Wannan labarin zai bayyana dalla-dalla yadda ake saita Wireguard VPN akan sabar ku. Yana iya zama uwar garken kama-da-wane ko mai zaman kansa - ba shi da mahimmanci sosai.
Wannan jagorar saitin Wireguard na VPN an tsara shi don masu amfani waɗanda ba su da gogewa sosai, don haka duk matakan za su kasance dalla-dalla kuma za su bi su ta hanyar hotunan kariyar kwamfuta.
Za a ɓoye hanyoyin wucewa ta hanyarmu, kuma Intanet za ta nuna adireshin IP na uwar garken VPN ɗinmu, ba adireshin mai ba da hanyar sadarwar da muke shiga ba.
Ana tsammanin cewa kun riga kuna da VPS. Idan ba haka ba, kuna iya domin daga gare mu.
Za mu shigar da tsarin aiki na Ubuntu 22.04 akan sabar mu. Idan kuna da uwar garken tare da OS daban-daban, to zaku iya sake shigar da shi cikin sauƙi ta bin abubuwan umarnin.
Don haka, uwar garken tare da Ubuntu 22.04 OS a shirye, yanzu muna haɗa shi ta hanyar SSH. Idan ba zato ba tsammani ba ku ci karo da wannan yarjejeniya ba, to, labarin da aka bayyana wannan tsari daki-daki zai taimaka muku. Sakin layi na biyu na Labari na Linux OS ne, na uku kuma na Windows OS ne.
Saita uwar garken Wireguard
Bayan haɗin kai mai nasara, zan rubuta ƴan umarni da bayanin abin da suke samarwa don fahimtar tsarin:
Muna sabunta jerin fakitin a cikin ma'ajin
apt updateSabunta fakitin kansu
apt upgrade -yShigar da fakitin waya
apt install -y wireguardZa a adana tsarin mu a cikin /etc/wireguard/ directory, muna buƙatar shigar da directory:
cd /etc/wireguard/Za mu buƙaci maɓallin jama'a da na sirri don uwar garken mu. Za mu ƙirƙira su bayan saita haƙƙoƙin daidai lokacin ƙirƙirar fayiloli da kundayen adireshi tare da umarni:
umask 077
wg genkey > privatekey
wg pubkey < privatekey > publickeyYanzu mun saita haƙƙoƙin maɓalli na sirri:
chmod 600 privatekeyKafin ƙirƙirar fayil ɗin sanyi, muna buƙatar sunan cibiyar sadarwar mu. Don gano ta, yi amfani da umarnin:
ip aMuna buƙatar dubawa tare da adireshin IP wanda ake amfani da shi don haɗin yanzu. Wataƙila za a kira shi ens3 a cikin yanayin ku, amma ana iya samun wani suna.
Hakanan za mu buƙaci maɓallin jama'a da na sirri. Don nuna su ina amfani da wutsiya
tail privatekey publickeyYana kama da wannan:
Don gyarawa, zaku iya amfani da kowane Editan rubutu na Linux. Zan yi amfani da nano. Don shigar da shi kuna buƙatar gudanar da umarni:
apt install -y nanoMuna gyara fayil ɗin sanyi:
nano /etc/wireguard/wg0.confNote
Domin adana fayil ɗin muna amfani da haɗin maɓallin ctrl+o
don fita - ctrl + x
Ya kamata kama da wannan:
[Interface]
PrivateKey = [ your private key ]
Address = 10.30.0.1/24
ListenPort = 51928
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o [ interface name ] -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o [ interface name ] -j MASQUERADEA wurina yana kama da wannan
Muna kunna ip forwarding
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -pKaddamar da sabis na waya:
systemctl start [email protected]Idan muna son sabis ɗin ya fara bayan an sake kunna uwar garken, to muna yin haka:
systemctl enable [email protected]Don duba matsayin sabis:
systemctl status [email protected]Ya kamata matsayin ya kasance yana aiki kamar yadda yake a cikin hoton:
Idan kun bi umarninmu a hankali, to, a wannan matakin, kuna da duk abin da kuke buƙata don sa sashin uwar garken VPN Wireguard yayi aiki.
Saita abokin ciniki na Wireguard
Abinda ya rage shine saita sashin abokin ciniki. Misali da sauƙi, Zan samar da maɓallai don ɓangaren abokin ciniki kuma akan sabar. Amma don dalilai na tsaro, zai zama mafi daidai don samar da maɓalli a gefen abokin ciniki. Ina amfani da umarni don tsarawa:
wg genkey > mypc_privatekey
wg pubkey < mypc_privatekey > mypc_publickeyZan kuma samar da maɓallai don amfani da VPN akan wayar:
wg genkey > myphone_private
keywg pubkey < myphone_privatekey > myphone_publickeyYa kamata a lura cewa duk wannan ana buƙatar yin shi yayin kasancewa a cikin kasida
/etc/wireguard/
Hakanan zaka iya gudu a cikin wani kasida. Amma don sauƙi, muna aiwatar da umarnin a /etc/wireguard/
Muna amfani da umarnin ls don jera fayiloli a cikin kundin adireshi. Na samu kamar haka:
Bari mu nuna maɓallan jama'a akan allon. Za mu buƙaci su don ƙara nodes zuwa cibiyar sadarwar mu:
tail mypc_publickey myphone_publickeyA gare ni yana kama da haka:
Bari mu gyara fayil ɗin daidaitawar mu:
nano wg0.confƘara Lines na gaba:
[Peer]
PublicKey = [ mypc_publickey ]
AllowedIPs = 10.30.0.2/32
[Peer]
PublicKey = [ myphone_publickey ]
AllowedIPs = 10.30.0.3/32Yanzu fayil ɗin config yayi kama da haka:
Ajiye fayil ɗin kuma sake kunna sabis ɗinmu:
systemctl restart wg-quick@wg0Mu duba cewa komai ya yi nasara:
systemctl status wg-quick@wg0Dole ne matsayin ya kasance mai aiki
Ana buƙatar sake loda sabis ɗin kowane lokaci bayan gyara fayil ɗin daidaitawar uwar garken (wg0.conf)
Na gaba, za mu ƙirƙiri jeri don abokan ciniki (a cikin akwati na, PC na da waya). Zan yi haka a kan uwar garke.
nano mypc.conf[Interface]
PrivateKey = [mypc_privatekey private key]
Address = 10.30.0.2/32
DNS = 8.8.8.8
[Peer]
PublicKey = [publickey server publc key]
Endpoint =[ server ip address]:51928
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 20A cikin filin Ƙarshe, za ku iya ganin adireshin IP na uwar garken - wannan shine adireshin IP ɗin da muka saba haɗi ta hanyar SSH. Don ganin musaya da adireshi, zaku iya amfani da umarnin ip.
Saita Wireguard don wayar hannu
Muna ƙirƙira irin wannan tsari don wayar mu. Kawai buƙatar canza adireshin. Don PC ya kasance 10.30.0.2/32, kuma a cikin tsarin wayar za mu yi 10.30.0.3/32. Hakanan, idan muna son amfani da VPN akan wasu na'urori, to yakamata mu ƙara wasu adireshi zuwa filin adireshi a cikin fayilolin sanyi da fayil ɗin sanyi na uwar garken wg0.conf, filin AllowedIPs lokacin ƙirƙirar saiti.
Fayiloli suna kama da haka a cikin akwati na:
mypc.conf
my phone.conf
Don haɗi, mun shigar da abokin ciniki na waya https://www.wireguard.com/install/
A cikin aikace-aikacen Windows, muna ƙara sabon rami kuma mu shigar da tsarin da aka ƙirƙira a cikin fayil ɗin mypc.conf
Mun kaddamar da rami kuma je zuwa mai bincike zuwa gidan yanar gizon da ke nuna adireshin mu
Domin ƙara VPN cikin dacewa da wayarka, shigar da shirin don ƙirƙirar lambobin qr akan sabar:
apt install -y qrencodeKasancewa cikin kundin tsarin saiti, yi mataki mai zuwa:
qrencode -t ansiutf8 -r myphone.conf
Daga nan sai mu shigar da Wireguard app akan wayar, danna + don ƙirƙirar sabon rami, zaɓi lambar QR, duba shi, kunna VPN. Na gaba, za mu bincika cewa muna nuna adireshin uwar garken mu ta hanyar amfani da duk wata hanya da ke nuna adireshin IP ɗin da aka fitar.
Ka yi shi!
