
Muzviitiko zvakawanda, kubatanidza router kuVPN hakuna kuoma, asi kana iwe uchida kuchengetedza network yese uye panguva imwechete kuchengetedza yakakwana yekubatanidza kumhanya, saka mhinduro yakanakisa ndeye kushandisa VPN tunnel. .
Routers microtic zvakaratidza kuva mhinduro dzakavimbika uye dzinochinjika zvikuru, asi zvinosuruvarisa zvakadaro kwete uye hazvizivikanwe kuti ichaonekwa riini uye mukuita kupi. Munguva pfupi yapfuura kuti vagadziri veVPN tunnel WireGuard inopiwa , izvo zvichaita kuti software yavo yeVPN tunneling ive chikamu chepakati Linux, tinovimba kuti izvi zvichabatsira kuita muRouterOS.
Asi parizvino, zvinosuwisa, pakugadzira WireGuard Iyo firmware paMikrotik router inofanira kuchinjwa.
Kupenya Mikrotik, kuisa uye kugadzirisa OpenWrt
Kutanga iwe unofanirwa kuve nechokwadi chekuti OpenWrt inotsigira yako modhi. Ona kana modhi ichienderana nezita rayo rekutengesa uye mufananidzo .
Enda kune openwrt.com .
Kune ichi chishandiso, tinoda 2 mafaera:
Iwe unofanirwa kudhawunirodha mafaera ese ari maviri: gadza и ndiwedzere.

1. Network setup, dhawunirodha uye isa PXE server
Download nokuti Windows vhezheni yazvino.
Unzip kune imwe folda. Mune config.ini faira wedzera parameter rfc951=1 chikamu [dhcp]. Iyi parameter yakafanana kune ese Mikrotik modhi.

Ngatienderere mberi kune network zvigadziriso: iwe unofanirwa kunyoresa static ip kero pane imwe yetiweki interfaces yekombuta yako.

IP kero: 192.168.1.10
Netmask: 255.255.255.0

Mhanya Diki PXE Server pachinzvimbo cheMutariri uye sarudza mumunda DHCP Server server nekero 192.168.1.10
Pane dzimwe shanduro Windows Iyi interface inogona kungoonekwa chete mushure mekubatanidza Ethernet. Ndinokurudzira kubatanidza router uye kubatanidza router nePC nekukurumidza uchishandisa patch cord.

Dzvanya bhatani re "..." (pazasi kurudyi) uye tsanangura iyo folda kwawakadhawunirodha mafaera e firmware eMikrotik.
Sarudza faira rine zita rinopera ne "initramfs-kernel.bin kana elf"

2. Booting router kubva kuPXE server
Isu tinobatanidza PC netambo uye yekutanga port (wan, internet, poe in, ...) ye router. Mushure meizvi, tinotora mazino, toinamatira mugomba nemashoko okuti "Reset".

Isu tinoshandura simba re router uye tinomirira masekondi makumi maviri, tozosunungura mazino.
Mukati meminiti inotevera, iwo anotevera mameseji anofanira kuoneka muTiny PXE Server hwindo:

Kana meseji ikabuda, saka iwe uri munzira kwayo!
Dzosera zvigadziriso pane network adapta uye gadzirira kugamuchira kero zvine simba (kuburikidza neDHCP).
Batanidza kune LAN ports yeMikrotik router (2…5 mune yedu kesi) uchishandisa imwechete chigamba tambo. Ingoichinja kubva 1st port kuenda 2nd port. Vhura kero mubrowser.

Pinda muOpenWRT administrative interface uye enda ku "System -> Backup/Flash Firmware" chikamu chemenu.

Muchikamu che "Flash new firmware image", tinya pakanzi "Sarudza faira (Bhurawuza)" bhatani.

Taura nzira yefaira ine zita rinopera ne "-squashfs-sysupgrade.bin".

Mushure meizvozvo, tinya bhatani re "Flash Image".
Muhwindo rinotevera, tinya bhatani rekuti "Enderera". Iyo firmware ichatanga kurodha kune router.

!!! PAKUNA CHIITIKO Usabvisa SIMBA REROUTER PAKATI YEFIRMWARE PROCESS !!!

Mushure mekupenya nekugadzirisazve router, iwe uchagamuchira Mikrotik ne OpenWRT firmware.
Matambudziko anogona kuitika uye mhinduro
Mazhinji Mikrotik michina yakaburitswa muna 2019 inoshandisa FLASH-NOR memory chip yeGD25Q15 / Q16 mhando. Dambudziko nderekuti kana uchipenya, data nezve modhi yemuchina haina kuchengetwa.
Kana iwe ukaona kukanganisa "Iyo faira remufananidzo rakaiswa harina fomati inotsigirwa. Ita shuwa kuti unosarudza iyo generic mufananidzo fomati yepuratifomu yako." saka kazhinji dambudziko riri muflash.
Zviri nyore kutarisa izvi: mhanyisa murairo kuti utarise iyo ID yemuenzaniso mune terminal mudziyo
root@OpenWrt: cat /tmp/sysinfo/board_nameUye kana iwe ukawana mhinduro "isingazivikanwe", saka iwe unofanirwa kutsanangura nemaoko dhizaini muchimiro "rb-951-2nd"
Kuti uwane iyo modhi yemudziyo, mhanyisa murairo
root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2ndMushure mekugamuchira modhi yemudziyo, isa nemaoko:
echo 'rb-951-2nd' > /tmp/sysinfo/board_nameMushure meizvozvo, unogona kuvheneka chishandiso kuburikidza newebhu interface kana kushandisa "sysupgrade" kuraira
Gadzira sevha yeVPN uchishandisa WireGuard
Kana watova neserver yakagadzirirwa WireGuard, wobva wagona kusvetuka poindi iyi.
Ini ndichashandisa iyo application kumisikidza yega VPN server nezve katsi ini kare .
kuchinja WireGuard Mutengi paOpenWRT
Batanidza kune router kuburikidza neSSH protocol:
ssh root@192.168.1.1Set WireGuard:
opkg update
opkg install wireguardGadzirira zvigadziriso (kopa iyo kodhi pazasi kune faira, tsiva iyo yakatsanangurwa tsika neyako uye mhanya mune terminal).
Kana uri kushandisa MyVPN, saka mukugadzirisa pazasi iwe unongoda kuchinja WG_SERV -Sevha IP WG_KEY — kiyi yakavanzika kubva kufaira rekugadzirisa wireguard и WG_PUB - kiyi yeruzhinji.
WG_IF="wg0"
WG_SERV="100.0.0.0" # ip адрес сервера
WG_PORT="51820" # порт wireguard
WG_ADDR="10.8.0.2/32" # диапазон адресов wireguard
WG_KEY="xxxxx" # приватный ключ
WG_PUB="xxxxx" # публичный ключ
# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart
# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restartNdizvo chete zvekugadzirisa WireGuard Zvakwana! Iye zvino traffic yese pamidziyo yese yakabatana yakachengetedzwa neVPN connection.
nezvakanyorwa
(iripo mirairo yekumisikidza L2TP, PPTP pane yakajairwa Mikrotik firmware)
Source: www.habr.com
