Hobane WireGuard
Lisebelisoa
- Raspberry Pi 3 e nang le module ea LTE le aterese ea IP ea sechaba. Ho tla ba le seva sa VPN mona (kamora mona ho sengoloa se bitsoa motho ea tsamaeang ka maoto)
- Fono ea Android e tlamehang ho sebelisa VPN bakeng sa likhokahano tsohle
- Laptop ea Linux e lokelang ho sebelisa VPN feela ka har'a marang-rang
Sesebelisoa se seng le se seng se hokelang VPN se tlameha ho khona ho hokela lisebelisoa tse ling kaofela. Ka mohlala, fono e lokela ho khona ho hokahanya le seva sa marang-rang ho laptop haeba lisebelisoa ka bobeli e le karolo ea marang-rang a VPN. Haeba setupo se bonahala se le bonolo haholo, o ka nahana ka ho hokela komporo ho VPN (ka Ethernet).
Ha ho nahanoa hore likhokahano tsa mehala le tsa waelese li ntse li fokola haholo ha nako e ntse e ea (
Ho kenya software
WireGuard e fana ka
Ke na le Fedora Linux 31 ea morao-rao, 'me ke ne ke le botsoa haholo ho bala bukana pele ke e kenya. Ke fumane liphutheloana feela wireguard-tools
, ba li kentse, 'me ba sitoa ho fumana hore na ke hobane'ng ha ho se letho le sebetsang. Lipatlisiso tse ling li senotse hore ha ke na sephutheloana se kentsoeng wireguard-dkms
(ka mokhanni oa marang-rang), empa e ne e se sebakeng sa polokelo ea kabo ea ka.
Haeba ke ne ke balile litaelo, nka be ke nkile mehato e nepahetseng:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Ke na le kabo ea Raspbian Buster e kentsoeng ho Raspberry Pi ea ka, ho se ho ntse ho e-na le sephutheloana moo wireguard
, kenya:
$ sudo apt install wireguard
Mohaleng oa ka oa Android ke kentse kopo
Ho kenya linotlolo
Bakeng sa netefatso ea lithaka, Wireguard e sebelisa leano le bonolo la lekunutu / la sechaba ho netefatsa lithaka tsa VPN. U ka etsa linotlolo tsa VPN habonolo u sebelisa taelo e latelang:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.key
Sena se re fa lipara tse tharo tsa bohlokoa (lifaele tse tšeletseng). Re ke ke ra bua ka lifaele tse ho li-configs, empa kopitsa litaba tse ka hare mona: senotlolo ka seng ke mola o le mong ho base64.
Ho theha faele ea tlhophiso bakeng sa seva sa VPN (Raspberry Pi)
Tlhophiso e bonolo haholo, ke thehile faele e latelang /etc/wireguard/wg0.conf
:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32
Пару замечаний:
- Libakeng tse loketseng u hloka ho kenya mela e tsoang lifaeleng tse nang le linotlolo
- VPN ea ka e sebelisa sehlopha sa kahare
10.200.200.0/24
- Bakeng sa lihlopha
PostUp
/PostDown
Ke na le sebopeho sa marang-rang sa kantle wwan0, o kanna oa ba le se fapaneng (mohlala, eth0)
Marang-rang a VPN a phahamisoa habonolo ka taelo e latelang:
$ sudo wg-quick up wg0
Lintlha tse nyane: joalo ka seva ea DNS eo ke e sebelisitseng dnsmasq
tlameletsoe ho sehokelo sa marang-rang br0
, Ke boetse ke kentse lisebelisoa wg0
lethathamong la lisebelisoa tse lumelletsoeng. Ho dnsmasq sena se etsoa ka ho kenyelletsa mohala o mocha oa sebopeho sa marang-rang ho faele ea tlhophiso /etc/dnsmasq.conf
mohlala:
interface=br0
interface=wg0
Ho feta moo, ke kentse molao oa iptable ho lumella sephethephethe ho ea boema-kepe ba ho mamela UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT
Kaha joale ntho e 'ngoe le e' ngoe e se e sebetsa, re ka theha ho qala ha kotopo ea VPN ka boiketsetso:
$ sudo systemctl enable [email protected]
Tlhophiso ea bareki ho laptop
Theha faele ea tlhophiso ho laptop /etc/wireguard/wg0.conf
ka li-setting tse tšoanang:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820
Lintlha:
- Sebakeng sa edgewalker o hloka ho hlakisa IP ea sechaba kapa seva sa VPN
- Ka ho beha
AllowedIPs
mabapi le10.200.200.0/24
, re sebelisa VPN feela ho fihlella marang-rang a ka hare. Sephethephethe ho liaterese / li-server tse ling kaofela tsa IP li tla tsoelapele ho feta liteishene tse bulehileng tse "tloaelehileng". E tla boela e sebelise seva ea DNS e lokiselitsoeng pele ho laptop.
Ho etsa liteko le ho qala ka boiketsetso re sebelisa litaelo tse tšoanang wg-quick
и systemd
:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]
Ho theha moreki ka mohala oa Android
Bakeng sa mohala oa Android re theha faele ea tlhophiso e ts'oanang haholo (ha re e bitse mobile.conf
):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
Ho fapana le tlhophiso ea laptop, mohala o tlameha ho sebelisa seva sa rona sa VPN joalo ka seva sa DNS (line DNS
), hape o fetisa sephethephethe sohle ka har'a kotopo ea VPN (AllowedIPs = 0.0.0.0/0
).
Sebakeng sa ho kopitsa faele sesebelisoa sa hau sa mohala, o ka e fetolela ho khoutu ea QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf
Khoutu ea QR e tla hlahisoa ho console joalo ka ASCII. E ka hlahlojoa ho tsoa ho sesebelisoa sa VPN sa Android mme e tla iketsetsa kotopo ea VPN.
fihlela qeto e
Ho theha WireGuard ke boselamose ha ho bapisoa le OpenVPN.
Source: www.habr.com