Ho theha WireGuard ho router ea Mikrotik e sebelisang OpenWrt

Maemong a mangata, ho hokahanya router ho VPN ha ho thata, empa haeba u batla ho sireletsa marang-rang kaofela 'me ka nako e ts'oanang u boloke lebelo le nepahetseng la ho hokahanya, joale tharollo e molemohali ke ho sebelisa kotopo ea VPN. WireGuard.

Li-routers Tsebo e ipakile e le litharollo tse tšepahalang le tse tenyetsehang haholo, empa ka bomalimabe Ts'ehetso ea WireGurd ho RouterOS ho ntse ho se joalo ebile ha ho tsejoe hore na e tla hlaha neng le ka tšebetso efe. Haufinyane tjena e ile ea tsejoa mabapi le seo baetsi ba kotopo ea WireGuard VPN ba se khothalelitseng patch set, e tla etsa hore software ea bona ea VPN tunneling e be karolo ea Linux kernel, re tšepa hore sena se tla kenya letsoho ho amoheloa ho RouterOS.

Empa hajoale, ka bomalimabe, ho lokisa WireGuard ho router ea Mikrotik, o hloka ho fetola firmware.

Ho benya Mikrotik, ho kenya le ho hlophisa OpenWrt

Pele u lokela ho etsa bonnete ba hore OpenWrt e tšehetsa mohlala oa hau. Sheba hore na mohlala o lumellana le lebitso la oona la papatso le setšoantšo u ka etela mikrotik.com.

Eya ho openwrt.com ho karolo ea ho jarolla firmware.

Bakeng sa sesebelisoa sena, re hloka lifaele tse 2:

downloads.openwrt.org/releases/18.06.2/targets/ar71xx/mikrotik/openwrt-18.06.2-ar71xx-mikrotik-rb-nor-flash-16M-initramfs-kernel.bin|elf

downloads.openwrt.org/releases/18.06.2/targets/ar71xx/mikrotik/openwrt-18.06.2-ar71xx-mikrotik-rb-nor-flash-16M-squashfs-sysupgrade.bin

U hloka ho khoasolla lifaele ka bobeli: kenya и apkreite.

1. Ho seta netweke, jarolla le ho seta seva sa PXE

Khoasolla Seva e nyane ea PXE bakeng sa mofuta oa morao-rao oa Windows.

Unzip ho foldareng e fapaneng. Ka faele ea config.ini eketsa parameter rfc951=1 karolo [dhcp]. Parameter ena e tšoana le mefuta eohle ea Mikrotik.

Ha re feteleng ho litlhophiso tsa marang-rang: o hloka ho ngolisa aterese ea IP e tsitsitseng ho e 'ngoe ea marang-rang a khomphutha ea hau.

Aterese ea IP: 192.168.1.10
Netmask: 255.255.255.0

Matha Seva e nyane ea PXE lebitsong la Mookameli ebe u khetha tšimong Sesebelisoa sa DHCP seva e nang le aterese 192.168.1.10

Liphetolelong tse ling tsa Windows, sebopeho sena se ka hlaha feela ka mor'a khokahanyo ea Ethernet. Ke khothaletsa ho hokahanya router 'me hang-hang u fetole router le PC ho sebelisa mohala oa patch.

Tobetsa konopo ea "..." (ka tlase ho le letona) 'me u hlalose foldara moo u khoasollang lifaele tsa firmware bakeng sa Mikrotik.

Khetha faele eo lebitso la eona le qetellang ka "initramfs-kernel.bin kapa elf"

2. Ho bulela router ho tswa ho seva sa PXE

Re kopanya PC ka terata le koung ea pele (wan, internet, poe in, ...) ea router. Ka mor'a moo, re nka leino la meno, re le khomarele ka sekoting ka mongolo o reng "Reset".

Re bula matla a router ebe re emela metsotsoana e 20, ebe re lokolla sesepa sa meno.
Motsotsong o latelang, melaetsa e latelang e lokela ho hlaha fensetereng ea Tiny PXE Server:

Haeba molaetsa o hlaha, joale o tseleng e nepahetseng!

Khutlisetsa litlhophiso ho adaptara ea marang-rang 'me u hlophise ho amohela aterese ka matla (ka DHCP).

Hokela likoung tsa LAN tsa router ea Mikrotik (2…5 molemong oa rona) u sebelisa mohala o tšoanang oa patch. E fetole ho tloha boema-kepeng ba 1 ho isa boema-kepeng ba bobeli. Bula aterese 192.168.1.1 sebatli.

Kena ho sebopeho sa tsamaiso sa OpenWRT ebe u ea karolong ea "System -> Backup / Flash Firmware"

Karolong ea "Flash new firmware image", tobetsa konopo ea "Khetha faele (Browse)".

Hlalosa tsela ea faele eo lebitso la eona le qetellang ka "-squashfs-sysupgrade.bin".

Ka mor'a moo, tobetsa konopo ea "Flash Image".

Ka fensetere e latelang, tobetsa konopo ea "Tsoelang Pele". Firmware e tla qala ho khoasolla ho router.

!!! HA HO TSOHLE U SE KE UA KHAOLA MATLA A ROUTER NAKONG EA TŠEBELETSO EA FIRMWARE !!!

Ka mor'a ho khantša le ho tsosolosa router, u tla fumana Mikrotik ka firmware ea OpenWRT.

Mathata le tharollo e ka bang teng

Lisebelisoa tse ngata tsa Mikrotik tse lokollotsoeng ka 2019 li sebelisa memori ea FLASH-NOR ea mofuta oa GD25Q15 / Q16. Bothata ke hore ha ho benya, data e mabapi le mohlala oa sesebelisoa ha e bolokehe.

Haeba u bona phoso "Faele ea setšoantšo e kentsoeng ha e na sebopeho se tšehetsoeng. Etsa bonnete ba hore u khetha mofuta oa setšoantšo sa generic bakeng sa sethala sa hau." joale ho ka etsahala hore ebe bothata bo ho flash.

Ho bonolo ho hlahloba sena: tsamaisa taelo ea ho hlahloba ID ea mohlala ho terminal ea sesebelisoa

root@OpenWrt: cat /tmp/sysinfo/board_name

'Me haeba u fumana karabo "e sa tsejoeng", joale u lokela ho hlalosa ka letsoho mohlala oa sesebelisoa ka mokhoa oa "rb-951-2nd"

Ho fumana mohlala oa sesebelisoa, tsamaisa taelo

root@OpenWrt: cat /tmp/sysinfo/model
MikroTik RouterBOARD RB951-2nd

Kamora ho amohela mofuta oa sesebelisoa, e kenye ka letsoho:

echo 'rb-951-2nd' > /tmp/sysinfo/board_name

Ka mor'a moo, o ka khantša sesebelisoa ka sebopeho sa websaete kapa ka ho sebelisa taelo ea "sysupgrade".

Theha seva ea VPN ka WireGuard

Haeba u se u ntse u e-na le seva e nang le WireGuard e hlophisitsoeng, u ka tlōla mohato ona.
Ke tla sebelisa sesebelisoa ho theha seva ea motho ea VPN MyVPN.RUN ka katse ke se ke ntse ke e hatisitse tlhahlobo.

Ho lokisa Client ea WireGuard ho OpenWRT

Hokela ho router ka SSH protocol:

ssh [email protected]

Kenya WireGuard:

opkg update
opkg install wireguard

Lokisetsa tlhophiso (kopitsa khoutu e ka tlase faeleng, tlosa litekanyetso tse boletsoeng ka tsa hau 'me u tsamaise ka har'a terminal).

Haeba u sebelisa MyVPN, joale ho tlhophiso e ka tlase u hloka feela ho fetoha WG_SERV - Seva ea IP WG_KEY - senotlolo sa poraefete ho tsoa ho faele ea tlhophiso ea wireguard le WG_PUB - senotlolo sa sechaba.

WG_IF="wg0"
WG_SERV="100.0.0.0" # ip адрес сервера
WG_PORT="51820" # порт wireguard
WG_ADDR="10.8.0.2/32" # диапазон адресов wireguard

WG_KEY="xxxxx" # приватный ключ
WG_PUB="xxxxx" # публичный ключ 

# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci rename firewall.@forwarding[0]="lan_wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart

# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"

uci add_list network.${WG_IF}.addresses="${WG_ADDR}"

# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key=""
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/1"
uci add_list network.wgserver.allowed_ips="128.0.0.0/1"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restart

Sena se phethela ho seta ha WireGuard! Hona joale sephethephethe sohle sa lisebelisoa tsohle tse hokahaneng se sirelelitsoe ke khokahano ea VPN.

litšupiso

Mohloli #1
Litaelo tse fetotsoeng ho MyVPN (litaelo tse ling tse fumanehang bakeng sa ho theha L2TP, PPTP ho firmware e tloaelehileng ea Mikrotik)
OpenWrt WireGuard Client

Source: www.habr.com