Ụfọdụ ndị ọrụ nwere mmasị n'ịmepụta netwọk na-ahụ maka onwe ha n'etiti kọmputa abụọ. Na-enye ọrụ ahụ site na enyemaka nke VPN technology (Personal Private Network). A na-eme njikọ ahụ site na ọrụ na mmemme mepere emepe ma ọ bụ mechie. Mgbe echichi na nhazi nke ihe niile mebiri, usoro a nwere ike nyochaa zuru oke, na njikọ - echedo. Ọzọkwa, anyị ga-achọ ịkọwa n'ụzọ zuru ezu na mmejuputa nke nkà na ụzụ a tụlere site na OpenVPN ahịa na sistemụ arụmọrụ dabere na Linux kernel.
Wụnye OpenVPN na Linux
Ebe ọ bụ na ọtụtụ ndị ọrụ na-eji nkesa Ubuntu, taa ntụziaka ga-adabere na nsụgharị ndị a. N'ọnọdụ ndị ọzọ, ọdịiche dị oke na nhazi na nhazi nke OpenVPN ị gaghị achọpụta, ọ gwụla ma ị ga-agbaso sigharị nke nkesa, nke ị nwere ike ịgụ banyere akwụkwọ ndekọ nke usoro gị. Anyị na-enye gị ka ị mara onwe gị na usoro dum site na nzọụkwụ iji ghọta nke ọma ihe ọ bụla.
Jide n'aka na ọrụ OpenVPN na-eme site na nkwụ abụọ (kọmputa ma ọ bụ ihe nkesa), nke pụtara na nhazi na nhazi na-emetụta ndị niile sonyere na njikọ ahụ. Ihe nkuzi anyi ga - adi nma n'ile ihe omuma abuo.
Nzọụkwụ 1: Wụnye OpenVPN
N'ezie, ị ga-amalite site n'ịgbakwunye ụlọ akwụkwọ ọ bụla dị mkpa na kọmputa. Kwadebe iji hụ na arụ ọrụ ahụ ga-ewu naanị n'ime OS. "Njedebe".
- Mepee menu ma malite na njikwa. I nwekwara ike ime nke a site na ịpị njikọta nchịkọta Ctrl Alt + T.
- Debanye aha otu
sudo apt wụnye openvpn mfe-rsa
iji wụnye ụlọ nchekwa niile dị mkpa. Mgbe ịbanye na pịa Tinye. - Dee paswọọdụ maka akaụntụ superuser. Ndị agwa na ịpị anaghị apụta n'ime igbe.
- Kwenye na mgbakwunye nke faịlụ ọhụrụ site na ịhọrọ nhọrọ kwesịrị ekwesị.
Gaa na nzọụkwụ na-esote naanị mgbe etinyechara ya na ngwaọrụ abụọ ahụ.
Nzọụkwụ 2: Ịmepụta na ịhazi Configuring Authority
Ebe ịkọwapụta ahụ bụ ọrụ maka igosipụta igodo ọha na eze ma nye ọnyà nzuzo. A na - eke ya na ngwaọrụ nke ndị ọrụ ndị ọzọ ga - emesị jikọọ, wee mepee njikwa na PC chọrọ ma soro usoro ndị a:
- A na-ebu ụzọ chekwaa nchekwa maka ịchekwa igodo niile. Ị nwere ike idowe ya n'ebe ọ bụla, ma ọ ka mma ịchọta ebe dị mma. Jiri maka iwu a
sudo mkdir / wdg / openvpn / mfe-rsa
ebe / etc / openvpn / mfe-rsa - Ebe iji mepụta ndekọ. - Ọzọ na nchekwa a, achọrọ ka ị tinye nchịkọta tinye-na-ahụ rifọ-rsa, a na-eme nke a site na
sudo cp -R / usr / share / easy-rsa / etc / openvpn /
. - A na-ahazi ebe etiti ịgba akwụkwọ na ndekọ dị njikere. Buru ụzọ banye na nchekwa a.
cd / etc / openvpn / mfe-rsa /
. - Wee tinye iwu ndị a n'ọhịa:
sudo -i
# iyi ./vars
# ./clean-all
# ./build-ca
Ọ bụ ezie na kọmputa nkesa nwere ike ịhapụ naanị gị ma gaa na ndị ahịa ngwaọrụ.
Nzọụkwụ 3: Hazi Asambodo Ndị ahịa
Ntuziaka ahụ, nke ị ga-ama nke ọma n'okpuru, ga-eduzi na kọntaktị onye ahịa ọ bụla iji hazie njikọ ejikọta nke ọma.
- Mepee njikwa ma dee iwu n'ebe ahụ.
sudo cp -R / usr / share / easy-rsa / etc / openvpn /
iji dee ihe odide ọ bụla a chọrọ. - Na mbụ, a na-ede akwụkwọ faịlụ dị iche na PC nkesa. Ugbu a, ọ dị mkpa ka e depụtaghachi ya ma tinye ya na folda ya na ihe ndị ọzọ. Ụzọ kachasị mfe ime nke a bụ site na iwu ahụ.
sudo scp aha njirimara @ nnabata: /etc/openvpn/easy-rsa/keys/ca.crt / wdg / openvpn / mfe-rsa / igodo
ebe aha njirimara @ nnabata - adreesị nke akụrụngwa nke ibudata. - Ọ na-anọgide na ịmepụta igodo nzuzo n'onwe ya ka ọ bụrụ na n'ọdịnihu ọ ga-ejikọ ya. Mee nke a site na ịga na nchekwa nchekwa ederede.
cd / etc / openvpn / mfe-rsa /
. - Iji mepụta faịlụ, jiri iwu:
sudo -i
# iyi ./vars
# build-req LumpicsLumpics na nke a, aha faịlụ a kapịrị ọnụ. Isi ihe mepụtara ga-abụ na ndekọ ahụ na igodo ndị ọzọ.
- Ọ na-anọgide na iziga igodo ntinye njikere iji ngwaọrụ nkesa iji kwado eziokwu nke njikọ ya. A na-eme nke a site n'enyemaka nke otu iwu ahụ nke e mepụtara. Ịkwesịrị ịbanye
scp /etc/openvpn/easy-rsa/keys/Lumpics.csr username @ host: ~ /
ebe aha njirimara @ nnabata - aha kọmputa ka iziga, ma Lumpics.csr - aha faịlụ na igodo. - Na PC nkesa, gosi isi site na
./sign-req ~ / Lumpics
ebe Lumpics - aha faịlụ. Mgbe nke ahụ gasịrị, weghachite akwụkwọ ahụsudo scp aha njirimara @ nnabata: /home/Lumpics.crt / etc / openvpn / easy-rsa / key
.
Nke a bụ njedebe nke ọrụ niile ahụ, ihe niile fọdụrụnụ bụ imeghe OpenVPN onwe ya na ọnọdụ nkịtị ma ị nwere ike ịmalite iji nzuzo ezoro ezo na otu ma ọ bụ ọtụtụ ndị ahịa.
Nzọụkwụ 4: Hazie OpenVPN
Usoro nduzi a ga - etinye ma onye ahịa ma sava. Anyị ga-ekekọrịta ihe niile dịka omume ma dọọ aka ná ntị banyere mgbanwe nke igwe, yabụ ị ga-agbaso ntụziaka ahụ.
- Mbụ, mepụta faili nhazi na PC nkesa site na iji iwu
zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
. Mgbe ha na-ahazi ngwaọrụ ndị ahịa, a ghaghị ịmepụta faịlụ a iche iche. - Gụọ ụkpụrụ ụkpụrụ omume. Dị ka ị pụrụ ịhụ, ọdụ ụgbọ mmiri na protocol bụ otu ihe ahụ dị ka ndị ọkọlọtọ, mana ọ dịghị ntinye ọzọ.
- Gbaa faịlụ nhazi ahụ site na nchịkọta akụkọ
sudo nano /etc/openvpn/server.conf
. - Anyị agaghị abanye na nkọwa nke agbanwe agbanwe ụkpụrụ niile, ebe ọ bụ na n'ọnọdụ ụfọdụ, ha bụ onye ọ bụla, ma akara ndị dị na faịlụ ahụ ga-adị, ma foto yiri nke a yiri nke a:
n'ọdụ ụgbọ mmiri 1194
proto udp
comp-lzo
wepụta
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/ca.crt
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
topology subnet
nkesa 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txtMgbe niile gbanwere, chekwaa ntọala ma mechie faịlụ ahụ.
- Arụ ọrụ na akụkụ ihe nkesa ahụ ezuola. Gbaa OpenVPN site na faịlụ nhazi ahụ
openvpn /etc/openvpn/server.conf
. - Ugbu a, anyị ga-amalite ngwaọrụ ndị ahịa. Dika ekwurula ya, a na-ekekwa faịlụ ntọala ebe a, mana oge a enweghi ike ime ya, ya mere, iwu ahụ nwere ụdị nke a:
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client.conf
. - Gbaa faịlụ ahụ n'otu ụzọ ahụ dị ka egosiri n'elu ma tinye mpaghara ndị a n'ebe ahụ:
onye ahịa
.
wepụta
proto udp
ime obodo 194.67.215.125 1194
kpebisie ike na-enweghi ngwụcha
nobind
igodo na-aga n'ihu
nọgide na-eche
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Sergiy.crt
isi /etc/openvpn/easy-rsa/keys/Sergiy.key
tls-auth ta.key 1
comp-lzo
ngwaa nke 3Mgbe edezi zuru ezu, malite OpenVPN:
openvpn /etc/openvpn/client.conf
. - Debanye aha otu
ifconfig
iji hụ na usoro ahụ na-arụ ọrụ. N'ime ụkpụrụ niile egosiri, enwere ike inwe interface tun0.
Iji weghachite okporo ụzọ na ohere Ịntanetị maka ndị ahịa niile na PC nkesa, ị ga-achọ imegharị iwu ndị edepụtara n'okpuru otu otu.
sysctl -w net.ipv4.ip_forward = 1
iptables-INPUT -p udp --dport 1194 -j Tinye
iptables -I AHỤ -i tun0 -o eth0 -j ACCEPT
iptables -I AHỤ -i eth0 -o tun0 -j kwenye
iptables -t nat - POSTROUTING -o eth0 -j MASQUERADE
N'isiokwu nke taa, a kpọbatara gị na OpenVPN nhazi na nhazi nke nkesa na onye ahịa. Anyị na-adụ gị ọdụ ka ị ṅaa ntị na nkwupụta ndị egosiri na "Njedebe" ma nyochaa koodu njehie, ma ọ bụrụ na ọ bụla. Omume yiri nke a ga - enyere aka izere nsogbu ndị ọzọ na njikọ ahụ, n'ihi na ngwọta ọrụ nke nsogbu ahụ na - egbochi ọdịdị nsogbu ndị ọzọ.