Ngoba WireGuard yeLinux kernel 5.6 ezayo, nginqume ukubona ukuthi ngingayihlanganisa kanjani le VPN neyami .
Izinsiza
- I-Raspberry Pi 3 enemojuli ye-LTE nekheli le-IP lomphakathi. Kuzoba neseva ye-VPN lapha (ngemuva kwalokhu embhalweni ebizwa ngokuthi i-edgewalker)
- Ifoni ye-Android okufanele isebenzise i-VPN kukho konke ukuxhumana
- I-laptop ye-Linux okufanele isebenzise i-VPN ngaphakathi kwenethiwekhi kuphela
Yonke idivayisi exhuma ku-VPN kufanele ikwazi ukuxhuma kuwo wonke amanye amadivayisi. Isibonelo, ifoni kufanele ikwazi ukuxhuma kuseva yewebhu kukhompuyutha ephathekayo uma womabili amadivaysi eyingxenye yenethiwekhi ye-VPN. Uma ukusetha kuvela kulula kakhulu, ungacabanga ngokuxhuma ideskithophu ku-VPN (nge-Ethernet).
Uma kucatshangelwa ukuthi uxhumo olunezintambo nolwezintambo luya ngokuya luvikeleka kancane ngokuhamba kwesikhathi (, и ), ngicabanga ngokungathí sina ukusebenzisa i-WireGuard kuwo wonke amadivayisi ami, noma ngabe ukuyiphi indawo.
Ukufakwa kwesoftware
I-WireGuard ihlinzeka kokusatshalaliswa okuningi kwe-Linux, Windows kanye ne-macOS. Izinhlelo zokusebenza ze-Android ne-iOS zilethwa ngohlu lwemibhalo yohlelo lokusebenza.
Ngine-Fedora Linux 31 yakamuva, futhi bengivilapha kakhulu ukufunda imanuwali ngaphambi kokuyifaka. Ngisanda kuthola amaphakheji wireguard-tools, bazifakile, base bengakwazi ukuthola ukuthi kungani kungekho lutho olusebenzayo. Uphenyo olwengeziwe luveze ukuthi anginalo iphakethe elifakiwe wireguard-dkms (nomshayeli wenethiwekhi), kodwa ibingekho endaweni yokugcina yokusabalalisa kwami.
Ukube ngifunde imiyalelo, bengizothatha izinyathelo ezifanele:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools
Nginokusabalalisa kwe-Raspbian Buster efakwe ku-Raspberry Pi yami, sekuvele kunephakheji lapho wireguard, yifake:
$ sudo apt install wireguardEfonini yami ye-Android ngifake uhlelo lokusebenza kusukela kukhathalogi esemthethweni ye-Google App Store.
Ukufakwa kokhiye
Ukufakazela ubuqiniso kontanga, i-Wireguard isebenzisa isikimu esilula sokhiye oyimfihlo/osesidlangalaleni ukuze uqinisekise ontanga ye-VPN. Ungakha kalula okhiye be-VPN usebenzisa umyalo olandelayo:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyLokhu kusinika amapheya amathathu okhiye (amafayela ayisithupha). Ngeke sibhekisele kumafayela kuzilungiselelo, kodwa kopisha okuqukethwe lapha: ukhiye ngamunye uwumugqa owodwa ku-base64.
Ukudala ifayela lokucushwa leseva ye-VPN (Raspberry Pi)
Ukucushwa kulula, ngidale ifayela elilandelayo /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32Amanothi ambalwa:
- Ezindaweni ezifanele udinga ukufaka imigqa esuka kumafayela ngokhiye
- I-VPN yami isebenzisa ibhendi yangaphakathi
10.200.200.0/24 - Okwamaqembu
PostUp/PostDownNginesixhumi esibonakalayo senethiwekhi yangaphandle i-wwan0, ungase ube nehlukile (isibonelo, i-eth0)
Inethiwekhi ye-VPN iphakanyiswa kalula ngomyalo olandelayo:
$ sudo wg-quick up wg0
Umniningwane owodwa omncane: njengeseva ye-DNS engangiyisebenzisa dnsmasq iboshelwe esibonakalayo senethiwekhi br0, ngingeze nezisetshenziswa wg0 ohlwini lwamadivayisi avunyelwe. Ku-dnsmasq lokhu kwenziwa ngokwengeza umugqa wokuxhumana wenethiwekhi omusha kufayela lokumisa /etc/dnsmasq.confisibonelo:
interface=br0
interface=wg0Ukwengeza, ngengeze umthetho we-iptable ukuvumela ithrafikhi embobeni yokulalela ye-UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTManje njengoba yonke into isisebenza, singasetha ukwethulwa okuzenzakalelayo komhubhe we-VPN:
$ sudo systemctl enable [email protected]Ukucushwa kweklayenti kukhompuyutha ephathekayo
Dala ifayela lokumisa kukhompuyutha ephathekayo /etc/wireguard/wg0.conf ngezilungiselelo ezifanayo:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Amanothi:
- Esikhundleni se-edgewalker udinga ukucacisa i-IP yomphakathi noma iseva ye-VPN
- Ngokubeka
AllowedIPson10.200.200.0/24, sisebenzisa kuphela i-VPN ukuze sifinyelele inethiwekhi yangaphakathi. Ithrafikhi eya kuwo wonke amanye amakheli/amaseva e-IP izoqhubeka nokudlula eziteshini ezivuliwe “ezivamile”. Izophinda isebenzise iseva ye-DNS emiswe ngaphambilini kukhompuyutha ephathekayo.
Ukuze sihlole futhi siqalise ngokuzenzakalelayo sisebenzisa imiyalo efanayo wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable [email protected]Ukusetha iklayenti kufoni ye-Android
Ocingweni lwe-Android sakha ifayela lokumisa elicishe lifane (ake silibize mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820
Ngokungafani nokucushwa kwekhompyutha ephathekayo, ifoni kufanele isebenzise iseva yethu ye-VPN njengeseva ye-DNS (umugqa DNS), futhi iphinde idlule yonke ithrafikhi emhubheni we-VPN (AllowedIPs = 0.0.0.0/0).
Esikhundleni sokukopisha ifayela kudivayisi yakho yeselula, ungaliguqulela kukhodi ye-QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confIkhodi ye-QR izophumela kukhonsoli njenge-ASCII. Ingaskenwa ohlelweni lokusebenza lwe-Android VPN futhi izosetha ngokuzenzakalelayo umhubhe we-VPN.
isiphetho
Ukusetha i-WireGuard kuwumlingo uma kuqhathaniswa ne-OpenVPN.
Source: www.habr.com