwe Instance
Mune iyi runyorwa, tinosarudza IP kero yatakagamuchira, uye tinya bhatani rekurudyi rembeva kuti uburitse menyu yekudonha. Mariri, sarudza chinhu associate addresskuigovera kumuenzaniso watakagadzira kare.
2.2.6. Yekunze IP assignment setting
Mudanho rinotevera, sarudza yedu muenzaniso kubva pane yekudonha-pasi runyorwa, uye tinya bhatani sanyina
2.2.7. Mhedziso yeEkunze IP Assignment Mhedzisiro
Mushure meizvozvo, isu tinogona kuona kuti yedu muenzaniso uye yayo yakavanzika IP kero yakasungwa kune yedu yeruzhinji IP kero.
Iye zvino isu tinokwanisa kubatana kune yedu ichangobva kugadzirwa muenzaniso kubva kunze, kubva pakombuta yedu kuburikidza neSSH.
3. Batanidza kune AWS muenzaniso
3.1. Kubatanidza kuburikidza neSSH kubva pakombuta yeWindows
Kuti ubatanidze pakombuta yeWindows, iwe unofanirwa kutanga wadhawunirodha uye kuisa chirongwa
3.1.1. Ngenisa yakavanzika kiyi yePutty
3.1.1.1. Mushure mekuisa Putty, unofanirwa kumhanyisa PuTTYgen utility inouya nayo kuendesa kiyi yechitupa muPEM fomati mufomati yakakodzera kushandiswa muPutty. Kuti uite izvi, sarudza chinhu chiri mumenyu yepamusoro Shanduko-> Import Key
3.1.1.2. Kusarudza kiyi yeAWS muPEM Format
Tevere, sarudza kiyi yatakambochengeta mudanho 2.1.7.1, mune yedu zita rayo wireguard-awskey.pem
3.1.1.3. Kuseta makiyi ekupinza sarudzo
Padanho iri, isu tinofanirwa kutsanangura chirevo cheiyi kiyi (tsanangudzo) uye isa password uye simbiso yekuchengetedza. Ichakumbirwa pese paunobatanidza. Saka, isu tinodzivirira kiyi nepassword kubva pakushandisa zvisina kufanira. Iwe haufanirwe kuseta password, asi haina kuchengetedzeka zvishoma kana kiyi ikawira mumaoko asiri iwo. Mushure tinodzvanya bhatani Sevha kiyi yakavanzika
3.1.1.4. Kuchengeta kiyi yaunzwa kunze kwenyika
Iyo dialog yekuchengetedza faira inovhura uye isu tinochengetedza yedu yakavanzika kiyi sefaira ine yekuwedzera .ppk
yakakodzera kushandiswa muchirongwa Putty.
Taura zita rekiyi (munyaya yedu wireguard-awskey.ppk
) uye tinya bhatani chengetedza.
3.1.2. Kugadzira uye kugadzirisa chinongedzo muPutty
3.1.2.1. Gadzira chinongedzo
Vhura iyo Putty chirongwa, sarudza chikamu chiitiko (inovhurwa nekusarudzika) uye mumunda Host Zita pinda iyo yeruzhinji IP kero ye server yedu, iyo yatakagamuchira munhanho 2.2.3. Mumunda Saved session isa zita rinopokana rekubatana kwedu (munyaya yangu wireguard-aws-london), wobva wadzvanya bhatani Save kuchengetedza shanduko dzatakaita.
3.1.2.2. Kumisikidza mushandisi autologin
Zvimwe muchikwata Connection, sarudza chikamu chidiki Data uye kumunda Auto-login username isa zita rekushandisa ubuntu ndiye mushandisi akajairwa wemuenzaniso paAWS ine Ubuntu.
3.1.2.3. Kusarudza kiyi yakavanzika yekubatanidza kuburikidza neSSH
Wobva waenda kune subcategory Connection/SSH/Auth uye pedyo nemunda Yakavanzika kiyi faira yekusimbisa dzvanya bhatani Tsvaga ... kusarudza faira rine kiyi chitupa.
3.1.2.4. Kuvhura kiyi yaunzwa kunze kwenyika
Taura kiyi yatakaunza pakutanga padanho 3.1.1.4, kwatiri isu ifaira wireguard-awskey.ppk, wobva wadzvanya bhatani Vhura.
3.1.2.5. Kuchengetedza zvigadziriso uye kutanga kubatana
Kudzokera kuchikamu peji chiitiko dzvanya bhatani zvakare Save, kuchengetedza shanduko dzatakaita kare mumatanho apfuura (3.1.2.2 - 3.1.2.4). Uye tobva tadzvanya bhatani Open kuvhura iyo iri kure SSH yekubatanidza isu takagadzira nekugadzirisa.
3.1.2.7. Kugadzira kuvimbana pakati pevagamuchiri
Muchinhanho chinotevera, kekutanga patinoedza kubatanidza, tinopihwa yambiro, isu hatina kuvimba kwakagadziriswa pakati pemakomputa maviri, uye tinobvunza kana kuvimba nekombuta iri kure. Tinobaya bhatani kuti, nokudaro uchiiwedzera kune runyorwa rwevatenzi vanovimbwa.
3.1.2.8. Kuisa password kuti uwane kiyi
Mushure meizvozvo, hwindo rekupedzisira rinovhura, kwaunokumbirwa password yekiyi, kana iwe ukaiisa pakutanga padanho 3.1.1.3. Pakuisa password, hapana chiito pachiratidziro chinoitika. Kana ukakanganisa, unogona kushandisa kiyi Backspace.
3.1.2.9. Mharidzo yekugamuchira pakubatana kwakabudirira
Mushure mekubudirira kuisa pasiwedhi, tinoratidzwa chinyorwa chinogamuchirwa mune terminal, icho chinotiudza kuti iri kure system yakagadzirira kuita mirairo yedu.
4. Kugadzirisa iyo Wireguard Server
Iyo yakanyanya-kusvika-iri mirairo yekuisa uye kushandisa Wireguard uchishandisa zvinyorwa zvinotsanangurwa pazasi inogona kuwanikwa mune repository:
4.1. Kuisa WireGuard
Mune terminal, isa iyo inotevera mirairo (iwe unogona kukopa kune clipboard, uye unamira mune terminal nekudzvanya bhatani rekurudyi):
4.1.1. Kuvhara repository
Konesa repository neWireguard yekumisikidza zvinyorwa
git clone https://github.com/pprometey/wireguard_aws.git wireguard_aws
4.1.2. Kuchinjira kudhairekitori rine zvinyorwa
Enda kune dhairekitori ine cloned repository
cd wireguard_aws
4.1.3 Kumhanyisa gwaro rekutanga
Mhanya semutungamiriri (mudzi wemushandisi) iyo Wireguard yekuisa script
sudo ./initial.sh
Iyo yekuisa maitiro inokumbira imwe data inodiwa kugadzirisa Wireguard
4.1.3.1. Connection point input
Pinda iyo yekunze IP kero uye vhura chiteshi cheWireguard server. Isu takawana yekunze IP kero yeserver mudanho 2.2.3, uye takavhura chiteshi mudanho 2.1.5. Isu tinovaratidza pamwe chete, tichivaparadzanisa nekoloni, semuenzaniso 4.3.2.1:54321
wobva wadzvanya kiyi pinda
Muenzaniso wekubuda:
Enter the endpoint (external ip and port) in format [ipv4:port] (e.g. 4.3.2.1:54321): 4.3.2.1:54321
4.1.3.2. Kuisa iyo yemukati IP kero
Isa iyo IP kero yeWireguard server pane yakachengeteka VPN subnet, kana iwe usingazive kuti chii, ingo dzvanya Enter kiyi yekuseta iyo default kukosha (10.50.0.1
)
Muenzaniso wekubuda:
Enter the server address in the VPN subnet (CIDR format) ([ENTER] set to default: 10.50.0.1):
4.1.3.3. Kutsanangura DNS Server
Isa iyo IP kero yeDNS server, kana ingo dzvanya Enter kiyi yekuseta kukosha kweiyo default 1.1.1.1
(Cloudflare yeruzhinji DNS)
Muenzaniso wekubuda:
Enter the ip address of the server DNS (CIDR format) ([ENTER] set to default: 1.1.1.1):
4.1.3.4. Kutsanangura iyo WAN interface
Tevere, iwe unofanirwa kuisa zita rekunze network interface iyo inoteerera pane VPN yemukati network interface. Ingo dzvanya Enter kuti uise kukosha kweiyo AWS (eth0
)
Muenzaniso wekubuda:
Enter the name of the WAN network interface ([ENTER] set to default: eth0):
4.1.3.5. Kudoma zita remutengi
Isa zita remushandisi weVPN. Icho chokwadi ndechekuti iyo Wireguard VPN server haizokwanisa kutanga kusvika kana mutengi mumwe chete awedzerwa. Panyaya iyi, ndakaisa zita Alex@mobile
Muenzaniso wekubuda:
Enter VPN user name: Alex@mobile
Mushure meizvozvo, kodhi yeQR ine gadziriso yemutengi achangowedzerwa inofanira kuratidzwa pachiratidziri, iyo inofanirwa kuverengerwa uchishandisa iyo Wireguard nhare mutengi pa Android kana iOS kuti igadzirise. Uye zvakare pazasi peiyo QR kodhi, iwo mameseji eiyo faira yekumisikidza icharatidzwa kana paine manyorero ekugadziriswa kwevatengi. Nzira yekuita izvi ichakurukurwa pasi apa.
4.2. Kuwedzera mushandisi mutsva weVPN
Kuti uwedzere mushandisi mutsva, unofanirwa kuita iyo script mune terminal add-client.sh
sudo ./add-client.sh
Iyo script inokumbira zita rekushandisa:
Muenzaniso wekubuda:
Enter VPN user name:
Zvakare, zita revashandisi rinogona kupfuudzwa se script parameter (mune iyi kesi Alex@mobile
):
sudo ./add-client.sh Alex@mobile
Nekuda kwekuita script, mudhairekitori rine zita remutengi munzira /etc/wireguard/clients/{ΠΠΌΡΠΠ»ΠΈΠ΅Π½ΡΠ°}
client configuration file ichagadzirwa /etc/wireguard/clients/{ΠΠΌΡΠΠ»ΠΈΠ΅Π½ΡΠ°}/{ΠΠΌΡΠΠ»ΠΈΠ΅Π½ΡΠ°}.conf
, uye iyo terminal skrini icharatidza QR kodhi yekumisikidza nharembozha uye zviri mukati mefaira rekugadzirisa.
4.2.1. User configuration file
Unogona kuratidza zviri mukati me .conf faira pachiratidziro, kuitira manual configuration yemutengi, uchishandisa murairo. cat
sudo cat /etc/wireguard/clients/Alex@mobile/[email protected]
execution result:
[Interface]
PrivateKey = oDMWr0toPVCvgKt5oncLLRfHRit+jbzT5cshNUi8zlM=
Address = 10.50.0.2/32
DNS = 1.1.1.1
[Peer]
PublicKey = mLnd+mul15U0EP6jCH5MRhIAjsfKYuIU/j5ml8Z2SEk=
PresharedKey = wjXdcf8CG29Scmnl5D97N46PhVn1jecioaXjdvrEkAc=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 4.3.2.1:54321
Tsanangudzo yefaira remutengi gadziriso:
[Interface]
PrivateKey = ΠΡΠΈΠ²Π°ΡΠ½ΡΠΉ ΠΊΠ»ΡΡ ΠΊΠ»ΠΈΠ΅Π½ΡΠ°
Address = IP Π°Π΄ΡΠ΅Ρ ΠΊΠ»ΠΈΠ΅Π½ΡΠ°
DNS = ΠΠΠ‘ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌΡΠΉ ΠΊΠ»ΠΈΠ΅Π½ΡΠΎΠΌ
[Peer]
PublicKey = ΠΡΠ±Π»ΠΈΡΠ½ΡΠΉ ΠΊΠ»ΡΡ ΡΠ΅ΡΠ²Π΅ΡΠ°
PresharedKey = ΠΠ±ΡΠΈ ΠΊΠ»ΡΡ ΡΠ΅ΡΠ²Π΅ΡΠ° ΠΈ ΠΊΠ»ΠΈΠ΅Π½ΡΠ°
AllowedIPs = Π Π°Π·ΡΠ΅ΡΠ΅Π½Π½ΡΠ΅ Π°Π΄ΡΠ΅ΡΠ° Π΄Π»Ρ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΡ (Π²ΡΠ΅ - 0.0.0.0/0, ::/0)
Endpoint = IP Π°Π΄ΡΠ΅Ρ ΠΈ ΠΏΠΎΡΡ Π΄Π»Ρ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΡ
4.2.2. QR kodhi yekugadzirisa mutengi
Iwe unogona kuratidza yekumisikidza QR kodhi kune yakambogadzirwa mutengi pane terminal skrini uchishandisa rairo qrencode -t ansiutf8
(mumuenzaniso uyu, mutengi anonzi Alex@mobile anoshandiswa):
sudo cat /etc/wireguard/clients/Alex@mobile/[email protected] | qrencode -t ansiutf8
5. Kugadzirisa VPN Clients
5.1. Kumisikidza iyo Android mobile client
Iyo yepamutemo Wireguard mutengi ye Android inogona kuva
Mushure meizvozvo, iwe unofanirwa kuendesa iyo dhizaini nekuverenga iyo QR kodhi ine mutengi gadziriso (ona ndima 4.2.2) uye ipa zita:
Mushure mekubudirira kupinza dhizaini, unogona kugonesa VPN mugero. Kubatana kwakabudirira kucharatidzwa nekiyi stash mu Android system tray
5.2. Windows client setup
Kutanga iwe unofanirwa kudhawunirodha uye kuisa chirongwa
5.2.1. Kugadzira faira rekugadzirisa kunze
Tinya-kurudyi kuti ugadzire faira remavara padesktop.
5.2.2. Kopa zviri mukati mefaira rekugadzirisa kubva kune server
Zvadaro tinodzokera kuPutty terminal uye tinoratidza zviri mukati mefaira rekugadzirisa remushandisi waunoda, sezvinotsanangurwa muchikamu 4.2.1.
Tevere, tinya-kurudyi iyo yekumisikidza mameseji muPutty terminal, kana sarudzo yapera, inozokopwa otomatiki kune clipboard.
5.2.3. Kukopa zvigadziriso kune imwe nzvimbo yefaira yekugadzirisa
Mundima iyi, tinodzokera kune iyo faira faira yatakagadzira pakutanga padesktop, uye isa iyo yekumisikidza mameseji mairi kubva pa clipboard.
5.2.4. Kuchengetedza faira rekugadzirisa remunharaunda
Sevha iyo faira nekuwedzera .conf (munyaya iyi zita london.conf
)
5.2.5. Kuunza faira renzvimbo
Tevere, iwe unofanirwa kuendesa iyo faira yekumisikidza muchirongwa cheTunSafe.
5.2.6. Kugadzira kubatana kweVPN
Sarudza iyi faira yekumisikidza uye batanidza nekudzvanya bhatani batanidza.
6. Kutarisa kana kubatana kwakabudirira
Kuti utarise kubudirira kwekubatanidza kuburikidza neVPN tunnel, unofanirwa kuvhura browser uye enda kunzvimbo
Kero yeIP yakaratidzwa inofanira kufanana neyatakagamuchira padanho 2.2.3.
Kana zvakadaro, saka mugero weVPN uri kushanda zvinobudirira.
Kubva paLinux terminal, unogona kutarisa yako IP kero nekunyora:
curl http://zx2c4.com/ip
Kana iwe unogona kungoenda kune pornhub kana iwe uri muKazakhstan.
Source: www.habr.com