TL; DR: Ngifaka i-Wireguard ku-VPS, ngixhume kuyo ngisuka kumzila wami wasekhaya ku-OpenWRT, futhi ngifinyelele i-subnet yami yasekhaya kusukela kufoni yami.
Uma ugcina ingqalasizinda yakho yomuntu siqu kuseva yasekhaya noma unamadivayisi amaningi alawulwa yi-IP ekhaya, cishe ufuna ukufinyelela kuwo usuka emsebenzini, ukusuka ebhasini, esitimeleni nakumasipala wedolobha. Ngokuvamile, ngemisebenzi efanayo, i-IP ithengwa kumhlinzeki, ngemva kwalokho amachweba wesevisi ngayinye adluliselwa ngaphandle.
Kunalokho, ngamisa i-VPN enokufinyelela ku-LAN yami yasekhaya. Izinzuzo zalesi sixazululo:
- Ukusobala: Ngizizwa ngisekhaya ngaphansi kwanoma yiziphi izimo.
- adambise: yibeke futhi uyikhohlwe, asikho isidingo sokucabanga ngokudlulisela ichweba ngalinye.
- Izindleko: Sengivele ngine-VPS; ngemisebenzi enjalo, i-VPN yesimanje cishe imahhala ngokwezinsiza.
- Ukuphepha: akukho okubambekayo, ungashiya i-MongoDB ngaphandle kwephasiwedi futhi akekho ozontshontsha idatha yakho.
Njengoba njalo, kukhona downsides. Okokuqala, kuzodingeka ulungiselele iklayenti ngalinye ngokwehlukana, kuhlanganise nasohlangothini lweseva. Kungase kube nzima uma unenombolo enkulu yamadivayisi ofuna ukufinyelela kuwo amasevisi. Okwesibili, ungase ube ne-LAN enobubanzi obufanayo emsebenzini - kuzodingeka uxazulule le nkinga.
Sidinga:
- I-VPS (endabeni yami ku-Debian 10).
- Irutha ye-OpenWRT.
- Ucingo.
- Iseva yasekhaya enesevisi ethile yewebhu ukuze ihlolwe.
- Izingalo eziqondile.
Ubuchwepheshe be-VPN engizobusebenzisa i-Wireguard. Lesi sixazululo sibuye sibe namandla nobuthakathaka, ngeke ngibachaze. Nge-VPN ngisebenzisa i-subnet 192.168.99.0/24
, nasendlini yami 192.168.0.0/24
.
Ukucushwa kwe-VPS
Ngisho ne-VPS edabukisayo kakhulu yama-ruble angu-30 ngenyanga yanele ibhizinisi, uma unenhlanhla yokuba nayo.
Ngenza yonke imisebenzi kuseva njengempande emshinini ohlanzekile; uma kunesidingo, engeza `sudo` futhi uvumelanise imiyalo.
I-Wireguard ayizange ibe naso isikhathi sokungeniswa esitebeleni, ngakho-ke ngisebenzisa `imithombo yokuhlela efanelekile` bese ngengeza i-backports emigqeni emibili ekugcineni kwefayela:
deb http://deb.debian.org/debian/ buster-backports main
# deb-src http://deb.debian.org/debian/ buster-backports main
Iphakheji ifakwe ngendlela evamile: apt update && apt install wireguard
.
Okulandelayo, sikhiqiza ipheya yokhiye: wg genkey | tee /etc/wireguard/vps.private | wg pubkey | tee /etc/wireguard/vps.public
. Phinda lokhu kusebenza kabili ngocingo ngalunye olubamba iqhaza kusekethe. Shintsha indlela eya kumafayela okhiye kwenye idivayisi futhi ungakhohlwa mayelana nokuphepha kokhiye abayimfihlo.
Manje silungiselela i-config. Ukuze ifayela /etc/wireguard/wg0.conf
config ifakiwe:
[Interface]
Address = 192.168.99.1/24
ListenPort = 57953
PrivateKey = 0JxJPUHz879NenyujROVK0YTzfpmzNtbXmFwItRKdHs=
[Peer] # OpenWRT
PublicKey = 36MMksSoKVsPYv9eyWUKPGMkEs3HS+8yIUqMV8F+JGw=
AllowedIPs = 192.168.99.2/32,192.168.0.0/24
[Peer] # Smartphone
PublicKey = /vMiDxeUHqs40BbMfusB6fZhd+i5CIPHnfirr5m3TTI=
AllowedIPs = 192.168.99.3/32
Esigabeni [Interface]
izilungiselelo zomshini ngokwawo zikhonjisiwe, futhi ku [Peer]
β izilungiselelo zalabo abazoxhuma kuyo. IN AllowedIPs
ahlukaniswe ngokhefana, amanethi angaphansi azohanjiswa kontanga ehambisanayo acacisiwe. Ngenxa yalokhu, ontanga yamadivayisi "eklayenti" ku-VPN subnet kumele babe nemaski /32
, yonke enye into izohanjiswa iseva. Njengoba inethiwekhi yasekhaya izohanjiswa nge-OpenWRT, ku AllowedIPs
Sengeza i-subnet yasekhaya yontanga ehambisanayo. IN PrivateKey
ΠΈ PublicKey
ukubola ukhiye oyimfihlo owakhelwe i-VPS kanye nokhiye basesidlangalaleni bontanga ngokufanele.
Ku-VPS, okusele nje ukusebenzisa umyalo ozoletha isikhombimsebenzisi bese uyengeza ku-autorun: systemctl enable --now wg-quick@wg0
. Isimo sokuxhumana samanje singabhekwa ngomyalo wg
.
Ukucushwa kwe-OpenWRT
Konke okudingayo kulesi sigaba kukumojula ye-luci (i-OpenWRT web interface). Ngena bese uvula ithebhu yeSoftware kumenyu Yesistimu. I-OpenWRT ayigcini inqolobane emshinini, ngakho-ke udinga ukubuyekeza uhlu lwamaphakheji atholakalayo ngokuchofoza inkinobho eluhlaza yoBuyekeza uhlu. Ngemva kokuqeda, shayela kusihlungi luci-app-wireguard
futhi, ebuka iwindi ngesihlahla esihle sokuncika, faka le phakheji.
Kumenyu ethi Amanethiwekhi, khetha u-Interfaces bese uchofoza inkinobho eluhlaza ngokuthi Faka Isixhumi Esibonakalayo Esisha ngaphansi kohlu lwalezo ezikhona. Ngemva kokufaka igama (futhi wg0
esimweni sami) nokukhetha i-WireGuard VPN protocol, ifomu lezilungiselelo elinamathebhu amane liyavuleka.
Kuthebhu ethi Izilungiselelo Ezivamile, udinga ukufaka ukhiye oyimfihlo kanye nekheli le-IP elilungiselelwe i-OpenWRT kanye ne-subnet.
Kuthebhu ethi Izilungiselelo ze-Firewall, xhuma isixhumi esibonakalayo kunethiwekhi yendawo. Ngale ndlela, ukuxhumana okuvela ku-VPN kuzongena ngokukhululekile endaweni yasendaweni.
Kuthebhu Kontanga, chofoza inkinobho okuwukuphela kwayo, ngemuva kwalokho ugcwalisa idatha yeseva ye-VPS efomini elibuyekeziwe: ukhiye womphakathi, Ama-IP avunyelwe (udinga ukuhambisa yonke i-subnet ye-VPN kuseva). Ku-Endpoint Host naku-Endpoint Port, faka ikheli le-IP le-VPS nembobo eshiwo ngaphambilini kumyalelo we-ListenPort, ngokulandelanayo. Hlola ama-IP Avunyelwe Umzila ukuze uthole imizila ezokwakhiwa. Futhi qiniseka ukuthi ugcwalisa i-Persistent Keep Alive, ngaphandle kwalokho umhubhe osuka ku-VPS uye ku-router uzophulwa uma owakamuva ungemuva kwe-NAT.
Ngemuva kwalokhu, ungagcina izilungiselelo, bese ekhasini elinohlu lwezindawo zokusebenzelana, chofoza okuthi Gcina bese usebenzisa. Uma kunesidingo, vula ngokusobala isixhumi esibonakalayo ngenkinobho ethi Qala kabusha.
Ukusetha i-smartphone
Uzodinga iklayenti le-Wireguard, itholakala ku
Isithombe-skrini esigqamile esisuka ocingweni
Chofoza i-floppy disk ekhoneni, uyivule futhi...
Kwenziwe
Manje usungakwazi ukufinyelela ukuqapha kwasekhaya, ushintshe izilungiselelo zerutha, noma wenze noma yini ezingeni le-IP.
Izithombe-skrini ezivela endaweni yasendaweni
Source: www.habr.com