Kusukela WireGuard umongo wesikhathi esizayo Linux 5.6, nginqume ukubona ukuthi ngingayihlanganisa kanjani le VPN neyami .
Izinsiza
- I-Raspberry Pi 3 enemojuli ye-LTE nekheli le-IP lomphakathi. Kuzoba neseva ye-VPN lapha (ngemuva kwalokhu embhalweni ebizwa ngokuthi i-edgewalker)
- Ucingo luvuliwe Android, okumele isebenzise i-VPN kuzo zonke izindlela zokuxhumana
- Laptop Linux, okufanele isebenzise i-VPN kuphela ngaphakathi kwenethiwekhi
Yonke idivayisi exhuma ku-VPN kufanele ikwazi ukuxhuma kuwo wonke amanye amadivayisi. Isibonelo, ifoni kufanele ikwazi ukuxhuma kuseva yewebhu kukhompuyutha ephathekayo uma womabili amadivaysi eyingxenye yenethiwekhi ye-VPN. Uma ukusetha kuvela kulula kakhulu, ungacabanga ngokuxhuma ideskithophu ku-VPN (nge-Ethernet).
Uma kucatshangelwa ukuthi uxhumo olunezintambo nolwezintambo luya ngokuya luvikeleka kancane ngokuhamba kwesikhathi (, и ), ngicabanga ngokujulile ukusebenzisa WireGuard kuwo wonke amadivayisi ami, kungakhathaliseki ukuthi asebenza kuyiphi indawo.
Ukufakwa kwesoftware
WireGuard ihlinzeka kokusatshalaliswa okuningi Linux, Windows и macOSIzicelo ze Android futhi i-iOS ilethwa ngezitolo zezinhlelo zokusebenza.
Nginayo i-Fedora yakamuva Linux 31, futhi ngaphambi kokufaka nganginqena kakhulu ukufunda incwadi yemiyalelo. Ngisanda kuthola amaphakheji. wireguard-tools, bazifakile, base bengakwazi ukuthola ukuthi kungani kungekho lutho olusebenzayo. Uphenyo olwengeziwe luveze ukuthi anginalo iphakethe elifakiwe wireguard-dkms (nomshayeli wenethiwekhi), kodwa ibingekho endaweni yokugcina yokusabalalisa kwami.
Ukube ngifunde imiyalelo, bengizothatha izinyathelo ezifanele:
$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools Nginokusabalalisa kwe-Raspbian Buster efakwe ku-Raspberry Pi yami, sekuvele kunephakheji lapho wireguard, yifake:
$ sudo apt install wireguardOcingweni Android Ngifake uhlelo lokusebenza kusukela kukhathalogi esemthethweni ye-Google App Store.
Ukufakwa kokhiye
Ukuqinisekisa ama-node Wireguard Isebenzisa uhlelo olulula lokhiye wangasese/womphakathi ukuqinisekisa ama-node e-VPN. Ungakha kalula okhiye be-VPN ngomyalo olandelayo:
$ wg genkey | tee wg-laptop-private.key | wg pubkey > wg-laptop-public.key
$ wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
$ wg genkey | tee wg-mobile-private.key | wg pubkey > wg-mobile-public.keyLokhu kusinika amapheya amathathu okhiye (amafayela ayisithupha). Ngeke sibhekisele kumafayela kuzilungiselelo, kodwa kopisha okuqukethwe lapha: ukhiye ngamunye uwumugqa owodwa ku-base64.
Ukudala ifayela lokucushwa leseva ye-VPN (Raspberry Pi)
Ukucushwa kulula, ngidale ifayela elilandelayo /etc/wireguard/wg0.conf:
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = <copy private key from wg-server-private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# laptop
PublicKey = <copy public key from wg-laptop-public.key>
AllowedIPs = 10.200.200.2/32
[Peer]
# mobile phone
PublicKey = <copy public key from wg-mobile-public.key>
AllowedIPs = 10.200.200.3/32Amanothi ambalwa:
- Ezindaweni ezifanele udinga ukufaka imigqa esuka kumafayela ngokhiye
- I-VPN yami isebenzisa ibhendi yangaphakathi
10.200.200.0/24 - Okwamaqembu
PostUp/PostDownNginesixhumi esibonakalayo senethiwekhi yangaphandle i-wwan0, ungase ube nehlukile (isibonelo, i-eth0)
Inethiwekhi ye-VPN iphakanyiswa kalula ngomyalo olandelayo:
$ sudo wg-quick up wg0 Umniningwane owodwa omncane: njengeseva ye-DNS engangiyisebenzisa dnsmasq iboshelwe esibonakalayo senethiwekhi br0, ngingeze nezisetshenziswa wg0 ohlwini lwamadivayisi avunyelwe. Ku-dnsmasq lokhu kwenziwa ngokwengeza umugqa wokuxhumana wenethiwekhi omusha kufayela lokumisa /etc/dnsmasq.confisibonelo:
interface=br0
interface=wg0Ukwengeza, ngengeze umthetho we-iptable ukuvumela ithrafikhi embobeni yokulalela ye-UDP (51280):
$ sudo iptables -I INPUT -p udp --dport 51820 -j ACCEPTManje njengoba yonke into isisebenza, singasetha ukwethulwa okuzenzakalelayo komhubhe we-VPN:
$ sudo systemctl enable wg-quick@wg0.serviceUkucushwa kweklayenti kukhompuyutha ephathekayo
Dala ifayela lokumisa kukhompuyutha ephathekayo /etc/wireguard/wg0.conf ngezilungiselelo ezifanayo:
[Interface]
Address = 10.200.200.2/24
PrivateKey = <copy private key from wg-laptop-private.key>
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 10.200.200.0/24
Endpoint = edgewalker:51820Amanothi:
- Esikhundleni se-edgewalker udinga ukucacisa i-IP yomphakathi noma iseva ye-VPN
- Ngokubeka
AllowedIPson10.200.200.0/24, sisebenzisa kuphela i-VPN ukuze sifinyelele inethiwekhi yangaphakathi. Ithrafikhi eya kuwo wonke amanye amakheli/amaseva e-IP izoqhubeka nokudlula eziteshini ezivuliwe “ezivamile”. Izophinda isebenzise iseva ye-DNS emiswe ngaphambilini kukhompuyutha ephathekayo.
Ukuze sihlole futhi siqalise ngokuzenzakalelayo sisebenzisa imiyalo efanayo wg-quick и systemd:
$ sudo wg-quick up wg0
$ sudo systemctl enable wg-quick@wg0.serviceUkusetha iklayenti le- Android-ucingo
Okwefoni Android Sakha ifayela lokucushwa elifanayo kakhulu (asilibize ngokuthi mobile.conf):
[Interface]
Address = 10.200.200.3/24
PrivateKey = <copy private key from wg-mobile-private.key>
DNS = 10.200.200.1
[Peer]
PublicKey = <copy public key from wg-server-public.key>
AllowedIPs = 0.0.0.0/0
Endpoint = edgewalker:51820 Ngokungafani nokucushwa kwekhompyutha ephathekayo, ifoni kufanele isebenzise iseva yethu ye-VPN njengeseva ye-DNS (umugqa DNS), futhi iphinde idlule yonke ithrafikhi emhubheni we-VPN (AllowedIPs = 0.0.0.0/0).
Esikhundleni sokukopisha ifayela kudivayisi yakho yeselula, ungaliguqulela kukhodi ye-QR:
$ sudo apt install qrencode
$ qrencode -t ansiutf8 < mobile.confIkhodi ye-QR izokhishwa kukhonsoli njenge-ASCII. Ingaskenwa kusuka kuhlelo lokusebenza. Android I-VPN bese ulungiselela ngokuzenzakalelayo umhubhe we-VPN.
isiphetho
Yenza ngokwezifiso WireGuard umane nje umlingo uma uqhathaniswa OpenVPN.
Source: www.habr.com
