Ho tloha ho WireGuard motheo oa nakong e tlang Linux 5.6, ke nkile qeto ea ho bona hore na ke ka kopanya VPN ena joang le ea ka hantle. .
Lisebelisoa
- Raspberry Pi 3 e nang le module ea LTE le aterese ea IP ea sechaba. Ho tla ba le seva sa VPN mona (kamora mona ho sengoloa se bitsoa motho ea tsamaeang ka maoto)
- Fono e butsoe Android, e tlamehang ho sebelisa VPN bakeng sa puisano eohle
- Laptop Linux, e lokelang ho sebelisa VPN feela ka har'a marang-rang
Sesebelisoa se seng le se seng se hokelang VPN se tlameha ho khona ho hokela lisebelisoa tse ling kaofela. Ka mohlala, fono e lokela ho khona ho hokahanya le seva sa marang-rang ho laptop haeba lisebelisoa ka bobeli e le karolo ea marang-rang a VPN. Haeba setupo se bonahala se le bonolo haholo, o ka nahana ka ho hokela komporo ho VPN (ka Ethernet).
Ha ho nahanoa hore likhokahano tsa mehala le tsa waelese li ntse li fokola haholo ha nako e ntse e ea (, и ), Ke nahana ka botebo ho sebelisa WireGuard bakeng sa disebediswa tsohle tsa ka, ho sa tsotelehe hore na di sebetsa tikolohong efe.
Ho kenya software
WireGuard e fana bakeng sa boholo ba kabo Linux, Windows и macOSLikopo tsa Android 'me iOS e romelloa ka mabenkele a li-app.
Ke na le Fedora ea morao-rao Linux 31, 'me pele ke kenya ke ne ke le botsoa haholo ho bala buka ea litaelo. Ke sa tsoa fumana liphutheloana. wireguard-tools, ba li kentse, 'me ba sitoa ho fumana hore na ke hobane'ng ha ho se letho le sebetsang. Lipatlisiso tse ling li senotse hore ha ke na sephutheloana se kentsoeng wireguard-dkms (ka mokhanni oa marang-rang), empa e ne e se sebakeng sa polokelo ea kabo ea ka.
Haeba ke ne ke balile litaelo, nka be ke nkile mehato e nepahetseng:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools Ke na le kabo ea Raspbian Buster e kentsoeng ho Raspberry Pi ea ka, ho se ho ntse ho e-na le sephutheloana moo wireguard, kenya:
$ sudo apt install wireguardMo fonong Android Ke kentse sesebelisoa ho tsoa lethathamong la semmuso la Google App Store.
Ho kenya linotlolo
Ho netefatsa li-node Wireguard E sebelisa mokhoa o bonolo oa senotlolo sa poraefete/sa sechaba ho netefatsa li-node tsa VPN. U ka hlahisa li-node tsa VPN habonolo ka taelo e latelang:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keySena se re fa lipara tse tharo tsa bohlokoa (lifaele tse tšeletseng). Re ke ke ra bua ka lifaele tse ho li-configs, empa kopitsa litaba tse ka hare mona: senotlolo ka seng ke mola o le mong ho base64.
Ho theha faele ea tlhophiso bakeng sa seva sa VPN (Raspberry Pi)
Tlhophiso e bonolo haholo, ke thehile faele e latelang /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32Lintlha tse 'maloa:
- Libakeng tse loketseng u hloka ho kenya mela e tsoang lifaeleng tse nang le linotlolo
- VPN ea ka e sebelisa sehlopha sa kahare
10.200.200.0/24 - Bakeng sa lihlopha
PostUp/PostDownKe na le sebopeho sa marang-rang sa kantle wwan0, o kanna oa ba le se fapaneng (mohlala, eth0)
Marang-rang a VPN a phahamisoa habonolo ka taelo e latelang:
$ sudo wg-quick up wg0 Lintlha tse nyane: joalo ka seva ea DNS eo ke e sebelisitseng dnsmasq tlameletsoe ho sehokelo sa marang-rang br0, Ke boetse ke kentse lisebelisoa wg0 lethathamong la lisebelisoa tse lumelletsoeng. Ho dnsmasq sena se etsoa ka ho kenyelletsa mohala o mocha oa sebopeho sa marang-rang ho faele ea tlhophiso /etc/dnsmasq.confmohlala:
interface=br0
interface=wg0Ho feta moo, ke kentse molao oa iptable ho lumella sephethephethe ho ea boema-kepe ba ho mamela UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTKaha joale ntho e 'ngoe le e' ngoe e se e sebetsa, re ka theha ho qala ha kotopo ea VPN ka boiketsetso:
$ sudo systemctl enable wg-quick@wg0.serviceTlhophiso ea bareki ho laptop
Theha faele ea tlhophiso ho laptop /etc/wireguard/wg0.conf ka li-setting tse tšoanang:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Lintlha:
- Sebakeng sa edgewalker o hloka ho hlakisa IP ea sechaba kapa seva sa VPN
- Ka ho beha
AllowedIPsmabapi le10.200.200.0/24, re sebelisa VPN feela ho fihlella marang-rang a ka hare. Sephethephethe ho liaterese / li-server tse ling kaofela tsa IP li tla tsoelapele ho feta liteishene tse bulehileng tse "tloaelehileng". E tla boela e sebelise seva ea DNS e lokiselitsoeng pele ho laptop.
Ho etsa liteko le ho qala ka boiketsetso re sebelisa litaelo tse tšoanang wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable wg-quick@wg0.serviceHo seta moreki bakeng sa Android-fono
Bakeng sa mohala Android Re theha faele ea tlhophiso e tšoanang haholo (ha re e bitseng mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820 Ho fapana le tlhophiso ea laptop, mohala o tlameha ho sebelisa seva sa rona sa VPN joalo ka seva sa DNS (line DNS), hape o fetisa sephethephethe sohle ka har'a kotopo ea VPN (AllowedIPs = 0.0.0.0/0).
Sebakeng sa ho kopitsa faele sesebelisoa sa hau sa mohala, o ka e fetolela ho khoutu ea QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confKhoutu ea QR e tla hlahisoa ho khomphutha e le ASCII. E ka skenoa ho tsoa ho app. Android VPN le ho lokisa kotopo ea VPN ka bo eona.
fihlela qeto e
phetoho WireGuard feela boselamose ha bo bapisoa le OpenVPN.
Source: www.habr.com
