{"id":305,"date":"2020-08-05T17:00:49","date_gmt":"2020-08-05T15:00:49","guid":{"rendered":"http:\/\/blog.tomasbrincil.cz\/?p=305"},"modified":"2020-08-05T17:00:49","modified_gmt":"2020-08-05T15:00:49","slug":"wireguard-rinetd","status":"publish","type":"post","link":"https:\/\/blog.tomasbrincil.cz\/?p=305","title":{"rendered":"WireGuard &#038; rinetd"},"content":{"rendered":"\n<p>Proto\u017ee opakovan\u011b p\u0159ipojuji dal\u0161\u00ed dislokovan\u00e9 pracovi\u0161t\u011b a opakovan\u011b hled\u00e1m ty sam\u00e9 postupy ve sv\u00fdch pozn\u00e1mk\u00e1ch, odlo\u017e\u00edm si zde komplexn\u011bj\u0161\u00ed postup a pod\u011bl\u00edm se o svou praxi, kter\u00e1 by mohla n\u011bkoho inspirovat.<\/p>\n\n\n\n<p>WireGuard pat\u0159\u00ed mez\u00ed nejprogresivn\u011bj\u0161\u00ed  a nejpou\u017eiteln\u011bj\u0161\u00ed VPN &#8211; ten kdo v korpor\u00e1tn\u00edm prost\u0159ed\u00ed \u0159e\u0161il t\u0159eba IPSec nebo je\u0161t\u011b star\u00e9 PPTP, p\u0159\u00edpadn\u011b n\u011bjak\u00e9 obskurn\u00ed vendorlockovan\u00e9 \u0159e\u0161en\u00ed, tak v\u00ed jak\u00fd je probl\u00e9m aby v\u0161e fungovalo v\u0161ude.  WireGuard je velmi jednoduch\u00fd na konfiguraci a \u0161irokou podporu platforem. Klient existuje jak pro macOS, tak pro Windows, Android i iOS.<\/p>\n\n\n\n<p>rinetd je s\u00ed\u0165ov\u00fd n\u00e1stroj na p\u0159esm\u011brov\u00e1n\u00ed TCP a v nov\u00e9 verzi 0.70 i UDP spojen\u00ed. Pou\u017e\u00edv\u00e1m to m\u00edsto portforwardingu. V kombinaci s WireGuardem tedy nen\u00ed nutn\u00e9 vystrkovat porty na ve\u0159ejnou IP adresu, ale sta\u010d\u00ed se v r\u00e1mci VPN dotazovat jednoho za\u0159\u00edzen\u00ed, kter\u00e9 pak v dan\u00e9m segmentu v\u011bt\u0161\u00ed s\u00edt\u011b p\u0159esm\u011brov\u00e1v\u00e1 m\u00edstn\u011b dotazy.<br><br>Doporu\u010duji zaj\u00edmav\u00fd seri\u00e1l Petra na root.cz &#8211; <a href=\"https:\/\/www.root.cz\/serialy\/wireguard-pro-jednoduchou-linuxovou-vpn\/\">https:\/\/www.root.cz\/serialy\/wireguard-pro-jednoduchou-linuxovou-vpn\/<\/a><br><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/blog.tomasbrincil.cz\/wp-content\/uploads\/2020\/07\/Untitled-Diagram-1.png\" alt=\"\" class=\"wp-image-306\" width=\"387\" height=\"231\" srcset=\"https:\/\/blog.tomasbrincil.cz\/wp-content\/uploads\/2020\/07\/Untitled-Diagram-1.png 501w, https:\/\/blog.tomasbrincil.cz\/wp-content\/uploads\/2020\/07\/Untitled-Diagram-1-300x179.png 300w\" sizes=\"auto, (max-width: 387px) 100vw, 387px\" \/><\/figure><\/div>\n\n\n\n<p>Konkr\u00e9tn\u00ed usecase (t\u0159eba): M\u00e1m od poskytovatele Internetu zp\u0159\u00edstupn\u011bn\u00e9 SNMP na WiFi za\u0159\u00edzen\u00ed, kter\u00fdm jsem p\u0159ipojen\u00fd skrz jeho s\u00ed\u0165 MAN p\u0159ipojen do Internetu. Sm\u011brem z LAN se na za\u0159\u00edzen\u00ed v MAN dostanu, ale z Internetu u\u017e nikoliv. Ve virtu\u00e1ln\u00edm serveru v Internetu mi b\u011b\u017e\u00ed SNMP monitoring, kter\u00fdm bych za\u0159\u00edzen\u00ed v MAN s\u00edti r\u00e1d dohledoval.<\/p>\n\n\n\n<p>P\u0159\u00ed\u0161t\u011b uk\u00e1\u017eu svoj\u00ed konfiguraci rinetd.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Proto\u017ee opakovan\u011b p\u0159ipojuji dal\u0161\u00ed dislokovan\u00e9 pracovi\u0161t\u011b a opakovan\u011b hled\u00e1m ty sam\u00e9 postupy ve sv\u00fdch pozn\u00e1mk\u00e1ch, odlo\u017e\u00edm si zde komplexn\u011bj\u0161\u00ed postup a pod\u011bl\u00edm se o svou praxi, kter\u00e1 by mohla n\u011bkoho inspirovat. WireGuard pat\u0159\u00ed mez\u00ed nejprogresivn\u011bj\u0161\u00ed a nejpou\u017eiteln\u011bj\u0161\u00ed VPN &#8211; ten kdo v korpor\u00e1tn\u00edm prost\u0159ed\u00ed \u0159e\u0161il t\u0159eba IPSec nebo je\u0161t\u011b star\u00e9 PPTP, p\u0159\u00edpadn\u011b n\u011bjak\u00e9 obskurn\u00ed vendorlockovan\u00e9 &hellip; <a href=\"https:\/\/blog.tomasbrincil.cz\/?p=305\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">WireGuard &#038; rinetd<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-305","post","type-post","status-publish","format-standard","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=\/wp\/v2\/posts\/305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=305"}],"version-history":[{"count":1,"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=\/wp\/v2\/posts\/305\/revisions"}],"predecessor-version":[{"id":307,"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=\/wp\/v2\/posts\/305\/revisions\/307"}],"wp:attachment":[{"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tomasbrincil.cz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}