Ukuba ulungiselele iteknoloji encinci ekhaya nge I-NAS, iseva yeLinux, okanye ikhompyutha ephinda isetyenziswe egcwele iinkonzoNdiqinisekile ukuba ukhe wadibana nengxaki efanayo: yonke into isebenza ngokugqibeleleyo ngelixa usebenzisa i-Wi-Fi yakho, kodwa wakuphuma ekhaya, libala ngayo. Awunakufikelela kwii-apps zakho, iifayile, okanye iikhamera ze-IP ngaphandle kokuxinwa ziingxaki zokumisela izibuko, iingxaki ze-DDNS, kunye nemingcipheko yokhuseleko, okanye ukubhenela kwi... IiVPN ezicetyiswayo ze-Android.
Eyona ndlela ilula nekhuselekileyo yokusombulula oku kukudala I-VPN nge-WireGuard kwaye uqhagamshele kwi-Android (nakwesinye isixhobo). Ngale ndlela ungasebenzisa inethiwekhi yakho yasekhaya ngokungathi ulapho ngokoqobo, nokuba i-ISP yakho isebenzisa i-CGNAT okanye une-topology yenethiwekhi eyinkimbinkimbi. Makhe siyijonge inyathelo ngenyathelo: ukusuka kwinto eyiyo iWireGuard, indlela yokuyiseta kwiLinux (okanye ngeDocker kunye neephaneli ezifana ne-EasyPanel/WireGuard Easy) kunye nendlela yokuyilungisa ukuze ifikelele kwi-LAN yakho kunye Sebenzisa i-VPN kwi-Android kwaye uphequlule ngokukhuselekileyo kwisixhobo sakho esiphathwayo.
Yintoni iWireGuard kwaye kutheni ifanelekile kwiVPN yasekhaya?
I-WireGuard yiprotocol ye-VPN yanamhlanje, encinci, kwaye ikhawuleza kakhulu. nto leyo etshintshe ngokupheleleyo indlela ezicwangciswa ngayo iinethiwekhi zabucala ezibonakalayo. Ngokungafaniyo needinosaur ezifana ne-OpenVPN okanye i-IPsec, yayiyilwe ukusuka ekuqaleni ukuze ibe lula ukuyicwangcisa, kube lula ukuyihlola, kwaye isebenze kakuhle kakhulu.
Isiseko sayo sekhowudi sincinci kakhulu (ngokomyalelo we imigca embalwaOku kwenza kube lula ukufumana ubuthathaka kunye nokuhlala unolwazi lwamva nje. Kwi-encryption, isebenzisa kuphela ii-algorithms zanamhlanje nezihlonitshwayo ezifana I-Curve25519, i-ChaCha20, i-Poly1305, ii-BLAKE2s kunye nenkampani. Akukho ludwe lungapheliyo lwee-ciphers eziphelelwe lixesha ekufuneka kungabikho mntu usazisebenzisayo.
Ngaphezu koko, isebenza kuphela kwi I-UDP kwaye ingadibaniswa kwi-kernel yeLinuxNgoko ke ukubambezeleka kuphantsi, ukusebenza kuhle kakhulu, kwaye ukusetyenziswa kweCPU akunamsebenzi. Oku kubonakala ngakumbi xa uqhagamshela kwi-Android nge-4G/5G okanye kwi-Wi-Fi eqhelekileyo: uqhagamshelo lwenethiwekhi lukhawuleza, kwaye i-tunnel ilawula utshintsho lwenethiwekhi kakuhle.
Useto lukwalula kakhulu ukulusebenzisa: isixhobo ngasinye sine isitshixo sikawonke-wonke/sabucalaInikwe idilesi ye-IP ye-VPN yangaphakathi kwaye ithrafikhi ethunyelwa nge-tunnel ichazwa ngomgaqo-nkqubo. IiIPs ezivumelekileyoNgaloo nto, i-UDP port kunye nezinye izicwangciso ezine, uyilungisile, ngaphandle kwenani leeparameters ezifihlakeleyo okanye iifayile ezingapheliyo.
Enye inzuzo enkulu kukuba I-WireGuard isebenzisa amaqonga amaninzi: Nantsi lapho Abathengi abasemthethweni be-AndroidIhambelana ne-iOS, Windows, macOS, kunye neLinux, kwaye ingasebenza nakwii-routers, kwiikhonteyina zeDocker, okanye kwizixhobo ezifakwe ngaphakathi. Kwiselula, ungangenisa ifayile ye-.conf okanye uskene nje i- Ikhowudi ye-QR iveliswe kwiseva kwaye silungile.
Iimfuno ezisisiseko ngaphambi kokuseta iseva yakho yeWireGuard
Ngaphambi kokuba uncamathisele imiyalelo efana nethi akukho ngomso, kungcono ujonge ukuba uyahlangabezana na neemfuno ezithile. Iimfuno ezifunekayo zeseva yeWireGuard enokufikeleleka kwi-AndroidOku kuya kukunceda ungabi neentloko ezibuhlungu ezininzi.
Eyona nto ixhaphakileyo kukusebenzisa iseva ye-linuxOku kungaba yiVPS esekwe kwilifu (Ubuntu 22.04 lukhetho olulula kakhulu) okanye umatshini wasekhaya (iRaspberry Pi, iMiniPC, iNAS enenkxaso, njl.njl.). Naluphi na usasazo lwanamhlanje olunenkxaso yeWireGuard luya kusebenza, kodwa iUbuntu/Debian inikezela ngamaxwebhu kunye nemizekelo engaphezulu.
Udinga umsebenzisi one imvume yezolawulo (ingcambu okanye umsebenzisi one-sudo privileges) kuba uza kufaka iipakethe, ulungisa useto lwenethiwekhi, uvumele ukuthunyelwa kwe-IP, kwaye mhlawumbi utshintshe imithetho ye-firewall. Kubalulekile nokuba ne-SSH yokufikelela kwiseva kwaye wazi, ubuncinane, indlela yokunxibelelana ukusuka kumatshini wakho.
Kwicala lomthengi, uza kusebenzisa kakhulu eyakho Ifowuni ye-Android ene-app esemthethweni ye-WireGuardNangona le nkqubo yoqwalaselo ifanayo isebenza kwiWindows, macOS, Linux, okanye iOS. Ifayile yoqwalaselo ayitshintshi kangako phakathi kwamaqonga, ngoko ke oko ukufundayo apha kuya kuba luncedo kuwo onke.
Utshaba olukhulu: i-CGNAT kunye nendlela eyichaphazela ngayo i-VPN yakho yasekhaya
Enye yezona ngongoma zibalulekileyo, ingakumbi ukuba iseva isekhaya, kukwazi ukuba umboneleli wakho ubeka umva inethiwekhi. I-CGNAT (i-NAT yoMthwali-weBanga)Phantsi kweCGNAT, wabelana ngedilesi ye-IP kawonkewonke nabanye abathengi kwaye Awunakuvula ii-ports kwinethiwekhi yakho yasekhaya.nto leyo eyenza kube nzima kakhulu ukutyhila iseva yeVPN kuqhagamshelo lwakho lwasekhaya.
Kulula ukuyifumana: okokuqala, bhala phantsi IP yoluntu Ukusuka kwiwebhusayithi efana ne-“whatismyip.” kwisiphequluli sakho. Emva koko ngena kwiphaneli yokulawula ye-router yakho (ngesiqhelo kwi-192.168.1.1 okanye kwi-192.168.0.1) uze ujonge kwicandelo le-WAN okanye le-Intanethi idilesi ye-IP ecinga ukuba inayo i-router. Ukuba loo dilesi ye-IP iqala ngo 10.xxx okanye ikwinqanaba le-100.64.0.0 – 100.127.255.255 Kwaye ukuba ayihambelani nolwazi olukwiiwebhusayithi, uphantsi kwe-CGNAT. Enye indlela ethe ngqo kukufowunela umqhubi uze ubuze.
Nge-CGNAT, i-router yakho ayifumani idilesi ye-IP kawonke-wonke ethe ngqo, ngoko ke Awunakwenza i-classic port forwardingEzinye iinkampani zikuvumela ukuba ukhethe ukuphuma kwi-CGNAT ngokuhlawula imali eyongezelelweyo okanye ngokuvula ukhetho, ezinye zifuna ukuba utshintshe isicwangciso sakho, kwaye ngamanye amaxesha amaxabiso ayaphakama. Ukuba awufuni ukudlula kuyo yonke loo nto, isisombululo esikrelekrele kukutshintshela kwi... I-VPS njengebhulorhoIseva yakho yasekhaya idala umjelo weWireGuard kwiVPS, kwaye uqhagamshela kwiVPS ukusuka kwi-Android ukuze ufikelele kwi-LAN yasekhaya.
Ukulungiselela iseva yeLinux: Uhlaziyo kunye nofakelo lweWireGuard
Kwiseva ene-Ubuntu 22.04 (okanye efanayo), into yokuqala ekufuneka yenziwe kukuba hlaziya iiphakheji ukuphepha ukuthwala ubuthathaka okanye iinguqulelo ezindala:
apt update && apt upgrade -y
Emva koko faka iWireGuard kwiindawo zokugcina ezisemthethweni usebenzisa:
apt install -y wireguard
Le phakheji ibandakanya izixhobo wg kunye ne-wg-ngokukhawuleza kwaye ilayisha imodyuli yekernel efunekayo. Ukuba ufuna ukunyanzela ukulayisha ngesandla kwindawo engaqhelekanga, ungasebenzisa:
modprobe wireguard
Ukuveliswa kwezitshixo kunye nolwakhiwo loqwalaselo lweseva
Eyona nto iphambili kwiWireGuard yinkqubo izitshixo zikawonke-wonke kunye nezabucalaNgokwesiqhelo, umsebenzi wenziwa kwi-standard directory. /etc/wireguard/apho uza kugcina khona izitshixo kunye neefayile zoqwalaselo.
Tshintshela kuloo directory kwaye wenze lukhuni iimvume ezingagqibekanga ngaphambi kokudala nantoni na:
cd /etc/wireguard/
umask 077
Oku kuqinisekisa ukuba Iifayile ezintsha zisenokungafundeki ngabanye abasebenzisiOku kubaluleke kakhulu xa usenza izitshixo zabucala. Yenza isibini sezitshixo zeseva, umzekelo:
wg genkey > privatekey
wg pubkey < privatekey > publickey
La isitshixo sabucala Kufuneka ihlale ikwiseva kwaye ingaze iyishiye; isitshixo soluntu Ewe, ungabelana ngayo nabathengi. Kwakhona, ziphephe izicelo zomntu wesithathu ezinokubeka emngciphekweni iimfihlo; hlaziya amanqaku kwi [topic missing]. usetyenziso lweVPN olungakhuselekanga Ukuba unamathandabuzo ngabathengi.
chmod 600 privatekey
Ukuba ufuna ukubona amaqhosha kwisikrini ukuze uwakhuphele kamva, ungasebenzisa:
tail privatekey publickey
Yenza kwaye uhlele ifayile ye-wg0.conf yeseva
I-WireGuard ilungiselela iitonela zayo e iindawo zokujonga ezibonakalayo Iifowuni ngokwesivumelwano wg0, wg1, njl. Ujongano ngalunye lunefayile yalo yoqwalaselo kwi /etc/wireguard/Siza kudala wg0.conf njengesixhobo esiphambili sokujonga.
Ukuba uyayithanda iNano kwaye awuyifaki, ungayongeza nge:
apt install -y nano
Vula ifayile yoqwalaselo:
nano /etc/wireguard/wg0.conf
Ngaphambi kokuba ubhale nantoni na, chonga igama le-network interface eqhagamshela kwi-intanethi (leyo inedilesi ye-IP kawonkewonke okanye idilesi ye-IP oyisebenzisela ukunxibelelana nge-SSH). Ungayifumana le nto usebenzisa:
ip a
KwiiVPS ezininzi ibizwa ngokuba eth0, en3, enp0s3 okanye into efana naleyo. Uza kuyidinga kwimithetho ye-NAT. Umzekelo webhloko epheleleyo ungaba:
Address = 10.30.0.1/24
PrivateKey = <clave_privada_servidor>
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Apha unika iseva idilesi ye-IP 10.30.0.1 ngaphakathi kwenethiwekhi yeVPN, uyixelela ukuba imamele kwi-UDP port 51820, kwaye uchaza imithetho ye-iptables esebenzayo xa kuvela ujongano lwe-wg0 (I-PostUp) kwaye ziyasuswa xa usiya ezantsi (NgeposiDownLumka xa utshintsha I-eth0 ngegama lokwenyani le-output interface yakho.
KwiNano, ugcina nge Ctrl + O kwaye uvala nge Ctrl + XLe wg0.conf iya kuba yeyona nto iphambili oza kongeza kuyo abathengi abahlukeneyo (oontanga).
Nika amandla ukuthunyelwa kwe-IP kwaye uqalise inkonzo yeWireGuard
Ukuze abathengi bakho bakwazi ukufikelela kwi-intanethi okanye kwi-LAN engasemva kweseva yeVPN, inkqubo kufuneka ivumele Ukudluliselwa kwepakethi ye-IPv4 kunye ne-IPv6Oku kulawulwa nge-sysctl.
Indlela ekhawulezayo kukongeza imigca ehambelanayo kwi /etc/sysctl.conf okanye kwifayile ekwi /etc/sysctl.d/ kunye nokutshaja kwakhona:
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p
Ukuba loo migca sele ikho kodwa yaphawulwa (nge-#), kwanele ukuba susa #gcina kwaye uqalise kwakhona sysctl -pNgaphandle kweli nyathelo, uya kuba ne-tunnel phezulu kodwa uya kulahlekelwa kukufikelela kwi-LAN okanye kwi-intanethi kubathengi.
Ngoku ungayiphakamisa iWireGuard ngoncedo lwe wg-ngokukhawuleza kunye nenkqubo:
systemctl start wg-quick@wg0
Ukuze iqalise ngokuzenzekelayo ngenkqubo:
systemctl enable wg-quick@wg0
Qinisekisa ukuba yonke into iluhlaza nge:
systemctl status wg-quick@wg0
Kwaye ukuze ubone iinkcukacha zexesha langempela ze-interface, izitshixo, oontanga, kunye ne-traffic, sebenzisa:
wg
Yongeza abathengi: i-PC, ii-Android mobile kunye nezinye izixhobo
Isixhobo ngasinye esiqhagamshela kwi-VPN yakho sichazwa njenge ukujonga ngesitshixo sabo kunye ne-IP yomjeloUngazivelisa izitshixo kwiseva ngokwayo (ilula ngakumbi) okanye kumthengi ngamnye (ukhuselekile ngakumbi, kuba isitshixo sabucala asiphumi kuso).
Kwikhompyutha yedesktop ungenza, umzekelo, kwi /etc/wireguard/:
wg genkey > mypc_privatekey
wg pubkey < mypc_privatekey > mypc_publickey
Kwaye kwiselfowuni yakho ye-Android:
wg genkey > myphone_privatekey
wg pubkey < myphone_privatekey > myphone_publickey
Jonga iifayile nge:
ls
Kwaye ibonisa izitshixo zikawonke-wonke:
tail mypc_publickey myphone_publickey
Ezo zitshixo zikawonke-wonke zezo uza kungena kuzo wg0.conf ngaphakathi kweebhloko Vula ifayile yeseva kwakhona:
nano /etc/wireguard/wg0.conf
Kwaye wongeza, umzekelo:
PublicKey = <clave_publica_mypc>
AllowedIPs = 10.30.0.2/32
Isitshixo Sikawonkewonke =
I-AllowedIPs = 10.30.0.3/32
Ngokwenza oku ugcina idilesi ye-IP 10.30.0.2 yePC kunye 10.30.0.3 kwiselula ye-AndroidI-/32 ibonisa ukuba yidilesi ye-IP yomntu ngamnye. Intanga nganye isebenzisa idilesi yayo ye-IP eyahlukileyo ngaphakathi kwe-VPN subnet.
Gcina kwaye ulayishe kwakhona inkonzo ukuze usebenzise utshintsho:
systemctl restart wg-quick@wg0
Yenza iifayile zoqwalaselo lweklayenti
Ngoku lixesha lokulungiselela iifayile ze-.conf eziza kusetyenziswa ngabathengiZiquka isitshixo sakho sabucala, i-IP yangaphakathi, i-DNS kunye nedatha yeseva (isitshixo sikawonke-wonke, i-IP/iDomain kunye nezibuko).
KwiPC ungayenza mypc.conf kwi /etc/wireguard/ (okanye naphi na apho uthanda khona):
nano mypc.conf
Uhlobo lomxholo:
PrivateKey = <clave_privada_mypc>
Address = 10.30.0.2/24
DNS = 1.1.1.1
I-PublicKey =
Isiphelo = :51820
I-AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 20
Kwibhloko yokuqala, uchaza "ubuso" bengingqi yomthengi: isitshixo sakhe sabucala, idilesi yakhe ye-IP ye-VPN, kunye ne-DNS aza kuyisebenzisa. Kwibhloko yesibini, uchaza iseva: isitshixo sayo sikawonke-wonke, idilesi, kunye nezibuko. Umgca I-AllowedIPs = 0.0.0.0/0 yenza Lonke ithrafikhi yabathengi idlula kwi-VPN (umjelo opheleleyo). Ukuba ufuna ukufikelela kwi-LAN yakho ekude kuphela, ungayikhawulela kwi-10.30.0.0/24 kunye/okanye kwi-192.168.x.0/24, kuxhomekeke kwinethiwekhi yakho.
I-PersistentKeepalive Rhoqo emva kwemizuzwana engama-20-25 kucetyiswa kakhulu kubathengi abasemva kwe-NAT okanye iinethiwekhi zeselfowuni, njengoko ithintela umngxuma ukuba ungabonakali ungasebenzi kwaye i-firewall ingavali iseshoni.
Uqwalaselo oluthile lomthengi we-Android
Kwi-Android, inkqubo iyafana. Ifowuni iyayifuna isitshixo sabucala, i-IP yakho yomngxuma kunye nedatha yeseva. Ungaphinda usebenzise amaqhosha owavelisileyo kwiseva okanye uwavelise ngqo kwi-app.
Ulandela umzekelo, udale i-myphone_privatekey kunye ne-myphone_publickeyAwunayo ifayile ye-myphone.conf yefowuni yakho:
nano myphone.conf
Into efana nale:
PrivateKey = <clave_privada_myphone>
Address = 10.30.0.3/24
DNS = 1.1.1.1
I-PublicKey =
Isiphelo = :51820
I-AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 20
Inxalenye enzima apha yile Indlela yokuthumela loo fayile ngokukhuselekileyo kwifowuni ephathwayoKwimeko yelabhoratri, ungayilayisha kwiseva yewebhu uze uyikhuphele, kodwa ekuvelisweni kwayo, kungcono ukuyiphepha ukuyithumela nge-imeyile okanye ukuyigcina kwiinkonzo ezingabhalwanga.
Eyona ndlela icocekileyo idla ngokusetyenziswa khowudi ukuvelisa ikhowudi ye-QR enokufundwa yi-app ye-WireGuard kwi-Android:
apt install -y qrencode
qrencode -t ansiutf8 -r myphone.conf
Uza kubona ikhowudi ye-QR ngoonobumba be-ASCII kwisiphelo sendlela. Kwisixhobo sakho esiphathwayo, vula usetyenziso lwe-WireGuard, ukhethe “Skena kwikhowudi ye-QR"(Skena kwikhowudi yeQR) uze ukhombe kwisikrini. Ngale ndlela akufuneki wabelane ngefayile ye-.conf ngeendlela ezingathandabuzekiyo."
Ukufikelela kwi-LAN yasekhaya, i-DNS, kunye namagama endawo
Ngaphandle kokwakha umngxuma, yintoni enomdla malunga I-VPN ene-WireGuard kwi-Android ukuze uqhagamshele ikhaya lakho ngokukhuselekileyo Kukukwazi ukufikelela kuzo zonke izixhobo zakho zasekhaya ngokungathi ulapho: i-NAS, iikhamera ze-IP, ii-routers, iiseva zemidiya, njl.njl., kungcono ukusebenzisa amagama eedomeyini zasekuhlaleni endaweni yee-IP.
Iirouter ezininzi ezidibanisa iseva yeWireGuard okanye i-DNS yangaphakathi zinecandelo elifana neli INETHIWEKI → I-DNS → Hlela iiHost apho unokwenza khona amangeniso afana 192.168.1.50 nas-casa.localUkuba ukhomba i-DNS yabathengi bakho beVPN kwi-router okanye kwiseva esombulula la magama, uya kukwazi ukufikelela kwizixhobo zakho ngegama lomninimzi.
Ezinye ii-firmware ze-router ezine-WireGuard ziquka iibhokisi zokujonga ezifana "Vumela ukufikelela kude kwi-LAN""I-Remote Access LAN Subnet" okanye into efanayo. Kufuneka uzivule ezi zinto ukuze abathengi abakude bakwazi ukufikelela kwi i-subnet yendawo (192.168.xx) ngaphaya kwe-router ngokwayo.
Kwiimeko apho iseva yeWireGuard isebenza ngaphakathi kwi-router, idla ngokuvumela thumela ngaphandle iiprofayili ze-.conf ezilungiselelwe kwangaphambili kwizixhobo eziphathwayo okanye ezinye ii-routers zabathengi. Ezi profayili zihlala ziquka i-IP ye-tunnel, i-DNS echanekileyo (ngesiqhelo i-IP ye-router kwinethiwekhi ye-VPN), kunye nee-AllowedIP ezicwangciswe kakuhle.
Ukuqinisekiswa, ukusombulula iingxaki, kunye nokhuseleko
Nje ukuba uqwalaselo lungeniswe kwi-Android kwaye umjelo usebenze, into yokuqala ekufuneka yenziwe kukujonga ukuba Ukuxhawulana kwenzeka ngokuchanekileyo.I-app yeWireGuard ngokwayo ibonisa imeko, ii-byte ezithunyelweyo/ezifunyenweyo, kunye nesitampu sokugqibela sokuxhawulana.
Kwiseva, sebenzisa:
wg
Apho uza kubona, kwintanga nganye, isitshixo sayo sikawonke-wonke, idilesi ye-IP ekude eqhagamshelana nayo, ukuxhawulana kokugqibela, kunye nethrafikhi etshintshiselwana ngayo. Ukuba intsimi ethi "Ukuxhawulana Kokugqibela" ayinanto okanye indala kakhulu, umthengi akaqhagamsheli okanye kukho into eyivimbayo.
Ukuba akukho nxibelelwano, khangela ukuba Izibuko le-UDP (51820 okanye nayiphi na oyisebenzisayo) livuliwe kwi-firewall yeseva (UFW, iptables, nftables) nakweyiphi na i-intermediate routers. Ukuba iseva ingasemva kwe-home router, cwangcisa i Ukudluliselwa kwezibuko ze-UDP ukusuka kuloo zibuko ukuya kwidilesi ye-IP yangaphakathi yesevaIngxaki inokuchaphazela ii-apps ezithile; jonga isikhokelo sethu kwi Yintoni omawuyenze ukuba ii-apps ziyasilela xa i-VPN ivuliwe.
Ukuba itonela iyavuleka kodwa awunayo i-intanethi yeselula, jonga ukuba ipakethi iyathunyelwa na (net.ipv4.ip_forward kwaye ngokuzikhethela net.ipv6.conf.all.forwarding) iyasebenza kwaye imithetho ye-NAT ikhomba kwi-interface echanekileyo ephumayo (eth0, ens3, njl.njl.).
Iingxaki ze-DNS zihlala zifunyanwa xa ukwazi uku-ping kwidilesi ethile ye-IP (umzekelo, 1.1.1.1) kodwa ungakwazi ukusombulula ii-domain. Kwimeko enjalo, jonga umgca i-DNS = Kwifayile ye-.conf yomthengi: ungasebenzisa i-DNS kawonkewonke (8.8.8.8, 1.1.1.1) okanye idilesi ye-IP yomjelo weseva ukuba isebenza njengesisombululi sangaphakathi.
Ngokuphathelele ukhuseleko, ngaphaya kwe-cryptography yeWireGuard, kukho inani le iindlela ezilungileyo ezibalulekileyo:
- Khusela izitshixo zakho zabucalaMusa ukuzikopa kwiindawo ezingakhuselekanga okanye wabelane ngazo nabani na.
- Imiqathango ye-AllowedIPs ngontanga ngamnye: inika umthengi ngamnye ukufikelela kwiinethiwekhi abazidingayo kuphela, akukho lawulo lwasimahla.
- Sebenzisa iiports ze-UDP ezingezizo ezinqabileyoUkutshintsha i-51820 ngexabiso eliphezulu kunciphisa ingxolo evela kwiiskeni ezizenzekelayo.
- Gcina inkqubo yakho kunye neWireGuard zihlaziyiwe: iziqwenga yonke imihla.
- Izihluzi zokufikelela kwizibuko leWireGuard kwi-firewall ukunciphisa ukuba ngubani onokuzama ukunxibelelana (nge-IP yomthombo xa ivakala).
Xa uneCGNAT okanye ufuna into ephucukileyo: vula i-VPS
Ukuba umqhubi wakho ukufake phantsi kweCGNAT okanye ufuna nje ukwahlula umaleko wokufikelela kuluntu wekhaya lakho, ungenza isisombululo esintsonkothileyo kodwa esinamandla kakhulu: Sebenzisa i-VPS njengengongoma ephambili kunye neseva yakho yasekhaya njengomthengi.Emva koko uqhagamshela kwi-VPS ukusuka kwi-Android kwaye, ngayo, ufikelela kwi-LAN yakho.
Inkqubo esisiseko yile: efini useta i "Iseva" yeWireGuard (umzekelo ngeDocker kunye ne-stack efana ne-linuxserver/wireguard okanye indawo yokugcina izinto eyakhelwe kwangaphambili), uvumela ukuthunyelwa kwe-forward kunye ne-NAT, kwaye ekhaya unayo I-Raspberry Pi okanye i-PC ihlala ivuliwe edibanisa neVPS njengentanga. I-VPS ine-IP kawonkewonke kwaye ayichaphazeleki yiCGNAT, ngoko ungavula ii-ports apho ngaphandle kwengxaki.
Ukuhamba komsebenzi okuqhelekileyo ngeDocker kunokuba:
- Kwi-VPS ufaka i-Docker kunye ne-Docker Compose, ukopishe indawo yokugcina uqwalaselo lwe-WireGuard kwaye Uphakamisa isitya nge-`docker-compose up -d`.
- Isikhongozeli sivelisa ngokuzenzekelayo izitshixo zeseva kunye nezo zontanga ezahlukeneyo (peer1, peer2…), zigcina iifayile zazo ze-.conf kwifolda yoqwalaselo.
- Ulungisa ifayile yeseva ukuze ibandakanye eyakho i-subnet yasekhaya (umzekelo 192.168.1.0/24) kwi-AllowedIPs yentanga eza kusetyenziswa yiRaspberry yakho, kwaye ulungiselele ii-iptables okanye imithetho efanayo kwi-host ukuze uhambise ithrafikhi phakathi kwe-VPN kunye nenethiwekhi yakho yasekhaya.
- KwiRaspberry Pi, yenza i-repo efanayo (okanye elungisiweyo), yenza ifayile ye-wg0.conf enedatha eyenziwe kwi-peer1, vumela i-NAT yendawo (ukuze ikwazi ukuthumela ithrafikhi kwi-LAN), kwaye uqalise iklayenti ye-WireGuard kwi-Docker okanye ngokwendalo.
Ukusuka apho, nasiphi na esinye isixhobo (kuquka nesakho) I-Android ene-app ye-WireGuardUngasebenzisa enye yeentanga ezongezelelweyo zeVPS (peer2, peer3…) ukuze uqhagamshele. Ngokwenyani, uhlala uqhagamshela kwidilesi ye-IP yeVPS, kodwa ekugqibeleni ufikelela kwiinkonzo zakho zenethiwekhi yasekhaya, nokuba usebenzisa iCGNAT.
I-WireGuard eneephaneli zewebhu: i-WireGuard Easy, i-EasyPanel kunye nenkampani
Ukuba konke oku kuvakala ngathi yi-console eninzi kuwe, kukho izisombululo ezilula kakhulu ezilungiselela Iphaneli yewebhu yokulawula iWireGuard ngokucofa kanyeUmzekelo, kwiseva ene-EasyPanel ungathumela usetyenziso olufana I-WireGuard ilula ngetemplate kwaye ulibale ngokubhala iifayile ngesandla.
Indlela yokusebenza kwezi paneli idla ngokuba:
- Ufikelela kwiphaneli (i-EasyPanel okanye enye) kunye nomsebenzisi wakho.
- Ufaka itemplate I-WireGuard ilula, ichaza iiparameter ezifana ne-domain/public IP (WG_HOST), i-UDP port, i-VPN subnet kunye ne-DNS.
- Inkqubo iqala isikhongozeli esiveza ujongano lwewebhu olukhuselweyo ngephasiwedi apho ubona khona uluhlu lontanga, izibalo, kunye neendlela zokumisela.
- Ukuze wongeze umthengi, ugcwalisa ifomu enegama lakhe; iphaneli ivelisa izitshixo, inike idilesi ye-IP, kwaye ibonise Ikhowudi ye-QR ilungele ukuskenwa nge-Android, ukongeza ekukuvumeleni ukuba ukhuphele ifayile ye-.conf.
Oku kulula kakhulu kwiindawo apho abantu abaninzi basebenzisa i-VPN (usapho, iqela lomsebenzi, njl.njl.), kuba unako Vula okanye urhoxise ukufikelela kwimizuzwana embalwa ngaphandle kokuchaza nantoni na yobuchwephesha. Ngaphezu koko, ukuba usebenzisa iWireGuard Easy kwi-VPS, ubeka yonke indawo yokufikelela kude kwinethiwekhi yakho yasekhaya nakwezinye iindawo.
I-WireGuard kwezinye iinkqubo: iWindows, iMacOS, iLinux, iiOS
Nangona sigxile kwi-Android apha, i-WireGuard isebenza kakuhle ngokulinganayo ne- iidesktops kunye nezinye iiselulaKwiWindows, umzekelo, ukhuphela iklayenti esemthethweni, uyifake, uze ucinezele “Yongeza iTunnel", ukhetha u-"Yongeza itonela engenanto" okanye u-"Ngenisa kwifayile", kwaye inkqubo ngokwayo inokukwenzela isibini sezitshixo.
Indlela yokumisela iyafana: vimba ngeyakho I-PrivateKey, idilesi kunye ne-DNS, kwaye uvale nge I-PublicKey yeseva, i-Endpoint kunye ne-AllowedIPsNje ukuba igciniwe, cofa nje u-"Vuselela" ukuze uqalise ujongano kwaye uqalise ukuhamba kwethrafikhi.
Kwi-iOS, le nkqubo ifana kakhulu ne-Android: ufaka i-app ye-WireGuard kwi-App Store, wenze i-tunnel entsha, kwaye unako Ngenisa ifayile ye-.conf okanye uskene ikhowudi ye-QR oyivelisileyo nge-qrencode okanye kwiphaneli efana neWireGuard Easy. Emva koko uvula umngxuma ngeswitshi kwaye sele ungaphakathi kwenethiwekhi yakho yasekhaya.
Kwi-desktop Linux ungasebenzisa isixhobo somgca womyalelo ngokwaso (wg-ukhawuleze wg0okanye uyidibanise neNetworkManager ngokungenisa ifayile ye-.conf kwi-interface yemizobo. Kukwakho neklayenti esemthethweni ye-macOS enamava afana kakhulu nenguqulelo yeWindows.
Ekugqibeleni, yiba iprotokholi efanayo kunye nesicwangciso soqwalaselo kuzo zonke iiplatifomu Kwenza ubomi bube lula kakhulu: uphinda ingqiqo ukusuka komnye umthengi ukuya komnye ngokutshintsha kuphela izitshixo kunye ne-IP yomngxuma.
Ngolu dibaniso—iseva yeLinux okanye yeDocker elungiselelwe kakuhle, inkxaso enokwenzeka yeVPS ukuba uneCGNAT, iiphaneli zewebhu zokwenza lula ulawulo, kunye ne-app yeWireGuard kwi-Android—ungayilungiselela I-VPN yasekhaya eqinileyo, ekhawulezayo, nekhuselekileyo ekuvumela ukuba ufikelele kwinethiwekhi yakho yasekhaya, kwiifayile zakho nakwiinkonzo zakho, kwaye uphequlule ngokukhuselekileyo kwi-WiFi kawonke-wonke ngaphandle kokuxhomekeka kumaqela esithathu okanye kwizisombululo zorhwebo ezingacacanga. Yabelana ngolu lwazi ukuze nabanye bazi ngale nto intsha.