Abanye abasebenzisi banesifiso sokwakha inethiwekhi yangasese yangasese phakathi kwamakhompyutha amabili. Umsebenzi uyenziwa kusetshenziswa ubuchwepheshe be-VPN (Virtual Private Network). Ukuxhumeka kusebenza ngokusebenzisa izinsiza ezivulekile noma ezivaliwe nezinhlelo. Ngemuva kokufakwa okuphumelelayo nokulungiswa kwazo zonke izakhi, inqubo ingabhekwa njengephothuliwe, futhi ukuxhumeka kuvikelwe. Okulandelayo, singathanda ukuxoxa kabanzi ngokusetshenziswa kobuchwepheshe kusetshenziswa iklayenti le-OpenVPN ohlelweni olusebenza lwe-Linux kernel.
Faka i-OpenVPN kwiLinux
Njengoba iningi labasebenzisi lisebenzisa ukusabalalisa okususelwa ku-Ubuntu, namuhla imiyalo izosuselwa kulezi nguqulo. Kwezinye izimo, ngeke uqaphele umehluko osisekelo ekufakweni nasekucushweni kwe-OpenVPN, ngaphandle kokuthi kufanele ulandele isakhi sokuhambisa, ongafunda ngaso kumadokhumenti asemthethweni wohlelo lwakho. Siphakamisa ukuthi uzijwayeze inqubo yonke inqubo ngesinyathelo ukuze uqonde ngokuningiliziwe isenzo ngasinye.
Qiniseka ukuthi ubheka ukuthi ukusebenza kwe-OpenVPN kwenzeka ngezindawo ezimbili (ikhompyutha noma iseva), okusho ukuthi ukufakwa nokulungiswa kusebenza kubo bonke ababambe iqhaza ekuxhumaneni. Umhlahlandlela wethu olandelayo uzogxila ngqo ekusebenzeni nemithombo emibili.
Isinyathelo 1: Faka i-OpenVPN
Vele, kufanele uqale ngokungeza yonke imitapo yolwazi edingekayo kumakhompyutha. Lungela iqiniso lokuthi i-OS eyakhelwe ngaphakathi izosetshenziselwa ukuqedela umsebenzi. "Isiginali".
- Vula imenyu bese uqalisa ikhonsoli. Futhi ungakwenza lokhu ngokucindezela inhlanganisela yokhiye. I-Ctrl + Alt + T.
- Bhalisa umyalo
sudo apt ukufaka i-openvpn kulula-rsaukufaka wonke amakhodi adingekayo. Ngemuva kokungena, chofoza Ngena. - Cacisa i-password ye-akhawunti ephezulu. Izinhlamvu ngesikhathi sokuthayipha azikhonjiswa endle.
- Qinisekisa ukungezwa kwamafayela amasha ngokukhetha inketho ezifanele.
Qhubekela kusinyathelo esilandelayo kuphela uma ukufakwa kwenziwa kuwo womabili amadivayisi.
Isinyathelo 2: Ukudala Nokuhlela Igunya Lesitifiketi
Isikhungo esichazayo sisebenza ukubheka okhiye bomphakathi futhi sinikezela ngemfihlo eqinile. Kwakhelwe kudivayisi lapho abanye abasebenzisi bezoxhuma khona, ngakho-ke vula ikhonsoli ku-PC oyifunayo bese ulandela lezi zinyathelo:
- Okokuqala, kwenziwa ifolda ukugcina zonke izinkinobho. Ungayibeka noma kuphi, kodwa kungcono ukhethe indawo ephephile. Sebenzisa umyalo
sudo mkdir / etc / openvpn / kulula-rsakuphi / etc / openvpn / kulula-rsa - indawo yokwakha inkomba. - Okulandelayo, ama-script we-plug wokungeza kalula adingeka ukufakwa kule folda, futhi lokhu kwenziwa ngokusebenzisa
sudo cp -R / usr / share / kulula-rsa / njll / openvpn /. - Igunya lesitifiketi lidalwa kumkhombandlela ophelile. Iya kuqala kule folda
cd / njll / openvpn / kulula-Rsa /. - Bese unamathisela umyalo olandelayo kwinkambu:
sudo -i
# umthombo ./vars
# ./clean-all
# ./build-ca
Okwamanje, ikhompyutha iseva ingashiywa yodwa idluliselwe kumadivayisi amaklayenti.
Isinyathelo 3: Lungiselela Izitifiketi Zeklayenti
Imiyalo ozoyijwayela ngezansi izodinga ukwenziwa ekhompyutheni ngayinye yeklayenti ukuze uhlele ukuxhumana okuphephile okusebenzayo.
- Vula ikhonsoli bese ubhala umyalo lapho
sudo cp -R / usr / share / kulula-rsa / njll / openvpn /ukukopisha yonke imibhalo yethuluzi edingekayo. - Phambilini, ifayili lesitifiketi elihlukile lalakhiwa kwi-PC yeseva. Manje udinga ukuyikopisha bese uyibeka kufolda nezinye izinto. Indlela elula yokwenza lokhu ngeqembu.
igama lomsebenzisi le-sudo scp @ host: /etc/openvpn/easy-rsa/keys/ca.crt / njll / openvpn / easy-rsa / okhiyekuphi igama lomsebenzisi @ host - ikheli lemishini okwenziwa kuwo ukulanda. - Kuhlala kuphela ukudala ukhiye oyimfihlo oyimfihlo, ukuze ngokuhamba kwesikhathi uxhumeke kuwo. Yenza lokhu ngokuya kufolda yesitoreji seskripthi
cd / njll / openvpn / kulula-Rsa /. - Ukwakha ifayela, sebenzisa umyalo:
sudo -i
# umthombo ./vars
# Yakha-req Ama-Lumpics
Ama-Lumpics kulokhu, igama lefayela elicacisiwe. Ukhiye owenziwe kufanele abe kwisikhombi esifanayo nezinye izinkinobho.
- Kuhlala kuphela ukuthumela ukhiye wokufinyelela owenziwe kahle kudivayisi yeseva ukuze uqinisekise ubuqiniso bokuxhuma kwayo. Lokhu kwenziwa kusetshenziswa umyalo ofanayo lapho ukulandwa kwenziwa khona. Udinga ukungena
scp /etc/openvpn/easy-rsa/keys/Lumpics.csr igama lomsebenzisi @ host: ~ /kuphi igama lomsebenzisi @ host igama lekhompyutha okufanele lithunyelwe, futhi Ama-lumpics.csr - Igama lefayela ngokhiye. - Kwi-PC yeseva, qinisekisa ukhiye nge
./sign-req ~ / Ama-Lumpicskuphi Ama-Lumpics - Igama lefayela. Ngemuva kwalokho, buyisela idokhumenti emuvaigama lomsebenzisi le-sudo scp @ host: /home/Lumpics.crt / njll / openvpn / easy-rsa / okhiye.
Kulokhu, wonke umsebenzi wokuqala uqediwe, kusale ukuletha i-OpenVPN kuphela esimweni esijwayelekile futhi ungaqala ukusebenzisa ukuxhumana okubhalwe ngasese neklayenti elilodwa noma amaningi.
Isinyathelo 4: Lungiselela i-OpenVPN
Umhlahlandlela olandelayo uzofaka iklayenti kanye neseva. Sizohlukanisa yonke into ngokwezenzo futhi sixwayise ngoshintsho emishini, ngakho-ke kufanele ulandele imiyalo.
- Okokuqala yenza ifayela lokucushwa kwi-PC yeseva usebenzisa umyalo
zcat /usr/share/doc/openvpn/examples/sampula-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf. Lapho kumiswa amadivaysi amaklayenti, leli fayela kuzodingeka futhi lenziwe ngokuhlukile. - Bheka amanani azenzakalelayo. Njengoba ukwazi ukubona, ichweba kanye nesivumelwano kuyalingana nalokho okujwayelekile, kepha azikho ezinye izingxenye.
- Sebenzisa ifayela lokumisa elidaliwe ngomhleli
sudo nano /etc/openvpn/server.conf. - Ngeke singene kwimininingwane yokushintsha wonke amanani, ngoba kwezinye izimo ayawodwana, kepha imigqa ejwayelekile efayelini kumele ibekhona, futhi isithombe esifanayo sibukeka kanjena:
imbobo 1194
proto udp
comp-lzo
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/ca.crt
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
i-topology subnet
iseva 10.8.0.0 255.255.255.0
ifconfig-pool-qhubeka ipp.txtNgemuva kokuthi lonke ushintsho seluphelile, gcina izilungiselelo bese uvala ifayela.
- Ukusebenza nengxenye yeseva kuqediwe. Gijimani i-OpenVPN ngefayela lokucushwa elakhiwe
openvpn /etc/openvpn/server.conf. - Manje ake sehlele phansi kumadivayisi amaklayenti. Njengoba sekushiwo, ifayela lezilungiselelo lakhiwa futhi lapha, kepha kulokhu alikavulwa, ngakho-ke umyalo ubukeka kanjena:
sudo cp /usr/share/doc/openvpn/examples/s samp-config-files/client.conf /etc/openvpn/client.conf. - Qalisa ifayela ngendlela efanayo njengoba kukhonjisiwe ngenhla bese wengeza imigqa elandelayo:
iklayenti.
dev tun
proto udp
kude 194.67.215.125 1194
i-solv-retry ayinamkhawulo
nobung
ikhiye eliphikelelayo
ukuphikelela-tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Sergiy.crt
ukhiye /etc/openvpn/easy-rsa/keys/Sergiy.key
tls-Author ta.key 1
comp-lzo
isenzo 3Lapho ukuhlela kuqediwe, qalisa i-OpenVPN:
openvpn /etc/openvpn/client.conf. - Bhalisa umyalo
ifconfigukwenza isiqiniseko sokuthi uhlelo luyasebenza. Kuwo wonke amanani abonisiwe, isikhombimsebenzisi kufanele sibe khona i-tun0.
Ukuze uqondise kabusha ithrafikhi futhi uvule ukufinyelela kwe-Intanethi kuwo wonke amaklayenti ku-PC yeseva, uzodinga ukwenza kusebenze imiyalo elandelayo ngalandelana.
sysctl -w net.ipv4.ip_cer = 1
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Ku-athikili yanamuhla, wethulwa ukufakwa nokucushwa kwe-OpenVPN kuseva naseceleni lekhasimende. Sikucebisa ukuthi unake izaziso eziboniswe ku "Isiginali" namakhodi wephutha lokufunda, uma akhona. Izenzo ezinjalo zizosiza ekugwemeni ezinye izinkinga ngokuxhuma, ngoba ikhambi elisheshayo lenkinga livimbela ukwenzeka kwezinye izinkinga ezivelayo.
