Kenya OpenVPN ho Ubuntu

Basebelisi ba bang ba thahasella ho etsa marang-rang a poraefete pakeng tsa likhomphutha tse peli. Mosebetsi o phethoa ho sebelisoa theknoloji ea VPN (Virtual Private Network). Khokahano e kenngwa tšebetsong ka mananeo a bulehileng kapa a koetsoeng. Kamora ho kenya hantle le ho hlophisa likarolo tsohle, ts'ebetso e ka nkoa e phethiloe, mme khokahano e sirelelitsoe. Ka mor'a moo, re ka thabela ho tšohla ka botlalo ts'ebetsong ea mahlale a morao-rao ka moreki oa OpenVPN ts'ebetsong ea Linux kernel-based.

Kenya OpenVPN ho Linux

Kaha basebelisi ba bangata ba sebelisa lipehelo tse thehiloeng ho Ubuntu, kajeno litaelo li tla ipapisa le liphetolelo tsena. Maemong a mang, u ke ke ua hlokomela phapang ea bohlokoa ho kenyelletsong le tlhophisong ea OpenVPN, ntle le haeba u tlameha ho latela syntax ea phepelo, eo u ka balang ka eona litokomaneng tsa semmuso tsa sistimi ea hau. Re khothaletsa hore u ithute mohato ka mohato ka mohato hore o utloisise ka botlalo ketso e ngoe le e ngoe.

Etsa bonnete ba hore u nka hore ts'ebetso ea OpenVPN e etsahala ka li-node tse peli (khomphutha kapa seva), ho bolelang hore ts'ebetso le ts'ebetso e sebetsa ho bohle ba nkang karolo khokahanong. Tataiso ea rona e latelang e tla shebisisa ka kotloloho ho sebetsa le mehloli e 'meli.

Mohato oa 1: Kenya OpenVPN

Ho joalo, o lokela ho qala ka ho eketsa lilaebrari tsohle tse hlokahalang likhomphutha. Itokisetse 'nete ea hore OS e hahiloeng feela e tla sebelisoa ho phethela mosebetsi. "Mokhatlo oa" terminal ".

1. Bula menyu 'me u hlahise khokahano. U ka etsa sena ka ho tobetsa konopo ea bohlokoa. Ctrl + Alt + T.



2. Ngolisa taelosudo apt kenya openvpn bonolo-rsaho kenya lirekoto tsohle tse hlokahalang. Kamora ho kena, tobetsa Kena.



3. Hlalosa phasewete bakeng sa ak'haonte e kholo. Litlhaku nakong ea thaepa ha li hlahisoe lebaleng.



4. Netefatsa tlatsetso ea lifaele tse ncha ka ho khetha khetho e nepahetseng.

Tsoela pele mohatong o latelang ha ho kentsoe ts'ebetso ho lisebelisoa ka bobeli.

Mohato oa Bobeli: Ho theha le ho hlophisa Setifikeiti sa Boikarabello

Setsi sa litlhaloso se ikarabella ho lekola linotlolo tsa sechaba mme se fana ka encryption e matla. E thehiloe sesebelisoa seo basebelisi ba bang ba tla se hokahanya, kahoo bula khomphutha ho PC eo u e batlang ebe u latela mehato ena:

1. Pele, ho etsoa foldara ho boloka linotlolo tsohle. U ka e beha kae kapa kae, empa ho molemo ho khetha sebaka se sireletsehileng. Sebelisa taelosudo mkdir / etc / openvpn / bonolo-rsakae / etc / openvpn / bonolo-rsa - sebaka sa ho theha sethala.



2. E latelang, li-script tsa tlatsetso tse bonolo li hlokahala ho beoa foldareng ena, 'me sena se phethoa kaSudo cp -R / usr / share / bonolo-rsa / jj / openvpn /.



3. Setifikeiti sa tumello se thehiloe ka har'a sesebelisoa se phethiloeng. E ea foldareng ena pelecd / jj / openvpn / bonolo-rsa /.



4. Ebe u beha taelo e latelang tšimong:

   sudo -i
# mohloli ./vars
# ./clean-all
# ./build-ca

Hajoale, komporo ea seva e ka tloheloa e le 'ngoe' me ea fallisetsoa lisebelisoa tsa bareki.

Mohato oa 3: Fumana Setifikeiti sa Bareki

Litaelo tseo u tla tloaelana le tsona ka tlase li tla hloka ho etsoa ho komporo e 'ngoe le e' ngoe ea moreki ho hlophisa khokahano e sireletsehileng e sebetsang.

1. Bula likhokahano ebe u ngola taelo mooSudo cp -R / usr / share / bonolo-rsa / jj / openvpn /ho kopitsa litokomane tsohle tsa lisebelisoa tse hlokahalang.



2. Pejana, faele ea setifikeiti e arohaneng e ne e etsoa ho PC ea seva. Hona joale o hloka ho e kopitsa ebe o e beha foldareng le likarolo tse ling. Mokhoa o bonolo oa ho etsa sena ke ka sehlopha.sudo scp username @ host: /etc/openvpn/easy-rsa/keys/ca.crt / jjkae username @ moeti - aterese ea lisebelisoa tseo download e tsoang ho tsona.



3. E sala feela ho etsa senotlolo sa lekunutu sa lekunutu, e le hore hamorao se tla hokahanngoa ka eona. Etsa sena ka ho ea foldareng ea polokelo ea scriptcd / jj / openvpn / bonolo-rsa /.



4. Ho etsa file, sebelisa taelo:

   sudo -i
# mohloli ./vars
# haha-req Lumpics

   

   Lumpics khetlong lena, lebitso le boletsoeng la faele. Senotlolo se thehiloeng se tlameha ho ba sesebelisoa se tšoanang le linotlolo tse ling kaofela.

5. E sala feela ho romella senotlolo sa phihlello se entsoeng ka mokhoa oa sesebelisoa ho netefatsa bonnete ba khokelo ea sona. Sena se etsoa ho sebelisoa taelo e tšoanang eo download e entsoeng ka eona. U hloka ho kenascp /etc/openvpn/easy-rsa/keys/Lumpics.csr username @ host: ~ /kae username @ moeti ke lebitso la komporo eo u lokelang ho e romella, 'me Li-lumpics.csr - lebitso la file le senotlolo.



6. Ho PC ea seva, netefatsa senotlolo ka./sign-req ~ / Lumpicskae Lumpics - lebitso la faele. Kamora moo, khutlisa tokomane eo ka ho phetasudo scp username @ host: /home/Lumpics.crt / jj / openvpn / easy-rsa / key.

Ho sena, mosebetsi ohle oa pele o phethetsoe, o lula feela ho tlisa OpenVPN maemong a tloaelehileng mme o ka qala ho sebelisa khokahano e patiloeng ea poraefete le bareki ba le bang kapa ba bangata.

Mohato oa 4: Lokisa OpenVPN

Tataiso e latelang e tla koahela mohiri le seva ka bobeli. Re tla arola ntho e 'ngoe le e' ngoe ho latela liketso 'me re hlokomelise ka liphetoho tse teng mochini, kahoo o tlameha ho latela litaelo.

1. Pele theha faele ea tlhophiso ho PC ea seva u sebelisa taelozcat /usr/share/doc/openvpn/examples/sampole-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf. Ha u hlophisa lisebelisoa tsa bareki, faele ena le eona e tla tlameha ho etsoa ka thoko.



2. Sheba boleng ba kamehla. Joalokaha u bona, boema-kepe le protocol li tšoana le tse tloaelehileng, empa ha ho na liparamente tse eketsehileng.



3. Tsamaisa faele e hlophisitsoeng e hlophisitsoeng ka molokisisudo nano /etc/openvpn/server.conf.



4. Ha re na ho kena ka lintlha tsa ho fetola boleng bohle, hobane maemong a mang ke a motho ka mong, empa mela e tloaelehileng faeleng e tlameha ho ba teng, 'me setšoantšo se ts'oanang se shebahala tjena:

   port 1194
proto udp
comp-lzo
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/ca.crt
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
subology subnet
seva 10.8.0.0 255.255.255.0
ifconfig-pool-end ipp.txt

   Ha liphetoho tsohle li se li felile, boloka li-setting ebe u koala file.



5. Ho sebetsa le karolo ea seva ho phethiloe. Matha OpenVPN ka faele e hlophisitsoeng e hlophisitsoengopenvpn /etc/openvpn/server.conf.



6. Joale ha re theoheleng lisebelisoa tsa bareki. Joalokaha ho se ho boletsoe, faele ea li-setting e boetse e etsoa mona, empa nakong ena ha e sa sebetsoe, kahoo taelo e shebahala tjena:sudo cp /usr/share/doc/openvpn/examples/sampole-config-files/client.conf /etc/openvpn/client.conf.



7. Matha file ka tsela e tšoanang le e bontšitsoeng kaholimo 'me u kenye mela e latelang.

   moreki
dev tun
proto udp
hole 194.67.215.125 1194
solv-retry e sa feleng
lehlohonolo
phehella-senotlolo
phehella-tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Sergiy.crt
senotlolo /etc/openvpn/easy-rsa/keys/Sergiy.key
tls-Author ta.key 1
comp-lzo
leetsi la 3.

   Ha ho hlophisoa ho phethehile, qala OpenVPN:openvpn /etc/openvpn/client.conf.

8. Ngolisa taelokhalfolahho etsa bonnete ba hore sistimi ea sebetsa. Har'a lits'oants'o tsohle tse bonts'itsoeng, sehokelo se tlameha ho ba teng tun0.

Bakeng sa ho khutlisetsa sephethephethe le ho bula phihlello ea inthanete bakeng sa bareki bohle ho PC ea seva, o tla hloka ho kenya tšebetsong litaelo tse latelang ka bonngoe.

sysctl -w net.ipv4.ip_reli = 1
li-iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
li-iptables -t nat -A LITLHAKISO -OTH0 -j MASQUERADE

Karolong ea kajeno, u tsebisitsoe ho kenyelletso le tlhophiso ea OpenVPN ka seva le lehlakoreng la bareki. Re u eletsa hore u ele hloko tsebiso e bonts'itsoeng "Mokhatlo oa" terminal " le khoutu ea liphoso tsa ho ithuta, haeba li teng. Ho etsa joalo ho tla thusa ho qoba mathata a mang ka khokahanyo, hobane tharollo ea bothata kapele e thibela ho hlaha ha mathata a mang a hlahang.