Wasu masu amfani suna da sha'awar ƙirƙirar cibiyar sadarwar kai tsaye tsakanin kwakwalwa biyu. Ya ba da aikin tare da taimakon fasahar VPN (Virtual Private Network). Ana haɓaka haɗin ta hanyar bude ko rufe kayan aiki da shirye-shirye. Bayan kammala shigarwa da daidaitattun abubuwan da aka gyara, za'a iya ɗauka hanya cikakke, kuma haɗi - amintacce. Bugu da ari, muna so mu tattauna dalla-dalla game da aiwatar da fasaha da aka yi la'akari ta hanyar OpenVPN abokin ciniki a cikin tsarin aiki bisa tushen kudan zuma na Linux.
Shigar OpenVPN a kan Linux
Tun da mafi yawan masu amfani suna amfani da gudummawar Ubuntu, a yau umarni za su dogara ne akan waɗannan nau'ikan. A wasu lokuta, bambancin da ke cikin shigarwa da daidaituwa na OpenVPN ba za ka lura ba, sai dai idan dole ne ka bi rubutun rarraba, wadda za ka iya karantawa a cikin takardun aikin hukuma na tsarinka. Muna ba ka ka fahimtar kanka tare da dukan tsari kowane mataki don fahimtar dalla-dalla kowane mataki.
Tabbatacce ne ka tuna cewa aiki na OpenVPN yana faruwa ne ta hanyar nodes biyu (kwamfuta ko uwar garke), wanda ke nufin cewa shigarwar da sanyi ya shafi kowane mahalarta a cikin haɗin. Ƙa'idodinmu na gaba zai mayar da hankali ga aiki tare da matakai biyu.
Mataki na 1: Shigar OpenVPN
Hakika, ya kamata ka fara da ƙara duk ɗakunan karatu masu buƙata zuwa kwakwalwa. Yi don tabbatar da cewa aikin da aka yi amfani da shi za a gina shi a cikin OS. "Ƙaddara".
- Bude menu kuma kaddamar da na'ura. Zaka kuma iya yin wannan ta latsa maɓallin haɗin Ctrl + Alt T.
- Yi rijista
sudo apt shigar openvpn sauki-rsa
don shigar da duk wuraren ajiyar da ake bukata. Bayan shigar da danna kan Shigar. - Saka kalmar sirri don asusun superuser. Abubuwan da ke kan bugun kira ba su bayyana a cikin akwatin ba.
- Tabbatar da ƙarin sababbin fayiloli ta zaɓin zaɓi mai dacewa.
Je zuwa mataki na gaba kawai idan an shigar da shigarwa akan dukkan na'urori.
Mataki na 2: Samar da kuma haɓaka wata Hukumomin Hukuma
Cibiyar ƙayyadewa tana da alhakin tabbatar da makullin jama'a da kuma samar da boye-boye mai ƙarfi. An halicce shi a kan na'urar da wasu masu amfani zasu iya haɗuwa a baya, don haka bude na'ura mai kwakwalwa akan PC da ake so kuma bi wadannan matakai:
- Ana ƙirƙiri babban fayil don adana duk makullin. Zaka iya sanya shi a ko'ina, amma ya fi kyau samun wuri mai lafiya. Yi amfani da wannan umarni
sudo mkdir / sauransu / openvpn / sauki-rsa
inda / sauransu / openvpn / sauki-rsa - Gida don ƙirƙirar shugabanci. - Bugu da kari a cikin wannan babban fayil akwai buƙatar sanya rubutun-sauya-rsa, kuma anyi wannan ta hanyar
sudo cp -R / usr / share / sauki-rsa / sauransu / openvpn /
. - An kafa cibiyar haɗin ƙirƙirar a cikin jerin shirye-shirye. Na farko je wannan babban fayil.
cd / sauransu / openvpn / sauki-rsa /
. - Sa'an nan kuma manna umarnin da ke cikin filin:
sudo -i
# source ./vars
# ./clean-all
# ./build-ca
Duk da yake kwamfutar uwar garke za a iya barin shi kadai kuma matsa zuwa na'urorin haɗi.
Mataki na 3: Shirya Takaddun Bayanan Mutumin
Bayanin, wanda za ku saba da ƙasa, zai buƙaci a gudanar da su akan kowane kwamfutarka na kwamfuta don tsara haɗin haɗin haɗi mai dacewa.
- Bude ta firgita kuma rubuta umarnin a can.
sudo cp -R / usr / share / sauki-rsa / sauransu / openvpn /
don kwafe dukkan kayan rubutun kayan aiki. - A baya can, an sanya takardar shaidar takardar shaidar a kan PC ɗin. Yanzu yana buƙatar a kofe kuma sanya shi cikin babban fayil tare da sauran kayan. Hanyar mafi sauki ta yin haka ta hanyar umarni.
sudo scp sunan mai amfani @ Mai watsa shiri: /etc/openvpn/easy-rsa/keys/ca.crt / sauransu / openvpn / sauki-rsa / keys
inda sunan mai amfani @ maraba - adireshin kayan aiki daga abin da za a saukewa. - Ya rage kawai don ƙirƙirar maɓallin sirri na sirri don haka a nan gaba za a haɗa ta ta hanyarsa. Yi wannan ta hanyar zuwa babban fayil ajiya.
cd / sauransu / openvpn / sauki-rsa /
. - Don ƙirƙirar fayil, yi amfani da umurnin:
sudo -i
# source ./vars
# gina-req LumpicsLumpics a wannan yanayin, sunan sunan fayil din. Maballin da aka haɓaka dole ne ya zama a cikin wannan shugabanci tare da sauran makullin.
- Ya rage kawai don aika maɓallin damar shiga don na'urar uwar garken don tabbatar da amincin haɗinta. Anyi wannan tare da taimakon wannan umurni ta hanyar da aka sauke da saukewa. Kana buƙatar shigar
scp /etc/openvpn/easy-rsa/keys/Lumpics.csr sunan mai amfani @ Mai watsa shiri: ~ /
inda sunan mai amfani @ maraba - sunan kwamfutar don aika, kuma Lumpics.csr - sunan fayil ɗin tare da maɓallin. - A kan uwar garken PC, tabbatar da maɓallin via
./sign-req ~ / Lumpics
inda Lumpics - sunan fayil. Bayan haka, sake dawo da bayanansudo scp sunan mai amfani @ Mai watsa shiri: /home/Lumpics.crt / sauransu / openvpn / sauki-rsa / keys
.
Wannan shine ƙarshen duk aikin farko, duk abin da ya rage shi ne don kawo OpenVPN kanta zuwa al'ada na al'ada kuma zaka iya fara amfani da haɗin sirri mai ɓoyayye tare da ɗaya daga cikin abokan ciniki.
Mataki na 4: Sanya OpenVPN
Jagoran mai biyowa zai shafi duka abokin ciniki da uwar garke. Za mu raba kowane abu bisa ga ayyukan da kuma gargadi kan canje-canje na na'urorin, saboda haka dole ne ku bi umarnin.
- Da farko, ƙirƙirar fayil ɗin sanyi a kan PC ɗin PC ta amfani da umarnin
zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
. A yayin da ke daidaita na'urorin abokan ciniki, wannan fayil ɗin dole ne a ƙirƙira shi daban. - Karanta dabi'u masu daraja. Kamar yadda kake gani, tashar tashar jiragen ruwa da yarjejeniya daidai suke da daidaito, amma babu ƙarin sigogi.
- Gudanar da fayil ta hanyar tsarawa ta hanyar edita
sudo nano /etc/openvpn/server.conf
. - Ba za mu shiga cikin cikakkun bayanai game da canza duk dabi'u ba, tun da a wasu lokuta sun zama mutum, amma alamun layin a cikin fayil ya kamata su kasance, amma irin wannan hoto yana kama da haka:
tashar jiragen ruwa 1194
bin udp
comp-lzo
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/ca.crt
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
tofalogy subnet
uwar garken 10.8.0.0 255.255.255.0
idanconfig-pool-dage ipp.txtBayan an kammala dukkan canje-canje, ajiye saitunan kuma rufe fayil.
- An kammala aikin tare da sashin uwar garke. Gudanar da OpenVPN ta hanyar fayil ɗin sabuntawa
openvpn /etc/openvpn/server.conf
. - Yanzu za mu fara na'urorin na'urorin. Kamar yadda aka riga aka ambata, an halicci fayil din saiti a nan, amma wannan lokaci ba'a kalla ba, don haka umurnin yana da nau'i mai biyowa:
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client.conf
. - Gudun fayil a daidai wannan hanya kamar yadda aka nuna a sama kuma sanya saitunan nan a can:
abokin ciniki
.
dev tun
bin udp
m 194.67.215.125 1194
ƙayyadewa-ƙaddamarwa mara iyaka
nobind
maɓallin ci gaba
jure tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Sergiy.crt
key /etc/openvpn/easy-rsa/keys/Sergiy.key
tls-auth ta.key 1
comp-lzo
nassin 3Lokacin da gyare-gyare ya cika, fara OpenVPN:
openvpn /etc/openvpn/client.conf
. - Yi rijista
idanconfig
don tabbatar da tsarin yana aiki. Daga dukkan dabi'un da aka nuna, dole ne a sami karamin aiki tun0.
Don sake turawa da bude damar Intanit don duk abokan ciniki a kan PC ɗin, za a buƙatar kunna umarnin da aka jera a ƙasa daya bayan daya.
sysctl -w net.ipv4.ip_forward = 1
iptables - INPUT -p udp --dport 1194 -j YAKE
iptables -I KAMATA -i tun0 -o eth0 -j ACCEPT
iptables -I KASAWA -i na da'a -i tun0 -j ACCEPT
iptables -t nat - POSTROUTING -o eth0 -j MASQUERADE
A cikin labarin yau, an gabatar da ku ga shigarwar da kuma shirya OpenVPN a kan uwar garken da abokin ciniki. Muna ba da shawara ka kula da sanarwar da aka nuna a "Ƙaddara" kuma bincika lambobin kuskure, idan akwai. Irin waɗannan ayyuka zasu taimaka wajen kawar da matsaloli tare da haɗuwa, saboda matsalar magance matsalar ta hana bayyanar wasu matsalolin da aka haifar.