Kubvira WireGuard musimboti weramangwana Linux 5.6, ndakasarudza kuona kuti ndingabatanidza sei VPN iyi neyangu .
Zvigadzirwa
- Raspberry Pi 3 ine LTE module uye yeruzhinji IP kero. Pachave neVPN server pano (pano mune zvinyorwa zvinonzi edgewalker)
- Runhare rwakabatidzwa Android, iyo inofanira kushandisa VPN pakutaurirana kwese
- Laptop Linux, iyo inofanira kungoshandisa VPN mukati me network chete
Yese mudziyo unobatanidza kuVPN unofanirwa kukwanisa kubatana kune mamwe ese maturusi. Semuenzaniso, foni inofanirwa kukwanisa kubatana newebhu server palaptop kana zvese zvishandiso zviri chikamu cheVPN network. Kana iyo setup ikaita kunge iri nyore, saka unogona kufunga nezve kubatanidza desktop kuVPN (kuburikidza neEthernet).
Tichifunga kuti wired uye wireless connections ari kuramba akachengeteka nekufamba kwenguva (, и ), Ndiri kufunga zvakanyanya kushandisa WireGuard pamidziyo yangu yese, zvisinei nekuti inoshanda munzvimbo ipi.
Kuiswa kwesoftware
WireGuard inopa kune zvakawanda zvinogoverwa Linux, Windows и macOSZvikumbiro zve Android uye iOS inounzwa kuburikidza neApp Stores.
Ndine Fedora yazvino Linux 31, uye ndisati ndaisa ndaive neusimbe hwekuverenga bhuku rekushandisa. Ndichangobva kuwana mapakeji. wireguard-tools, akavaisa, uye akatadza kuziva chikonzero nei pasina chiri kushanda. Kumwe kuongorora kwakaratidza kuti ini handina pasuru yakaiswa wireguard-dkms (netiweki mutyairi), asi yanga isiri mune repository yekugovera kwangu.
Dai ndakaverenga mirairo, ndingadai ndakatora matanho chaiwo:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools Ini ndine iyo Raspbian Buster yekugovera yakaiswa paRaspberry Pi yangu, pane yatove pasuru ipapo wireguard, install it:
$ sudo apt install wireguardParunhare Android Ndakaisa application yacho kubva kuGoogle App Store catalogue yepamutemo.
Kuiswa kwemakiyi
Kusimbisa ma node Wireguard Inoshandisa nzira iri nyore yekuvanzika/yeruzhinji yekusimbisa maVPN nodes. Unogona kugadzira maVPN keys nemurairo unotevera:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyIzvi zvinotipa matatu makiyi maviri (mafaira matanhatu). Isu hatisi kuzoreva mafaera ari mumagadzirirwo, asi kopira zvirimo pano: kiyi yega yega mutsara mumwechete mu base64.
Kugadzira faira yekumisikidza yeVPN server (Raspberry Pi)
Iyo gadziriso iri nyore, ini ndakagadzira inotevera faira /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32Zvinyorwa zviviri:
- Munzvimbo dzakakodzera iwe unoda kuisa mitsara kubva kumafaira ane makiyi
- VPN yangu iri kushandisa bhendi remukati
10.200.200.0/24 - Zvezvikwata
PostUp/PostDownNdine yekunze network interface wwan0, unogona kunge uine imwe yakasiyana (semuenzaniso, eth0)
Iyo VPN network inosimudzwa nyore neinotevera rairo:
$ sudo wg-quick up wg0 Imwe diki diki diki: seDNS server yandakashandisa dnsmasq yakasungirirwa kune network interface br0, ndakawedzerawo zvishandiso wg0 kune rondedzero yemidziyo inotenderwa. Mu dnsmasq izvi zvinoitwa nekuwedzera mutsara mutsva wetiweki kune iyo faira yekumisikidza /etc/dnsmasq.conf, somuenzaniso:
interface=br0
interface=wg0Pamusoro pezvo, ini ndakawedzera mutemo iptable kubvumidza traffic kune UDP yekuteerera port (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTIzvozvi zvese zvave kushanda, isu tinogona kuseta otomatiki kuvhurwa kweVPN tunnel:
$ sudo systemctl enable wg-quick@wg0.serviceKugadziriswa kwevatengi palaptop
Gadzira faira rekugadzirisa pane laptop /etc/wireguard/wg0.conf nemaseting akafanana:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Notes:
- Panzvimbo peedgewalker iwe unofanirwa kutsanangura iyo yeruzhinji IP kana VPN server host
- Nokugadzirisa
AllowedIPspamusoro10.200.200.0/24, isu tinongoshandisa VPN kuwana iyo yemukati network. Traffic kune ese ma IP kero / maseva acharamba achipfuura ne "zvakajairika" nzira dzakavhurika. Ichashandisa zvakare pre-yakagadzirirwa DNS server pane laptop.
Pakuyedza uye otomatiki kuvhura isu tinoshandisa iyo yakafanana mirairo wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable wg-quick@wg0.serviceKugadzirisa mutengi we Android-runhare
Zvefoni Android Tinogadzira faira rekugadzirisa rakafanana zvikuru (ngatiridaidzei mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820 Kusiyana nekugadziriswa palaptop, foni inofanirwa kushandisa yedu VPN sevha seDNS server (mutsara DNS), uye zvakare pfuura traffic yese kuburikidza neVPN tunnel (AllowedIPs = 0.0.0.0/0).
Panzvimbo pekukopa faira kune yako nharembozha, unogona kuishandura kuita QR kodhi:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confKodhi yeQR ichaburitswa kuconsole seASCII. Inogona kuskenwa kubva kuapp. Android VPN uye gadzirisa otomatiki mugero weVPN.
mhedziso
kuchinja WireGuard kungori mashiripiti zvichienzaniswa ne OpenVPN.
Source: www.habr.com
