ProHoster > Π‘Π»ΠΎΠ³ > Maamulka > VPN guriga LAN

VPN guriga LAN

VPN guriga LAN

TL, DR: Waxaan ku rakibaa Wireguard VPS, waxaan ku xidhaa router-ka gurigayga ee OpenWRT, oo waxaan kahelaa subnetka gurigayga taleefankayga.

Haddii aad ku hayso kaabayaashaaga gaarka ah server-ka guriga ama aad haysato qalab badan oo IP-gu maamusho guriga, markaa waxaad u badan tahay inaad rabto inaad ka hesho shaqada, baska, tareenka iyo metro. Inta badan, hawlaha la midka ah, IP-ga waxaa laga soo iibsadaa bixiyaha, ka dib markaa dekedaha adeeg kasta ayaa loo gudbiyaa dibadda.

Taa beddelkeeda, waxaan sameeyay VPN oo marin u leh gurigayga LAN. Faa'iidooyinka xalkan:

  • daahfurnaanta: Waxaan dareemayaa inaan guriga joogo xaalad kasta.
  • sahal: deji oo iska ilow, looma baahna in laga fikiro sidii deked kasta loo soo gudbin lahaa.
  • Kharashka: Waxaan horay u haystay VPS; hawlahan oo kale, VPN casriga ah ayaa ku dhow lacag la'aan marka la eego kheyraadka.
  • Amniga: ma jiraan wax soo baxaya, waxaad ka tagi kartaa MongoDB bilaa sirta ah qofna ma xadi doono xogtaada.

Sida had iyo jeer, waxaa jira cillado. Marka hore, waa inaad u habayn kartaa macmiil kasta si gaar ah, oo ay ku jiraan dhinaca server-ka. Waxay noqon kartaa dhib haddii aad haysato tiro badan oo qalab ah oo aad rabto inaad ka hesho adeegyada. Marka labaad, waxaa laga yaabaa inaad haysato LAN oo isku mid ah shaqada - waa inaad xallisaa dhibaatadan.

Waxaan ubaahanahay:

  1. VPS ( kiiskeyga Debian 10).
  2. Router-ka OpenWRT.
  3. Taleefanka.
  4. Adeegaha guriga oo leh adeeg shabakadeed oo tijaabo ah.
  5. Gacmo toosan.

Farsamada VPN ee aan isticmaali doono waa Wireguard. Xalkani waxa kale oo uu leeyahay meelo uu ku wanaagsan yahay iyo meelaha uu ku liito, anigu ku tilmaami maayo. VPN-ka waxaan isticmaalaa subnet 192.168.99.0/24iyo gurigayga 192.168.0.0/24.

Qaabeynta VPS

Xitaa VPS ugu dhibka badan ee 30 rubles bishii ayaa ku filan ganacsiga, haddii aad nasiib u leedahay inaad mid leedahay. dafid.

Waxaan u sameeyaa dhammaan hawlgallada server-ka sida xidid mashiinka nadiifka ah; haddii loo baahdo, ku dar 'sudo' oo waafaji tilmaamaha.

Wireguard ma helin wakhti lagu keeno xasiloonida, sidaa darteed waxaan ku ordayaa 'ilo wax ka beddel ku habboon' oo waxaan ku daraa gadaasha dambe ee laba sadar dhamaadka faylka:

deb http://deb.debian.org/debian/ buster-backports main
# deb-src http://deb.debian.org/debian/ buster-backports main

Xirmada waxaa loo rakibay sida caadiga ah: apt update && apt install wireguard.

Marka xigta, waxaan abuurnaa lamaane muhim ah: wg genkey | tee /etc/wireguard/vps.private | wg pubkey | tee /etc/wireguard/vps.public. Ku soo celi hawlgalkan laba jeer oo kale qalab kasta oo ka qayb qaadanaya wareegga. U beddel jidka faylalka muhiimka ah aalad kale hana iloobin amniga furayaasha gaarka ah.

Hadda waxaan diyaarineynaa config. In la xareeyo /etc/wireguard/wg0.conf config ayaa la dhigayaa:

[Interface] Address = 192.168.99.1/24
ListenPort = 57953
PrivateKey = 0JxJPUHz879NenyujROVK0YTzfpmzNtbXmFwItRKdHs=

[Peer] # OpenWRT
PublicKey = 36MMksSoKVsPYv9eyWUKPGMkEs3HS+8yIUqMV8F+JGw=
AllowedIPs = 192.168.99.2/32,192.168.0.0/24

[Peer] # Smartphone
PublicKey = /vMiDxeUHqs40BbMfusB6fZhd+i5CIPHnfirr5m3TTI=
AllowedIPs = 192.168.99.3/32

Qaybta [Interface] goobaha mishiinka laftiisa ayaa lagu tilmaamay, iyo in [Peer] - goobaha loogu talagalay kuwa ku xidhi doona. IN AllowedIPs oo ay kala soocaan rido, shabaqyada hoose ee loo gudbin doono asaagga u dhigma ayaa la cayimay. Sababtaas awgeed, facooda aaladaha β€œmacmiilka” ee ku jira shabakada-hoose ee VPN waa inay lahaadaan maaskaro /32, wax kasta oo kale waxaa lagu wareejin doonaa server-ka. Maadaama shabakada guriga la marinayo OpenWRT, gudaha AllowedIPs Waxaan ku darnaa subnet-ka guriga ee asaagga u dhigma. IN PrivateKey ΠΈ PublicKey Burburinta furaha gaarka ah ee loo soo saaray VPS iyo furayaasha dad waynaha ee asxaabtooda.

Dhanka VPS, waxa kaliya ee haray waa in la ordo amarka soo kicin doona interface oo ku dari doona autorun: systemctl enable --now wg-quick@wg0. Heerka isku xirka hadda waxaa lagu hubin karaa amarka wg.

Isku xidhka OpenWRT

Wax kasta oo aad u baahan tahay marxaladan waxay ku jiraan moduleka luci (OpenWRT web interface). Gal oo fur tab Software-ka ee ku jira menu System-ka. OpenWRT kuma kaydiso kaydka mashiinka, markaa waxaad u baahan tahay inaad cusboonaysiiso liiska baakadaha la heli karo adigoo gujinaya badhanka Cusbooneysii cagaarka. Ka dib marka la dhammeeyo, u wad shaandhada luci-app-wireguard iyo, adoo eegaya daaqada leh geed ku tiirsanaanta quruxda badan, ku dheji xirmadan.

Shabakadaha menu-ka, dooro Interfaces oo guji cagaarka ku dar badhanka Interface-ka cusub ee liiska kuwa jira. Kadib gelida magaca (sidoo kale wg0 xaaladeyda) iyo xulashada borotokoolka WireGuard VPN, qaab dejineed oo leh afar tab ayaa furmaya.

VPN guriga LAN

Dhinaca Settings General tab, waxaad u baahan tahay inaad geliso furaha gaarka ah iyo cinwaanka IP-ga ee loo diyaariyey OpenWRT oo ay weheliso subnet-ka.

VPN guriga LAN

On the tab Settings Firewall, ku xidh interface shabakada maxaliga ah. Sidan, xidhiidhada VPN waxay si xor ah u geli doonaan aagga degaanka.

VPN guriga LAN

On the Peers tab, dhagsii badhanka kaliya, ka dib markaad buuxiso xogta server-ka VPS ee foomka la cusboonaysiiyay: furaha dadweynaha, IP-yada la oggol yahay (waxaad u baahan tahay inaad u gudubto dhammaan shabakada hoose ee VPN serverka). Gudaha Endpoint Host and Endpoint Port, geli ciwaanka IP-ga ee VPS dekedii hore loogu sheegay dardaaranka Dhegeysiga Dhegeysiga, siday u kala horreeyaan. Hubi Jidka IP-yada la Oggol yahay ee waddooyinka la abuurayo. Oo hubi inaad buuxiso Joogtada Joogtada ah, haddii kale tunnel ka VPS ilaa router waa la jebin doonaa haddii kan dambe uu ka danbeeyo NAT.

VPN guriga LAN

VPN guriga LAN

Taas ka dib, waxaad kaydin kartaa goobaha, ka dibna bogga leh liiska isdhexgalka, dhagsii Save oo codso. Haddii loo baahdo, si cad u billow interface ah oo leh badhanka Dib u soo celinta.

Dejinta taleefanka casriga ah

Waxaad u baahan doontaa macmiilka Wireguard, waa laga heli karaa gudaha F-Droid, Google Play iyo App Store. Ka dib markaad furto codsiga, taabo calaamadda lagu daray oo qaybta Interface geli magaca isku xirka, furaha gaarka ah (furaha dadweynaha si toos ah ayaa loo soo saari doonaa) iyo ciwaanka telefoonka leh maaskaro /32. Qaybta Peer, ku caddee furaha dadweynaha ee VPS, lamaane ciwaanka ah: dekedda serverka VPN sida barta dhamaadka, iyo dariiqyada loo maro VPN iyo subnetka guriga.

Shaashadda cad ee taleefanka
VPN guriga LAN

Guji diskka geeska ku yaal, shid oo...

Waxaa la sameeyaa

Hadda waxaad heli kartaa la socodka guriga, bedeli kartaa goobaha router, ama waxaad samayn kartaa wax kasta oo heerka IP ah.

Sawirro laga qaaday agagaarka deegaanka
VPN guriga LAN

VPN guriga LAN

VPN guriga LAN

Source: www.habr.com

Add a comment