TL; DR: Ini ndinoisa Wireguard paVPS, batanidza kwairi kubva kurouter yangu yekumba paOpenWRT, uye kuwana yangu subnet yekumba kubva pafoni yangu.
Kana iwe ukachengeta zvivakwa zvako zvepaimba sevha kana uine akawanda IP-inodzorwa zvishandiso kumba, saka iwe ungangoda kuve nekuwana iwo kubva kubasa, kubva kubhazi, chitima uye metro. Kazhinji kazhinji, pamabasa akafanana, IP inotengwa kubva kumupi, mushure mezvo zviteshi zvebasa rega rega zvinotumirwa kunze.
Pane kudaro, ini ndakamisa VPN ine mukana wekupinda imba yangu LAN. Zvakanakira mhinduro iyi:
- pachena: Ndinonzwa ndiri pamba chero mumamiriro ezvinhu.
- unyore: isa uye ukanganwe, hapana chikonzero chekufunga nezvekutumira imwe neimwe port.
- mutengo: Ini ndatova neVPS; kumabasa akadaro, VPN yemazuva ano inenge yemahara maererano nezviwanikwa.
- Chengetedzo: hapana chinomira kunze, unogona kubva kuMongoDB usina password uye hapana achaba data rako.
Senguva dzose, kune downsides. Chekutanga, iwe uchafanirwa kugadzirisa mutengi wega wega zvakasiyana, kusanganisira padivi reseva. Zvinogona kunge zvisingaite kana uine nhamba huru yemidziyo kubva kwaunoda kuwana masevhisi. Chechipiri, iwe unogona kunge uine LAN ine huwandu hwakafanana kubasa - iwe uchafanirwa kugadzirisa dambudziko iri.
Tinoda:
- VPS (munyaya yangu paDebian 10).
- OpenWRT router.
- Phone.
- Sevha yekumba ine imwe webhu sevhisi yekuyedza.
- Maoko akatwasuka.
Iyo VPN tekinoroji yandichashandisa ndeye Wireguard. Iyi mhinduro inewo simba uye kushaya simba, ini handisi kuzozvitsanangura. Kune VPN ini ndinoshandisa subnet 192.168.99.0/24, uye kumba kwangu 192.168.0.0/24.
VPS kugadzirisa
Kunyange iyo inosuruvarisa VPS ye30 rubles pamwedzi inokwana kune bhizinesi, kana iwe uine rombo rakanaka kuti uve neimwe. .
Ini ndinoita mashandiro ese pane sevha semudzi pamushini wakachena; kana zvichidikanwa, wedzera `sudo` uye gadzirisa mirairo.
Wireguard akange asina nguva yekuunzwa mudanga, saka ndinomhanya `apt edit-sources` ndowedzera backports mumitsara miviri pakupera kwefaira:
deb http://deb.debian.org/debian/ buster-backports main
# deb-src http://deb.debian.org/debian/ buster-backports main
Iyo package inoiswa nenzira yakajairwa: apt update && apt install wireguard.
Tevere, tinogadzira peya yakakosha: wg genkey | tee /etc/wireguard/vps.private | wg pubkey | tee /etc/wireguard/vps.public. Dzokorora oparesheni iyi kaviri kune imwe neimwe mudziyo uri kutora chikamu mudunhu. Shandura nzira kune makiyi mafaera eimwe mudziyo uye usakanganwa nezve chengetedzo yemakiyi akavanzika.
Iye zvino tinogadzirira config. To file /etc/wireguard/wg0.conf config yakaiswa:
[Interface]
Address = 192.168.99.1/24
ListenPort = 57953
PrivateKey = 0JxJPUHz879NenyujROVK0YTzfpmzNtbXmFwItRKdHs=
[Peer] # OpenWRT
PublicKey = 36MMksSoKVsPYv9eyWUKPGMkEs3HS+8yIUqMV8F+JGw=
AllowedIPs = 192.168.99.2/32,192.168.0.0/24
[Peer] # Smartphone
PublicKey = /vMiDxeUHqs40BbMfusB6fZhd+i5CIPHnfirr5m3TTI=
AllowedIPs = 192.168.99.3/32
Muchikamu [Interface] marongero emuchina pachawo anoratidzwa, uye mukati [Peer] - zvigadziriso zveavo vanozobatana nazvo. IN AllowedIPs akapatsanurwa nemakoma, ma subnets anozoendeswa kune anoenderana vezera anotsanangurwa. Nekuda kweizvi, vezera re "mutengi" zvishandiso muVPN subnet inofanirwa kunge ine mask /32, zvimwe zvese zvichafambiswa neserver. Sezvo network yepamba ichafambiswa kuburikidza neOpenWRT, mukati AllowedIPs Isu tinowedzera subnet yekumba yezera rinoenderana. IN PrivateKey ΠΈ PublicKey decoma kiyi yakavanzika inogadzirwa yeVPS uye makiyi eruzhinji evezera zvinoenderana.
PaVPS, chasara kumhanyisa murairo unozounza iyo interface uye woiwedzera kune autorun: systemctl enable --now wg-quick@wg0. Ikozvino yekubatanidza mamiriro inogona kutariswa nemirairo wg.
OpenWRT Configuration
Zvese zvaunoda padanho rino zviri mumodule luci (OpenWRT web interface). Pinda mukati uye vhura iyo Software tebhu muSystem menyu. OpenWRT haichengete cache pamushini, saka unofanirwa kuvandudza rondedzero yemapakeji aripo nekudzvanya pane yakasvibira Kudzoreredza zvinyorwa bhatani. Mushure mekupedza, fambisa mukati mesefa luci-app-wireguard uye, uchitarisa pahwindo nemuti wakanaka wekutsamira, isa iyi package.
Mune Networks menyu, sarudza Interfaces uye tinya bhatani regirini Wedzera Nyowani Yekusangana pasi pechinyorwa chezviripo. Mushure mekuisa zita (zvakare wg0 mune yangu) uye kusarudza iyo WireGuard VPN protocol, fomu rekugadzirisa rine ma tabo mana rinovhura.
Pane General Settings tab, iwe unofanirwa kuisa yakavanzika kiyi uye IP kero yakagadzirirwa OpenWRT pamwe neiyo subnet.
PaFirewall Settings tab, batanidza iyo interface kune yemunharaunda network. Nenzira iyi, zvinongedzo kubva kuVPN zvichapinda zvakasununguka munzvimbo yemuno.
PaPeers tebhu, tinya bhatani chete, mushure mezvo unozadza VPS server data mune yakagadziridzwa fomu: kiyi yeruzhinji, Inobvumidzwa IPs (iwe unofanirwa kufambisa iyo yese VPN subnet kune server). MuEndpoint Host uye Endpoint Port, isa IP kero yeVPS nechiteshi chakambotaurwa muTeereraPort kuraira, zvichiteerana. Tarisa Nzira Inobvumirwa IPs yenzira dzinofanira kugadzirwa. Uye iva nechokwadi chekuzadza Persistent Ramba Uchirarama, zvikasadaro mugero kubva kuVPS kuenda kune router uchaputswa kana iyo yekupedzisira iri kuseri kweNAT.
Mushure meizvi, unogona kuchengetedza zvigadziriso, uye ipapo pane peji ine runyorwa rwemainterfaces, tinya Sevha uye shandisa. Kana zvichidikanwa, buritsa pachena iyo interface neiyo Restart bhatani.
Kugadzira smartphone
Iwe unozoda iyo Wireguard mutengi, inowanikwa mukati , uye App Store. Mushure mekuvhura application, dzvanya chiratidzo chekuwedzera uye muchikamu cheInterface isa zita rekubatanidza, kiyi yakavanzika (kiyi yeruzhinji ichagadzirwa otomatiki) uye kero yefoni ine / 32 mask. Muchikamu chePeer, tsanangura kiyi yeruzhinji yeVPS, kero mbiri: iyo VPN server port seEndpoint, uye nzira dzekuenda kuVPN uye subnet yekumba.
Bold screenshot kubva pafoni
Dzvanya pane floppy disk mukona, ibatidze uye ...
Zvaitwa
Iye zvino unokwanisa kuwana yekutarisisa kumba, shandura marongero e router, kana kuita chero chinhu pa IP level.
Screenshots kubva munharaunda
Source: www.habr.com