Uma usethe isethaphu encane yobuchwepheshe ekhaya nge I-NAS, iseva ye-Linux, noma ikhompyutha ephinde yasetshenziswa egcwele izinsizakaloNgiyaqiniseka ukuthi uke wabhekana nenkinga efanayo: konke kusebenza kahle ngenkathi usebenzisa i-Wi-Fi yakho, kodwa ngokushesha nje lapho usuphuma ekhaya, khohlwa ngakho. Awukwazi ukufinyelela izinhlelo zakho zokusebenza, amafayela, noma amakhamera e-IP ngaphandle kokuxinwa yizinkinga zokucushwa kwembobo, izinkinga ze-DDNS, kanye nezingozi zokuphepha, noma ukusebenzisa... Ama-VPN anconyiwe e-Android.
Indlela elula nephephile yokuxazulula lokhu ukudala I-VPN nge-WireGuard bese uxhuma kusuka ku-Android (futhi kunoma iyiphi enye idivayisi). Ngale ndlela ungasebenzisa inethiwekhi yakho yasekhaya njengokungathi ulapho ngokoqobo, noma ngabe i-ISP yakho isebenzisa i-CGNAT noma une-topology yenethiwekhi eyinkimbinkimbi. Ake sibheke isinyathelo ngesinyathelo: kusukela kulokho i-WireGuard eyikho, ukuthi ungayisetha kanjani ku-Linux (noma nge-Docker namaphaneli afana ne-EasyPanel/WireGuard Easy) nokuthi ungayilungisa kanjani ukuze ifinyelele i-LAN yakho kanye Sebenzisa i-VPN ku-Android futhi uphequlule ngokuphephile kusuka kudivayisi yakho yeselula.
Iyini i-WireGuard futhi kungani ilungele i-VPN yasekhaya?
I-WireGuard iyiphrothokholi ye-VPN yesimanje, encane, futhi eshesha kakhulu. okushintshe ngokuphelele indlela amanethiwekhi angasese abonakalayo amiswa ngayo. Ngokungafani nama-dinosaur afana ne-OpenVPN noma i-IPsec, yaklanywa kusukela phansi ukuze ibe lula ukuyihlela, kube lula ukuyihlola, futhi isebenze kahle kakhulu.
I-codebase yayo incane kakhulu (ngokwe-oda lika- imigqa eyizinkulungwane ezimbalwaLokhu kwenza kube lula ukuthola ubuthakathaka futhi kuhlale kusesikhathini. Ukuze kube nokubethela, isebenzisa ama-algorithms esimanje nahlonishwayo kuphela njenge I-Curve25519, i-ChaCha20, i-Poly1305, ama-BLAKE2 kanye nenkampani. Azikho izinhlu ezingapheli zama-cipher aphelelwe yisikhathi okungafanele kusetshenziswe muntu.
Ngaphezu kwalokho, isebenza kuphela ku- I-UDP futhi ingafakwa ku-kernel ye-LinuxNgakho-ke ukubambezeleka kuphansi, ukusebenza kuhle kakhulu, futhi ukusetshenziswa kwe-CPU akunamsebenzi. Lokhu kuphawuleka kakhulu uma uxhuma kusuka ku-Android nge-4G/5G noma i-Wi-Fi ejwayelekile: ukuxhumeka kabusha kuyashesha, futhi inethiwekhi iphathwa kahle.
Ukusetha nakho kulula kakhulu ukukusebenzisa: idivayisi ngayinye ine- ukhiye womphakathi/oyimfihloInikezwa ikheli le-IP le-VPN langaphakathi futhi ithrafikhi ethunyelwa ngomhubhe ichazwa ngenqubomgomo Ama-IP avunyelweNgalokho, i-port ye-UDP kanye nezinye izilungiselelo ezine, usuyiqalile ukusebenza, ngaphandle kwemingcele eminingi eyimfihlo noma amafayela angenamkhawulo.
Enye inzuzo enkulu ukuthi I-WireGuard iyipulatifomu ehlukahlukene: nakhu Amaklayenti asemthethweni e-AndroidIsebenzisana ne-iOS, i-Windows, i-macOS, ne-Linux, futhi ingasebenza naku-routers, izitsha ze-Docker, noma kumadivayisi afakiwe. Kuselula, ungangenisa ifayela le-.conf noma umane uskene Ikhodi ye-QR ekhiqizwe kuseva futhi yilokho
Izidingo eziyisisekelo ngaphambi kokusetha iseva yakho ye-WireGuard
Ngaphambi kokunamathisela imiyalo efana nokuthi akukho kusasa, kuwumqondo omuhle ukuhlola ukuthi uyahlangabezana yini nezidingo ezithile. Izidingo ezincane zeseva ye-WireGuard etholakala ku-AndroidLokhu kuzokusindisa ezinhlungwini eziningi zekhanda.
Into evame kakhulu ukusebenzisa iseva ye-linuxLokhu kungaba i-VPS esekelwe efwini (Ubuntu 22.04 iyindlela elula kakhulu) noma umshini wasekhaya (i-Raspberry Pi, i-miniPC, i-NAS enokusekelwa, njll.). Noma yikuphi ukusatshalaliswa kwesimanje ngokusekelwa kwe-WireGuard kuzosebenza, kodwa i-Ubuntu/Debian inikeza imibhalo eminingi kanye nezibonelo.
Udinga umsebenzisi one izimvume zokuphatha (umsuka noma umsebenzisi onezimvume ze-sudo) ngoba uzobe ufaka amaphakheji, ulungisa izilungiselelo zenethiwekhi, uvumela ukudluliselwa kwe-IP, futhi mhlawumbe ushintshe imithetho ye-firewall. Ukuba nokufinyelela kwe-SSH kuseva nokwazi ukuthi ungaxhuma kanjani kusuka emshinini wakho nakho kubalulekile.
Ngasohlangothini lweklayenti, uzosebenzisa kakhulu i- I-smartphone ye-Android enohlelo lokusebenza olusemthethweni lwe-WireGuardNakuba uhlelo olufanayo lokucushwa lusebenza ku-Windows, macOS, Linux, noma iOS. Ifayela lokucushwa alishintshi kangako phakathi kwamapulatifomu, ngakho-ke lokho okufundayo lapha kuzoba wusizo kuwo wonke.
Isitha esikhulu: i-CGNAT nokuthi iyithinta kanjani i-VPN yakho yasekhaya
Elinye lamaphuzu abaluleke kakhulu, ikakhulukazi uma iseva isekhaya, ukwazi ukuthi umhlinzeki wakho ubeka yini ngemuva kwenethiwekhi. I-CGNAT (I-Carrier-Grade NAT)Ngaphansi kwe-CGNAT, wabelana ngekheli le-IP lomphakathi namanye amaklayenti futhi Awukwazi ukuvula ama-port kunethiwekhi yakho yasekhayaokwenza ukudalula iseva ye-VPN kuxhumo lwakho lwasekhaya kube nzima kakhulu.
Kulula ukuyithola: okokuqala, bhala phansi IP Yomphakathi Kusuka kuwebhusayithi efana ne-“whatismyip.” kusiphequluli sakho. Bese ufinyelela iphaneli yokulawula ye-router yakho (ngokuvamile ku-192.168.1.1 noma ku-192.168.0.1) bese ubheka esigabeni se-WAN noma se-inthanethi ikheli le-IP i-router ecabanga ukuthi inayo. Uma lelo kheli le-IP liqala ngo 10.xxx noma isebangeni 100.64.0.0 – 100.127.255.255 Futhi uma kungahambisani nolwazi olukumawebhusayithi, ungaphansi kwe-CGNAT. Enye inketho eqondile ukushayela ucingo ku-opharetha bese ubuza.
Nge-CGNAT, i-router yakho ayitholi ikheli le-IP eliqondile lomphakathi, ngakho-ke Awukwazi ukwenza ukudlulisela imbobo yakudalaEzinye izinkampani zikuvumela ukuthi ukhethe ukuphuma ku-CGNAT ngokukhokha okwengeziwe noma ngokusebenzisa inketho, ezinye zidinga ukuthi ushintshe uhlelo lwakho, futhi ngezinye izikhathi intengo iyanda. Uma ungafuni ukudlula kukho konke lokho, ikhambi elihlakaniphile ukushintshela ku... I-VPS njengebhulohoIseva yakho yasekhaya idala umhubhe we-WireGuard ku-VPS, bese uxhuma ku-VPS kusuka ku-Android ukuze ufinyelele i-LAN yakho yasekhaya.
Ukulungiselela iseva ye-Linux: Isibuyekezo nokufakwa kwe-WireGuard
Kuseva ene-Ubuntu 22.04 (noma efanayo), into yokuqala okufanele uyenze buyekeza amaphakheji ukugwema ukudlulisa ubuthakathaka noma izinguqulo ezindala:
apt update && apt upgrade -y
Bese ufaka i-WireGuard kusuka ezindaweni zokugcina ezisemthethweni nge:
apt install -y wireguard
Leli phakheji lihlanganisa amathuluzi wg futhi wg-ngokushesha futhi ilayisha imojuli ye-kernel edingekayo. Uma ufuna ukuphoqa ukulayisha ngesandla endaweni engavamile, ungasebenzisa:
modprobe wireguard
Ukwakhiwa kokhiye kanye nesakhiwo sokucushwa kweseva
Ingqikithi ye-WireGuard uhlelo lwe- okhiye basesidlangalaleni nabayimfihloNgokuvamile, umsebenzi wenziwa kufolda ejwayelekile. /etc/wireguard/lapho uzogcina khona okhiye namafayela okucushwa.
Shintshela kulolo hlu lwemibhalo bese uqinisa izimvume ezizenzakalelayo ngaphambi kokudala noma yini:
cd /etc/wireguard/
umask 077
Lokhu kuqinisekisa ukuthi amafayela amasha angase angafundeki ngabanye abasebenzisiLokhu kubalulekile lapho udala okhiye abayimfihlo. Khiqiza umbhangqwana wokhiye weseva, isibonelo:
wg genkey > privatekey
wg pubkey < privatekey > publickey
La ukhiye oyimfihlo Kumelwe ihlale iseva futhi ingalokothi iphume kuyo; ukhiye womphakathi Yebo, ungabelana ngakho namakhasimende. Futhi, gwema izinhlelo zokusebenza zezinkampani zangaphandle ezingabeka engcupheni izimfihlo; buyekeza izihloko ku-[isihloko esingekho]. izinhlelo zokusebenza ze-VPN ezingavikelekile Uma unokungabaza ngamakhasimende.
chmod 600 privatekey
Uma ufuna ukubona okhiye esikrinini ukuze ubakopishe kamuva, ungasebenzisa:
tail privatekey publickey
Dala futhi uhlele ifayela le-wg0.conf leseva
I-WireGuard ihlela imigudu yayo ku izixhumi ezibonakalayo Izingcingo ngokwesivumelwano wg0, wg1, njll. Isixhumi ngasinye sinefayela laso lokucushwa ku /etc/wireguard/Sizokwakha wg0.conf njengesixhumi esibonakalayo esiyinhloko.
Uma uthanda i-Nano futhi ungayifaki, ungayingeza nge:
apt install -y nano
Vula ifayela lokumisa:
nano /etc/wireguard/wg0.conf
Ngaphambi kokubhala noma yini, thola igama lesixhumi esibonakalayo senethiwekhi esixhuma kwi-inthanethi (leso esinekheli le-IP lomphakathi noma ikheli le-IP olisebenzisela ukuxhuma nge-SSH). Ungakuthola lokhu usebenzisa:
ip a
Kuma-VPS amaningi ibizwa ngokuthi eth0, en3, enp0s3 noma into efana naleyo. Uzoyidinga ngemithetho ye-NAT. Isibonelo sebhulokhi ephelele singaba:
Address = 10.30.0.1/24
PrivateKey = <clave_privada_servidor>
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Lapha unikeza iseva ikheli le-IP 10.30.0.1 ngaphakathi kwenethiwekhi ye-VPN, uyitshela ukuthi ilalele ku-UDP port 51820, bese uchaza imithetho ye-iptables esebenza lapho kuvela isikhombimsebenzisi se-wg0 (I-PostUp) futhi ziyasuswa uma wehla (I-PostDown). Qaphela lapho ushintsha eth0 ngegama langempela lesixhumi sakho esibonakalayo sokukhipha.
Ku-Nano, ulondoloza nge Ctrl + O futhi uvala nge Ctrl + XLe wg0.conf izoba yisisekelo lapho uzofaka khona amaklayenti ahlukene (ontanga).
Nika amandla ukudluliselwa kwe-IP bese uqala isevisi ye-WireGuard
Ukuze amaklayenti akho afinyelele i-inthanethi noma i-LAN ngemuva kweseva ye-VPN, uhlelo kumele luvumele Ukudluliselwa kwephakethe le-IPv4 kanye ne-IPv6Lokhu kulawulwa nge-sysctl.
Indlela esheshayo ukwengeza imigqa ehambisanayo ku /etc/sysctl.conf noma kufayela eliku- /etc/sysctl.d/ kanye nokufaka kabusha:
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p
Uma leyo migqa isivele ikhona kodwa yaphawulwa (nge-#), kwanele susa i-#londoloza bese uqala kabusha sysctl -pNgaphandle kwalesi sinyathelo, uzobe usuvule umhubhe kodwa uzolahlekelwa ukufinyelela ku-LAN noma kwi-inthanethi kumakhasimende.
Manje usungakwazi ukuphakamisa i-WireGuard ngosizo lwe wg-ngokushesha kanye ne-systemd:
systemctl start wg-quick@wg0
Ukuze iqale ngokuzenzakalelayo ngohlelo:
systemctl enable wg-quick@wg0
Hlola ukuthi konke kuluhlaza nge:
systemctl status wg-quick@wg0
Futhi ukuze ubone imininingwane yesikhathi sangempela yesixhumi esibonakalayo, okhiye, ontanga, kanye nethrafikhi, sebenzisa:
wg
Engeza amaklayenti: i-PC, iselula ye-Android namanye amadivayisi
Idivayisi ngayinye exhuma kwi-VPN yakho ichazwa njenge- bheka ngokhiye wabo kanye ne-IP yomhubheUngakha okhiye kuseva uqobo (okulula kakhulu) noma kuklayenti ngalinye (kuphephile kakhulu, ngoba ukhiye wangasese awuphumi kuwo).
Uma usebenzisa ikhompyutha yedeskithophu, ungenza, isibonelo, ku /etc/wireguard/:
wg genkey > mypc_privatekey
wg pubkey < mypc_privatekey > mypc_publickey
Futhi ngeselula yakho ye-Android:
wg genkey > myphone_privatekey
wg pubkey < myphone_privatekey > myphone_publickey
Hlola amafayela nge:
ls
Futhi ikhombisa okhiye bomphakathi:
tail mypc_publickey myphone_publickey
Lezo zikhiye zomphakathi yizo ozongena kuzo wg0.conf ngaphakathi kwamabhulokhi Vula ifayela leseva futhi:
nano /etc/wireguard/wg0.conf
Futhi uyanezela, isibonelo:
PublicKey = <clave_publica_mypc>
AllowedIPs = 10.30.0.2/32
Ukhiye Womphakathi =
Ama-IP avunyelwe = 10.30.0.3/32
Ngokwenza lokhu ubhukha ikheli le-IP 10.30.0.2 ye-PC futhi i 10.30.0.3 yeselula ye-AndroidI-/32 ikhombisa ukuthi ikheli le-IP ngalinye. Intanga ngayinye isebenzisa ikheli layo le-IP elihlukile ngaphakathi kwe-VPN subnet.
Londoloza bese ulayisha kabusha isevisi ukuze usebenzise izinguquko:
systemctl restart wg-quick@wg0
Dala amafayela okucushwa kweklayenti
Manje sekuyisikhathi sokulungiselela amafayela e-.conf azosetshenziswa amaklayentiZihlanganisa ukhiye wakho wangasese, i-IP yangaphakathi, i-DNS kanye nedatha yeseva (ukhiye womphakathi, i-IP/Domain kanye ne-port).
Nge-PC ungakha mypc.conf ku-/etc/wireguard/ (noma noma kuphi lapho uthanda khona):
nano mypc.conf
Uhlobo lokuqukethwe:
PrivateKey = <clave_privada_mypc>
Address = 10.30.0.2/24
DNS = 1.1.1.1
Ukhiye Womphakathi =
Iphuzu lokugcina = :51820
Ama-IP avunyelwe = 0.0.0.0/0
PersistentKeepalive = 20
Kubhulokhi yokuqala, uchaza "ubuso" bendawo yeklayenti: ukhiye wayo wangasese, ikheli layo le-IP le-VPN, kanye nokuthi iyiphi i-DNS ezoyisebenzisa. Kubhulokhi yesibili, uchaza iseva: ukhiye wayo womphakathi, ikheli, kanye ne-port. Umugqa Ama-IP avunyelwe = 0.0.0.0/0 kwenza Yonke ithrafikhi yamakhasimende idlula ku-VPN (umhubhe ogcwele). Uma ufuna ukufinyelela ku-LAN yakho ekude kuphela, ungayikhawulela ku-10.30.0.0/24 kanye/noma ku-192.168.x.0/24, kuye ngenethiwekhi yakho.
I-PersistentKeepalive Njalo ngemizuzwana engama-20-25 kunconywa kakhulu kumakhasimende angemuva kwe-NAT noma amanethiwekhi eselula, njengoba kuvimbela umhubhe ukuthi ungabonakali ungasebenzi kanye ne-firewall ukuthi ivale iseshini.
Ukucushwa kweklayenti elithile le-Android
Ku-Android, inqubo iyafana. Ucingo ludinga ukhiye wangasese, i-IP yakho yomhubhe kanye nedatha yeseva. Ungaphinda usebenzise okhiye obakhile kuseva noma ubakhiqize ngqo kuhlelo lokusebenza.
Ulandela isibonelo, udale ukhiye_wangasese_wamifoni kanye nokhiye_womphakathi_wamifoniAwunalo ifayela le-myphone.conf lefoni yakho:
nano myphone.conf
Into efana nale:
PrivateKey = <clave_privada_myphone>
Address = 10.30.0.3/24
DNS = 1.1.1.1
Ukhiye Womphakathi =
Iphuzu lokugcina = :51820
Ama-IP avunyelwe = 0.0.0.0/0
PersistentKeepalive = 20
Ingxenye eyinkimbinkimbi lapha Indlela yokuthumela lelo fayela ngokuphephile efonini ephathekayoEndaweni yelebhu, ungayilayisha kuseva yewebhu bese uyilanda, kodwa ekukhiqizweni, kungcono ukugwema ukuyithumela nge-imeyili noma ukuyigcina kumasevisi angabethelwe.
Indlela ehlanzekile kakhulu ivame ukusetshenziswa qrencode ukukhiqiza ikhodi ye-QR uhlelo lokusebenza lwe-WireGuard ku-Android olungaskena:
apt install -y qrencode
qrencode -t ansiutf8 -r myphone.conf
Uzobona ikhodi ye-QR ngezinhlamvu ze-ASCII kutheminali. Kudivayisi yakho yeselula, vula uhlelo lokusebenza lwe-WireGuard, khetha “Skena kusuka kukhodi ye-QR"(Skena kusuka kukhodi ye-QR) bese ukhomba esikrinini. Ngale ndlela awudingi ukwabelana ngefayela le-.conf ngeziteshi ezingabazisayo."
Ukufinyelela ku-LAN yasekhaya, i-DNS, kanye namagama endawo
Ngaphandle kokwakha umhubhe, yini ethakazelisayo nge- I-VPN ene-WireGuard ku-Android ukuze uthole uxhumano lwasekhaya oluphephile Kumayelana nokukwazi ukufinyelela wonke amadivayisi akho asekhaya njengokungathi ulapho: i-NAS, amakhamera e-IP, ama-router, amaseva emidiya, njll., okungcono kakhulu ukusebenzisa amagama esizinda sendawo esikhundleni sama-IP.
Ama-router amaningi ahlanganisa iseva ye-WireGuard noma i-DNS yangaphakathi anesigaba esifana nalesi INETHIWEKI → I-DNS → Hlela Ababungazi lapho ungakha khona okufakiwe okufana 192.168.1.50 nas-casa.localUma ukhomba i-DNS yamaklayenti akho e-VPN ku-router noma iseva exazulula la magama, uzokwazi ukufinyelela amadivayisi akho ngegama lomethuleli.
Amanye ama-firmware e-router ane-WireGuard afaka amabhokisi okuhlola afana nalawa "Vumela Ukufinyelela Okukude ku-LAN""I-Remote Access LAN Subnet" noma okufanayo. Kumelwe unikeze amandla lokhu ukuze amaklayenti akude akwazi ukufinyelela i-subnet yendawo (192.168.xx) ngale kwe-router uqobo.
Ezimweni lapho iseva ye-WireGuard isebenza ishumeke ku-router, ivame ukuvumela thumela amaphrofayili e-.conf alungiselelwe kusengaphambili kumadivayisi eselula noma amanye ama-router amaklayenti. Lawa maphrofayili avame ukufaka i-IP yomhubhe, i-DNS efanele (ngokuvamile i-IP ye-router kunethiwekhi ye-VPN), kanye nama-AllowedIP alungiselelwe kahle.
Ukuqinisekiswa, ukuxazulula izinkinga, kanye nokuphepha
Uma ukucushwa sekungenisiwe ku-Android futhi umhubhe usuvuliwe, into yokuqala okufanele uyenze ukuhlola lokho Ukuxhawulana kwenzeka kahle.Uhlelo lokusebenza lwe-WireGuard ngokwalo lubonisa isimo, amabhayithi athunyelwe/atholiwe, kanye nesitembu sesikhathi sokugcina sokuxhawulana.
Kuseva, sebenzisa:
wg
Lapho uzobona, kuntanga ngayinye, ukhiye wayo womphakathi, ikheli le-IP elikude elixhuma kulo, ukuxhawulana kokugcina, kanye nethrafikhi eshintshisana ngayo. Uma insimu ethi "Ukuxhawulana Kokugcina" ingenalutho noma indala kakhulu, iklayenti alixhumani noma kukhona okulivimbayo.
Uma kungekho ukuxhumana, hlola ukuthi Imbobo ye-UDP (51820 noma iyiphi oyisebenzisayo) ivuliwe ku-firewall yeseva (i-UFW, i-iptables, i-nftables) kanye nanoma yimaphi ama-router aphakathi. Uma iseva ingemuva kwe-router yasekhaya, lungiselela i- Ukudluliselwa kwembobo ye-UDP kusuka kuleyombobo kuya ekhelini le-IP langaphakathi lesevaInkinga ingathinta izinhlelo zokusebenza ezithile; bheka umhlahlandlela wethu ku- Okufanele ukwenze uma izinhlelo zokusebenza zehluleka uma i-VPN ivuliwe.
Uma umhubhe uvula kodwa ungenayo i-inthanethi yeselula, hlola ukuthi iphakethe liyadluliselwa kanjani (net.ipv4.ip_forward futhi ngokuzikhethela net.ipv6.conf.konke.ukudlulisela phambili) iyasebenza nokuthi imithetho ye-NAT ikhomba esibonakalayo esiphumayo esifanele (eth0, ens3, njll.).
Izinkinga ze-DNS zivame ukutholakala uma ukwazi uku-pin ikheli elithile le-IP (isibonelo, 1.1.1.1) kodwa ungakwazi ukuxazulula izizinda. Kuleso simo, hlola umugqa i-DNS = Kufayela le-.conf leklayenti: ungasebenzisa i-DNS yomphakathi (8.8.8.8, 1.1.1.1) noma ikheli le-IP lomhubhe weseva uma lisebenza njengesixazululi sangaphakathi.
Ngokuphathelene nokuphepha, ngale kwe-cryptography ye-WireGuard, kunezindlela eziningana imikhuba emihle ebalulekile:
- Vikela okhiye bakho abayimfihloUngazikopishi kumasayithi angaphephile noma wabelane ngazo nanoma ubani.
- Imikhawulo ye-AllowedIPs ngontanga ngamunye: inikeza iklayenti ngalinye ukufinyelela kumanethiwekhi alidingayo kuphela, akukho ukulawula kwamahhala.
- Sebenzisa amachweba e-UDP angewona alulaUkufaka inani eliphakeme esikhundleni se-51820 kunciphisa umsindo ovela ekuskeni okuzenzakalelayo.
- Gcina uhlelo lwakho kanye ne-WireGuard kusesikhathini: ama-patches nsuku zonke.
- Ihlunga ukufinyelela echwebeni le-WireGuard ku-firewall ukuze unciphise ukuthi ubani ongazama ukuxhuma (nge-IP yomthombo uma kunengqondo).
Uma une-CGNAT noma ufuna okuthile okuthuthukile: faka umhubhe nge-VPS
Uma umqhubi wakho ekufake ngaphansi kwe-CGNAT noma ufuna nje ukuhlukanisa ungqimba lokufinyelela komphakathi lwekhaya lakho, ungasetha ikhambi eliyinkimbinkimbi kodwa elinamandla kakhulu: Sebenzisa i-VPS njengephuzu eliyinhloko kanye neseva yakho yasekhaya njengeklayenti.Bese uxhuma ku-VPS kusuka ku-Android bese, ngayo, ufinyelela i-LAN yakho.
Uhlelo oluyisisekelo yilolu: efwini usetha i- “Iseva” ye-WireGuard (isibonelo nge-Docker kanye ne-stack efana ne-linuxserver/wireguard noma indawo yokugcina izinto eyakhiwe ngaphambilini), uvumela ukudlulisela phambili kanye ne-NAT, futhi ekhaya une- I-Raspberry Pi noma i-PC ivuliwe njalo exhuma kuleyo VPS njengontanga. I-VPS ine-IP yomphakathi futhi ayithinteki yi-CGNAT, ngakho ungavula amachweba lapho ngaphandle kwenkinga.
Ukuhamba komsebenzi okujwayelekile nge-Docker kungaba:
- Ku-VPS ufaka i-Docker kanye ne-Docker Compose, ukopishe indawo yokugcina ukucushwa kwe-WireGuard bese Uphakamisa isitsha nge-`docker-compose up -d`.
- Isitsha sikhiqiza ngokuzenzakalelayo okhiye beseva kanye nabeziningana (peer1, peer2…), silondoloza amafayela abo e-.conf kufolda yokucushwa.
- Ulungisa ifayela leseva ukuze lifake phakathi i-subnet yasekhaya (isibonelo 192.168.1.0/24) kuma-AllowedIP ye-peer ezosetshenziswa yi-Raspberry yakho, bese ulungiselela ama-iptables noma imithetho efanayo ku-host ukuze uqondise ithrafikhi phakathi kwe-VPN nenethiwekhi yakho yasekhaya.
- Ku-Raspberry Pi, hlanganisa indawo yokugcina efanayo (noma elungisiwe), dala ifayela le-wg0.conf elinedatha ekhiqizwe ku-peer1, vumela i-NAT yendawo (ukuze ukwazi ukuthumela ithrafikhi emuva ku-LAN), bese uqala iklayenti le-WireGuard ku-Docker noma ngokwendabuko.
Kusukela lapho, noma iyiphi enye idivayisi (kufaka phakathi eyakho) I-Android ngohlelo lokusebenza lwe-WireGuardUngasebenzisa omunye wontanga abengeziwe be-VPS (peer2, peer3…) ukuze uxhume. Empeleni, uhlala uxhuma ekhelini le-IP le-VPS, kodwa ugcina ufinyelela izinsizakalo zakho zenethiwekhi yasekhaya, ngisho nange-CGNAT.
I-WireGuard enamaphaneli ewebhu: i-WireGuard Easy, i-EasyPanel kanye nenkampani
Uma konke lokhu kuzwakala sengathi kuyi-console enkulu kakhulu kuwe, kunezixazululo ezilula kakhulu ezibeka i- Iphaneli yewebhu yokuphatha i-WireGuard ngokuchofoza okukodwaIsibonelo, kuseva ene-EasyPanel ungathumela uhlelo lokusebenza olufana I-WireGuard Easy ngethempulethi bese ukhohlwa ukubhala amafayela ngesandla.
Umsebenzi ohambisana nala maphaneli uvame ukuba:
- Ungena kuphaneli (i-EasyPanel noma enye) nomsebenzisi wakho.
- Ufaka ithempulethi I-WireGuard Easy, ichaza amapharamitha afana ne-domain/public IP (WG_HOST), i-UDP port, i-VPN subnet kanye ne-DNS.
- Uhlelo luqala isitsha esiveza isikhombimsebenzisi sewebhu esivikelwe ngephasiwedi lapho ubona khona uhlu lontanga, izibalo, kanye nezinketho zokucushwa.
- Ukuze wengeze iklayenti, umane ugcwalise ifomu ngegama lalo; iphaneli ikhiqiza okhiye, ibanike ikheli le-IP, bese ikhombisa Ikhodi ye-QR ilungele ukuskenwa nge-Android, ngaphezu kokukuvumela ukuthi ulande ifayela le-.conf.
Lokhu kulula kakhulu ezindaweni lapho abantu abaningi basebenzisa i-VPN (umndeni, ithimba lomsebenzi, njll.), ngoba ungakwazi Sebenzisa noma uhoxise ukufinyelela ngemizuzwana ngaphandle kokuchaza noma yini yobuchwepheshe. Ngaphezu kwalokho, uma usebenzisa i-WireGuard Easy ku-VPS, uhlanganisa konke ukufinyelela okukude kunethiwekhi yakho yasekhaya nakwezinye izindawo.
I-WireGuard kwezinye izinhlelo: iWindows, i-macOS, iLinux, i-iOS
Nakuba sigxile ku-Android lapha, i-WireGuard isebenza kahle ngokulinganayo ne- amadeskithophu nezinye izingcingoKu-Windows, isibonelo, ulanda iklayenti elisemthethweni, ulifake, bese ucindezela u-“Engeza Umhubhe", ukhetha okuthi "Engeza umhubhe ongenalutho" noma "Ngenisa kusuka kufayela", bese uhlelo ngokwalo lungakukhiqiza umbhangqwana okhiye.
Ifomethi yokucushwa iyafana: vimba ngeyakho I-PrivateKey, Ikheli kanye ne-DNS, bese uvimba nge Ukhiye Womphakathi weseva, i-Endpoint kanye nama-AllowedIPUma ususindisiwe, vele ucindezele okuthi "Vuselela" ukuze uqalise isikhombimsebenzisi bese uqala ukuhamba kwethrafikhi.
Ku-iOS inqubo ifana kakhulu ne-Android: ufaka uhlelo lokusebenza lwe-WireGuard kusuka ku-App Store, udale umhubhe omusha, futhi ungakwazi Ngenisa ifayela le-.conf noma uskene ikhodi ye-QR oyikhiqizile nge-qrencode noma kusuka kuphaneli efana ne-WireGuard Easy. Bese usebenzisa umhubhe ngeswishi bese usuvele ungaphakathi kwenethiwekhi yakho yasekhaya.
Kudeskithophu ye-Linux ungasebenzisa ithuluzi lomugqa womyalo uqobo (wg-okusheshayo wg0noma uyihlanganise ne-NetworkManager ngokungenisa ifayela le-.conf kusuka ku-interface yesithombe. Kukhona futhi iklayenti le-macOS elisemthethweni elinolwazi olufana kakhulu nenguqulo ye-Windows.
Ekugcineni, ukuba uhlelo olufanayo lwephrothokholi kanye nohlelo lokulungiselela kuwo wonke amapulatifomu Kwenza impilo ibe lula kakhulu: uphinda i-logic kusuka kwelinye iklayenti uye kwelinye ngokushintsha okhiye kanye ne-IP yomhubhe kuphela.
Ngale nhlanganisela—iseva ye-Linux noma ye-Docker elungiselelwe kahle, ukwesekwa kwe-VPS okungenzeka uma une-CGNAT, amaphaneli ewebhu ukuze kube lula ukuphatha, kanye nohlelo lokusebenza lwe-WireGuard ku-Android—ungasetha i- I-VPN yasekhaya eqinile, esheshayo, nephephile okukuvumela ukuthi ufinyelele inethiwekhi yakho yasekhaya, amafayela akho kanye nezinsizakalo, futhi uphequlule ngokuphephile ku-WiFi yomphakathi ngaphandle kokuncika kubantu besithathu noma izixazululo zezentengiselwano ezingacacile. Yabelana ngalolu lwazi ukuze abanye bazi ngesici esisha.