🥇Kumisikidza WireGuard pane Mikrotik router inoshandisa OpenWrt

Muzviitiko zvakawanda, kubatanidza router kuVPN hakuna kuoma, asi kana iwe uchida kuchengetedza network yese uye panguva imwechete kuchengetedza yakakwana yekubatanidza kumhanya, saka mhinduro yakanakisa ndeye kushandisa VPN tunnel. WireGuard.

Routers microtic zvakaratidza kuva mhinduro dzakavimbika uye dzinochinjika zvikuru, asi zvinosuruvarisa WireGurd rutsigiro paRouterOS zvakadaro kwete uye hazvizivikanwe kuti ichaonekwa riini uye mukuita kupi. Munguva pfupi yapfuura zvakazozivikanwa nezve zvakataurwa nevagadziri veWireGuard VPN mugero chigamba set, iyo ichaita yavo VPN tunneling software chikamu cheLinux kernel, isu tinovimba izvi zvichabatsira mukugamuchirwa muRouterOS.

Asi ikozvino, zvinosuruvarisa, kugadzirisa WireGuard paMikrotik router, unoda kuchinja firmware.

Kupenya Mikrotik, kuisa uye kugadzirisa OpenWrt

Kutanga iwe unofanirwa kuve nechokwadi chekuti OpenWrt inotsigira yako modhi. Ona kana modhi ichienderana nezita rayo rekutengesa uye mufananidzo unogona kushanyira mikrotik.com.

Enda kune openwrt.com kune chikamu chekurodha firmware.

Kune ichi chishandiso, tinoda 2 mafaera:

downloads.openwrt.org/releases/18.06.2/targets/ar71xx/mikrotik/openwrt-18.06.2-ar71xx-mikrotik-rb-nor-flash-16M-initramfs-kernel.bin|elf

downloads.openwrt.org/releases/18.06.2/targets/ar71xx/mikrotik/openwrt-18.06.2-ar71xx-mikrotik-rb-nor-flash-16M-squashfs-sysupgrade.bin

Iwe unofanirwa kudhawunirodha mafaera ese ari maviri: gadza и ndiwedzere.

1. Network setup, dhawunirodha uye isa PXE server

Download Diki PXE Server yeWindows yazvino vhezheni.

Unzip kune imwe folda. Mune config.ini faira wedzera parameter rfc951=1 chikamu [dhcp]. Iyi parameter yakafanana kune ese Mikrotik modhi.

Ngatienderere mberi kune network zvigadziriso: iwe unofanirwa kunyoresa static ip kero pane imwe yetiweki interfaces yekombuta yako.

IP kero: 192.168.1.10
Netmask: 255.255.255.0

Mhanya Diki PXE Server pachinzvimbo cheMutariri uye sarudza mumunda DHCP Server server nekero 192.168.1.10

Pane dzimwe shanduro dzeWindows, iyi interface inogona kungoonekwa mushure mekubatana kweEthernet. Ndinokurudzira kubatanidza router uye pakarepo kuchinja router uye PC uchishandisa chigamba tambo.

Dzvanya bhatani re "..." (pazasi kurudyi) uye tsanangura iyo folda kwawakadhawunirodha mafaera e firmware eMikrotik.

Sarudza faira rine zita rinopera ne "initramfs-kernel.bin kana elf"

2. Booting router kubva kuPXE server

Isu tinobatanidza PC netambo uye yekutanga port (wan, internet, poe in, ...) ye router. Mushure meizvi, tinotora mazino, toinamatira mugomba nemashoko okuti "Reset".

Isu tinoshandura simba re router uye tinomirira masekondi makumi maviri, tozosunungura mazino.
Mukati meminiti inotevera, iwo anotevera mameseji anofanira kuoneka muTiny PXE Server hwindo:

Kana meseji ikabuda, saka iwe uri munzira kwayo!

Dzosera zvigadziriso pane network adapta uye gadzirira kugamuchira kero zvine simba (kuburikidza neDHCP).

Batanidza kune LAN ports yeMikrotik router (2…5 mune yedu kesi) uchishandisa imwechete chigamba tambo. Ingoichinja kubva 1st port kuenda 2nd port. Vhura kero 192.168.1.1 mubrowser.

Pinda muOpenWRT administrative interface uye enda ku "System -> Backup/Flash Firmware" chikamu chemenu.

Muchikamu che "Flash new firmware image", tinya pakanzi "Sarudza faira (Bhurawuza)" bhatani.

Taura nzira yefaira ine zita rinopera ne "-squashfs-sysupgrade.bin".

Mushure meizvozvo, tinya bhatani re "Flash Image".

Muhwindo rinotevera, tinya bhatani rekuti "Enderera". Iyo firmware ichatanga kurodha kune router.

!!! PAKUNA CHIITIKO Usabvisa SIMBA REROUTER PAKATI YEFIRMWARE PROCESS !!!

Mushure mekupenya nekugadzirisazve router, iwe uchagamuchira Mikrotik ne OpenWRT firmware.

Matambudziko anogona kuitika uye mhinduro

Mazhinji Mikrotik michina yakaburitswa muna 2019 inoshandisa FLASH-NOR memory chip yeGD25Q15 / Q16 mhando. Dambudziko nderekuti kana uchipenya, data nezve modhi yemuchina haina kuchengetwa.

Kana iwe ukaona kukanganisa "Iyo faira remufananidzo rakaiswa harina fomati inotsigirwa. Ita shuwa kuti unosarudza iyo generic mufananidzo fomati yepuratifomu yako." saka kazhinji dambudziko riri muflash.

Zviri nyore kutarisa izvi: mhanyisa murairo kuti utarise iyo ID yemuenzaniso mune terminal mudziyo

root@OpenWrt: cat /tmp/sysinfo/board_name

Uye kana iwe ukawana mhinduro "isingazivikanwe", saka iwe unofanirwa kutsanangura nemaoko dhizaini muchimiro "rb-951-2nd"

Kuti uwane iyo modhi yemudziyo, mhanyisa murairo

root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2nd

Mushure mekugamuchira modhi yemudziyo, isa nemaoko:

echo 'rb-951-2nd' > /tmp/sysinfo/board_name

Mushure meizvozvo, unogona kuvheneka chishandiso kuburikidza newebhu interface kana kushandisa "sysupgrade" kuraira

Gadzira sevha yeVPN neWireGuard

Kana iwe uchitova nesevha ine WireGuard yakagadziriswa, unogona kusvetuka danho iri.
Ini ndichashandisa iyo application kumisikidza yega VPN server MyVPN.RUN nezve katsi ini kare yakaburitsa wongororo.

Kugadzirisa WireGuard Client paOpenWRT

Batanidza kune router kuburikidza neSSH protocol:

ssh [email protected]

Isa WireGuard:

opkg update
opkg install wireguard

Gadzirira zvigadziriso (kopa iyo kodhi pazasi kune faira, tsiva iyo yakatsanangurwa tsika neyako uye mhanya mune terminal).

Kana uri kushandisa MyVPN, saka mukugadzirisa pazasi iwe unongoda kuchinja WG_SERV -Sevha IP WG_KEY - yakavanzika kiyi kubva kune wireguard yekumisikidza faira uye WG_PUB - kiyi yeruzhinji.

WG_IF="wg0"
WG_SERV="100.0.0.0" # ip адрес сервера
WG_PORT="51820" # порт wireguard
WG_ADDR="10.8.0.2/32" # диапазон адресов wireguard

WG_KEY="xxxxx" # приватный ключ
WG_PUB="xxxxx" # публичный ключ 

# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart

# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"

uci add_list network.${WG_IF}.addresses="${WG_ADDR}"

# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restart

Izvi zvinopedzisa iyo WireGuard setup! Iye zvino traffic yese pamidziyo yese yakabatana inodzivirirwa neVPN yekubatanidza.

nezvakanyorwa

Kwakabva #1
Yakagadziridzwa mirairo paMyVPN (iripo mirairo yekumisikidza L2TP, PPTP pane yakajairwa Mikrotik firmware)
OpenWrt WireGuard Client

Source: www.habr.com

Kumisikidza WireGuard pane Mikrotik router inomhanya OpenWrt