I kēia mau lā, ʻoi aku ka kaulana o ka ʻenehana VPN. Hoʻohana nā mea hoʻohana maʻamau i ka VPN e komo palekana i ka Pūnaewele. Kōkua ia i ka hele ʻana i nā pūnaewele a me nā lawelawe i hoʻopaʻa ʻia a pale aku i ka hana ʻino o waho. Ke hoʻopili nei ʻoe i kahi kikowaena VPN, aia kahi alahele palekana ma waena o kāu kamepiula a me ke kikowaena ʻaʻole hiki ke kiʻi ʻia mai waho, no laila e lilo ka server VPN i kāu wahi e komo ai i ka Pūnaewele. Nui nā lawelawe VPN ma laila, manuahi a uku ʻia, akā inā ʻaʻole lākou e hana iā ʻoe no kekahi kumu, hiki iā ʻoe ke hoʻonohonoho mau i kāu kikowaena VPN.
No ka holo ʻana i kāu VPN, pono ʻoe hoʻolimalima VPS kikowaena. Aia nā polokalamu like ʻole e hiki ai iā ʻoe ke hana i kahi pilina VPN. ʻOkoʻa ia mai kekahi i kekahi e nā ʻōnaehana hana i kākoʻo ʻia a hoʻohana ʻia nā algorithms. E nānā mākou i ʻelua ala kūʻokoʻa e hoʻonohonoho i kahi kikowaena VPN. Hoʻokumu ʻia ka mea mua ma ka protocol PPTP i manaʻo ʻia he kahiko a ʻaʻole paʻa akā maʻalahi loa e hoʻonohonoho. Hoʻohana ka mea ʻē aʻe i ka polokalamu hou a paʻa ʻo OpenVPN akā pono e hoʻokomo i kahi noi mea kūʻai aku ʻaoʻao ʻekolu a me kahi kaʻina hoʻonohonoho ʻoi aku ka maikaʻi.
I kā mākou hoʻāʻo ʻana, e hoʻohana mākou i kahi kikowaena virtual i hoʻohana ʻia e ka Ubuntu Server 18.04. E hoʻopau ʻia kahi pā ahi ma ke kikowaena no ka mea e pono ana kāna hoʻonohonoho ʻana i kahi ʻatikala kaʻawale. E wehewehe mākou i ke kaʻina hana hoʻonohonoho ma Windows 10.
e hoomakaukau ai
ʻAʻohe mea VPN āu e koho ai, e hoʻonohonoho ʻia ka ʻike pūnaewele e nā ala hoʻohui o ka ʻōnaehana hana. No ka wehe ʻana i ka ʻike pūnaewele ma o kahi kikowaena lawelawe waho, pono ʻoe e ʻae i ka hoʻouna ʻana i ka packet ma waena o nā mea hoʻopili a hoʻonohonoho i ka unuhi ʻōlelo helu pūnaewele.
No ka hoʻomaka ʻana i ka packet e wehe i ka faila “/etc/sysctl.conf” a hoʻololi “net.ipv4.ip_forward” waiwai hoʻohālikelike i loko 1.
No ka hoʻohana ʻana i nā loli me ka ʻole e hoʻomaka hou i ke kamepiula, e holo i ke kauoha
sudo sysctl -p /etc/sysctl.confHoʻonohonoho ʻia ka unuhi helu wahi pūnaewele ma o ka ipoku. ʻO ka mea mua, e nānā i ka inoa o kāu kikowaena pūnaewele waho e holo ana i ke kauoha "hōʻike i ka loulou ip" - pono ʻoe iā ia ma ka pae aʻe. ʻO ko mākou inoa “ens3”.
E hoʻā i ka unuhi ʻana i ka helu wahi pūnaewele ma kāu interface waho no nā node pūnaewele kūloko.
sudo iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADEE hoʻomaopopo pono ʻoe e kuhikuhi i ka inoa maoli o kāu kikowaena kikowaena, hiki ke ʻokoʻa mai kā mākou.
Ma ka maʻamau, hoʻonohonoho hou ʻia nā lula a pau i hana ʻia e nā iptables ma hope o ka hoʻomaka ʻana o ke kikowaena. I mea e pale ai i kēlā, hoʻohana "iptables-hoʻomau" pono. E hoʻouka i kēia ʻeke:
sudo apt install iptables-persistentI kekahi manawa i ke kaʻina hana, e ʻike ʻoe i kahi puka hoʻonohonoho e hōʻike iā ʻoe e mālama i nā lula iptables o kēia manawa. No ka mea ua wehewehe mua ʻia nā lula, e hōʻoia wale a kaomi "ʻAe" pālua. Mai kēia manawa e hoʻohana ʻia nā lula ma hope o ka hoʻomaka ʻana o ke kikowaena.
Mea lawelawe PPTP
Hoʻonohonoho kikowaena
E hoʻouka i ka ʻeke:
sudo apt install pptpdMa hope o ka pau ʻana o ke kau ʻana, wehe i ka faila “/etc/pptpd.conf” i loko o kekahi mea hoʻoponopono kikokikona a hoʻoponopono e like me kēia:
option /etc/ppp/pptpd-options #path to the settings file
logwtmp #client connections logging mechanism
connections 100 #number of simultaneous connections
localip 172.16.0.1 #the address that will serve as a client gateway
remoteip 172.16.0.2-200 #range of addressesMa hope o kēlā, hoʻoponopono i ka faila "/etc/ppp/pptpd-koho". Hoʻonohonoho ʻia ka hapa nui o nā ʻāpana e ka paʻamau.
#name of the service for new client records
name pptpd#restrict obsolete authentication methods
refuse-pap
refuse-chap
refuse-mschap#allow a more secure authentication method
require-mschap-v2#enable encryption
require-mppe-128#specify dns servers for clients (use any available servers)
ms-dns 8.8.8.8
ms-dns 8.8.4.4proxyarp
nodefaultroute
lock
nobsdcomp
novj
novjccomp
nologfdI ka pae aʻe, pono ʻoe e hana i kahi moʻolelo no nā pilina o nā mea kūʻai aku. E ʻōlelo mākou makemake ʻoe e hoʻohui i kahi mea hoʻohana "vpnuser" me ka hua'ōlelo "1" ae ʻae i ka ʻōlelo hoʻoikaika nona. E wehe i ka faila "/etc/ppp/chap-mea huna" a hoʻohui i kēia laina me nā ʻāpana o ka mea hoʻohana ma ka hope o ka faila:
vpnuser pptpd 1 *“pptpd” ʻO ka waiwai ka inoa o ka lawelawe a mākou i kuhikuhi ai i ka faila “pptpd-koho”. Ma kahi o "*" hiki iā ʻoe ke kuhikuhi i kahi helu IP paʻa. I ka hopena, ka faila “mau mea huna” pono e like me keia:
No ka hoʻohana ʻana i nā hoʻonohonoho hoʻonohonoho hou i ka pptpd lawelawe a hoʻohui i ka autoloading.
sudo systemctl restart pptpd
sudo systemctl enable pptpdUa pau ka hoʻonohonoho kikowaena.
Hoʻonohonoho mea kūʻai aku
Open "E hoʻomaka" - "Nā koho" - Pūnaewele & Pūnaewele - "VPN" a kaomi "Hoʻohui i kahi pilina VPN"
E hoʻokomo i nā palena pili i ka puka makani i wehe ʻia a kaomi “Mālama”
- Mea hoʻolako VPN: “Windows (built-in)”
- Ka inoa pili: "vpn_connect" (hiki iā ʻoe ke koho i kekahi inoa)
- Ka inoa kikowaena a i ʻole ka helu wahi: (e wehewehe i ka helu IP waho o ke kikowaena)
- ʻAno VPN: “Auto”
- Ke ʻano o ka ʻike komo: "Inoa mea hoʻohana a me ka ʻōlelo huna"
- Inoa mea hoʻohana: vpnuser (inoa i kuhikuhi ʻia ma ka faila "chap-secrets" ma ke kikowaena)
- Hua huna: 1 (e like me ka waihona "chap-secrets")
Ma hope o ka mālama ʻana i nā ʻāpana, e ʻike ʻoe i ka pilina VPN hou ma ka pukaaniani. E kaomi hema i ka pilina a koho "Hoʻohui". I ka hihia o ka pilina holomua, e ʻike ʻoe “Pili” kūlana.
Ma nā koho, e ʻike ʻoe i nā helu kūloko o ka mea kūʻai aku a me ke kikowaena. Kihapai “Helu helu wahi” hōʻike i ka helu kikowaena waho.
Ke hoʻohui ʻia, ka IP IP kūloko o ke kikowaena, 172.16.0.1 i kā mākou hihia, lilo ia i ʻīpuka paʻamau no nā ʻeke puka waho.
Me ka hoʻohana ʻana i kekahi lawelawe pūnaewele hiki iā ʻoe ke hōʻoia i ka like ʻana o ka helu IP waho o ke kamepiula me ka IP address o kāu kikowaena VPN.
OpenVPN kikowaena pūnaewele
Hoʻonohonoho kikowaena
E paipai kākou i ka pae ʻae o ka mea hoʻohana i kēia manawa no ka mea no kā mākou hoʻonohonoho hou e pono ai mākou i ke aʻa.
sudo -sE hoʻouka i nā ʻeke pono a pau. Pono mākou “Easy-RSA” packet e hoʻokele i nā kī hoʻopunipuni.
apt install openvpn easy-rsa iptables-persistentE ʻae i nā pilina e komo mai ana ma ke awa 1194 ma o ka protocol UDP a hoʻopili i nā lula iptables.
sudo iptables -I INPUT -p udp --dport 1194 -j ACCEPT
sudo netfilter-persistent saveE hana i kahi papa kuhikuhi me nā faila i kope ʻia mai ka pūʻolo "Easy-RSA" a hoʻokele i loko.
make-cadir ~/openvpn
cd ~/openvpnE hoʻomohala i nā ʻōnaehana kī lehulehu (PKI).
./easyrsa init-pkiE hana i ka palapala aʻa palapala Mana Mana (CA).
./easyrsa build-caI ka wā o ka hana ʻana, e koi ʻia ʻoe e hoʻonohonoho a hoʻomanaʻo i kahi ʻōlelo huna. Pono ʻoe e pane i nā nīnau a hoʻokomo i ka ʻike e pili ana i ka mea nona ke kī. Hiki iā ʻoe ke waiho i nā waiwai paʻamau i hāʻawi ʻia ma nā bracket square. E kaomi "Enter" e hoʻopau i ka hoʻokomo.
E hana i kahi kī pilikino a me kahi noi palapala. Ma ke ʻano he hoʻopaʻapaʻa, e kuhikuhi i kahi inoa kūʻokoʻa; i kā mākou hihia, ʻo ia ka "vpn-server".
./easyrsa gen-req vpn-server nopassE waiho i ka waiwai maʻamau ma ke ʻano he paʻamau.
E hōʻailona i ka noi palapala kikowaena i hana ʻia.
./easyrsa sign-req server vpn-serverMa kēia ʻanuʻu, e pane "ʻae" e hōʻoia i ka pūlima, a laila e hoʻokomo i ka ʻōlelo huna i hana ʻia i ka wā o ka hanauna palapala kumu.
E hana i nā ʻāpana Diffie-Hellman. Hoʻohana ʻia kēia mau ʻāpana no ka hoʻololi kī paʻa ma waena o ke kikowaena a me ka mea kūʻai aku.
./easyrsa gen-dh
Ua hana ʻia nā faila pono a pau. E hana mākou i kahi waihona "kī" ma ka papa kuhikuhi hana OpenVPN e mālama i nā kī a kope i nā faila i hana ʻia ma laila.
mkdir /etc/openvpn/keys
sudo cp pki/ca.crt pki/issued/vpn-server.crt pki/private/vpn-server.key pki/dh.pem /etc/openvpn/keysE hoʻonohonoho i ka NAT me ka hoʻohana ʻana iptables rula. E hana i kahi faila i kapa ʻia nat a wehe ia no ka hooponopono ana ma ka /etc/openvpn/ papa kuhikuhi.
#!/bin/sh
# Reset firewall settings
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
# (eth0 in our case, may vary)
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# (eth0 in our case, may vary)
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
# Allow OpenVPN connections (eth0 in our case, may vary)
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
# (eth0 in our case, may vary):
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
# (eth0 in our case, may vary)
iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Enable masquerading for the local network (eth0 in our case, may vary)
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
# Deny incoming connections from outside
iptables -A INPUT -i eth0 -j DROP
# Deny transit traffic from outside (eth0 in our case, may vary)
iptables -A FORWARD -i eth0 -o tun0 -j DROP
sudo netfilter-persistent saveE mālama i ka faila a hiki ke hoʻokō.
sudo chmod 755 /etc/openvpn/natE kope i ka la'ana ho'onohonoho kikowaena.
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn/E wehe i ka pūnaewele “/etc/openvpn/server.conf” no ka hoʻoponopono ʻana, e ʻike pono aia nā laina i lalo, a hoʻoponopono inā pono:
#Port, protocol, and interface
port 1194
proto udp
dev tun#Path to the encryption keys
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/vpn-server.crt
key /etc/openvpn/keys/vpn-server.key
dh /etc/openvpn/keys/dh.pem
#SHA256 Hashing Algorithm
auth SHA256#Switching off additional encryption
#tls-auth ta.key 0#Network parameters
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"#Ping every 10 seconds to check the connection.
keepalive 10 120#Set up AES-256 encryption for the tunnel.
cipher AES-256-GCM#Demoting the service OpenVPN after launch
user nobody
group nogroup#Switching on parameters saving after reboot
persist-key
persist-tun#Set log verbosity
verb 3#Redirecting logs
log-append /var/log/openvpn/openvpn.log#Script the rule installation launch.
up /etc/openvpn/natE ʻae i ka hoʻouna ʻana i nā kaʻa ma ke kikowaena.
sudo sysctl -w net.ipv4.ip_forward=1
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.confE hoʻomaka i ka OpenVPN e hoʻopili i ka hoʻonohonoho.
systemctl restart openvpn@serverUa pau ka hoʻonohonoho kikowaena!
Hoʻonohonoho mea kūʻai aku
E hele i ka pūnaewele mana o OpenVPN "https://openvpn.net”, hele i ka “KOMUNITY” pauku.
E kaomi i lalo a hoʻoiho i ka mea hoʻonoho no kāu mana ʻōnaehana hana. I kā mākou hihia, ʻo Windows 11 ARM64.
E hoʻouka i ka palapala noi e waiho ana i nā ʻāpana āpau ma ke ʻano paʻamau.
I ka pae aʻe, pono ʻoe e hoʻomākaukau i kēia faila ma ke kikowaena a hoʻoili iā lākou i ka kamepiula o ka mea kūʻai aku:
- kī aupuni a pilikino;
- kope o ke kī kikowaena hōʻoia;
- config file template.
Hoʻohui i ke kikowaena, hoʻokiʻekiʻe i nā pono, a hoʻokele i kā mākou papa kuhikuhi i hana ʻia "~/openvpn".
sudo -s
cd ~/openvpnE hana i kahi kī pilikino a me kahi noi palapala no ka mea kūʻai aku. Ma ke ʻano he hoʻopaʻapaʻa, e kuhikuhi i kahi inoa kūʻokoʻa; i kā mākou hihia, ʻo ia ka "client1".
./easyrsa gen-req client1 nopassE hoʻokomo i ka ʻōlelo huna a mākou i hoʻonoho ai i ka wā e hana ai i ka palapala kumu a waiho i ka inoa inoa maʻamau ma ke ʻano he paʻamau.
E hōʻailona i ka noi palapala mea kūʻai aku.
./easyrsa sign-req client client1Ma kēia ʻanuʻu, e pane "ʻae" e hōʻoia i ka pūlima, a laila e hoʻokomo i ka ʻōlelo huna i hana ʻia i ka wā o ka hanauna palapala kumu.
No ka maʻalahi, e hana mākou i kahi waihona i kapa ʻia ʻo 'client1' ma ka papa kuhikuhi home a kope i nā faila a pau i manaʻo ʻia no ka hoʻoili ʻana i ka kamepiula mea kūʻai aku i loko.
mkdir ~/client1
cp pki/issued/client1.crt pki/private/client1.key pki/ca.crt ~/client1/E kope i ka waihona waihona hoʻonohonoho o ka mea kūʻai aku i ka papa kuhikuhi like. E hoʻololi i ka hoʻonui faila i “.ovpn” oiai e kope ana.
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client1/client.ovpnE hoʻololi i ka mea nona ka papa kuhikuhi a me nā faila a pau “~/client1/” i hiki ke puunaue ia lakou i ka mea kuai. E hana kākou “mihail” ka mea nona ko makou hihia.
chown -R mihail:mihail ~/client1E hele i ka kamepiula o ka mea kūʻai aku a kope i ka ʻike o ka “~/client1/” waihona. Hiki iā ʻoe ke hana i kēlā me ke kōkua o “PSCP” pono, e hele pū me Putty.
PSCP -r mihail@[IP_сервера]:/home/mihail/client1 c:\client1Hiki iā ʻoe ke mālama i nā faila koʻikoʻi “ca.crt”, “client1.crt”, “client1.key” ma kahi āu e makemake ai. I kā mākou hihia, aia lākou i loko o kēia waihona "c:\Program Files\OpenVPN\keys", a hoʻololi mākou i ka faila config “client.ovpn” i loko o "c:\Program Files\OpenVPN\config" papa kuhikuhi.
I kēia manawa e hoʻomaka kākou i ka hoʻonohonoho ʻana i ka mea kūʻai aku. E wehe i ka faila "c:\Program Files\OpenVPN\config\client.ovpn" i loko o ka mea hoʻoponopono kikokikona a hoʻoponopono i kēia mau laina:
#announce that this is the client
client#interface and protocol just like on the server
dev tun
proto udp#IP address of the server and port
remote ip_address 1194#saving parameters after reload
persist-key
persist-tun#key paths
ca “c:\\Program Files\\OpenVPN\\keys\\ca.cert”
cert “c:\\Program Files\\OpenVPN\\keys\\client1.crt”
key “c:\\Program Files\\OpenVPN\\keys\\client1.key”#enable server verification
remote-cert-tls server#disable extra encryption
#tls-auth ta.key 1
cipher AES-256-CBC
auth-nocache
verb 3E waiho i ke koena me ka ʻole.
E mālama i ka faila a hoʻomaka i ka noi mea kūʻai aku "OpenVPN GUI".
E kaomi akau i ka icon app ma ka taskbar a koho "Hoʻohui". Inā holomua ka pilina, e ʻōmaʻomaʻo ka ikona.
E hoʻohana i kekahi lawelawe pūnaewele e hōʻoia i ka loli ʻana o kāu helu IP lehulehu a ua like kēia manawa me ka helu IP o ke kikowaena.
