I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > I-VPN eya ku-LAN yasekhaya

I-VPN eya ku-LAN yasekhaya

I-VPN eya ku-LAN yasekhaya

TL; DR: Ngifaka i-Wireguard ku-VPS, ngixhume kuyo ngisuka kumzila wami wasekhaya ku-OpenWRT, futhi ngifinyelele i-subnet yami yasekhaya kusukela kufoni yami.

Uma ugcina ingqalasizinda yakho yomuntu siqu kuseva yasekhaya noma unamadivayisi amaningi alawulwa yi-IP ekhaya, cishe ufuna ukufinyelela kuwo usuka emsebenzini, ukusuka ebhasini, esitimeleni nakumasipala wedolobha. Ngokuvamile, ngemisebenzi efanayo, i-IP ithengwa kumhlinzeki, ngemva kwalokho amachweba wesevisi ngayinye adluliselwa ngaphandle.

Kunalokho, ngamisa i-VPN enokufinyelela ku-LAN yami yasekhaya. Izinzuzo zalesi sixazululo:

  • Ukusobala: Ngizizwa ngisekhaya ngaphansi kwanoma yiziphi izimo.
  • adambise: yibeke futhi uyikhohlwe, asikho isidingo sokucabanga ngokudlulisela ichweba ngalinye.
  • Izindleko: Sengivele ngine-VPS; ngemisebenzi enjalo, i-VPN yesimanje cishe imahhala ngokwezinsiza.
  • Ukuphepha: akukho okubambekayo, ungashiya i-MongoDB ngaphandle kwephasiwedi futhi akekho ozontshontsha idatha yakho.

Njengoba njalo, kukhona downsides. Okokuqala, kuzodingeka ulungiselele iklayenti ngalinye ngokwehlukana, kuhlanganise nasohlangothini lweseva. Kungase kube nzima uma unenombolo enkulu yamadivayisi ofuna ukufinyelela kuwo amasevisi. Okwesibili, ungase ube ne-LAN enobubanzi obufanayo emsebenzini - kuzodingeka uxazulule le nkinga.

Sidinga:

  1. I-VPS (endabeni yami ku-Debian 10).
  2. Irutha ye-OpenWRT.
  3. Ucingo.
  4. Iseva yasekhaya enesevisi ethile yewebhu ukuze ihlolwe.
  5. Izingalo eziqondile.

Ubuchwepheshe be-VPN engizobusebenzisa i-Wireguard. Lesi sixazululo sibuye sibe namandla nobuthakathaka, ngeke ngibachaze. Nge-VPN ngisebenzisa i-subnet 192.168.99.0/24, nasendlini yami 192.168.0.0/24.

Ukucushwa kwe-VPS

Ngisho ne-VPS edabukisayo kakhulu yama-ruble angu-30 ngenyanga yanele ibhizinisi, uma unenhlanhla yokuba nayo. hlwitha.

Ngenza yonke imisebenzi kuseva njengempande emshinini ohlanzekile; uma kunesidingo, engeza `sudo` futhi uvumelanise imiyalo.

I-Wireguard ayizange ibe naso isikhathi sokungeniswa esitebeleni, ngakho-ke ngisebenzisa `imithombo yokuhlela efanelekile` bese ngengeza i-backports emigqeni emibili ekugcineni kwefayela:

deb http://deb.debian.org/debian/ buster-backports main
# deb-src http://deb.debian.org/debian/ buster-backports main

Iphakheji ifakwe ngendlela evamile: apt update && apt install wireguard.

Okulandelayo, sikhiqiza ipheya yokhiye: wg genkey | tee /etc/wireguard/vps.private | wg pubkey | tee /etc/wireguard/vps.public. Phinda lokhu kusebenza kabili ngocingo ngalunye olubamba iqhaza kusekethe. Shintsha indlela eya kumafayela okhiye kwenye idivayisi futhi ungakhohlwa mayelana nokuphepha kokhiye abayimfihlo.

Manje silungiselela i-config. Ukuze ifayela /etc/wireguard/wg0.conf config ifakiwe:

[Interface] Address = 192.168.99.1/24
ListenPort = 57953
PrivateKey = 0JxJPUHz879NenyujROVK0YTzfpmzNtbXmFwItRKdHs=

[Peer] # OpenWRT
PublicKey = 36MMksSoKVsPYv9eyWUKPGMkEs3HS+8yIUqMV8F+JGw=
AllowedIPs = 192.168.99.2/32,192.168.0.0/24

[Peer] # Smartphone
PublicKey = /vMiDxeUHqs40BbMfusB6fZhd+i5CIPHnfirr5m3TTI=
AllowedIPs = 192.168.99.3/32

Esigabeni [Interface] izilungiselelo zomshini ngokwawo zikhonjisiwe, futhi ku [Peer] β€” izilungiselelo zalabo abazoxhuma kuyo. IN AllowedIPs ahlukaniswe ngokhefana, amanethi angaphansi azohanjiswa kontanga ehambisanayo acacisiwe. Ngenxa yalokhu, ontanga yamadivayisi "eklayenti" ku-VPN subnet kumele babe nemaski /32, yonke enye into izohanjiswa iseva. Njengoba inethiwekhi yasekhaya izohanjiswa nge-OpenWRT, ku AllowedIPs Sengeza i-subnet yasekhaya yontanga ehambisanayo. IN PrivateKey ΠΈ PublicKey ukubola ukhiye oyimfihlo owakhelwe i-VPS kanye nokhiye basesidlangalaleni bontanga ngokufanele.

Ku-VPS, okusele nje ukusebenzisa umyalo ozoletha isikhombimsebenzisi bese uyengeza ku-autorun: systemctl enable --now wg-quick@wg0. Isimo sokuxhumana samanje singabhekwa ngomyalo wg.

Ukucushwa kwe-OpenWRT

Konke okudingayo kulesi sigaba kukumojula ye-luci (i-OpenWRT web interface). Ngena bese uvula ithebhu yeSoftware kumenyu Yesistimu. I-OpenWRT ayigcini inqolobane emshinini, ngakho-ke udinga ukubuyekeza uhlu lwamaphakheji atholakalayo ngokuchofoza inkinobho eluhlaza yoBuyekeza uhlu. Ngemva kokuqeda, shayela kusihlungi luci-app-wireguard futhi, ebuka iwindi ngesihlahla esihle sokuncika, faka le phakheji.

Kumenyu ethi Amanethiwekhi, khetha u-Interfaces bese uchofoza inkinobho eluhlaza ngokuthi Faka Isixhumi Esibonakalayo Esisha ngaphansi kohlu lwalezo ezikhona. Ngemva kokufaka igama (futhi wg0 esimweni sami) nokukhetha i-WireGuard VPN protocol, ifomu lezilungiselelo elinamathebhu amane liyavuleka.

I-VPN eya ku-LAN yasekhaya

Kuthebhu ethi Izilungiselelo Ezivamile, udinga ukufaka ukhiye oyimfihlo kanye nekheli le-IP elilungiselelwe i-OpenWRT kanye ne-subnet.

I-VPN eya ku-LAN yasekhaya

Kuthebhu ethi Izilungiselelo ze-Firewall, xhuma isixhumi esibonakalayo kunethiwekhi yendawo. Ngale ndlela, ukuxhumana okuvela ku-VPN kuzongena ngokukhululekile endaweni yasendaweni.

I-VPN eya ku-LAN yasekhaya

Kuthebhu Kontanga, chofoza inkinobho okuwukuphela kwayo, ngemuva kwalokho ugcwalisa idatha yeseva ye-VPS efomini elibuyekeziwe: ukhiye womphakathi, Ama-IP avunyelwe (udinga ukuhambisa yonke i-subnet ye-VPN kuseva). Ku-Endpoint Host naku-Endpoint Port, faka ikheli le-IP le-VPS nembobo eshiwo ngaphambilini kumyalelo we-ListenPort, ngokulandelanayo. Hlola ama-IP Avunyelwe Umzila ukuze uthole imizila ezokwakhiwa. Futhi qiniseka ukuthi ugcwalisa i-Persistent Keep Alive, ngaphandle kwalokho umhubhe osuka ku-VPS uye ku-router uzophulwa uma owakamuva ungemuva kwe-NAT.

I-VPN eya ku-LAN yasekhaya

I-VPN eya ku-LAN yasekhaya

Ngemuva kwalokhu, ungagcina izilungiselelo, bese ekhasini elinohlu lwezindawo zokusebenzelana, chofoza okuthi Gcina bese usebenzisa. Uma kunesidingo, vula ngokusobala isixhumi esibonakalayo ngenkinobho ethi Qala kabusha.

Ukusetha i-smartphone

Uzodinga iklayenti le-Wireguard, itholakala ku F-Droid, -Google Play kanye ne-App Store. Ngemva kokuvula uhlelo, cindezela uphawu lokuhlanganisa bese esigabeni esithi Isixhumi esibonakalayo faka igama lokuxhuma, ukhiye oyimfihlo (ukhiye wasesidlangalaleni uzokhiqizwa ngokuzenzekelayo) kanye nekheli locingo elinemaski /32. Esigabeni Sontanga, cacisa ukhiye wasesidlangalaleni we-VPS, ipheya yekheli: imbobo yeseva ye-VPN njenge-Endpoint, nemizila eya ku-VPN ne-subnet yasekhaya.

Isithombe-skrini esigqamile esisuka ocingweni
I-VPN eya ku-LAN yasekhaya

Chofoza i-floppy disk ekhoneni, uyivule futhi...

Kwenziwe

Manje usungakwazi ukufinyelela ukuqapha kwasekhaya, ushintshe izilungiselelo zerutha, noma wenze noma yini ezingeni le-IP.

Izithombe-skrini ezivela endaweni yasendaweni
I-VPN eya ku-LAN yasekhaya

I-VPN eya ku-LAN yasekhaya

I-VPN eya ku-LAN yasekhaya

Source: www.habr.com

Engeza amazwana