Ikani OpenVPN pa Ubuntu

Pin
Send
Share
Send

Ogwiritsa ntchito ena akufuna kupanga intaneti patokha pakati pa makompyuta awiri. Ntchitoyi imatheka pogwiritsa ntchito ukadaulo wa VPN (Virtual Private Network). Kulumikizanaku kumayendetsedwa kudzera zofunikira komanso zotsekedwa ndi mapulogalamu. Pambuyo kukhazikitsa bwino ndikusintha kwa zigawo zonse, njirayi imatha kuganiziridwa kuti yatha, ndipo kulumikizidwa ndikutetezedwa. Chotsatira, tikufuna kukambirana mwatsatanetsatane kukhazikitsa ukadaulo kudzera pa kasitomala wa OpenVPN mu kachitidwe kogwiritsa ntchito Linux kernel.

Ikani OpenVPN pa Linux

Popeza ogwiritsa ntchito ambiri amagwiritsa ntchito kugawa potengera Ubuntu, lero malangizowa azikhala pamtunduwu. Nthawi zina, simudzazindikira kusiyana pakukhazikitsa ndi kukhazikitsa kwa OpenVPN, pokhapokha mutatsatira kutsatira kapangidwe kanu, kamene mungawerenge pazosankha zanu. Tikukulimbikitsani kuti muzidziwitsa momwe gawo lililonse limathandizira kuti mumvetsetse mwatsatanetsatane zomwe zikuchitika.

Onetsetsani kuti mukuwona kuti kugwira ntchito kwa OpenVPN kumachitika kudzera m'malo awiri (pakompyuta kapena pa seva), zomwe zikutanthauza kuti kuyika ndi kukhazikitsa kumakhudza onse omwe akutenga nawo mgwirizano. Buku lathu lotsatira likulunjika makamaka pakugwira ntchito ndi magwero awiri.

Gawo 1: Ikani OpenVPN

Zachidziwikire, muyenera kuyamba kuwonjezera makalata onse omwe amafunikira makompyuta. Konzekerani kuti OS yomwe ili mokhazikika idzagwiritsidwa ntchito kumaliza ntchitoyo. "Pokwelera".

  1. Tsegulani menyu ndikuyambitsa kontena. Muthanso kuchita izi mwa kukanikiza kuphatikiza kiyi. Ctrl + Alt + T.

  2. Lowetsani lamulosudo apt kukhazikitsa openvpn yosavuta-rsakukhazikitsa zofunikira zonse. Pambuyo polowa, dinani Lowani.

  3. Fotokozani chinsinsi cha akaunti ya superuser. Makhalidwe pa nthawi yolemba sikuwonetsedwa m'munda.

  4. Tsimikizirani kuwonjezera kwamafayilo atsopano posankha njira yoyenera.

Chitani mbali yotsatira pokhazikitsa kukhazikitsa pazida zonse ziwiri.

Gawo 2: Kupanga ndikukhazikitsa Bungwe Loyeserera

Malo achitetezowo ali ndi udindo wofufuza makiyi a anthu onse komanso amapereka chinsinsi cholimba. Amapangidwa pa chipangizo chomwe ogwiritsa ntchito ena amalumikizana, kotero tsegulani cholumikizira pa PC ndikutsatira izi:

  1. Choyamba, foda imapangidwa kuti isunge makiyi onse. Mutha kuyiyika kulikonse, koma ndibwino kusankha malo otetezeka. Gwiritsani ntchito lamulosudo mkdir / etc / openvpn / yosavuta-rsapati / etc / openvpn / yosavuta-rsa - malo oti apange chikwatu.

  2. Kenako, zolemba zowonjezera zosavuta ziyenera kuyikidwa mu foda iyi, ndipo zimachitikasudo cp -R / usr / share / mosavuta-rsa / etc / openvpn /.

  3. Chilolezo chotsimikizika chimapangidwa mu chikwatu chomaliza. Pitani ku foda iyi choyambacd / etc / openvpn / yosavuta Rsa /.

  4. Kenako ikani lamulo lotsatirali m'munda:

    wokonda -i
    # gwero ./vars
    # ./clean-konse
    # ./ zomanga-ca

Pakadali pano, kompyuta ya seva ikhoza kusiyidwa yokha ndikusunthira ku zida zamakasitomala.

Gawo 3: Konzani Masatifiketi Amakasitomala

Malangizo omwe mudzadziwike pansipa adzafunika kuchitika pa kompyuta iliyonse ya kasitomala kuti apange mgwirizano wolondola.

  1. Tsegulani chopereka ndikulemba lamulo pameneposudo cp -R / usr / share / mosavuta-rsa / etc / openvpn /kukopera zolemba zonse zofunikira.

  2. M'mbuyomu, fayilo ya satifiketi yosiyana idapangidwa pa PC ya seva. Tsopano muyenera kukopera ndikuyikayika mufoda ndi zina. Njira yosavuta yochitira izi kudzera mwa gulu.sudo scp username @ host: /etc/openvpn/easy-rsa/keys/ca.crt / etc / openvpn / yosavuta-rsa / makiyipati username @ host - adilesi ya zida zomwe kutsitsirako kumapangidwira.

  3. Zimangopanganso kiyi yachinsinsi yachinsinsi, kuti kenako ikalumikizidwe nayo. Chitani izi popita ku chikwatu chosungiracd / etc / openvpn / yosavuta Rsa /.

  4. Kupanga fayilo, gwiritsani ntchito lamulo:

    wokonda -i
    # gwero ./vars
    # zomanga-req Zopeka

    Zopusa pamenepa, dzina la fayilo lotchulidwa. Kiyi yomwe idapangidwa iyenera kukhala mu chikwatu chomwecho ndi mabatani ena onse.

  5. Zimangotumiza kiyi yopezeka yokonzedwa ndi chipangizo cha seva kuti mutsimikizire kuti izi zikugwirizana. Izi zimachitika pogwiritsa ntchito lamulo lomwelo m'mene kutsitsako kunapangidwira. Muyenera kulowascp /etc/openvpn/easy-rsa/keys/Lumpics.csr username @ host: ~ /pati username @ host ndi dzina la kompyuta kutumiza, ndipo Akadachi.csr - dzina la fayilo ndi kiyi.

  6. Pa PC ya seva, tsimikizani fungulo kudzera./sign-req ~ / Lumpicspati Zopusa - dzina la fayilo. Pambuyo pake, bweretsani chikalatachosudo scp username @ host: /home/Lumpics.crt / etc / openvpn / mosavuta-rsa / mafungulo.

Pa izi, ntchito zonse zoyambirira zimatsirizidwa, zimangobweretsa OpenVPN kukhala zabwinobwino ndipo mutha kuyamba kugwiritsa ntchito kulumikizidwa kwanu kwachinsinsi ndi kasitomala amodzi kapena angapo.

Gawo 4: Konzani OpenVPN

Chitsogozo chotsatira chidzakhudza onse kasitomala ndi seva. Tigawa chilichonse malinga ndi zochita ndikuchenjeza za kusintha kwa makina, ndiye muyenera kungotsatira malangizowo.

  1. Choyamba pangani fayilo yosinthika pa PC ya seva pogwiritsa ntchito lamulozcat /usr/share/doc/openvpn/examples/samp-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf. Mukamakonza zida zamakasitomala, fayiloyi iyeneranso kuti ipangidwe mwapadera.

  2. Onani zomwe zimakhazikika. Monga mukuwonera, doko ndi protocol ndizofanana ndizofanana, koma palibe magawo owonjezera.

  3. Yendani fayilo yosinthidwa yopanga kudzera pa mkonzisudo nano /etc/openvpn/server.conf.

  4. Sitidzalowa mwatsatanetsatane pakusintha mfundo zonse, chifukwa nthawi zina zimakhala zachimodzimodzi, koma mizere yoyenera mufayilo iyenera kukhalapo, ndipo chithunzi chofanana ndi ichi:

    doko 1194
    proto udp
    comp-lzo
    dev tun
    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
    topology subnet
    seva 10.8.0.0 255.255.255.0
    ifconfig-dala-ipp.txt

    Masinthidwe onse atatha, sungani zoikamo ndikutseka fayilo.

  5. Ntchito ndi gawo la seva yakwaniritsidwa. Thamanga OpenVPN kudzera pa fayilo yomwe mumapangaopenvpn /etc/openvpn/server.conf.

  6. Tsopano tiyeni tisiyane ndi zida zamakasitomala. Monga tanena kale, fayilo yoikika idapangidwanso pano, koma nthawi ino simakunyamulidwa, chifukwa chake lamulo limawoneka motere:sudo cp /usr/share/doc/openvpn/examples/s samp-config-files/client.conf /etc/openvpn/client.conf.

  7. Yendetsani fayilo yomweyo monga tafotokozera pamwambapa ndipo onjezani mizere ili:

    kasitomala
    dev tun
    proto udp
    kutali 194.67.215.125 1194
    solv-retry yopanda malire
    wolemekezeka
    kulimbikira-kiyi
    kulimbikira-tun
    ca /etc/openvpn/easy-rsa/keys/ca.crt
    cert /etc/openvpn/easy-rsa/keys/Sergiy.crt
    kiyi /etc/openvpn/easy-rsa/keys/Sergiy.key
    tls-Author ta.key 1
    comp-lzo
    mneni 3    .

    Mukasintha, kukhazikitsa OpenVPN:openvpn /etc/openvpn/client.conf.

  8. Lowetsani lamulokhalidikuonetsetsa kuti makina akugwira ntchito. Pakati pazabwino zonse zomwe zikuwonetsedwa, mawonekedwe ayenera kukhalapo tun0.

Kuti muthe kuwongolera kuchuluka kwa magalimoto ndi kutsegulira intaneti kwa makasitomala onse pa PC ya seva, muyenera kuyambitsa malamulo otsatirawa limodzi.

sysctl -w net.ipv4.ip_cer = 1
iptables -A INPUT --p udp --dport 1194 -j ACCEPT
iptables -I KWA KUSINTHA -i tun0 -o eth0 -j ACCEPT
iptables -I KWA KUSUNGA -i eth0 -o tun0 -j ACCEPT
iptables -t nat -A POSTRoutING -o eth0 -j MASQUERADE

M'nkhani ya lero, adayambitsidwa kukhazikitsa ndi kukhazikitsa kwa OpenVPN pa seva ndi kasitomala. Tikukulangizani kuti mutchere khutu ku zidziwitso zomwe zikuwonetsedwa "Pokwelera" ndi zowonera zolakwika, ngati zilipo. Kuchita zotereku kumathandizira kupewa mavuto ena ndi kulumikizana, chifukwa yankho lavuto limathandizira kuti mavuto ena asamachitike.

Pin
Send
Share
Send

Posts Popular

https://eifeg.com 2024