Eto alafaramo Imọlẹmọlẹ
Tita Awọn ile-iṣẹ data Ilana ilokulo
akọsori - boga
Ibi iwaju alabujutoibi iwaju alabujuto
Olupin fun esiisakosoSSLAlakoso ISPWindows VPSLainos VPSVPS fun VPN
Imọlẹmọlẹ Awọn ilana ti o rọrun lati ṣiṣẹ pẹlu iṣẹ olupin Profitserver
Main Imọlẹmọlẹ Eto olupin VPN lori Lainos: PPTP tabi OpenVPN?

Eto olupin VPN lori Lainos: PPTP tabi OpenVPN?

Ni ode oni, imọ-ẹrọ VPN di olokiki diẹ sii. Awọn olumulo deede lo VPN lati wọle si Intanẹẹti lailewu. O tun ṣe iranlọwọ ni ayika awọn oju opo wẹẹbu ati awọn iṣẹ ti o dina ni agbegbe ati daabobo lodi si ihuwasi irira ita ti o ṣeeṣe. Nigbati o ba n sopọ si olupin VPN kan, oju eefin ailewu wa laarin kọnputa rẹ ati olupin ti ko le wọle lati ita, nitorinaa olupin VPN di aaye iwọle Intanẹẹti rẹ. Ọpọlọpọ awọn iṣẹ VPN wa nibẹ, mejeeji ọfẹ ati isanwo, ṣugbọn ti wọn ko ba ṣiṣẹ fun ọ fun idi kan, o le tunto olupin VPN tirẹ nigbagbogbo.

Lati ṣiṣẹ VPN oun rẹ, o yẹ iyalo olupin VPS. Sọfitiwia oriṣiriṣi wa ti o jẹ ki o ṣẹda asopọ VPN kan. O yatọ si ara wọn nipasẹ awọn ọna ṣiṣe atilẹyin ati awọn algoridimu ti a lo. A yoo wo awọn ọna ominira meji lati ṣeto olupin VPN kan. Eyi akọkọ da lori ilana PPTP ti o ti gba tẹlẹ pe ko ti ni aabo ṣugbọn o rọrun gaan lati tunto. Ẹlomiiran nṣiṣẹ igbalode ati sọfitiwia to ni aabo OpenVPN ṣugbọn nilo fifi sori ẹrọ ohun elo alabara ẹni-kẹta ati ilana iṣeto ni kikun diẹ sii.

Ni agbegbe idanwo wa, a yoo lo olupin foju ti agbara nipasẹ Ubuntu Server 18.04. A ogiriina ti wa ni lilọ lati wa ni pipa Switched lori olupin nitori awọn oniwe-iṣeto ni ye kan lọtọ article. A yoo ṣe apejuwe ilana iṣeto ni Windows 10.

Atọka akoonu
Gbe sokẹ

igbaradi

Laibikita iru olupin VPN ti o yan, iraye si intanẹẹti yoo wa ni ṣeto nipasẹ awọn ọna isọpọ ti ẹrọ iṣẹ. Lati le ṣii iraye si Intanẹẹti nipasẹ wiwo iṣẹ ita o ni lati gba ifiranšẹ siwaju soso laarin awọn atọkun ati tunto itumọ adirẹsi nẹtiwọki.

Lati yipada si fifiranšẹ siwaju soso ṣii faili naa "/etc/sysctl.conf" ati iyipada "net.ipv4.ip_forward" paramita iye sinu 1.

tan awọn apo-iwe firanšẹ siwaju fun iṣeto VPN

Lati le lo awọn ayipada laisi atunbere kọnputa, ṣiṣe aṣẹ naa

sudo sysctl -p /etc/sysctl.conf

Itumọ adirẹsi nẹtiwọki jẹ tunto nipasẹ ọna ti iptables. Ni akọkọ, ṣayẹwo orukọ wiwo nẹtiwọọki ita rẹ ti nṣiṣẹ aṣẹ naa "Ifihan ọna asopọ ip" - iwọ yoo nilo rẹ ni igbesẹ ti n tẹle. Orukọ wa ni "ens3".

ip ọna asopọ show

Mu itumọ adirẹsi nẹtiwọki ṣiṣẹ ni wiwo ita rẹ fun gbogbo awọn apa nẹtiwọki agbegbe.

sudo iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE

Ṣe akiyesi pe o nilo lati pato orukọ gidi ti wiwo olupin rẹ, o le yatọ si tiwa.

Nipa aiyipada, gbogbo awọn ofin ti a ṣẹda nipasẹ awọn iptables ni a tunto lẹhin ti olupin tun bẹrẹ. Lati yago fun eyi, lo "iptables-iduroṣinṣin" ohun elo. Fi sori ẹrọ apo-iwe atẹle yii:

sudo apt install iptables-persistent

Ni aaye diẹ lakoko ilana fifi sori ẹrọ, iwọ yoo rii window iṣeto kan ti yoo daba pe o fipamọ awọn ofin iptables lọwọlọwọ. Niwon awọn ofin ti wa ni asọye tẹlẹ, o kan jẹrisi ki o tẹ "Bẹẹni" lemeji. Ni bayi awọn ofin yoo lo laifọwọyi lẹhin atunbere olupin naa.

Tan itumọ adirẹsi

Olupin PPTP

Iṣeto ni olupin

Fi sori ẹrọ naa:

sudo apt install pptpd

Lẹhin ipari fifi sori ẹrọ, ṣii faili naa "/etc/pptpd.conf" ninu eyikeyi oluṣatunṣe ọrọ ati ṣatunkọ rẹ bii eyi:

option /etc/ppp/pptpd-options #path to the settings file
logwtmp #client connections logging mechanism
connections 100 #number of simultaneous connections
localip 172.16.0.1 #the address that will serve as a client gateway
remoteip 172.16.0.2-200 #range of addresses

Lẹhin iyẹn, satunkọ faili naa "/etc/ppp/pptpd-aṣayan". Pupọ julọ awọn paramita ti ṣeto nipasẹ aiyipada.

#name of the service for new client records
name pptpd
#restrict obsolete authentication methods
refuse-pap
refuse-chap
refuse-mschap
#allow a more secure authentication method
require-mschap-v2
#enable encryption
require-mppe-128
#specify dns servers for clients (use any available servers)
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
nodefaultroute
lock
nobsdcomp
novj
novjccomp
nologfd

Ni ipele ti o tẹle, iwọ yoo nilo lati ṣẹda igbasilẹ kan fun awọn asopọ onibara. Jẹ ki a sọ pe o fẹ lati ṣafikun olumulo kan "vpnuser" pẹlu ọrọigbaniwọle "1" ati ki o gba ìmúdàgba adirẹsi fun u. Ṣii faili naa "/etc/ppp/chap-asiri" ati ṣafikun laini atẹle pẹlu awọn aye olumulo ni ipari faili naa:

vpnuser pptpd 1 *

"pptpd" iye ni orukọ iṣẹ ti a sọ pato ninu faili naa "pptpd-aṣayan". Dipo "*" o le pato adiresi IP ti o wa titi. Ninu abajade, faili naa "Asiri-aṣiri" yẹ ki o dabi eyi:

Eto olupin VPN

Lati lo awọn eto tun awọn pptpd iṣẹ ki o si fi o si autoloading.

sudo systemctl restart pptpd
sudo systemctl enable pptpd

Iṣeto olupin ti pari.

Onibara iṣeto ni

Open "Bẹrẹ" - "Ètò" - Nẹtiwọọki & Intanẹẹti - "VPN" ki o si tẹ "Fi asopọ VPN kan kun"

Ṣeto alabara fun asopọ VPN

Tẹ awọn paramita asopọ ni window ṣiṣi ki o tẹ “Fipamọ”

  • Olupese VPN: "Windows (ti a ṣe sinu)"
  • Orukọ asopọ: "vpn_connect" (o le yan orukọ eyikeyi)
  • Orukọ olupin tabi adirẹsi: (pato adiresi IP ita ti olupin naa)
  • Iru VPN: "Alaifọwọyi"
  • Iru alaye iwọle: “Orukọ olumulo ati ọrọ igbaniwọle”
  • Orukọ olumulo: vpnuser (orukọ pato ninu faili “aṣiri-aṣiri” lori olupin naa)
  • Ọrọigbaniwọle: 1 (gẹgẹbi ninu faili “aṣiri-aṣiri”)

Lẹhin fifipamọ awọn paramita, iwọ yoo rii asopọ VPN tuntun ni window. Osi-tẹ awọn asopọ ati ki o yan "Sopọ". Ninu ọran ti asopọ aṣeyọri, iwọ yoo rii “Ti sopọ” ipo.

Fifi VPN asopọ

Ninu Awọn aṣayan, iwọ yoo wa awọn adirẹsi inu ti alabara ati olupin naa. Aaye "Adirẹsi opin si" ṣe afihan adirẹsi olupin ita.

Bii o ṣe le ṣeto olupin VPN funrararẹ

Nigbati o ba sopọ, adiresi IP inu ti olupin naa, 172.16.0.1 ninu ọran wa, di ẹnu-ọna aiyipada fun gbogbo awọn apo-iwe ti njade.

Ṣayẹwo ita IP-adirẹsi

Lilo eyikeyi iṣẹ ori ayelujara o le rii daju pe adiresi IP ita ti kọnputa jẹ bayi bakanna bi adiresi IP olupin VPN rẹ.

OpenVPN server

Iṣeto ni olupin

Jẹ ki a ṣe igbega ipele awọn igbanilaaye ti olumulo lọwọlọwọ nitori fun iṣeto wa siwaju a yoo nilo wiwọle root.

sudo -s

Fi sori ẹrọ gbogbo awọn idii pataki. A yoo nilo "Rọrun-RSA" soso lati ṣakoso awọn bọtini fifi ẹnọ kọ nkan.

apt install openvpn easy-rsa iptables-persistent

Gba awọn asopọ ti nwọle lori ibudo 1194 nipasẹ ilana UDP ati lo awọn ofin iptables.

sudo iptables -I INPUT -p udp --dport 1194 -j ACCEPT

sudo netfilter-persistent save

Ṣẹda itọsọna kan pẹlu awọn faili ti a daakọ lati inu package “Easy-RSA” ki o lọ kiri sinu rẹ.

make-cadir ~/openvpn

cd ~/openvpn

Ṣe ina Awọn amayederun Bọtini gbangba (PKI).

./easyrsa init-pki

Ṣe ina Ijẹrisi Ijẹrisi (CA) ijẹrisi root.

./easyrsa build-ca

Lakoko ilana ẹda, iwọ yoo ti ọ lati ṣeto ati ranti ọrọ igbaniwọle kan. Iwọ yoo tun nilo lati dahun awọn ibeere ati tẹ alaye sii nipa oniwun bọtini. O le fi awọn iye aiyipada ti a pese silẹ ni awọn biraketi onigun mẹrin. Tẹ "Tẹ" lati pari igbewọle.

Ṣe ina kọkọrọ ikọkọ ati ibeere ijẹrisi kan. Gẹgẹbi ariyanjiyan, pato orukọ lainidii; Ninu ọran tiwa, “vpn-server” ni.

./easyrsa gen-req vpn-server nopass

Fi iye Orukọ Wọpọ silẹ bi aiyipada.

Wole ibeere ijẹrisi olupin ti ipilẹṣẹ.

./easyrsa sign-req server vpn-server

Ni ipele yii, dahun “bẹẹni” lati jẹrisi ibuwọlu naa, lẹhinna tẹ ọrọ igbaniwọle ti o ṣẹda lakoko iran ijẹrisi root.

Ṣe ipilẹṣẹ Diffie-Hellman. Awọn paramita wọnyi ni a lo fun paṣipaarọ bọtini aabo laarin olupin ati alabara.

./easyrsa gen-dh

Gbogbo awọn faili pataki ti ni ipilẹṣẹ. Jẹ ki a ṣẹda folda "awọn bọtini" kan ninu OpenVPN ṣiṣẹ liana lati tọju awọn bọtini ati daakọ awọn faili ti o ṣẹda nibẹ.

mkdir /etc/openvpn/keys

sudo cp pki/ca.crt pki/issued/vpn-server.crt pki/private/vpn-server.key pki/dh.pem /etc/openvpn/keys

Tunto NAT lilo iptables awọn ofin. Ṣẹda faili ti a npè ni nat ati ki o ṣii o fun ṣiṣatunkọ ninu awọn /etc/openvpn/ liana.

#!/bin/sh

# Reset firewall settings
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

# (eth0 in our case, may vary)
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# (eth0 in our case, may vary)
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

# Allow OpenVPN connections (eth0 in our case, may vary)
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT

iptables -A INPUT -i tun0 -j ACCEPT

# (eth0 in our case, may vary):
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT

# (eth0 in our case, may vary)
iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Enable masquerading for the local network (eth0 in our case, may vary)
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE

# Deny incoming connections from outside
iptables -A INPUT -i eth0 -j DROP

# Deny transit traffic from outside (eth0 in our case, may vary)
iptables -A FORWARD -i eth0 -o tun0 -j DROP

sudo netfilter-persistent save

Fi faili pamọ ki o jẹ ki o ṣiṣẹ.

sudo chmod 755 /etc/openvpn/nat

Daakọ awoṣe iṣeto olupin naa.

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn/

Šii faili naa "/etc/openvpn/server.conf" fun ṣiṣatunkọ, rii daju pe o ni awọn laini wọnyi ninu, ki o si ṣatunkọ wọn ti o ba nilo:

#Port, protocol, and interface

port 1194

proto udp

dev tun
#Path to the encryption keys

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/vpn-server.crt

key /etc/openvpn/keys/vpn-server.key

dh /etc/openvpn/keys/dh.pem

#SHA256 Hashing Algorithm

auth SHA256
#Switching off additional encryption

#tls-auth ta.key 0
#Network parameters

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist /var/log/openvpn/ipp.txt

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 8.8.8.8"

push "dhcp-option DNS 8.8.4.4"
#Ping every 10 seconds to check the connection.

keepalive 10 120
#Set up AES-256 encryption for the tunnel.

cipher AES-256-GCM
#Demoting the service OpenVPN after launch

user nobody

group nogroup
#Switching on parameters saving after reboot

persist-key

persist-tun
#Set log verbosity

verb 3
#Redirecting logs

log-append /var/log/openvpn/openvpn.log
#Script the rule installation launch.

up /etc/openvpn/nat

Jeki gbigbe ijabọ lori olupin naa.

sudo sysctl -w net.ipv4.ip_forward=1

echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf

Bẹrẹ OpenVPN lati lo iṣeto naa.

systemctl restart openvpn@server

Iṣeto olupin ti pari!

Onibara iṣeto ni

Lọ si oju opo wẹẹbu osise ti OpenVPN”https://openvpn.net", lọ si awọn "AWUJO" apakan.

Заходим на официальный сайт проекта “https://openvpn.net”, переходим в раздел “AWUJO”.

Yi lọ si isalẹ ki o ṣe igbasilẹ ẹrọ fifi sori ẹrọ fun ẹya ẹrọ iṣẹ rẹ. Ninu ọran wa, o jẹ Windows 11 ARM64.

пролистываем вниз и скачиваем инсталлятор для своей версии операционной системы. Fun Windows 11 ARM64.

Fi sori ẹrọ ohun elo ti nlọ gbogbo awọn paramita nipasẹ aiyipada.

Ni ipele atẹle iwọ yoo nilo lati mura faili atẹle lori olupin naa ki o gbe wọn si kọnputa alabara:

  • àkọsílẹ ati ni ikọkọ bọtini;
  • ẹda bọtini ile-iṣẹ ijẹrisi;
  • konfigi awoṣe faili.

Sopọ si olupin naa, gbe awọn anfani ga, ki o lọ kiri si itọsọna ti a ṣẹda "~/openvpn".

sudo -s

cd ~/openvpn

Ṣẹda bọtini ikọkọ ati ibeere ijẹrisi fun alabara. Gẹgẹbi ariyanjiyan, pato orukọ lainidii; ninu ọran tiwa, “client1” ni.

./easyrsa gen-req client1 nopass

Tẹ ọrọ igbaniwọle sii ti a ṣeto nigbati o ṣẹda ijẹrisi root ki o lọ kuro ni Orukọ Wọpọ bi aiyipada.

Вводим пароль, который мы устанавливали при создании корневого сертификата и оставляем значение Orukọ Wọpọ.

Wole ibeere ijẹrisi alabara ti ipilẹṣẹ.

./easyrsa sign-req client client1

Ni ipele yii, dahun “bẹẹni” lati jẹrisi ibuwọlu naa, lẹhinna tẹ ọrọ igbaniwọle ti o ṣẹda lakoko iran ijẹrisi root.

Mo le gba "bẹẹni" fun awọn ipadabọ ipakokoropade, ipalọlọ ipalọlọ, ipalọlọ ipalọlọ, ipalọlọ ipalọlọ. корневого сертификата.

Fun irọrun, jẹ ki a ṣẹda folda kan ti a npè ni 'client1' ninu itọsọna ile ati daakọ gbogbo awọn faili ti a pinnu fun gbigbe si kọnputa alabara sinu rẹ.

mkdir ~/client1

cp pki/issued/client1.crt pki/private/client1.key pki/ca.crt ~/client1/

Daakọ awoṣe faili atunto alabara si itọsọna kanna. Yi itẹsiwaju faili pada si ".ovpn" nigba didakọ.

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client1/client.ovpn

Yi awọn eni ti awọn liana ati gbogbo awọn faili "~/onibara1/" lati ni anfani lati pin wọn si onibara. Jẹ ki a ṣe "mihail" onilu ninu ọran tiwa.

chown -R mihail:mihail ~/client1

Lọ si awọn ose kọmputa ki o si da awọn akoonu ti awọn "~/onibara1/" folda. O le ṣe pe pẹlu iranlọwọ ti awọn "PSCP" IwUlO, ti o lọ pẹlu Putty.

PSCP -r mihail@[IP_сервера]:/home/mihail/client1 c:\client1

O le fipamọ awọn faili bọtini "ca.crt", "onibara1.crt", "client1.bọtini" nibikibi ti o ba fẹ. Ninu ọran wa, wọn wa ninu folda yii "c: \ Awọn faili eto \ OpenVPN \ awọn bọtini", ati pe a ṣe ipo faili atunto "client.ovpn" sinu "c: \ Awọn faili eto \ OpenVPN \ konfigi" liana.

Bayi jẹ ki ká gba lati leto awọn ose. Ṣii faili naa "c: \ Awọn faili eto \ OpenVPN \ konfigi \ client.ovpn" ninu olootu ọrọ ati ṣatunkọ awọn laini wọnyi:

#announce that this is the client

client
#interface and protocol just like on the server

dev tun

proto udp
#IP address of the server and port

remote ip_address 1194
#saving parameters after reload

persist-key

persist-tun
#key paths

ca “c:\\Program Files\\OpenVPN\\keys\\ca.cert”

cert “c:\\Program Files\\OpenVPN\\keys\\client1.crt”

key “c:\\Program Files\\OpenVPN\\keys\\client1.key”
#enable server verification

remote-cert-tls server
#disable extra encryption

#tls-auth ta.key 1

cipher AES-256-CBC

auth-nocache

verb 3

Fi iyokù silẹ laifọwọkan.

Fi faili pamọ ki o ṣe ifilọlẹ ohun elo alabara "OpenVPN GUI".

Eto VPN ti pari

Tẹ-ọtun lori aami app ni aaye iṣẹ-ṣiṣe ki o yan "Sopọ". Ti asopọ ba ṣaṣeyọri aami yoo tan alawọ ewe.

Lo eyikeyi iṣẹ ori ayelujara lati rii daju pe adiresi IP ti gbogbo eniyan ti yipada ati pe o jẹ bayi bakanna bi adiresi IP olupin naa.

❮ Nkan ti o ti kọja Bii o ṣe le ṣeto Wireguard VPN lori olupin rẹ
Nkan ti o tẹle ❯ Eto olupin FTP

Beere wa nipa VPS

A ni o wa nigbagbogbo setan lati dahun ibeere rẹ ni eyikeyi akoko ti ọjọ tabi oru.
ProfitServer
@profitserver
Darapọ mọ lori ikanni