WireGuard - Ọwara VPN ngwa ngwa, ọgbara ọhụrụ yana nchekwa maka Linux

WireGuard bụ ihe ọgbara ọhụrụ, nchekwa, obe-ikpo okwu yana mmejuputa VPN zuru oke nke na-eji cryptography ọgbara ọhụrụ. Ọ na-achọ ka ọ dị ngwa ngwa, dị mfe, dị nro ma na-arụ ọrụ karịa IPsec na ọ na-ezube ịrụ ọrụ karịa OpenVPN.

Emebere ya maka ojiji n'ọnọdụ dị iche iche, enwere ike ibunye ya na interfaces agbakwunyere, ndị na-anya ụgbọ ala azụ azụ zuru oke, yana supercomputer otu; ma na-agba ọsọ na Linux, Windows, MacOS, BSD, iOS, na sistemụ arụmọrụ gam akporo.

Akwadoro Gụọ: Ọrụ VPN 13 kacha mma nwere ndenye aha ndụ

Ọ na-enye interface dị oke mkpa ma dị ike nke chọrọ ịdị mfe, dị mfe ịhazi na ibuga dị ka SSH. Ihe ndị bụ isi ya gụnyere interface netwọk dị mfe, ụzọ igodo crypto, mkpagharị arụnyere na nkwado akpa.

Rịba ama na n'oge ederede, ọ nọ n'okpuru mmepe siri ike: ụfọdụ akụkụ ya na-arụ ọrụ maka ntọhapụ 1.0 kwụsiri ike, ebe ndị ọzọ adịlarị (na-arụ ọrụ nke ọma).

N'isiokwu a, ị ga-amụta ka esi etinye na hazie WireGuard na Linux iji mepụta ọwara VPN n'etiti ndị ọbịa Linux abụọ.

Maka ntuziaka a, ntọlite anyị (aha nnabata na IP ọha) bụ nke a:

Node 1 : tecmint-appserver1: 		10.20.20.4
Node 2 : tecmint-dbserver1: 		10.20.20.3

Otu esi etinye WireGuard na nkesa Linux

Banye n'ime ọnụ abụọ gị wee wụnye WireGuard site na iji iwu kwesịrị ekwesị maka nkesa Linux gị dị ka ndị a.

$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
$ sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
$ sudo yum copr enable jdoss/wireguard
$ sudo yum install wireguard-dkms wireguard-tools

$ sudo yum install epel-release
$ sudo yum config-manager --set-enabled PowerTools
$ sudo yum copr enable jdoss/wireguard
$ sudo yum install wireguard-dkms wireguard-tools

$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
$ sudo yum install wireguard-dkms wireguard-tools

$ sudo dnf install wireguard-tools

# echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
# printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
# apt update
# apt install wireguard

$ sudo add-apt-repository ppa:wireguard/wireguard
$ sudo apt-get update
$ sudo apt-get install wireguard

$ sudo zypper addrepo -f obs://network:vpn:wireguard wireguard
$ sudo zypper install wireguard-kmp-default wireguard-tools

Ịhazi ọwara WireGuard VPN n'etiti ndị ọbịa Linux abụọ

Mgbe ntinye nke wireguard zuru na ọnụ abụọ ahụ, ị nwere ike ịmalitegharị ọnụ gị ma ọ bụ tinye modul waya nche site na Linux kernel site na iji iwu na-esonụ na ọnụ abụọ ahụ.

$ sudo modprobe wireguard
OR
# modprobe wireguard

Na-esote, mepụta igodo ọha na nzuzo nke base64 na-eji ngwa wg na ọnụ abụọ dị ka egosiri.

---------- On Node 1 ---------- 
$ umask 077
$ wg genkey >private_appserver1

---------- On Node 2 ----------
$ umask 077
$ wg genkey >private_dbserver1
$ wg pubkey < private_dbserver1

Na-esote, ịkwesịrị ịmepụta interface netwọk (dịka wg0) maka wiregaurd na ndị ọgbọ dịka egosiri n'okpuru. Wee kenye adreesị IP na ntanetị netwọkụ ọhụrụ emepụtara (maka ntuziaka a, anyị ga-eji netwọkụ 192.168.10.0/24).

---------- On Node 1 ---------- 
$ sudo ip link add dev wg0 type wireguard
$ sudo ip addr add 192.168.10.1/24 dev wg0

---------- On Node 2 ----------
$ sudo ip link add dev wg0 type wireguard
$ sudo ip addr add 192.168.10.2/24 dev wg0

Ka ilele ihu netwọkụ agbakwunyere na ndị ọgbọ na adreesị IP ha, jiri iwu IP na-esote.

$ ip ad

Na-esote, kenye igodo nzuzo maka ndị ọgbọ ọ bụla na interface netwọk wg0 wee welite interface dị ka egosiri.

---------- On Node 1 ---------- 
$ sudo wg set wg0 private-key ./private_appserver1
$ sudo ip link set wg0 up

---------- On Node 2 ----------
$ sudo wg set wg0 private-key ./private_dbserver1
$ sudo ip link set wg0 up

Ugbu a na njikọ abụọ ahụ dị elu nke ọ bụla nwere igodo nzuzo jikọtara ya na ha, na-agba ọsọ wg na-enweghị arụmụka ọ bụla iji weghachite nhazi nke WireGuard interfaces na ndị ọgbọ. Mgbe ahụ mepụta ọwara VPN wireguard gị dị ka ndị a.

Ndị ọgbọ (igodo ọha), ekwe-ips (network/subnet mask) na njedebe (ip: ọdụ ụgbọ mmiri ọha) bụ nke ndị ọgbọ na-emegide.

----------  On Node1 (Use the IPs and Public Key of Node 2) ---------- 
$ sudo wg
$ sudo wg set wg0 peer MDaeWgZVULXP4gvOj4UmN7bW/uniQeBionqJyzEzSC0= allowed-ips 192.168.10.0/24  endpoint  10.20.20.3:54371

----------  On Node2 (Use the IPs and Public Key of Node 1) ----------
$ sudo wg
$ sudo wg set wg0 peer 6yNLmpkbfsL2ijx7z996ZHl2bNFz9Psp9V6BhoHjvmk= allowed-ips 192.168.10.0/24 endpoint  10.20.20.4:42930

Nnwale WireGuard VPN Ọwara n'etiti Linux Systems

Ozugbo emepụtara ọwara VPN wireguard, ping na-abụghị ndị ọgbọ na-eji adreesị nke netwọk netwọk wireguard. Wee megharịa akụrụngwa wg ọzọ iji kwado nkwekọ aka n'etiti ndị ọgbọ dịka egosiri.

---------- On Node 1 ----------
$ ping 192.168.10.2
$ sudo wg

---------- On Node 2 ----------
$ ping 192.168.10.1
$ sudo wg

Nke ahụ bụ maka ugbu a! WireGuard bụ ihe ọgbara ọhụrụ, nchekwa, dị mfe ma dị ike ma dịkwa mfe ịhazi VPN maka ọdịnihu. Ọ na-aga n'ihu mmepe siri ike si otú a na-arụ ọrụ na-aga n'ihu. Ị nwere ike nweta ozi ndị ọzọ karịsịa gbasara ọrụ ime ya na nhọrọ nhazi ndị ọzọ site na ibe WireGuard.