Ugbu a, teknụzụ VPN na-aghọwanye ewu ewu. Ndị ọrụ nkịtị na-eji VPN nweta ịntanetị n'enweghị nsogbu. Ọ na-enyekwara aka ịgagharị na webụsaịtị na ọrụ egbochiri mpaghara wee chebe megide omume ọjọọ mpụga enwere ike. Mgbe ị na-ejikọ na sava VPN, enwere ọwara dị mma n'etiti kọmpụta gị na nkesa nke enweghị ike ịnweta ya na mpụga, yabụ sava VPN na-aghọ ebe ịntanetị gị. Enwere ọtụtụ ọrụ VPN n'ebe ahụ, ma n'efu na nke akwụ ụgwọ, mana ọ bụrụ na ha anaghị arụ ọrụ maka gị maka ihe ụfọdụ, ị nwere ike ịhazi ihe nkesa VPN gị mgbe niile.
Iji mee VPN oun gị, ị kwesịrị mgbazinye VPS nkesa. Enwere ngwanrọ dị iche iche na-enye gị ohere ịmepụta njikọ VPN. Ọ dị iche na ibe ya site na sistemụ arụmọrụ na-akwado yana algọridim eji. Anyị ga-elele ụzọ abụọ nọọrọ onwe ha iji guzobe sava VPN. Nke mbụ dabere na PPTP protocol nke a na-ewerela na ọ bụ ihe anaghịzi adị na ya na ọ nweghị nchekwa mana ọ dị mfe ịhazi. Nke ọzọ na-eji OpenVPN sọftụwia nke ọgbara ọhụrụ mana ọ chọrọ ịwụnye ngwa ndị ahịa nke atọ yana usoro nhazi nke ọma.
Na gburugburu ule anyị, anyị ga-eji sava mebere nke Ubuntu Server 18.04 kwadoro. A ga-agbanyụ ọkụ firewall na ihe nkesa n'ihi na nhazi ya kwesịrị inwe isiokwu dị iche. Anyị ga-akọwa usoro ntọlite na Windows 10.
Nkwadebe
N'agbanyeghị ihe nkesa VPN ị họọrọ, a ga-edozi ohere ịntanetị site na agbakwunyere sistemụ arụmọrụ. Iji mepee ohere ịntanetị site na interface ọrụ mpụga, ị ga-ahapụrịrị mbugharị ngwugwu n'etiti oghere ma hazie ntụgharị asụsụ netwọkụ.
Ka ịgbanwuo mbugharị ngwugwu mepee faịlụ "/etc/sysctl.conf" ma gbanwee "net.ipv4.ip_forward" oke uru n'ime 1.
Ka itinye mgbanwe na-enweghị ịmalitegharị kọmputa, mee iwu ahụ
sudo sysctl -p /etc/sysctl.confA na-ahazi ntụgharị asụsụ netwọkụ site na iji iptables. Nke mbụ, lelee aha interface netwọk gị dị na mpụga na-agba iwu ahụ "IP njikọ ihe ngosi" - ị ga-achọ ya na nzọụkwụ ọzọ. Aha anyị bụ "ens3".
Kwado ntụgharị asụsụ adreesị netwọkụ na ihu mpụga gị maka ọnụ netwọk mpaghara niile.
sudo iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADERịba ama na ịkwesịrị ịkọwapụta ezigbo aha ihe nkesa gị, ọ nwere ike ịdị iche na nke anyị.
Site na ndabara, iwu niile nke iptables mebere ka emegharịrị ka ihe nkesa malitegharịa. Iji gbochie nke ahụ, jiri "iptables-na-adịgide adịgide" ịba uru. Wụnye ngwugwu a:
sudo apt install iptables-persistentN'oge ụfọdụ n'oge usoro nrụnye, ị ga-ahụ windo nhazi nke ga-atụ aro ka ị chekwaa iwu iptables dị ugbu a. Ebe ọ bụ na akọwaworị iwu ndị ahụ, dị nnọọ gosi na pịa "Ee" ugboro abụọ. Ebe ọ bụ na ugbu a iwu ga-etinyere na-akpaghị aka mgbe ihe nkesa Malitegharịa ekwentị.
Ihe nkesa PPTP
Nhazi nkesa
Wụnye ngwugwu:
sudo apt install pptpdMgbe echichi kwụsịrị, mepee faịlụ ahụ "/etc/pptpd.conf" na editọ ederede ọ bụla wee dezie ya dị ka nke a:
option /etc/ppp/pptpd-options #path to the settings file
logwtmp #client connections logging mechanism
connections 100 #number of simultaneous connections
localip 172.16.0.1 #the address that will serve as a client gateway
remoteip 172.16.0.2-200 #range of addressesMgbe nke ahụ gasịrị, dezie faịlụ "/etc/ppp/pptpd-nhọrọ". A na-ahazi ọtụtụ n'ime paramita ahụ na ndabara.
#name of the service for new client records
name pptpd#restrict obsolete authentication methods
refuse-pap
refuse-chap
refuse-mschap#allow a more secure authentication method
require-mschap-v2#enable encryption
require-mppe-128#specify dns servers for clients (use any available servers)
ms-dns 8.8.8.8
ms-dns 8.8.4.4proxyarp
nodefaultroute
lock
nobsdcomp
novj
novjccomp
nologfdNa ọkwa ọzọ, ị ga-achọ ịmepụta ndekọ maka njikọ ndị ahịa. Ka anyị kwuo na ịchọrọ ịgbakwunye onye ọrụ "vpnuser" na paswọọdụ "1" ma kwe ka ọ na-agwa ya okwu dị ike. Mepee faịlụ "/etc/ppp/chap-nzuzo" ma tinye ahịrị ndị a na parampat onye ọrụ na njedebe nke faịlụ:
vpnuser pptpd 1 *"pptpd" uru bụ aha ọrụ anyị kwuru na faịlụ ahụ "pptpd-nhọrọ". Kama "*" ị nwere ike ezipụta adreesị IP edobere. N'ihi ya, faịlụ "Isi nzuzo" kwesịrị ịdị ka nke a:
Ka itinye ntọala ahụ tọgharịa pptpd ọrụ ma tinye ya na nbudata akpaaka.
sudo systemctl restart pptpd
sudo systemctl enable pptpdNhazi nkesa agwụla.
Nhazi onye ahịa
Open “Bido” - "Ntọala" - Netwọk & Ịntanetị - "Okwey" na pịa "Tinye njikọ VPN"
Tinye paramita njikọ na mpio mepere emepe wee pịa "Chekwa"
- Onye na-eweta VPN: "Windows (wuru n'ime)"
- Aha njikọ: "vpn_connect" (ị nwere ike ịhọrọ aha ọ bụla)
- Aha sava ma ọ bụ adreesị: (kpọpụta adreesị IP mpụga nke ihe nkesa ahụ)
- Ụdị VPN: "akpaaka"
- Ụdị ozi nbanye: "Aha njirimara na paswọọdụ"
- Aha njirimara: vpnuser (aha akọwapụtara na faịlụ "chap-nzuzo" dị na sava ahụ)
- Paswọọdụ: 1 (dị ka ọ dị na faịlụ "isi-nzuzo")
Mgbe azọpụta parameters, ị ga-ahụ ọhụrụ VPN njikọ na window. Pịa aka ekpe njikọ wee họrọ "Jikọọ". N'ihe gbasara njikọ na-aga nke ọma, ị ga-ahụ “E Jikọrọ” ọnọdụ.
Na Nhọrọ, ị ga-ahụ adreesị ime nke onye ahịa na ihe nkesa. Ubi "Adrees ebe" na-egosiputa adreesị nkesa mpụga.
Mgbe ejikọrọ, adreesị IP nke ihe nkesa ahụ, 172.16.0.1 n'ọnọdụ anyị, na-aghọ ụzọ ndabara maka ngwugwu niile na-apụ apụ.
Iji ọrụ ọ bụla n'ịntanetị ị nwere ike ijide n'aka na adreesị IP mpụga nke kọmputa bụ ugbu a ka adreesị IP nke ihe nkesa VPN gị.
Ntọala OpenVPN
Nhazi nkesa
Ka anyị kwalite ọkwa ikike nke onye ọrụ ugbu a n'ihi na maka nhazi ọzọ anyị ga-achọ ịnweta mgbọrọgwụ.
sudo -sWụnye ngwugwu niile dị mkpa. Anyị ga-achọ "Mfe-RSA" ngwugwu iji jikwaa igodo nzuzo.
apt install openvpn easy-rsa iptables-persistentKwe ka njikọ mbata na ọdụ ụgbọ mmiri 1194 site na protocol UDP wee tinye iwu iptables.
sudo iptables -I INPUT -p udp --dport 1194 -j ACCEPT
sudo netfilter-persistent saveMepụta ndekọ nwere faịlụ ndị e depụtaghachiri na ngwungwu “Easy-RSA” wee banye na ya.
make-cadir ~/openvpn
cd ~/openvpnMepụta akụrụngwa igodo Ọhaneze (PKI).
./easyrsa init-pkiMepụta akwụkwọ mgbọrọgwụ ikike ikike (CA).
./easyrsa build-caN'oge usoro okike, a ga-akpali gị ịtọ ma cheta paswọọdụ. Ị ga-achọkwa ịza ajụjụ wee tinye ozi gbasara onye nwe igodo. Ị nwere ike hapụ ụkpụrụ ndabara enyere na brackets square. Pịa "Tinye" iji mechaa ntinye.
Mepụta igodo nzuzo yana arịrịọ asambodo. Dị ka arụmụka, kọwaa aha aka ike; N'ọnọdụ anyị, ọ bụ "vpn-server".
./easyrsa gen-req vpn-server nopassHapụ uru Aha nkịtị ka ọ bụrụ nke ndabara.
Banye arịrịọ akwụkwọ nkesa emepụtara.
./easyrsa sign-req server vpn-serverNa nzọụkwụ a, zaa "ee" iji kwado mbinye aka, wee tinye paswọọdụ emepụtara n'oge ọgbọ akwụkwọ mgbọrọgwụ.
Mepụta paramita Diffie-Hellman. A na-eji paramita ndị a maka mgbanwe igodo echekwara n'etiti sava na onye ahịa.
./easyrsa gen-dh
Ewepụtala faịlụ niile dị mkpa. Ka anyị mepụta nchekwa " igodo" na akwụkwọ ndekọ aha OpenVPN iji chekwaa igodo ma detuo faịlụ ndị emepụtara n'ebe ahụ.
mkdir /etc/openvpn/keys
sudo cp pki/ca.crt pki/issued/vpn-server.crt pki/private/vpn-server.key pki/dh.pem /etc/openvpn/keysHazie NAT site na iji iptables iwu. Mepụta faịlụ aha nat ma mepee ya maka edezi na /etc/openvpn/ ndekọ.
#!/bin/sh
# Reset firewall settings
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
# (eth0 in our case, may vary)
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# (eth0 in our case, may vary)
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
# Allow OpenVPN connections (eth0 in our case, may vary)
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
# (eth0 in our case, may vary):
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
# (eth0 in our case, may vary)
iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Enable masquerading for the local network (eth0 in our case, may vary)
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
# Deny incoming connections from outside
iptables -A INPUT -i eth0 -j DROP
# Deny transit traffic from outside (eth0 in our case, may vary)
iptables -A FORWARD -i eth0 -o tun0 -j DROP
sudo netfilter-persistent saveChekwaa faịlụ ma mee ka ọ rụọ ọrụ.
sudo chmod 755 /etc/openvpn/natDetuo template nhazi ihe nkesa.
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn/Mepee faịlụ "/etc/openvpn/server.conf" maka ndezi, hụ na o nwere ahịrị ndị a, wee dezie ha ma ọ bụrụ na achọrọ ya:
#Port, protocol, and interface
port 1194
proto udp
dev tun#Path to the encryption keys
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/vpn-server.crt
key /etc/openvpn/keys/vpn-server.key
dh /etc/openvpn/keys/dh.pem
#SHA256 Hashing Algorithm
auth SHA256#Switching off additional encryption
#tls-auth ta.key 0#Network parameters
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"#Ping every 10 seconds to check the connection.
keepalive 10 120#Set up AES-256 encryption for the tunnel.
cipher AES-256-GCM#Demoting the service OpenVPN after launch
user nobody
group nogroup#Switching on parameters saving after reboot
persist-key
persist-tun#Set log verbosity
verb 3#Redirecting logs
log-append /var/log/openvpn/openvpn.log#Script the rule installation launch.
up /etc/openvpn/natKwado mbugharị okporo ụzọ na ihe nkesa.
sudo sysctl -w net.ipv4.ip_forward=1
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.confMalite OpenVPN ka itinye nhazi ahụ.
systemctl restart openvpn@serverNhazi ihe nkesa agwụla!
Nhazi onye ahịa
Gaa na webụsaịtị gọọmentị nke OpenVPN "https://openvpn.net”, gaa na "OGE" ngalaba.
Pịgharịa gaa na ala ma budata installer maka ụdị sistemụ arụmọrụ gị. N'ọnọdụ anyị, ọ bụ Windows 11 ARM64.
Wụnye ngwa na-ahapụ paramita niile na ndabara.
N'oge ọzọ, ị ga-achọ ịkwadebe faịlụ ndị a na ihe nkesa ma nyefee ya na kọmputa ndị ahịa:
- igodo ọha na nke nzuzo;
- oyiri igodo etiti asambodo;
- template faịlụ config.
Jikọọ na ihe nkesa ahụ, bulie ohere gị, wee gaa na ndekọ aha emepụtara anyị "~/openvpn".
sudo -s
cd ~/openvpnMepụta igodo nzuzo yana arịrịọ akwụkwọ maka onye ahịa. Dị ka arụmụka, kọwaa aha aka ike; n'ọnọdụ anyị, ọ bụ "client1".
./easyrsa gen-req client1 nopassTinye paswọọdụ anyị debere mgbe ị na-eke akwụkwọ mgbọrọgwụ wee hapụ uru Aha a na-ahụkarị ka ndabere.
Banye arịrịọ akwụkwọ ikike ndị ahịa emepụtara.
./easyrsa sign-req client client1Na nzọụkwụ a, zaa "ee" iji kwado mbinye aka, wee tinye paswọọdụ emepụtara n'oge ọgbọ akwụkwọ mgbọrọgwụ.
Maka ịdị mma, ka anyị mepụta folda aha ya bụ 'client1' na ndekọ ụlọ wee detuo faịlụ niile echere maka ibufe na kọmputa onye ahịa n'ime ya.
mkdir ~/client1
cp pki/issued/client1.crt pki/private/client1.key pki/ca.crt ~/client1/Detuo ndebiri faịlụ nhazi onye ahịa na otu ndekọ. Gbanwee ndọtị faịlụ ka ọ bụrụ ".ovpn" mgbe ị na-edegharị.
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client1/client.ovpnGbanwee onye nwe ndekọ na faịlụ niile "~/onye ahịa1/" iji nwee ike ikesa ha na ndị ahịa. Ka anyị mee "mihail" onye nwe anyi.
chown -R mihail:mihail ~/client1Gaa na kọmputa onye ahịa ma detuo ọdịnaya nke "~/onye ahịa1/" nchekwa. Ị nwere ike ime nke ahụ site n'enyemaka nke "PSCP" Utility, nke na-aga na Putty.
PSCP -r mihail@[IP_сервера]:/home/mihail/client1 c:\client1Ị nwere ike ịchekwa faịlụ igodo "ca.crt", "client1.crt", "client1.key" ebe ọ bụla ị chọrọ. N'ọnọdụ anyị, ha nọ na folda a "c: faịlụ mmemme OpenVPN igodo", ma anyị na-edozi faịlụ nhazi ahụ "client.ovpn" n'ime "c: faịlụ mmemme OpenVPN config" ndekọ.
Ugbu a ka anyị ga-esi hazie onye ahịa. Mepee faịlụ "c: faịlụ mmemme OpenVPN\config\client.ovpn" na ndezi ederede wee dezie ahịrị ndị a:
#announce that this is the client
client#interface and protocol just like on the server
dev tun
proto udp#IP address of the server and port
remote ip_address 1194#saving parameters after reload
persist-key
persist-tun#key paths
ca “c:\\Program Files\\OpenVPN\\keys\\ca.cert”
cert “c:\\Program Files\\OpenVPN\\keys\\client1.crt”
key “c:\\Program Files\\OpenVPN\\keys\\client1.key”#enable server verification
remote-cert-tls server#disable extra encryption
#tls-auth ta.key 1
cipher AES-256-CBC
auth-nocache
verb 3Hapụ ndị ọzọ emetụghị aka.
Chekwaa faịlụ ma malite ngwa onye ahịa "OpenVPN GUI".
Pịa aka nri na akara ngosi ngwa dị na taskbar wee họrọ "Jikọọ". Ọ bụrụ na njikọ ahụ na-aga nke ọma, akara ngosi ga-atụgharị akwụkwọ ndụ akwụkwọ ndụ.
Jiri ọrụ ịntanetị ọ bụla iji jide n'aka na adreesị IP ọha gị agbanweela na ọ bụzi otu adreesị IP nke ihe nkesa ahụ.
