Nekuti WireGuard yeLinux kernel 5.6 iri kuuya, ndakafunga kuona nzira yakanakisa yekubatanidza iyi VPN neyangu .
Zvigadzirwa
- Raspberry Pi 3 ine LTE module uye yeruzhinji IP kero. Pachave neVPN server pano (pano mune zvinyorwa zvinonzi edgewalker)
- Iyo Android foni inofanirwa kushandisa VPN kune ese kutaurirana
- Linux laptop iyo inofanirwa kushandisa VPN mukati metiweki
Yese mudziyo unobatanidza kuVPN unofanirwa kukwanisa kubatana kune mamwe ese maturusi. Semuenzaniso, foni inofanirwa kukwanisa kubatana newebhu server palaptop kana zvese zvishandiso zviri chikamu cheVPN network. Kana iyo setup ikaita kunge iri nyore, saka unogona kufunga nezve kubatanidza desktop kuVPN (kuburikidza neEthernet).
Tichifunga kuti wired uye wireless connections ari kuramba akachengeteka nekufamba kwenguva (, ΠΈ ), ndiri kunyatso funga kushandisa WireGuard pamidziyo yangu yese, zvisinei kuti vari munzvimbo ipi.
Kuiswa kwesoftware
WireGuard inopa kune akawanda Linux, Windows uye macOS kugovera. Android uye iOS mapurogiramu anounzwa kuburikidza nemadhairekitori eapp.
Ndine Fedora Linux 31 yazvino, uye ndaive neusimbe hwekuverenga bhuku ndisati ndaisa. Ndichangobva kuwana mapakeji wireguard-tools, akavaisa, uye akatadza kuziva chikonzero nei pasina chiri kushanda. Kumwe kuongorora kwakaratidza kuti ini handina pasuru yakaiswa wireguard-dkms (netiweki mutyairi), asi yanga isiri mune repository yekugovera kwangu.
Dai ndakaverenga mirairo, ndingadai ndakatora matanho chaiwo:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Ini ndine iyo Raspbian Buster yekugovera yakaiswa paRaspberry Pi yangu, pane yatove pasuru ipapo wireguard, install it:
$ sudo apt install wireguardPafoni yangu yeAndroid ndakaisa application kubva kuGoogle App Store catalogue yepamutemo.
Kuiswa kwemakiyi
Nekutenderwa nevezera, Wireguard inoshandisa yakapusa yakavanzika / yeruzhinji kiyi chirongwa kuratidza VPN vezera. Unogona nyore kugadzira makiyi eVPN uchishandisa murairo unotevera:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyIzvi zvinotipa matatu makiyi maviri (mafaira matanhatu). Isu hatisi kuzoreva mafaera ari mumagadzirirwo, asi kopira zvirimo pano: kiyi yega yega mutsara mumwechete mu base64.
Kugadzira faira yekumisikidza yeVPN server (Raspberry Pi)
Iyo gadziriso iri nyore, ini ndakagadzira inotevera faira /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32Zvinyorwa zviviri:
- Munzvimbo dzakakodzera iwe unoda kuisa mitsara kubva kumafaira ane makiyi
- VPN yangu iri kushandisa bhendi remukati
10.200.200.0/24 - Zvezvikwata
PostUp/PostDownNdine yekunze network interface wwan0, unogona kunge uine imwe yakasiyana (semuenzaniso, eth0)
Iyo VPN network inosimudzwa nyore neinotevera rairo:
$ sudo wg-quick up wg0
Imwe diki diki diki: seDNS server yandakashandisa dnsmasq yakasungirirwa kune network interface br0, ndakawedzerawo zvishandiso wg0 kune rondedzero yemidziyo inotenderwa. Mu dnsmasq izvi zvinoitwa nekuwedzera mutsara mutsva wetiweki kune iyo faira yekumisikidza /etc/dnsmasq.conf, somuenzaniso:
interface=br0
interface=wg0Pamusoro pezvo, ini ndakawedzera mutemo iptable kubvumidza traffic kune UDP yekuteerera port (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTIzvozvi zvese zvave kushanda, isu tinogona kuseta otomatiki kuvhurwa kweVPN tunnel:
$ sudo systemctl enable [email protected]Kugadziriswa kwevatengi palaptop
Gadzira faira rekugadzirisa pane laptop /etc/wireguard/wg0.conf nemaseting akafanana:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Notes:
- Panzvimbo peedgewalker iwe unofanirwa kutsanangura iyo yeruzhinji IP kana VPN server host
- Nokugadzirisa
AllowedIPspamusoro10.200.200.0/24, isu tinongoshandisa VPN kuwana iyo yemukati network. Traffic kune ese ma IP kero / maseva acharamba achipfuura ne "zvakajairika" nzira dzakavhurika. Ichashandisa zvakare pre-yakagadzirirwa DNS server pane laptop.
Pakuyedza uye otomatiki kuvhura isu tinoshandisa iyo yakafanana mirairo wg-quick ΠΈ systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]Kumisikidza mutengi pane Android foni
Kune foni yeAroid tinogadzira yakafanana faira yekumisikidza (ngatidaidzei mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
Kusiyana nekugadziriswa palaptop, foni inofanirwa kushandisa yedu VPN sevha seDNS server (mutsara DNS), uye zvakare pfuura traffic yese kuburikidza neVPN tunnel (AllowedIPs = 0.0.0.0/0).
Panzvimbo pekukopa faira kune yako nharembozha, unogona kuishandura kuita QR kodhi:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confIyo QR kodhi inoburitsa kune iyo console seASCII. Inogona kutariswa kubva kuAndroid VPN app uye inozogadzira otomatiki mugero weVPN.
mhedziso
Kumisikidza WireGuard ingori yemashiripiti kana ichienzaniswa neOpenVPN.
Source: www.habr.com