- WireGuard inopa kuita kwepamusoro uye yakaderera latency ine yemazuva ano cryptography uye nyore kuseta.
- Inotsigira kutenderera, kuuraya-kuchinja uye kupatsanura-tunneling, yakanakira kufamba uye yakachengeteka network kuwana.
- Homogeneous uye akawanda-chikuva kumisikidzwa ine yakajeka kiyi manejimendi uye NAT/Firewall mitemo.
- Munzvimbo dzemabhizinesi, inobatana neNAC, IDS/IPS uye madhairekitori ekupinda kunodzorwa.
Uri kutsvaga VPN inokurumidza, yakachengeteka, uye isingakugumbure nekusingaperi kuseta? WireGuard Ndiyo imwe yezvakanakisa sarudzo. Iyi protocol yemazuva ano inotungamira kureruka uye mamiriro-e-the-art cryptography, zvichiita kuti zvive nyore kune chero munhu kumisa mugero wakachengeteka.
Pamusoro pekuchengetedza iwe paruzhinji network uye kubvumidza iwe kuti uwane imba yako kana bhizinesi network, VPN inobatsira kupfuura geo-blocks uye censorshipNeWireGuard, iyo yakawedzera kuvanzika uye kuita kunouya nekukatyamadza kuri nyore kuseta maitiro, ese pamakomputa uye nharembozha.
WireGuard muchidimbu
WireGuard ndiye a vpn software yakavhurika sosi yakatarisana kune layer 3 (L3) iyo Inoshandisa UDP chete uye yemazuva ano cryptography nekukasira.Kubatsira kwayo kukuru ndeye minimalist dhizaini ine mashoma mashoma mitsara yekodhi, iyo inofambisa maodhita, inoderedza nzvimbo yekurwisa, uye inovandudza mashandiro.
Kusiyana nezvinopiwa nemamwe maVPN, pano iwe hausarudze akawanda ealgorithms kana zvikamu; WireGuard inotsanangura yakabatana cryptographic "pakeji"Kana algorithm ikaderedzwa, vhezheni itsva inoburitswa uye vatengi/seva vanotaurirana nezvekusimudzira zviri pachena.
Iyi protocol inogara ichishanda mu tunnel mode, uye Inotsigira IPv4 uye IPv6 (inovhara imwe mukati meimwe kana zvichidikanwa)Kuti uishandise, iwe uchafanirwa kuvhura UDP port (inogadziriswa) pane yako router kune server yako.
Kuenderana uye rutsigiro
Munyika ye firewalls, OPNsense inobatanidza WireGuard mu kernel to maximize speed. pfSense yaive nema ups and downs ayo: yakabuda muvhezheni 2.5.0, yakabviswa muna 2.5.1 nekuda kwekuchengetedzwa kwakawanikwa, uye Nhasi inogona kuiswa sepakeji inotungamirirwa kubva pawebhu interface.
Kudhirowa kwemazwi kwakashandiswa
WireGuard inovimba neseti yemazuva ano uye yakaongororwa zvakanyanya algorithms: Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash uye HKDFDhata encryption inoshandisa ChaCha20-Poly1305 (AEAD), ine ECDH kuchinjanisa paCurve25519 uye kiyi inotorwa neHKDF.
Iyi nzira inodzivirira kusanganisa masutu akasiyana uye inoderedza zvikanganiso zvekugadzirisaIyo zvakare inorerutsa kugadzirisa matambudziko, sezvo node dzese dzichitaura zvakafanana cryptographic mutauro.
Kushanda uye kunonoka
Minimalist kuita uye yakaderera-level kubatanidzwa inobvumira kumhanya kwakanyanya uye kunonoka kunonokaMukuenzanisa kwepasirese kunopesana neL2TP/IPsec uye OpenVPN, WireGuard inowanzobuda pamusoro, kazhinji ichipeta kaviri kuburitsa pane imwechete hardware.
Pane isina kugadzikana kana nharembozha, Kudzoreredza Session kunokurumidza Uye kubatanazve mushure mekuchinja kwetiweki (kutenderera) hakuonekwe. Pamidziyo ine zviwanikwa zvishoma (marouta, maIoT zvishandiso), simba rayo rakaderera rinoita mutsauko wese, kuchengetedza CPU uye simba rebhatiri.
Kurumidza kuisirwa paLinux
Mukugovera kwemazuva ano, WireGuard yatove kuwanikwa mumatura akatsiga. PaDebian/Ubuntu, ingoiisa. gadziridza uye isa iyo official packageMune mamwe, ungangoda kuwedzera repositori kana kumisa iyo kernel module.
sudo apt update && sudo apt upgrade -y
sudo apt install wireguard -y
sudo modprobe wireguard
Kana iwe ukashandisa bazi risina iro mu "yakagadzika", unogona kuenda kune "isina kugadzikana / yekuyedza" repositori pasi pekutanga kutonga, kunyangwe Zvakanaka, iwe unofanirwa kuidhonza kubva kune yakagadzikana repo. ye distro yako kana yave kuwanikwa.
Kugadzira makiyi
Chishandiso chega chega (seva uye mutengi) chinoda makiyi ayo maviri. Chengeta imba yega yega yakakiyiwa. uye anogovanisa yeruzhinji chete nevezera rake.
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
Iwe unogona kudzokorora maitiro emutengi wega wega uye chengetedza nemazita. kudzivisa kuvhiringidzika pakati pevezera sezvo kutumirwa kwako kuchikura.
Kugadziriswa kweseva
Iyo yakajairika faira ndeye /etc/wireguard/wg0.confMuchikamu chino, iwe unotsanangura iyo VPN IP kero, yakavanzika kiyi, uye UDP port. Muchikamu chega chega, iwe unowedzera mutengi, uchibvumira kiyi yeruzhinji uye ane mvumo IP kero.
Address = 192.168.2.1/24
ListenPort = 51820
PrivateKey = <clave_privada_servidor>
# Ejemplo de NAT automátizado con PostUp/PostDown, si lo necesitas
#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PublicKey = <clave_publica_cliente1>
AllowedIPs = 192.168.2.2/32
# Añade más peers según necesites
#
#PublicKey = <clave_publica_cliente2>
#AllowedIPs = 192.168.2.3/32
Kana iwe uchida kubvumidza chero mutengi IP uye kugadzirisa nzira zvakasiyana, unogona kushandisa MaIP anobvumidzwa = 0.0.0.0/0 Munzvimbo dzevezera, asi munzvimbo dzakadzorwa zviri nani kugovera /32 pamutengi kuitira kuteedzera.
Kurongeka kwemutengi
La chikamu Inotakura kiyi yakavanzika uye IP yayo muVPN; kiyi yeruzhinji yeseva, magumo ayo, uye mutemo wenzira.
PrivateKey = <clave_privada_cliente>
Address = 192.168.2.2/32
DNS = 1.1.1.1
PublicKey = <clave_publica_servidor>
Endpoint = <IP_publica_servidor>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
El PersistentKeepalive (25) Izvi zvinobatsira kana mutengi ari kuseri kweNAT/mafirewall anovhara kusashanda mepu. InobvumirwaIPs inotsanangura kana uchifambisa traffic yese kuburikidza neVPN (0.0.0.0/0) kana chete madiki madiki.
NAT, kutumira uye firewall
Kuti ubvumire vatengi kuwana internet kuburikidza nesevha, unofanirwa gonesa IP kutumira uye shandisa NAT pane WAN interface.
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
sudo iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
Kana firewall policy yako ichiganhurira, inobvumira traffic pane iyo wg0 interface uye vhura yakasarudzwa UDP chiteshi pane firewall/NAT router.
sudo iptables -I INPUT 1 -i wg0 -j ACCEPT
Kuunza iyo interface uye kugonesa sevhisi pakutanga: wg-nekukurumidza uye systemd Vanozvisiya pa autopilot iwe.
sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0
Kutenderera, Kuuraya-Chinja uye kufamba
WireGuard yakagadzirirwa kushandiswa kwemazuva ese nhare: Kana iwe ukachinja kubva paWi-Fi kuenda ku4G/5G, mugero unomiswa zvakare nekupenya.Iwe hauzocherechedze chero kukanganisa kwakanyanya kana uchichinja network.
Uyezve, unogona kugonesa a kuuraya-chinja (zvichienderana nepuratifomu kana app) kuitira kuti, kana VPN ichidzika, iyo system inovhara traffic kusvika yadzorerwa, kudzivirira kudonha kwetsaona.
Split-tunneling
Iyo kupatsanurwa tunnel inoita kuti usarudze Ndeipi traffic inofamba neVPN uye chii chinobuda chakananga kunze?Inobatsira kuchengetedza yakaderera latency mukati mitambo kana vhidhiyo kufona panguva yekuwana zviwanikwa zvemukati kuburikidza nemugero.
Mienzaniso miviri yakajairika yekumisikidza pamutengi, uchishandisa iyo InobvumirwaIPs kuraira:
# Redirección total por la VPN
PublicKey = <clave_publica_servidor>
AllowedIPs = 0.0.0.0/0
Endpoint = <IP_publica_servidor>:51820
# Solo la LAN remota (por ejemplo, 192.168.1.0/24) a través de la VPN
PublicKey = <clave_publica_servidor>
AllowedIPs = 192.168.1.0/24
Endpoint = <IP_publica_servidor>:51820
Izvi zvinoderedza kukanganisa kwekukurumidza / latency uye Iwe unonatsiridza chiitiko pane chaunoda chaizvo kudzivirira.
Zvakanakira uye kuipa kweWireGuard
- IN FAVOR: kumhanya, yakaderera latency, nyore, cryptography yemazuva ano, kuderedzwa kwekushandisa zviwanikwa, uye diki codebase inofambisa ongororo.
- PASI: Tsigiro mune mamwe ecosystems ekare haina kukura kupfuura IPsec/OpenVPN, ine mashoma epamusoro maficha (zvinyorwa uye zvekuzvarwa obfuscation), uye kufunga kwekuvanzika nekuti makiyi eruzhinji akabatana nemukati tunnel IPs.
Tsigiro ye firewalls, NAS uye QNAP
Mune firewall-mhando midziyo, OPNsense inobatanidza WireGuard ne kernel kukurumidza. Mu pfSense, uchimirira kubatanidzwa kwakagadzikana, unogona kuisa iyo pasuru uye kuibata zviri nyore kubva kuGUI.
PaQNAP NAS, kuburikidza neQVPN 2, Unogona kuseta L2TP/IPsec, OpenVPN, uye WireGuard maseva.... uye kunyange kuona Debian kana iwe uchida tweak OpenVPN neAES-GCM kana kuyera ne iperf3. Mumiyedzo ine Hardware ine simba (senge QNAP ine Ryzen 7 uye 10GbE) uye 10GbE mutengi, WireGuard yakawedzera kuita kwakapetwa kaviri maringe neL2TP/IPsec kana OpenVPN munzvimbo imwechete yenzvimbo.
WireGuard pane mobile: masimba uye kushaya simba
PaIOS neAroid, purogiramu yepamutemo inoita kuti zvive nyore kuchinja pakati pemataneti zvisina mutsetse. Kubatsira kukuru: Kubhurawuza kwakachengeteka paruzhinji Wi-Fi kubva kumahotera kana nhandare dzendege uye uvanze traffic yako kubva kuISP yako. Uyezve, kana iwe ukamisa yako sevha, unogona kuwana imba yako kana bhizinesi sekunge iwe uripo chaizvo.
The zvine musoro mumwe wake kuti Imwe latency inowedzerwa uye kumhanya kunodonha zvishomakunyanya kana iwe uchitungamira traffic yese. Nekudaro, WireGuard iri pakati peakanyanya bhatiri-hushamwari uye kuita-hushamwari mapuroteni. Onawo zvinokurudzirwa zve Android kana nyaya yako iri mobile.
Isa uye shandisa pane mamwe mapuratifomu
Pa macOS, Windows, Android, uye iOS, une mapurogiramu epamutemo; chaunofanira kuita chete import the .conf file or scan a QR code inogadzirwa kubva kune yako yekumisikidza maneja. Maitiro acho akafanana neaya eLinux.
Kana iwe uchizoimisa paVPS, rangarira maitiro akanaka: update system, shandisa firewallDzimisa iyo WireGuard UDP chiteshi kubvumidza IPs kana zvichibvira uye tenderedza makiyi kana zvichidikanwa nemutemo wako.
Verification uye kuongororwa
Kuti usimbise kuti zvese zvakarongeka, zembera wg uye wg-nekukurumidzaIwe uchaona kubata maoko, mabhayiti kutamiswa, uye nguva kubva pakuchinjana kwekupedzisira.
wg
wg show
Kana pasina kubatana, tarisa: nzira dzehurongwa, NAT, vhura UDP port pa router uye kuti Endpoint nemakiyi ezera rega rega akarurama. A ping kune server IP kero paVPN kazhinji ndiyo yekutanga inobatsira bvunzo.
Nenzira iri nyore, yemazuva ano cryptography, uye inooneka kuita, WireGuard yawana nzvimbo yayo seyakasarudzika VPN Yevashandisi vekumba nemabhizinesi. Kuiswa kwakatwasuka, manejimendi ari nyore, uye huwandu hwayo hwekushandisa (kure kuwana, saiti-kune-saiti, kufamba kwakachengeteka, kana kupatsanura-tunneling) inokodzera chero mamiriro ezvinhu. Wedzera maitiro akanaka ekuchengetedza, firewall yakanyatsogadziriswa, uye yekutarisa kwekutanga, uye iwe uchave nekukurumidza, yakagadzikana, uye yakaoma-kupwanya mugero.
Mharidzo inyanzvi mune tekinoroji uye internet nyaya ine anopfuura makore gumi echiitiko mune akasiyana dhijitari media. Ndakashanda semupepeti uye mugadziri wezvemukati we e-commerce, kutaurirana, online kushambadzira uye kushambadzira makambani. Ndanyorawo pane zvehupfumi, mari uye mamwe masekete mawebhusaiti. Basa rangu ndirowo shungu dzangu. Zvino, kuburikidza nezvinyorwa zvangu mu Tecnobits, Ndinoedza kuongorora nhau dzose nemikana mitsva iyo nyika yetekinoroji inotipa zuva rega rega kuvandudza hupenyu hwedu.