WireGuard - Ramin VPN Mai Azumi, Na Zamani kuma Mai Tabbatarwa don Linux

WireGuard ingantaccen zamani ne, amintacce, giciye-dandamali da aiwatarwa gabaɗaya mai amfani da VPN wanda ke amfani da fasahar fasahar zamani. Yana nufin ya zama mai sauri, mai sauƙi, mara nauyi kuma yafi aiki fiye da IPsec kuma yana da niyyar zama mafi kwazo fiye da OpenVPN.

An tsara shi don amfani a cikin yanayi daban-daban kuma ana iya ɗora shi a kan abubuwan hulɗar da aka haɗa, cikakkun hanyoyin da aka ɗora a baya, da kuma manyan kwamfutoci iri ɗaya; kuma yana gudanar da tsarin Linux, Windows, macOS, BSD, iOS, da Android.

Shawara Karanta: 13 Mafi Kyawun Ayyukan VPN tare da Biyan Kuɗaɗen Rayuwa

Yana gabatar da matsakaici mai mahimmanci amma mai iko wanda yake nufin zama mai sauƙi, mai sauƙin daidaitawa da turawa azaman SSH. Babban fasalinsa ya haɗa da sauƙaƙan hanyar sadarwar hanyar sadarwa, zirga-zirgar maɓallin crypto, ginannen yawo da tallafin kwantena.

Lura cewa a lokacin rubuce-rubuce, yana ƙasa da ci gaba mai nauyi: wasu ɓangarorinta suna aiki zuwa ga daidaitaccen sakin 1.0, yayin da wasu suna can (suna aiki lafiya).

A cikin wannan labarin, zaku koyi yadda ake girka da saita WireGuard a cikin Linux don ƙirƙirar ramin VPN tsakanin rundunonin Linux biyu.

Don wannan jagorar, saitinmu (sunan mai masauki da IP na jama'a) kamar haka:

Node 1 : tecmint-appserver1: 		10.20.20.4
Node 2 : tecmint-dbserver1: 		10.20.20.3

Yadda ake Shigar da WireGuard a cikin Rarraba Linux

Shiga cikin sassan ku duka biyu kuma girka WireGuard ta amfani da umarnin da ya dace don rarraba Linux ɗin ku kamar haka.

$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
$ sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
$ sudo yum copr enable jdoss/wireguard
$ sudo yum install wireguard-dkms wireguard-tools

$ sudo yum install epel-release
$ sudo yum config-manager --set-enabled PowerTools
$ sudo yum copr enable jdoss/wireguard
$ sudo yum install wireguard-dkms wireguard-tools

$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
$ sudo yum install wireguard-dkms wireguard-tools

$ sudo dnf install wireguard-tools

# echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
# printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
# apt update
# apt install wireguard

$ sudo add-apt-repository ppa:wireguard/wireguard
$ sudo apt-get update
$ sudo apt-get install wireguard

$ sudo zypper addrepo -f obs://network:vpn:wireguard wireguard
$ sudo zypper install wireguard-kmp-default wireguard-tools

Saitin Hanyar VPN na WireGuard VPN Tsakanin Mai watsa shiri Linux biyu

Lokacin da aka gama aikin saka garkuwar waya a duka nodes, zaku iya sake yin node ɗinku ko ku ƙara koyaushe na waya daga kwayar Linux ta amfani da umarni mai zuwa akan duka nodes.

$ sudo modprobe wireguard
OR
# modprobe wireguard

Na gaba, samar da madannin jama'a da masu zaman kansu na base64-wadanda aka yi amfani dasu ta amfani da wg mai amfani akan duka nodes kamar yadda aka nuna.

---------- On Node 1 ---------- 
$ umask 077
$ wg genkey >private_appserver1

---------- On Node 2 ----------
$ umask 077
$ wg genkey >private_dbserver1
$ wg pubkey < private_dbserver1

Na gaba, kuna buƙatar ƙirƙirar hanyar sadarwa (misali wg0) don aikin waya a kan takwarorina kamar yadda aka nuna a ƙasa. Sannan sanya adiresoshin IP ga sabon hanyar sadarwar da aka kirkira (don wannan jagorar, zamuyi amfani da hanyar sadarwar 192.168.10.0/24).

---------- On Node 1 ---------- 
$ sudo ip link add dev wg0 type wireguard
$ sudo ip addr add 192.168.10.1/24 dev wg0

---------- On Node 2 ----------
$ sudo ip link add dev wg0 type wireguard
$ sudo ip addr add 192.168.10.2/24 dev wg0

Don duba alamomin sadarwar da aka haɗe akan takwarorinsu da adiresoshin IP ɗinsu, yi amfani da umarnin IP mai zuwa.

$ ip ad

Na gaba, sanya maɓallin keɓaɓɓe don kowane takwarorinsa zuwa wg0 cibiyar sadarwar yanar gizo kuma kawo haɓakar kamar yadda aka nuna.

---------- On Node 1 ---------- 
$ sudo wg set wg0 private-key ./private_appserver1
$ sudo ip link set wg0 up

---------- On Node 2 ----------
$ sudo wg set wg0 private-key ./private_dbserver1
$ sudo ip link set wg0 up

Yanzu duk hanyoyin haɗin suna sama da kowannensu tare da maɓallan keɓaɓɓe waɗanda ke haɗe da su, gudanar da wg utility ba tare da wata hujja ba don dawo da daidaiton hanyoyin WireGuard akan takwarorinsu. Don haka sai ka kirkiri ramin VPN dinka kamar haka.

Abokan (mabuɗin jama'a), izini-ips (masarrafar cibiyar sadarwa/subnet) da kuma ƙarshen ra'ayi (ip ɗin jama'a: tashar jiragen ruwa) na kishiyar abokin gaba ne.

----------  On Node1 (Use the IPs and Public Key of Node 2) ---------- 
$ sudo wg
$ sudo wg set wg0 peer MDaeWgZVULXP4gvOj4UmN7bW/uniQeBionqJyzEzSC0= allowed-ips 192.168.10.0/24  endpoint  10.20.20.3:54371

----------  On Node2 (Use the IPs and Public Key of Node 1) ----------
$ sudo wg
$ sudo wg set wg0 peer 6yNLmpkbfsL2ijx7z996ZHl2bNFz9Psp9V6BhoHjvmk= allowed-ips 192.168.10.0/24 endpoint  10.20.20.4:42930

Gwajin WireGuard VPN Rami Tsakanin Tsarin Linux

Da zarar an ƙirƙiri ramin ɓoye na VPN, yana yin ping akasin abokin amfani da adireshin cibiyar sadarwar wayaguard. Sannan a sake amfani da wg mai amfani don sake musafiha tsakanin takwarorin kamar yadda aka nuna.

---------- On Node 1 ----------
$ ping 192.168.10.2
$ sudo wg

---------- On Node 2 ----------
$ ping 192.168.10.1
$ sudo wg

Wannan kenan a yanzu! WireGuard ingantaccen zamani ne, amintacce, mai sauƙi amma mai ƙarfi kuma mai sauƙin daidaitawa VPN bayani don gaba. Yana fuskantar babban ci gaba saboda haka aiki yana gudana. Kuna iya samun ƙarin bayani musamman game da aikin ciki da sauran zaɓuɓɓukan daidaitawa daga shafin gidan yanar gizo na WireGuard.