Nitori WireGuard
Awọn ohun elo
- Rasipibẹri Pi 3 pẹlu module LTE ati adirẹsi IP ti gbogbo eniyan. Olupin VPN yoo wa nibi (lẹhin ninu ọrọ ti o pe alarinkiri)
- Foonu Android kan ti o gbọdọ lo VPN fun gbogbo awọn ibaraẹnisọrọ
- Kọǹpútà alágbèéká Linux ti o yẹ ki o lo VPN nikan laarin nẹtiwọọki
Gbogbo ẹrọ ti o sopọ si VPN gbọdọ ni anfani lati sopọ si gbogbo awọn ẹrọ miiran. Fun apẹẹrẹ, foonu kan yẹ ki o ni anfani lati sopọ si olupin wẹẹbu kan lori kọǹpútà alágbèéká kan ti awọn ẹrọ mejeeji ba jẹ apakan ti nẹtiwọọki VPN kan. Ti iṣeto ba wa ni irọrun, lẹhinna o le ronu nipa sisopọ tabili tabili si VPN (nipasẹ Ethernet).
Ṣiyesi pe awọn asopọ onirin ati awọn asopọ alailowaya ti dinku ati dinku ni aabo ju akoko lọ (
Fifi sori ẹrọ sọfitiwia
WireGuard pese
Mo ni Fedora Linux 31 tuntun, ati pe Mo jẹ ọlẹ pupọ lati ka iwe afọwọkọ ṣaaju fifi sori ẹrọ. O kan ri awọn idii wireguard-tools
, fi sori ẹrọ wọn, ati lẹhinna ko le mọ idi ti ko si nkan ti n ṣiṣẹ. Iwadi siwaju sii fihan pe Emi ko ni package ti o fi sii wireguard-dkms
(pẹlu awakọ nẹtiwọọki), ṣugbọn ko si ni ibi ipamọ ti pinpin mi.
Ti MO ba ti ka awọn itọnisọna naa, Emi yoo ti gbe awọn igbesẹ to pe:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Mo ni pinpin Raspbian Buster sori ẹrọ Rasipibẹri Pi mi, package kan ti wa tẹlẹ nibẹ wireguard
, fi sori ẹrọ:
$ sudo apt install wireguard
Lori foonu Android mi Mo fi ohun elo naa sori ẹrọ
Fifi sori ẹrọ ti awọn bọtini
Fun ìfàṣẹsí ẹlẹgbẹ, Wireguard nlo ilana ikọkọ ti o rọrun/ẹda bọtini ita gbangba lati jẹri awọn ẹlẹgbẹ VPN. O le ni rọọrun ṣẹda awọn bọtini VPN ni lilo pipaṣẹ atẹle:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.key
Eyi fun wa ni awọn orisii bọtini mẹta (faili mẹfa). A kii yoo tọka si awọn faili ti o wa ninu awọn atunto, ṣugbọn daakọ awọn akoonu nibi: bọtini kọọkan jẹ laini kan ni base64.
Ṣiṣẹda faili iṣeto ni fun olupin VPN (Rasipibẹri Pi)
Iṣeto ni ohun rọrun, Mo ti ṣẹda awọn wọnyi faili /etc/wireguard/wg0.conf
:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32
Awọn akọsilẹ meji:
- Ni awọn aaye ti o yẹ o nilo lati fi awọn ila lati awọn faili pẹlu awọn bọtini
- VPN mi nlo ẹgbẹ inu
10.200.200.0/24
- Fun awọn ẹgbẹ
PostUp
/PostDown
Mo ni wiwo nẹtiwọọki ita wwan, o le ni ọkan ti o yatọ (fun apẹẹrẹ, eth0)
Nẹtiwọọki VPN ni irọrun dide pẹlu aṣẹ atẹle:
$ sudo wg-quick up wg0
Alaye kekere kan: bi olupin DNS ti Mo lo dnsmasq
so si nẹtiwọki ni wiwo br0
, Mo tun fi kun awọn ẹrọ wg0
si akojọ awọn ẹrọ ti a gba laaye. Ni dnsmasq eyi ni a ṣe nipa fifi laini wiwo nẹtiwọọki tuntun kun si faili iṣeto /etc/dnsmasq.conf
fun apẹẹrẹ:
interface=br0
interface=wg0
Ni afikun, Mo ṣafikun ofin iptable kan lati gba ijabọ laaye si ibudo gbigbọ UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPT
Ni bayi pe ohun gbogbo n ṣiṣẹ, a le ṣeto ifilọlẹ aifọwọyi ti eefin VPN:
$ sudo systemctl enable [email protected]
Onibara iṣeto ni lori laptop
Ṣẹda faili iṣeto ni kọǹpútà alágbèéká kan /etc/wireguard/wg0.conf
pẹlu awọn eto kanna:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820
Awọn akọsilẹ:
- Dipo alarinkiri eti o nilo lati pato IP ti gbogbo eniyan tabi olupin olupin VPN
- Nipa eto
AllowedIPs
on10.200.200.0/24
, VPN nikan ni a lo lati wọle si nẹtiwọọki inu. Ijabọ si gbogbo awọn adiresi IP miiran / awọn olupin yoo tẹsiwaju lati lọ nipasẹ awọn ikanni ṣiṣi "deede". Yoo tun lo olupin DNS ti a ti tunto tẹlẹ lori kọǹpútà alágbèéká.
Fun idanwo ati ifilọlẹ aifọwọyi a lo awọn aṣẹ kanna wg-quick
и systemd
:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]
Ṣiṣeto alabara kan lori foonu Android kan
Fun foonu Android kan a ṣẹda faili iṣeto ti o jọra pupọ (jẹ ki a pe mobile.conf
):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
Ko dabi iṣeto ni kọǹpútà alágbèéká, foonu naa gbọdọ lo olupin VPN wa bi olupin DNS (laini DNS
), ati tun kọja gbogbo awọn ijabọ nipasẹ oju eefin VPN (AllowedIPs = 0.0.0.0/0
).
Dipo didakọ faili naa si ẹrọ alagbeka rẹ, o le yi pada si koodu QR kan:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.conf
Koodu QR yoo jade si console bi ASCII. O le ṣe ọlọjẹ rẹ lati inu ohun elo VPN Android ati ṣeto eefin VPN laifọwọyi.
ipari
Ṣiṣeto WireGuard jẹ idan lasan ni akawe si OpenVPN.
orisun: www.habr.com