ProHoster > Блог > Maamulka > VPN guriga LAN

VPN guriga LAN

VPN guriga LAN

TL, DR: Waan rakibayaa Wireguard Waxaan isticmaalaa VPS, waxaan ku xiraa router-ka gurigayga oo ku shaqeeya OpenWRT, waxaanan ka geli karaa subnet-ka gurigayga taleefankayga.

Haddii aad ku martigeliso kaabayaasha shakhsi ahaaneed ee server-ka guriga ama aad haysato qalabyo badan oo IP-gu maamusho guriga, waxay u badan tahay inaad rabto inaad ka soo gasho shaqada, baska, tareenka, ama tareenka. Inta badan, hawlahan oo kale, cinwaanka IP-ga waxaa laga soo iibsadaa bixiyaha, ka dib markaa dekedaha adeeg kasta ayaa loo gudbiyaa.

Taa beddelkeeda, waxaan sameeyay VPN oo marin u leh shabakadda gurigayga. Faa'iidooyinka xalkan:

  • daahfurnaanta: Waxaan dareemayaa inaan guriga joogo xaalad kasta.
  • sahal: deji oo iska ilow, looma baahna in laga fikiro sidii deked kasta loo gudbin lahaa.
  • Kharashka: Waxaan horay u haystay VPS, hawlahan oo kale VPN casriga ah ayaa ku dhow lacag la'aan marka la eego kheyraadka.
  • Amniga: ma jiraan wax soo baxaya, waxaad ka tagi kartaa MongoDB la'aanteed sirta ah cidina ma xadi doonto xogtaada.

Sida had iyo jeer, waxaa jira qaar ka mid ah cilladaha. Marka hore, waa inaad u habayn kartaa macmiil kasta si gaar ah, oo ay ku jiraan dhinaca server-ka. Tani waxay noqon kartaa dhib haddii aad haysato tiro badan oo qalab ah oo aad rabto inaad ka hesho adeegyada. Marka labaad, waxaa laga yaabaa inaad leedahay shabakad maxalli ah oo shaqada ku jirta taas oo is dulsaaran xadka — waa inaad xallisaa arrintan.

Waxaan ubaahanahay:

  1. VPS (haddii aan ku jiro Debian 10).
  2. Router-ka OpenWRT.
  3. Taleefanka.
  4. Seerfar guri oo leh adeeg shabakadeed oo tijaabo ah.
  5. Gacmo toosan.

Sida teknoolojiyadda VPN, waxaan isticmaali doonaa WireguardXalkani waxa kale oo uu leeyahay awooddiisa iyo daciifnimadiisa, kuwaas oo aanan ku darin doonin. VPN-ka, waxaan isticmaalaa subnet. 192.168.99.0/24, iyo goobtayda 192.168.0.0/24.

Qaabeynta VPS

Xitaa VPS ugu yar ee 30 rubles bishii ayaa ku filan ganacsiga, haddii aad nasiib u leedahay inaad mid leedahay dafid.

Waxaan u sameeyaa dhammaan hawlaha server-ka sida xidid mashiinka nadiifka ah. Haddii loo baahdo, ku dar 'sudo' oo la qabso tilmaamaha.

Wireguard Ma aysan haysan waqti ay ku galaan xasillooni, sidaa darteed waxaan ku shaqeeyaa 'apt edit-sources' oo waxaan ku daraa backports laba sadar dhammaadka faylka:

deb http://deb.debian.org/debian/ buster-backports main
# deb-src http://deb.debian.org/debian/ buster-backports main

Xirmada waxaa loo rakibay sida caadiga ah: apt update && apt install wireguard.

Marka xigta, waxaan abuurnaa lamaane muhim ah: wg genkey | tee /etc/wireguard/vps.private | wg pubkey | tee /etc/wireguard/vps.publicKu soo celi hawlgalkan laba jeer oo kale qalab kasta oo ka qayb qaadanaya nidaamka. U beddel dariiqyada faylasha muhiimka ah ee aaladda kale oo xusuusnow inaad ilaaliso furayaashaada gaarka ah.

Hadda aan diyaarino config. Faylka ku jira /etc/wireguard/wg0.conf qaabeynta ayaa la dhigayaa:

[Interface]
Address = 192.168.99.1/24
ListenPort = 57953
PrivateKey = 0JxJPUHz879NenyujROVK0YTzfpmzNtbXmFwItRKdHs=

[Peer] # FurWRT
PublicKey = 36MMksSoKVsPYv9eyWUKPGMkEs3HS+8yIUqMV8F+JGw=
IP-yada la oggol yahay = 192.168.99.2/32,192.168.0.0/24

[Peer] # Taleefan casri ah
PublicKey = /vMiDxeUHqs40BbMfusB6fZhd+i5CIPHnfirr5m3TTI=
AllowedIPs = 192.168.99.3/32

Qaybta [Interface] goobaha mishiinka laftiisa ayaa lagu tilmaamay, iyo in [Peer] - settings loogu talagalay kuwa ku xiri doona. AllowedIPs Shabakado hoosaadyada loo diri doono asaagga u dhigma waxaa lagu kala saaray hakadyo. Sababtaas awgeed, saaxiibada aaladaha macmiilka ee ku jira shabakadaha VPN waa inay lahaadaan maaskaro. /32, wax kasta oo kale waxaa lagu wareejin doonaa server-ka. Maadaama shabakada guriga la marinayo OpenWRT, AllowedIPs Waxaan ku darnaa subnet-ka guriga kuwa u dhigma. PrivateKey и PublicKey U kala qaybi furaha gaarka ah ee loo soo saaray VPS iyo furayaasha guud ee asxaabta si waafaqsan.

Dhanka VPS, waxa kaliya ee haray in la sameeyo waa maamulida amarka bilaabi doona interface-ka oo ku dari doona bilowga: systemctl enable --now wg-quick@wg0Xaaladda hadda ee isku xirka waxaa lagu hubin karaa amarka wg.

Isku xidhka OpenWRT

Wax kasta oo aad u baahan tahay tillaabadan waxay ku jirtaa moduleka luci (Interface webka OpenWRT). Gal oo fur tab Software-ka ee ku jira menu System-ka. OpenWRT kuma kaydiso kaydka mashiinka, markaa waxaad u baahan tahay inaad dib u cusboonaysiiso liiska baakadaha la heli karo adigoo gujinaya cagaarka "Liiska Cusbooneysii". Marka la dhammeeyo, geli waxa soo socda shaandhada: luci-app-wireguard iyo, adoo eegaya daaqada leh geed ku tiirsanaanta quruxda badan, ku dheji xirmadan.

Shabakadaha menu-ka, dooro Interfaces oo guji cagaarka ku dar badhanka Interface-ka cusub ee liiska kuwa jira. Kadib gelida magaca (sidoo kale wg0 kiiskayga) iyo doorashada hab-maamuuska WireGuard VPN wuxuu furaa foomka dejinta oo leh afar tabs.

VPN guriga LAN

Dhinaca Settings General tab, waxaad u baahan tahay inaad geliso furaha gaarka ah iyo cinwaanka IP-ga ee loo diyaariyey OpenWRT oo ay weheliso subnet-ka.

VPN guriga LAN

In tab Settings Firewall, ku xidh interface shabakada maxaliga ah. Tani waxay u oggolaan doontaa xidhiidhada VPN inay si xor ah ugu qulqulaan shabakadda maxalliga ah.

VPN guriga LAN

On the Peers tab, dhagsii badhanka kaliya, ka dibna ku buuxi faahfaahinta VPS server-ka foomka la cusboonaysiiyay: furaha dadweynaha, IP-yada la oggol yahay (dhammaan shabakada hoose ee VPN waa in lagu wareejiyo server-ka). Goobta Hostpoint Host iyo Endpoint Port, geli ciwaanka IP-ga ee VPS iyo dekedda lagu sheegay dardaaranka Dhegeysiga Dhegeysiga. Fiiri sanduuqa IPs-ka ee la Ogol yahay si aad u abuurto waddooyin. U hubso inaad doorato Joogtaynta Joogtada ah, haddii kale tunnel ka VPS ilaa router waa la joojin doonaa haddii router uu ka danbeeyo NAT.

VPN guriga LAN

VPN guriga LAN

Taas ka dib, waxaad badbaadin kartaa goobaha ka dibna riix Save oo codso bogga liiska interface. Haddii loo baahdo, si cad u billow interface-ka adigoo gujinaya Dib u bilow.

Dejinta taleefanka casriga ah

Waxaad u baahan doontaa macmiil Wireguard, waxaa laga heli karaa F-Droid, Google Play iyo App Store. Fur app-ka, dhagsii calaamadda dheeriga ah, oo qeybta Interface-ka, geli magaca isku xirka, furaha gaarka ah (furaha dadweynaha si toos ah ayaa loo soo saari doonaa), iyo ciwaanka telefoonka leh maaskaro/32. Qaybta Peer, geli furaha dadweynaha ee VPS, ciwaanka serverka VPN iyo lammaanaha deked ahaan sida barta dhamaadka, iyo dariiqyada VPN iyo shabakadaha guriga.

Shaashadda geesinimada leh ee taleefanka
VPN guriga LAN

Waxaad gujisaa diskka geeska ku yaal, shid oo...

Waxaa la sameeyaa

Hadda waxaad heli kartaa la socodka guriga, bedeli kartaa goobaha router, ama waxaad samayn kartaa wax kasta oo heerka IP ah.

Sawirada shabakada maxaliga ah
VPN guriga LAN

VPN guriga LAN

VPN guriga LAN

Source: www.habr.com

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster