WireGuard - Yara kan, Igbalode ati Aabo VPN Eefin fun Lainos

WireGuard jẹ igbalode, aabo, pẹpẹ agbelebu ati idi-gbogbogbo imuse VPN ti o nlo ipo iwoye ti ilu. O ni ero lati yara, rọrun, rirọ ati iṣẹ diẹ sii ju IPsec ati pe o pinnu lati jẹ oluṣe diẹ sii ju OpenVPN.

A ṣe apẹrẹ fun lilo ni ọpọlọpọ awọn ayidayida ati pe a le fi ranṣẹ lori awọn atọkun ifibọ, awọn olulana ẹhin ti kojọpọ ni kikun, ati awọn kọnputa nla bakanna; ati ṣiṣe lori Linux, Windows, macOS, BSD, iOS, ati awọn ọna ṣiṣe ẹrọ Android.

Iṣeduro Ka: Awọn iṣẹ VPN ti o dara julọ 13 pẹlu Ṣiṣe alabapin Igbesi aye

O ṣe agbekalẹ ipilẹ ti o lalailopinpin sibẹsibẹ wiwo ti o lagbara ti o ni ero lati rọrun, bi irọrun lati tunto ati ṣiṣiṣẹ bi SSH. Awọn ẹya ara ẹrọ bọtini rẹ pẹlu wiwo nẹtiwọọki ti o rọrun, lilọ kiri ọna bọtini crypto, lilọ kiri inu ati atilẹyin eiyan.

Akiyesi pe ni akoko kikọ, o wa labẹ idagbasoke ti o wuwo: diẹ ninu awọn ẹya rẹ n ṣiṣẹ si idasilẹ iduroṣinṣin 1.0, lakoko ti awọn miiran ti wa tẹlẹ (ṣiṣẹ itanran).

Ninu nkan yii, iwọ yoo kọ bi o ṣe le fi sori ẹrọ ati tunto WireGuard ni Lainos lati ṣẹda eefin VPN laarin awọn ogun Linux meji.

Fun itọsọna yii, iṣeto wa (orukọ olupin ati IP gbangba) jẹ atẹle:

Node 1 : tecmint-appserver1: 		10.20.20.4
Node 2 : tecmint-dbserver1: 		10.20.20.3

Bii o ṣe le Fi sii WireGuard ni Awọn Pinpin Linux

Wọle sinu awọn apa rẹ mejeeji ki o fi WireGuard sori ẹrọ ni lilo aṣẹ atẹle ti o yẹ fun awọn kaakiri Linux rẹ bi atẹle.

$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
$ sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
$ sudo yum copr enable jdoss/wireguard
$ sudo yum install wireguard-dkms wireguard-tools

$ sudo yum install epel-release
$ sudo yum config-manager --set-enabled PowerTools
$ sudo yum copr enable jdoss/wireguard
$ sudo yum install wireguard-dkms wireguard-tools

$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
$ sudo yum install wireguard-dkms wireguard-tools

$ sudo dnf install wireguard-tools

# echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
# printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
# apt update
# apt install wireguard

$ sudo add-apt-repository ppa:wireguard/wireguard
$ sudo apt-get update
$ sudo apt-get install wireguard

$ sudo zypper addrepo -f obs://network:vpn:wireguard wireguard
$ sudo zypper install wireguard-kmp-default wireguard-tools

Ṣiṣeto Ọfin VPN WireGuard VPN Laarin Awọn ogun Linux meji

Nigbati fifi sori ẹrọ ti onirin waya ba pari lori awọn apa mejeeji, o le atunbere awọn apa rẹ tabi ṣafikun modulu wiwọ waya lati ekuro Linux nipa lilo pipaṣẹ atẹle lori awọn apa mejeeji.

$ sudo modprobe wireguard
OR
# modprobe wireguard

Nigbamii, ṣe agbejade awọn bọtini gbangba ati ikọkọ ti ipilẹ 64-ipilẹ nipa lilo iwulo wg lori awọn apa mejeeji bi o ti han.

---------- On Node 1 ---------- 
$ umask 077
$ wg genkey >private_appserver1

---------- On Node 2 ----------
$ umask 077
$ wg genkey >private_dbserver1
$ wg pubkey < private_dbserver1

Nigbamii ti, o nilo lati ṣẹda wiwo nẹtiwọọki kan (fun apẹẹrẹ wg0) fun okun waya lori awọn ẹlẹgbẹ bi a ṣe han ni isalẹ. Lẹhinna fi awọn adirẹsi IP si wiwo nẹtiwọọki tuntun ti a ṣẹda (fun itọsọna yii, a yoo lo nẹtiwọọki 192.168.10.0/24).

---------- On Node 1 ---------- 
$ sudo ip link add dev wg0 type wireguard
$ sudo ip addr add 192.168.10.1/24 dev wg0

---------- On Node 2 ----------
$ sudo ip link add dev wg0 type wireguard
$ sudo ip addr add 192.168.10.2/24 dev wg0

Lati wo awọn atọkun nẹtiwọọki ti a so lori awọn ẹlẹgbẹ ati awọn adirẹsi IP wọn, lo aṣẹ IP atẹle.

$ ip ad

Nigbamii, fi bọtini ikọkọ fun ẹlẹgbẹ kọọkan si wiwo nẹtiwọọki wg0 ki o mu iwoye wa bi a ti han.

---------- On Node 1 ---------- 
$ sudo wg set wg0 private-key ./private_appserver1
$ sudo ip link set wg0 up

---------- On Node 2 ----------
$ sudo wg set wg0 private-key ./private_dbserver1
$ sudo ip link set wg0 up

Nisisiyi pe awọn ọna asopọ mejeeji wa pẹlu ọkọọkan pẹlu awọn bọtini ikọkọ ti o ni nkan ṣe pẹlu wọn, ṣiṣe iwulo wg laisi eyikeyi awọn ariyanjiyan lati gba iṣeto ni awọn wiwo WireGuard lori awọn ẹlẹgbẹ. Lẹhinna ṣẹda oju eefin VPN rẹ waya bi atẹle.

Ẹlẹgbẹ (bọtini ti gbogbo eniyan), awọn ips ti a gba laaye (nẹtiwọọki/boju-boju subnet) ati ipari (ip ilu gbangba: ibudo) jẹ ti ẹlẹgbẹ idakeji.

----------  On Node1 (Use the IPs and Public Key of Node 2) ---------- 
$ sudo wg
$ sudo wg set wg0 peer MDaeWgZVULXP4gvOj4UmN7bW/uniQeBionqJyzEzSC0= allowed-ips 192.168.10.0/24  endpoint  10.20.20.3:54371

----------  On Node2 (Use the IPs and Public Key of Node 1) ----------
$ sudo wg
$ sudo wg set wg0 peer 6yNLmpkbfsL2ijx7z996ZHl2bNFz9Psp9V6BhoHjvmk= allowed-ips 192.168.10.0/24 endpoint  10.20.20.4:42930

Idanwo WireGuard VPN Eefin Laarin Awọn Ẹrọ Linux

Lọgan ti a ti ṣẹda oju eefin VPN wayaguard, ping ẹlẹgbẹ idakeji nipa lilo adirẹsi ti wiwo nẹtiwọọki oluṣọ waya. Lẹhinna ṣiṣe ohun elo wg lẹẹkansii lati jẹrisi bowo ọwọ laarin awọn ẹlẹgbẹ bi o ti han.

---------- On Node 1 ----------
$ ping 192.168.10.2
$ sudo wg

---------- On Node 2 ----------
$ ping 192.168.10.1
$ sudo wg

Iyẹn ni fun bayi! WireGuard jẹ igbalode, aabo, o rọrun sibẹsibẹ lagbara ati irọrun-lati-tunto VPN ojutu fun ọjọ iwaju. O n lọ idagbasoke ti o wuwo nitorinaa ṣiṣẹ ni ilọsiwaju. O le gba alaye diẹ sii paapaa nipa awọn iṣẹ inu inu rẹ ati awọn aṣayan iṣeto miiran lati oju-ile WireGuard.