Nekuti WireGuard
Zvigadzirwa
- Raspberry Pi 3 ine LTE module uye yeruzhinji IP kero. Pachave neVPN server pano (pano mune zvinyorwa zvinonzi edgewalker)
- Iyo Android foni inofanirwa kushandisa VPN kune ese kutaurirana
- Linux laptop iyo inofanirwa kushandisa VPN mukati metiweki
Yese mudziyo unobatanidza kuVPN unofanirwa kukwanisa kubatana kune mamwe ese maturusi. Semuenzaniso, foni inofanirwa kukwanisa kubatana newebhu server palaptop kana zvese zvishandiso zviri chikamu cheVPN network. Kana iyo setup ikaita kunge iri nyore, saka unogona kufunga nezve kubatanidza desktop kuVPN (kuburikidza neEthernet).
Tichifunga kuti wired uye wireless connections ari kuramba akachengeteka nekufamba kwenguva (
Kuiswa kwesoftware
WireGuard inopa
Ndine Fedora Linux 31 yazvino, uye ndaive neusimbe hwekuverenga bhuku ndisati ndaisa. Ndichangobva kuwana mapakeji wireguard-tools
, akavaisa, uye akatadza kuziva chikonzero nei pasina chiri kushanda. Kumwe kuongorora kwakaratidza kuti ini handina pasuru yakaiswa wireguard-dkms
(netiweki mutyairi), asi yanga isiri mune repository yekugovera kwangu.
Dai ndakaverenga mirairo, ndingadai ndakatora matanho chaiwo:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Ini ndine iyo Raspbian Buster yekugovera yakaiswa paRaspberry Pi yangu, pane yatove pasuru ipapo wireguard
, install it:
$ sudo apt install wireguard
Pafoni yangu yeAndroid ndakaisa application
Kuiswa kwemakiyi
Nekutenderwa nevezera, Wireguard inoshandisa yakapusa yakavanzika / yeruzhinji kiyi chirongwa kuratidza VPN vezera. Unogona nyore kugadzira makiyi eVPN uchishandisa murairo unotevera:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.key
Izvi zvinotipa matatu makiyi maviri (mafaira matanhatu). Isu hatisi kuzoreva mafaera ari mumagadzirirwo, asi kopira zvirimo pano: kiyi yega yega mutsara mumwechete mu base64.
Kugadzira faira yekumisikidza yeVPN server (Raspberry Pi)
Iyo gadziriso iri nyore, ini ndakagadzira inotevera faira /etc/wireguard/wg0.conf
:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32
Zvinyorwa zviviri:
- Munzvimbo dzakakodzera iwe unoda kuisa mitsara kubva kumafaira ane makiyi
- VPN yangu iri kushandisa bhendi remukati
10.200.200.0/24
- Zvezvikwata
PostUp
/PostDown
Ndine yekunze network interface wwan0, unogona kunge uine imwe yakasiyana (semuenzaniso, eth0)
Iyo VPN network inosimudzwa nyore neinotevera rairo:
$ sudo wg-quick up wg0
Imwe diki diki diki: seDNS server yandakashandisa dnsmasq
yakasungirirwa kune network interface br0
, ndakawedzerawo zvishandiso wg0
kune rondedzero yemidziyo inotenderwa. Mu dnsmasq izvi zvinoitwa nekuwedzera mutsara mutsva wetiweki kune iyo faira yekumisikidza /etc/dnsmasq.conf
, somuenzaniso:
interface=br0
interface=wg0
Pamusoro pezvo, ini ndakawedzera mutemo iptable kubvumidza traffic kune UDP yekuteerera port (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT
Izvozvi zvese zvave kushanda, isu tinogona kuseta otomatiki kuvhurwa kweVPN tunnel:
$ sudo systemctl enable [email protected]
Kugadziriswa kwevatengi palaptop
Gadzira faira rekugadzirisa pane laptop /etc/wireguard/wg0.conf
nemaseting akafanana:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820
Notes:
- Panzvimbo peedgewalker iwe unofanirwa kutsanangura iyo yeruzhinji IP kana VPN server host
- Nokugadzirisa
AllowedIPs
pamusoro10.200.200.0/24
, isu tinongoshandisa VPN kuwana iyo yemukati network. Traffic kune ese ma IP kero / maseva acharamba achipfuura ne "zvakajairika" nzira dzakavhurika. Ichashandisa zvakare pre-yakagadzirirwa DNS server pane laptop.
Pakuyedza uye otomatiki kuvhura isu tinoshandisa iyo yakafanana mirairo wg-quick
ΠΈ systemd
:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]
Kumisikidza mutengi pane Android foni
Kune foni yeAroid tinogadzira yakafanana faira yekumisikidza (ngatidaidzei mobile.conf
):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
Kusiyana nekugadziriswa palaptop, foni inofanirwa kushandisa yedu VPN sevha seDNS server (mutsara DNS
), uye zvakare pfuura traffic yese kuburikidza neVPN tunnel (AllowedIPs = 0.0.0.0/0
).
Panzvimbo pekukopa faira kune yako nharembozha, unogona kuishandura kuita QR kodhi:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf
Iyo QR kodhi inoburitsa kune iyo console seASCII. Inogona kutariswa kubva kuAndroid VPN app uye inozogadzira otomatiki mugero weVPN.
mhedziso
Kumisikidza WireGuard ingori yemashiripiti kana ichienzaniswa neOpenVPN.
Source: www.habr.com