Ekubeni WireGuard isiseko sexesha elizayo Linux 5.6, ndigqibe ekubeni ndibone indlela engcono yokudibanisa le VPN kunye neyam .
Izixhobo
- I-Raspberry Pi 3 enemodyuli ye-LTE kunye nedilesi ye-IP yoluntu. Kuya kubakho iseva yeVPN apha (emva koku kumbhalo obizwa ngokuba yi edgewalker)
- Ifowuni ivuliwe Android, ekufuneka isebenzise i-VPN kuzo zonke iindlela zonxibelelwano
- Laptop Linux, ekufuneka isebenzise i-VPN kuphela ngaphakathi kwinethiwekhi
Zonke izixhobo eziqhagamshela kwi-VPN kufuneka zikwazi ukuqhagamshela kuzo zonke ezinye izixhobo. Umzekelo, ifowuni kufuneka ikwazi ukuqhagamshela kwiseva yewebhu kwilaptop ukuba zombini izixhobo ziyinxalenye yenethiwekhi yeVPN. Ukuba ucwangciso lujika lube lula, ngoko unokucinga ngokuqhagamshela i-desktop kwi-VPN (nge-Ethernet).
Uthathela ingqalelo ukuba unxibelelwano lweengcingo kunye neengcingo luya luncipha kwaye lukhuseleka kancinci ekuhambeni kwexesha (, и ), Ndicinga nzulu ngokusebenzisa WireGuard kuzo zonke izixhobo zam, nokuba zisebenza kwindawo enjani na.
Ukufakwa kwesoftware
WireGuard ibonelela kwiintlobo ezininzi zokusasazwa Linux, Windows и macOSIzicelo ze Android kwaye i-iOS ihanjiswa ngee-app stores.
NdineFedora yamva nje Linux 31, kwaye ngaphambi kokufaka bendisonqena kakhulu ukufunda incwadi yemiyalelo. Ndisandula ukufumana iipakeji. wireguard-tools, bazifakile, kwaye emva koko abakwazanga ukuqonda ukuba kutheni kungekho nto isebenzayo. Uphando olungaphaya luveze ukuba andinayo iphakheji efakiweyo wireguard-dkms (nomqhubi womnatha), kodwa ibingekho kwindawo yokugcina unikezelo lwam.
Ukuba bendiyifundile imiyalelo, ngendithathe amanyathelo achanekileyo:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools Ndinokusasazwa kwe-Raspbian Buster efakwe kwi-Raspberry Pi yam, sele kukho ipakethe apho wireguard, yifake:
$ sudo apt install wireguardKumnxaba Android Ndifake isicelo ukusuka kwikhathalogu esemthethweni yeGoogle App Store.
Ukufakwa kwezitshixo
Ukuqinisekisa ii-nodes Wireguard Isebenzisa icebo elilula lesitshixo sabucala/sikawonke-wonke ukuqinisekisa ii-node zeVPN. Ungenza izitshixo zeVPN ngokulula ngomyalelo olandelayo:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyOku kusinika izibini ezingundoqo ezintathu (iifayile ezintandathu). Asiyi kubhekisela kwiifayile kwi-configs, kodwa kopisha imixholo apha: isitshixo ngasinye ngumgca omnye kwi-base64.
Ukwenza ifayile yoqwalaselo yeseva yeVPN (Raspberry Pi)
Uqwalaselo lulula kakhulu, ndidale le fayile ilandelayo /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32Amanqaku ambalwa:
- Kwiindawo ezifanelekileyo kufuneka ufake imigca kwiifayile ezinezitshixo
- I-VPN yam isebenzisa ibhendi yangaphakathi
10.200.200.0/24 - Amaqela
PostUp/PostDownNdinojongano lomsebenzi womnatha wangaphandle wwan0, unokuba nenye eyahlukileyo (umzekelo, eth0)
Inethiwekhi yeVPN iphakanyiswa ngokulula ngalo myalelo ulandelayo:
$ sudo wg-quick up wg0 Inkcukacha enye encinci: njengeseva ye-DNS endiyisebenzisileyo dnsmasq ibotshelelwe kujongano lwenethiwekhi br0, ndongeze izixhobo wg0 kuluhlu lwezixhobo ezivumelekileyo. Kwi-dnsmasq oku kwenziwa ngokongeza umgca wojongano lomsebenzi womnatha omtsha kwifayile yoqwalaselo /etc/dnsmasq.conf, umzekelo:
interface=br0
interface=wg0Ukongezelela, ndongeze umgaqo we-iptable ukuvumela i-traffic kwi-port ye-UDP yokumamela (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTNgoku ukuba yonke into isebenza, sinokuseta ukuqaliswa ngokuzenzekelayo kwetonela yeVPN:
$ sudo systemctl enable wg-quick@wg0.serviceUbume bomthengi kwilaptop
Yenza ifayile yoqwalaselo kwilaptop /etc/wireguard/wg0.conf ngoseto olufanayo:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Amanqaku:
- Esikhundleni se-edgewalker kufuneka uchaze i-IP yoluntu okanye i-server ye-VPN host
- Ngokumisela
AllowedIPsphezu10.200.200.0/24, sisebenzisa kuphela i-VPN ukufikelela kwinethiwekhi yangaphakathi. I-Traffic kuzo zonke ezinye iidilesi ze-IP / iiseva ziya kuqhubeka zihamba ngeendlela ezivulekileyo "eziqhelekileyo". Iya kusebenzisa iseva ye-DNS esele iqwalaselwe kwilaptop.
Ukuvavanya kunye nokuqalisa ngokuzenzekelayo sisebenzisa imiyalelo efanayo wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable wg-quick@wg0.serviceUkuseta umthengi we Android-ifowuni
Yefowuni Android Sakha ifayile yoqwalaselo efanayo kakhulu (masiyibize mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820 Ngokungafaniyo noqwalaselo kwilaptop, ifowuni kufuneka isebenzise iseva yethu yeVPN njengeseva yeDNS (umgca DNS), kwaye ugqithise zonke iitrafikhi kwitonela yeVPN (AllowedIPs = 0.0.0.0/0).
Endaweni yokukopa ifayile kwisixhobo sakho esiphathwayo, unokuyiguqulela kwikhowudi ye-QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confIkhowudi yeQR iya kukhutshwa kwikhonsoli njenge-ASCII. Ingaskenwa kwi-app. Android I-VPN kwaye ulungiselele ngokuzenzekelayo umjelo we-VPN.
isiphelo
Yenza ngokwezifiso WireGuard nje umlingo xa kuthelekiswa OpenVPN.
umthombo: www.habr.com
