Muzviitiko zvakawanda, kubatanidza router kuVPN hakuna kuoma, asi kana iwe uchida kuchengetedza network yese uye panguva imwechete kuchengetedza yakakwana yekubatanidza kumhanya, saka mhinduro yakanakisa ndeye kushandisa VPN tunnel.
Routers microtic zvakaratidza kuva mhinduro dzakavimbika uye dzinochinjika zvikuru, asi zvinosuruvarisa
Asi ikozvino, zvinosuruvarisa, kugadzirisa WireGuard paMikrotik router, unoda kuchinja firmware.
Kupenya Mikrotik, kuisa uye kugadzirisa OpenWrt
Kutanga iwe unofanirwa kuve nechokwadi chekuti OpenWrt inotsigira yako modhi. Ona kana modhi ichienderana nezita rayo rekutengesa uye mufananidzo
Enda kune openwrt.com
Kune ichi chishandiso, tinoda 2 mafaera:
Iwe unofanirwa kudhawunirodha mafaera ese ari maviri: gadza ΠΈ ndiwedzere.
1. Network setup, dhawunirodha uye isa PXE server
Download
Unzip kune imwe folda. Mune config.ini faira wedzera parameter rfc951=1 chikamu [dhcp]. Iyi parameter yakafanana kune ese Mikrotik modhi.
Ngatienderere mberi kune network zvigadziriso: iwe unofanirwa kunyoresa static ip kero pane imwe yetiweki interfaces yekombuta yako.
IP kero: 192.168.1.10
Netmask: 255.255.255.0
Mhanya Diki PXE Server pachinzvimbo cheMutariri uye sarudza mumunda DHCP Server server nekero 192.168.1.10
Pane dzimwe shanduro dzeWindows, iyi interface inogona kungoonekwa mushure mekubatana kweEthernet. Ndinokurudzira kubatanidza router uye pakarepo kuchinja router uye PC uchishandisa chigamba tambo.
Dzvanya bhatani re "..." (pazasi kurudyi) uye tsanangura iyo folda kwawakadhawunirodha mafaera e firmware eMikrotik.
Sarudza faira rine zita rinopera ne "initramfs-kernel.bin kana elf"
2. Booting router kubva kuPXE server
Isu tinobatanidza PC netambo uye yekutanga port (wan, internet, poe in, ...) ye router. Mushure meizvi, tinotora mazino, toinamatira mugomba nemashoko okuti "Reset".
Isu tinoshandura simba re router uye tinomirira masekondi makumi maviri, tozosunungura mazino.
Mukati meminiti inotevera, iwo anotevera mameseji anofanira kuoneka muTiny PXE Server hwindo:
Kana meseji ikabuda, saka iwe uri munzira kwayo!
Dzosera zvigadziriso pane network adapta uye gadzirira kugamuchira kero zvine simba (kuburikidza neDHCP).
Batanidza kune LAN ports yeMikrotik router (2β¦5 mune yedu kesi) uchishandisa imwechete chigamba tambo. Ingoichinja kubva 1st port kuenda 2nd port. Vhura kero
Pinda muOpenWRT administrative interface uye enda ku "System -> Backup/Flash Firmware" chikamu chemenu.
Muchikamu che "Flash new firmware image", tinya pakanzi "Sarudza faira (Bhurawuza)" bhatani.
Taura nzira yefaira ine zita rinopera ne "-squashfs-sysupgrade.bin".
Mushure meizvozvo, tinya bhatani re "Flash Image".
Muhwindo rinotevera, tinya bhatani rekuti "Enderera". Iyo firmware ichatanga kurodha kune router.
!!! PAKUNA CHIITIKO Usabvisa SIMBA REROUTER PAKATI YEFIRMWARE PROCESS !!!
Mushure mekupenya nekugadzirisazve router, iwe uchagamuchira Mikrotik ne OpenWRT firmware.
Matambudziko anogona kuitika uye mhinduro
Mazhinji Mikrotik michina yakaburitswa muna 2019 inoshandisa FLASH-NOR memory chip yeGD25Q15 / Q16 mhando. Dambudziko nderekuti kana uchipenya, data nezve modhi yemuchina haina kuchengetwa.
Kana iwe ukaona kukanganisa "Iyo faira remufananidzo rakaiswa harina fomati inotsigirwa. Ita shuwa kuti unosarudza iyo generic mufananidzo fomati yepuratifomu yako." saka kazhinji dambudziko riri muflash.
Zviri nyore kutarisa izvi: mhanyisa murairo kuti utarise iyo ID yemuenzaniso mune terminal mudziyo
root@OpenWrt: cat /tmp/sysinfo/board_name
Uye kana iwe ukawana mhinduro "isingazivikanwe", saka iwe unofanirwa kutsanangura nemaoko dhizaini muchimiro "rb-951-2nd"
Kuti uwane iyo modhi yemudziyo, mhanyisa murairo
root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2nd
Mushure mekugamuchira modhi yemudziyo, isa nemaoko:
echo 'rb-951-2nd' > /tmp/sysinfo/board_name
Mushure meizvozvo, unogona kuvheneka chishandiso kuburikidza newebhu interface kana kushandisa "sysupgrade" kuraira
Gadzira sevha yeVPN neWireGuard
Kana iwe uchitova nesevha ine WireGuard yakagadziriswa, unogona kusvetuka danho iri.
Ini ndichashandisa iyo application kumisikidza yega VPN server
Kugadzirisa WireGuard Client paOpenWRT
Batanidza kune router kuburikidza neSSH protocol:
ssh [email protected]
Isa WireGuard:
opkg update
opkg install wireguard
Gadzirira zvigadziriso (kopa iyo kodhi pazasi kune faira, tsiva iyo yakatsanangurwa tsika neyako uye mhanya mune terminal).
Kana uri kushandisa MyVPN, saka mukugadzirisa pazasi iwe unongoda kuchinja WG_SERV -Sevha IP WG_KEY - yakavanzika kiyi kubva kune wireguard yekumisikidza faira uye WG_PUB - kiyi yeruzhinji.
WG_IF="wg0"
WG_SERV="100.0.0.0" # ip Π°Π΄ΡΠ΅Ρ ΡΠ΅ΡΠ²Π΅ΡΠ°
WG_PORT="51820" # ΠΏΠΎΡΡ wireguard
WG_ADDR="10.8.0.2/32" # Π΄ΠΈΠ°ΠΏΠ°Π·ΠΎΠ½ Π°Π΄ΡΠ΅ΡΠΎΠ² wireguard
WG_KEY="xxxxx" # ΠΏΡΠΈΠ²Π°ΡΠ½ΡΠΉ ΠΊΠ»ΡΡ
WG_PUB="xxxxx" # ΠΏΡΠ±Π»ΠΈΡΠ½ΡΠΉ ΠΊΠ»ΡΡ
# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart
# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restart
Izvi zvinopedzisa iyo WireGuard setup! Iye zvino traffic yese pamidziyo yese yakabatana inodzivirirwa neVPN yekubatanidza.
nezvakanyorwa
Source: www.habr.com