Algo VPN服务端安装与客户端配置

Algo VPN服务端安装与客户端配置

1、准备工作

1
1、unbuntu 20.04 vps一台

2、服务端安装

1、更新软件和软件仓库

1
2
3
root@instance-11:~# apt update

root@instance-11:~# apt upgrade -y

2、安装必备软件

1
root@instance-11:~# apt install ansible git python3-virtualenv -y

3、克隆仓库

1
2
3
4
5
6
7
8
root@instance-11:~# git clone https://github.com/trailofbits/algo.git
Cloning into 'algo'...
remote: Enumerating objects: 7323, done.
remote: Counting objects: 100% (72/72), done.
remote: Compressing objects: 100% (48/48), done.
remote: Total 7323 (delta 25), reused 50 (delta 16), pack-reused 7251
Receiving objects: 100% (7323/7323), 2.96 MiB | 6.33 MiB/s, done.
Resolving deltas: 100% (4200/4200), done.

4、配置环境

1
2
3
4
5
root@instance-11:~# cd algo/
root@instance-11:~/algo# python3 -m virtualenv --python="$(command -v python3)" .env &&
>   source .env/bin/activate &&
>   python3 -m pip install -U pip virtualenv &&
>   python3 -m pip install -r requirements.txt

image-20220326163412598

5、配置Ansible免密登录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#生成ssh公私钥
root@instance-11:~# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:GNFQcUlqIja8tIeUeEXAIIOoRo3otaEBqRV+Xd1+QvY root@instance-11
The key's randomart image is:
+---[RSA 3072]----+
|O.=+.o=+++oo     |
|=B.*.+ o.oo +    |
|=.* & + o  + .   |
|o+ B * =    o E  |
|.   + o S    o   |
|     .           |
|                 |
|                 |
|                 |
+----[SHA256]-----+

#把公匙发送到目标主机上
root@instance-11:~# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '35.241.109.176 (35.241.109.176)' can't be established.
ECDSA key fingerprint is SHA256:+PPrYot1CRFCSpSiC4JXSU98W6zZdOXsVeCBYCSJviY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

#测试免密登录
root@instance-11:~# ssh [email protected]

6、服务端开始安装

1
2
root@instance-11:~# cd algo/
root@instance-11:~/algo# ./algo

image-20220326163543130

image-20220326163718214

image-20220326164347466

image-20220326164420235

image-20220326164442492

image-20220326164500044

image-20220326164527405

image-20220326164629448

image-20220326164651788

image-20220326164720010

image-20220326165352600

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
    #保存密码更新用户会用到
    "msg": [
        [
            "\"#                          Congratulations!                            #\"",
            "\"#                     Your Algo server is running.                     #\"",
            "\"#    Config files and certificates are in the ./configs/ directory.    #\"",
            "\"#              Go to https://whoer.net/ after connecting               #\"",
            "\"#        and ensure that all your traffic passes through the VPN.      #\"",
            "\"#                     Local DNS resolver 172.24.176.178                   #\"",
            ""
        ],
        "    \"#        The p12 and SSH keys password for new users is ZC2uTzzGV       #\"\n",
        "    \"#        The CA key password is uXaHQizfZPbkszV@       #\"\n",
        "    "
    ]
}

7、添加或删除用户

1
2
3
4
5
6
7
8
9
10
11
#添加用户
root@instance-11:~/algo# egrep '^users' config.cfg -A4
users:
  - phone
  - laptop
  - desktop
  - zy  #添加的用户
  
#更新配置文件
(.env) root@instance-11:~/algo# source .env/bin/activate
(.env) root@instance-11:~/algo# ./algo update-users

image-20220326170341158

image-20220326170435535

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#查看用户配置文件
(.env) root@instance-11:~/algo# cd  /root/algo/configs/35.241.109.176/wireguard/
(.env) root@instance-11:~/algo/configs/35.241.109.176/wireguard# ll
total 48
drwxr-xr-x 4 root root 4096 Mar 26 09:04 ./
drwx------ 4 root root 4096 Mar 26 08:53 ../
drwxr-xr-x 5 root root 4096 Mar 26 09:04 .pki/
drwxr-xr-x 4 root root 4096 Mar 26 08:51 apple/
-rw------- 1 root root  310 Mar 26 08:52 desktop.conf
-rw------- 1 root root 1240 Mar 26 09:06 desktop.png
-rw------- 1 root root  310 Mar 26 08:52 laptop.conf
-rw------- 1 root root 1253 Mar 26 09:06 laptop.png
-rw------- 1 root root  310 Mar 26 08:52 phone.conf
-rw------- 1 root root 1253 Mar 26 09:06 phone.png
-rw------- 1 root root  310 Mar 26 09:04 zy.conf
-rw------- 1 root root 1235 Mar 26 09:06 zy.png

3、客户端安装

1、windwos客户端

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#下载链接
https://download.wireguard.com/windows-client/wireguard-installer.exe

#客户端凭据都放在/root/algo/configs/35.241.109.176/wireguard/
(.env) root@instance-11:~/algo/configs/35.241.109.176/wireguard# ll
total 48
drwxr-xr-x 4 root root 4096 Mar 26 09:04 ./
drwx------ 4 root root 4096 Mar 26 08:53 ../
drwxr-xr-x 5 root root 4096 Mar 26 09:04 .pki/
drwxr-xr-x 4 root root 4096 Mar 26 08:51 apple/
-rw------- 1 root root  310 Mar 26 08:52 desktop.conf
-rw------- 1 root root 1240 Mar 26 09:06 desktop.png
-rw------- 1 root root  310 Mar 26 08:52 laptop.conf
-rw------- 1 root root 1253 Mar 26 09:06 laptop.png
-rw------- 1 root root  310 Mar 26 08:52 phone.conf
-rw------- 1 root root 1253 Mar 26 09:06 phone.png
-rw------- 1 root root  310 Mar 26 09:04 zy.conf
-rw------- 1 root root 1235 Mar 26 09:06 zy.png

#导入凭据测试

image-20220326171722514

image-20220326171802533

image-20220326171917249

2、linux客户端

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#网址
https://www.wireguard.com/install/#windows-7-8-81-10-2012-2016-2019

#更新软件和系统
root@gzy:~# apt update  &&  apt upgrade 

#重启机器
root@gzy:~# [ -e /var/run/reboot-required ] && sudo reboot

#安装软件
root@gzy:~# apt install wireguard openresolv -y

#导入配置
root@gzy:~# cat  /etc/wireguard/wg0.conf
[Interface]
PrivateKey = 6OIGkGKhNd6Ts4jOjwgDRIR5eD83h+MsjRkNzyQy81Y=
Address = 10.49.0.4 
DNS =  172.24.176.178 
MTU = 1380

[Peer]
PublicKey = TELH7NuUhwDbsS00yy5OPufVo6Y8adLhzOZktxIyemg=
PresharedKey = iO3FtrFs79zpkQKiouTRz4oMtFA6FHOyZSSuP3F2H0k=
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = 35.241.109.176:51820

#启动服务
root@gzy:~# systemctl enable wg-quick@wg0 --now

#测试
root@gzy:~# curl ipv4.icanhazip.com
35.241.109.176

image-20220326180018390

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
docker run -d \
  --name=wireguard \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE `#optional` \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Etc/UTC \
  -e SERVERURL=tq.dcjszc.xyz `#optional` \
  -e SERVERPORT=51820 `#optional` \
  -e PEERS=1 `#optional` \
  -e PEERDNS=auto `#optional` \
  -e INTERNAL_SUBNET=10.13.13.0 `#optional` \
  -e ALLOWEDIPS=0.0.0.0/0 `#optional` \
  -e PERSISTENTKEEPALIVE_PEERS= `#optional` \
  -e LOG_CONFS=true `#optional` \
  -p 51820:51820/udp \
  -v /path/to/appdata/config:/config \
  -v /lib/modules:/lib/modules `#optional` \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --restart unless-stopped \
  lscr.io/linuxserver/wireguard:latest

RHCA
VPN

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!