WireGuard \u2014 \u044d\u0442\u043e \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439, \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0439 \u0438 \u0431\u044b\u0441\u0442\u0440\u044b\u0439 VPN \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0438 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0435\u0439, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f IPv4 \u0438 IPv6. \u041e\u043d \u043f\u0440\u043e\u0449\u0435, \u0431\u044b\u0441\u0442\u0440\u0435\u0435, \u0447\u0435\u043c IPSec \u0438 OpenVPN.<\/p>\n\n\n\n
\u0414\u043b\u044f \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f, OpenVPN \u0438 IPSec, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 TLS \u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0442\u0443\u043d\u043d\u0435\u043b\u0435\u0439 \u043c\u0435\u0436\u0434\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438. \u0420\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 TLS \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443 \u0441\u043e\u0442\u0435\u043d \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043d\u0430\u0431\u043e\u0440\u043e\u0432 \u0438 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u043e\u0432, \u0438 \u0445\u043e\u0442\u044f \u044d\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0433\u0438\u0431\u043a\u043e\u0441\u0442\u044c, \u044d\u0442\u043e \u0442\u0430\u043a\u0436\u0435 \u0434\u0435\u043b\u0430\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 VPN, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0439 TLS, \u0431\u043e\u043b\u0435\u0435 \u0441\u043b\u043e\u0436\u043d\u043e\u0439 \u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0430\u043c.<\/p>\n\n\n\n\n\n\n\n
\u0428\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435 WireGuard \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043e \u043d\u0430 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0438 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0445 \u043a\u043b\u044e\u0447\u0430\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u0443\u0437\u043b\u0430\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0442\u0443\u043d\u043d\u0435\u043b\u044c \u043c\u0435\u0436\u0434\u0443 \u0441\u043e\u0431\u043e\u0439.<\/p>\n\n\n\n
\u0422\u0430\u043a\u0436\u0435 WireGuard \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u044f\u0434\u0440\u0430 \u041e\u0421 Linux, \u0432 \u043e\u0442\u043b\u0438\u0447\u0438\u0438 \u043e\u0442 OpenVPN, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0435\u043c\u0443 \u043f\u0440\u043e\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0442\u0440\u0430\u0444\u0438\u043a \u0447\u0435\u0440\u0435\u0437 \u0442\u0443\u043d\u0435\u043b\u044c \u0431\u0435\u0437 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0442\u0435\u0440\u044c \u0432 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u0438.<\/p>\n\n\n\n
\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 WireGuard \u043d\u0430 Linux Ubuntu 20.04 (\u0420\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0438 \u043d\u0430 18\/20\/22)<\/p>\n\n\n\n
\u041f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b:<\/p>\n\n\n\n
sudo apt update && apt upgrade\r\n\r\nsudo echo \"net.ipv4.ip_forward=1\" >> \/etc\/sysctl.conf\r\nsudo sysctl -p<\/code><\/pre>\n\n\n\n\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430:<\/p>\n\n\n\n
sudo apt install wireguard<\/code><\/pre>\n\n\n\n\u0413\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f \u043a\u043b\u044e\u0447\u0435\u0439 \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430: \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0439:<\/p>\n\n\n\n
sudo wg genkey | sudo tee \/etc\/wireguard\/privatekey | sudo wg pubkey | sudo tee \/etc\/wireguard\/publickey<\/code><\/pre>\n\n\n\n\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f:<\/p>\n\n\n\n
sudo vim \/etc\/wireguard\/wg0.conf\r\n\r\n[Interface]\r\nAddress = 192.168.168.1\/24\r\nPostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\r\nPostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE\r\nListenPort = 51820\r\nPrivateKey = <SERVER-PRIV-KEY><\/code><\/pre>\n\n\n\n\u0433\u0434\u0435 <SERVER-PRIV-KEY><\/code> — \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430: \/etc\/wireguard\/privatekey<\/code><\/p>\n\n\n\n\u0417\u0430\u043f\u0443\u0441\u043a \u0441\u0435\u0440\u0432\u0438\u0441\u0430<\/h2>\n\n\n\nsudo systemctl enable wg-quick@wg0\r\nsudo systemctl start wg-quick@wg0\r\nsystemctl status wg-quick@wg0\r\n\r\nsudo wg show wg0<\/code><\/pre>\n\n\n\n\u041f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0430<\/h2>\n\n\n\n
\u0413\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f \u043a\u043b\u044e\u0447\u0435\u0439 \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430: \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0439:<\/p>\n\n\n\n
sudo wg genkey | sudo tee \/etc\/wireguard\/cl1_privatekey | sudo wg pubkey | sudo tee \/etc\/wireguard\/cl1_publickey<\/code><\/pre>\n\n\n\n\u0433\u0434\u0435 cl1 — \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430.<\/p>\n\n\n\n
\u041e\u0431\u043d\u043e\u0432\u0438\u043c \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0444\u0430\u0439\u043b wg0.conf, \u0434\u043e\u0431\u0430\u0432\u0438\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0430:<\/p>\n\n\n\n
sudo vim \/etc\/wireguard\/wg0.conf\r\n\r\n...\r\n[Peer]\r\nPublicKey = <\u0421LIENT-PUBLIC-KEY>\r\nAllowedIPs = 192.168.168.4\/32<\/code><\/pre>\n\n\n\n\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c WireGuard <\/p>\n\n\n\n
sudo systemctl restart wg-quick@wg0\r\n\r\nsystemctl status wg-quick@wg0<\/code><\/pre>\n\n\n\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u041a\u043b\u0438\u0435\u043d\u0442\u0430<\/h2>\n\n\n\nvim cl1.conf\r\n\r\n[Interface]\r\nPrivateKey = <PEER_PRIVATE_KEY>\r\nAddress = 192.168.168.4\/32\r\n\r\n[Peer]\r\nPublicKey = <SERVER-PUBKEY>\r\nEndpoint = <SERVER-IP>:51820\r\nAllowedIPs = 192.168.168.0\/24\r\nPersistentKeepalive = 20<\/code><\/pre>\n\n\n\n\u0433\u0434\u0435:\r\n- <PEER_2_PRIVATE_KEY> - \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\r\n- <SERVER-PUBKEY> - \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\r\n- <SERVER-IP> - IP \u0430\u0434\u0440\u0435\u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430<\/code><\/pre>\n\n\n\n\u041f\u043e\u0441\u043b\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f, \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435:<\/p>\n\n\n\n
wg show wg0<\/code><\/pre>\n\n\n\n\u041f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c \u0432\u0435\u0441\u044c \u0442\u0440\u0430\u0444\u0438\u043a \u0447\u0435\u0440\u0435\u0437 WireGuard<\/h2>\n\n\n\nvim cl1.conf\r\n\r\n[Interface]\r\nPrivateKey = <PEER_PRIVATE_KEY>\r\nAddress = 192.168.168.4\/32\nDNS = 8.8.8.8\r\n\r\n[Peer]\r\nPublicKey = <SERVER-PUBKEY>\r\nEndpoint = <SERVER-IP>:51820\r\nAllowedIPs = 0.0.0.0\/0\r\nPersistentKeepalive = 20<\/code><\/pre>\n\n\n\n\u0414\u043b\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432<\/h2>\n\n\n\n
\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0434\u043b\u044f iOS \u0438\u043b\u0438 Android \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0432 \u0441\u0442\u043e\u0440\u0430\u0445. \u0414\u043b\u044f \u0432\u0432\u043e\u0434\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u043e\u0432 \u0443\u0434\u043e\u0431\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c QR \u043a\u043e\u0434. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0432 QR.<\/p>\n\n\n\n
sudo apt install qrencode\n\nqrencode -t ansiutf8 < mob_cl2.conf<\/code><\/pre>\n\n\n\n\u041f\u043e\u044f\u0432\u0438\u0432\u0448\u0438\u0439\u0441\u044f QR \u043a\u043e\u0434 \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u043c \u0447\u0435\u0440\u0435\u0437 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u0435 WireGuard.<\/p>\n","protected":false},"excerpt":{"rendered":"
WireGuard \u2014 \u044d\u0442\u043e \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439, \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0439 \u0438 \u0431\u044b\u0441\u0442\u0440\u044b\u0439 VPN \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0438 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0435\u0439, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f IPv4 \u0438 IPv6. \u041e\u043d \u043f\u0440\u043e\u0449\u0435, \u0431\u044b\u0441\u0442\u0440\u0435\u0435, \u0447\u0435\u043c IPSec \u0438...<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[11,129],"_links":{"self":[{"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/posts\/1285"}],"collection":[{"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1285"}],"version-history":[{"count":3,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/posts\/1285\/revisions"}],"predecessor-version":[{"id":1288,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/posts\/1285\/revisions\/1288"}],"wp:attachment":[{"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1285"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}