如何通过 wiguard 使用 KDEConnect

如何通过 wiguard 使用 KDEConnect

我如何通过不实现广播的wireguard 使用KDEConnect?

答案1

假设我们有三台计算机:

  • 将运行wireguard服务器的服务器,wireguard IP为10.100.0.1
  • 运行 Android 版 KDEConnect 的手机,wireguard IP 为 10.100.0.2
  • 一台带有 KDE Plasma 且运行 kdeconnect 的笔记本电脑,wireguard ip 10.100.0.3

首先在服务器上配置wireguard。我个人选择使用 nixos 来执行此操作,但您也应该能够手动或使用文件进行配置.conf。这是我的 nix 配置文件:

# Source: https://nixos.wiki/wiki/Wireguard
#### Create keys, as root:
# mkdir ~/wireguard-keys
# umask 077 ~/wireguard-keys
# wg genkey > ~/wireguard-keys/private
# wg pubkey < ~/wireguard-keys/private > ~/wireguard-keys/public
{ config, pkgs, lib, ... }:
let
  port = 51820;
in
{
  environment.systemPackages = with pkgs; [ wireguard ];

  networking.wireguard.interfaces = {
    # "wg0" is the network interface name. You can name the interface arbitrarily.
    wg0 = {
      # Determines the IP address and subnet of the server's end of the tunnel interface.
      ips = [ "10.100.0.1/24" ];

      # The port that Wireguard listens to. Must be accessible by the client.
      listenPort = port;

      # Path to the private key file.
      #
      # Note: The private key can also be included inline via the privateKey option,
      # but this makes the private key world-readable; thus, using privateKeyFile is
      # recommended.
      privateKeyFile = "/root/wireguard-keys/private";

      peers = [
        # List of allowed peers.
        {
          # Android
          publicKey = "myandroidpublickey=";
          # List of IPs assigned to this peer within the tunnel subnet.
          # Used to configure routing.
          allowedIPs = [ "10.100.0.2/32" ];
        }
        {
          # Laptop
          publicKey = "mylaptoppublickey=";
          # List of IPs assigned to this peer within the tunnel subnet.
          # Used to configure routing.
          allowedIPs = [ "10.100.0.3/32" ];
        }
      ];
    };
  };

  # Ensure IP forwarding is enabled.
  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;

  # Add a masquerade rule to iptables so the clients can
  # talk to the internet
  networking.firewall.extraCommands = ''
   iptables -t nat -A POSTROUTING -s 10.100.0.0/24 ! -d 10.100.0.0/24 -j MASQUERADE
  '';
  # Make sure port is open
  networking.firewall = {
    allowedTCPPorts = [ port ];
    allowedUDPPorts = [ port ];
  };


}

重要的部分是确保启用 ip 转发,并运行命令iptables -t nat -A POSTROUTING -s 10.100.0.0/24 ! -d 10.100.0.0/24 -j MASQUERADE。事实上,如果您不进行伪装,那么您将无法通过手机访问互联网,并且如果您在进行伪装之前忘记确保目的地位于网络之外,您将无法从您的手机连接到 KDEConnect(我花了很多时间才意识到这一点)。

然后,在笔记本电脑上配置wireguard,例如输入/etc/wireguard/wg0.conf

# https://wiki.archlinux.fr/Wireguard
# To run, use:
# wg-quick up wg0
# ou systemctl enable --now [email protected]
# Sur le noeud 2, le "client"
[Interface]
# le /24 est important : on définit un réseau (/24) auquel l'interface appartient
Address = 10.100.0.3/24
PrivateKey = computerprivatekey

# On définit qui est le "serveur"
[Peer]
PublicKey = serverpublickey
# le /24 indique ici que tous les noeuds du VPN vont d'abord communiquer avec le serveur,
# qui va nous renvoyer ce qui nous concerne :
# on peut s'attendre à recevoir du trafic de la part d'hypothétiques nouveaux noeuds qui seraient dans 10.X.Y/24
AllowedIPs = 10.100.0.0/24
Endpoint = serverip.com:51820
# En général les clients sont derrière du NAT, et si on veut que le serveur puisse joindre le client à tout moment, il faut :
PersistentKeepalive = 15

在 Android 手机上,安装wireguard 应用程序(可在应用商店FDroid),并创建一个新的接口,生成新的私钥,在接口地址中选择10.100.0.2/32。在 Peer 中,添加服务器的公钥,并输入允许的 IP 0.0.0.0/0(实际上您可以选择一组更严格的 ip)。将终端配置为myserver.com:51820,然后保存/启用配置/测试网络。

最后,只需在手机上打开 KDEConnect,转到“关联新设备”,然后单击右上角的三个点“通过 IP 添加设备”,然后添加笔记本电脑的 IP 10.100.0.3。享受!

注意:如果你不想在手机端配置ip,你也可以重新编译KDEConnect,以便将广播地址更改为你手机的ip...但这不太实用。

相关内容