🥇 Me ke faruwa lokacin haɗa ciki da wajen rami na VPN

Ana haifar da labarai na gaske daga haruffa zuwa tallafin fasaha na Tucha. Misali, kwanan nan abokin ciniki ya tunkare mu tare da buƙatun don fayyace abin da ke faruwa yayin haɗin kai a cikin rami na VPN tsakanin ofishin mai amfani da yanayin gajimare, da kuma lokacin haɗin kai a wajen rami na VPN. Don haka, duk rubutun da ke ƙasa, ainihin wasiƙa ce da muka aika wa ɗaya daga cikin abokan cinikinmu don amsa tambayarsa. Tabbas, an canza adiresoshin IP don kada a ɓoye sunan abokin ciniki. Amma, ee, goyon bayan fasaha na Tucha ya shahara sosai don cikakkun amsoshi da imel masu ba da labari. 🙂

Tabbas, mun fahimci cewa ga mutane da yawa wannan labarin ba zai zama wahayi ba. Amma, tunda labarai na masu gudanar da novice suna fitowa akan Habr lokaci zuwa lokaci, kuma tunda wannan labarin ya fito daga ainihin wasiƙa zuwa abokin ciniki na gaske, har yanzu za mu raba wannan bayanin anan. Akwai babban yuwuwar cewa zai zama da amfani ga wani.
Sabili da haka, mun bayyana dalla-dalla abin da ke faruwa tsakanin uwar garken a cikin gajimare da ofis idan an haɗa su ta hanyar yanar gizo zuwa rukunin yanar gizo. Lura cewa wasu ayyuka ana samun dama daga ofis ne kawai, wasu kuma daga ko'ina a Intanet.

Nan da nan bari mu bayyana abin da abokin cinikinmu yake so akan sabar 192.168.A.1 Kuna iya zuwa daga ko'ina ta hanyar RDP, haɗi zuwa AAA2: 13389, da samun dama ga wasu ayyuka daga ofis kawai (192.168.B.0/24)an haɗa ta hanyar VPN. Hakanan, abokin ciniki da farko ya saita cewa motar 192.168.B.2 a cikin ofishin kuma yana yiwuwa a yi amfani da RDP daga ko'ina, haɗi zuwa BBB1:11111. Mun taimaka wajen tsara haɗin IPSec tsakanin gajimare da ofishin, kuma ƙwararren IT na abokin ciniki ya fara yin tambayoyi game da abin da zai faru a cikin wannan ko wannan yanayin. Don amsa duk waɗannan tambayoyin, mu, a gaskiya, mun rubuta masa duk abin da za ku iya karantawa a ƙasa.

Yanzu bari mu dubi waɗannan matakai dalla-dalla.

Matsayi na daya

Lokacin da aka aika wani abu daga 192.168.B.0/24 в 192.168.A.0/24 ko daga 192.168.A.0/24 в 192.168.B.0/24, yana shiga cikin VPN. Wato, wannan fakitin kuma an rufa masa asiri kuma ana watsa shi tsakanin BBB1 и AAA1, amma 192.168.A.1 yana ganin kunshin daidai daga 192.168.B.1. Suna iya sadarwa da juna ta amfani da kowace yarjejeniya. Ana watsa martanin maidowa ta hanya guda ta hanyar VPN, wanda ke nufin fakitin daga 192.168.A.1 to 192.168.B.1 za a aika a matsayin ESP datagram daga AAA1 a kan BBB1, wanda na'ura mai ba da hanya tsakanin hanyoyin sadarwa zai buɗe a wannan gefen, cire wannan fakitin daga gare ta kuma aika zuwa gare ta 192.168.B.1 a matsayin kunshin daga 192.168.A.1.

Misali na musamman:

1) 192.168.B.1 roko zuwa 192.168.A.1, yana so ya kafa haɗin TCP tare da 192.168.A.1:3389;

2) 192.168.B.1 aika bukatar haɗi daga 192.168.B.1:55555 (ya zabi lambar tashar jiragen ruwa don amsa da kansa; daga nan za mu yi amfani da lambar 55555 a matsayin misali na lambar tashar da tsarin ke zaɓar lokacin ƙirƙirar haɗin TCP) akan. 192.168.A.1:3389;

3) tsarin aiki wanda ke aiki akan kwamfuta mai adireshin 192.168.B.1, ya yanke shawarar tura wannan fakitin zuwa adireshin ƙofar na'ura mai ba da hanya tsakanin hanyoyin sadarwa (192.168.B.254 a cikin yanayinmu), saboda wasu, ƙarin takamaiman hanyoyi don 192.168.A.1, ba shi da, sabili da haka, yana watsa fakiti ta hanyar tsoho (0.0.0.0/0);

4) don wannan yana ƙoƙarin nemo adireshin MAC don adireshin IP 192.168.B.254 a cikin tebur cache yarjejeniya na ARP. Idan ba a gano shi ba, aika daga adireshin 192.168.B.1 watsa wanda ke da buƙatun zuwa cibiyar sadarwa 192.168.B.0/24. Lokacin 192.168.B.254 a mayar da martani, sai ya aika mata da adireshin MAC nasa, tsarin yana aika mata da fakitin Ethernet kuma ya shigar da wannan bayanin a cikin tebur ɗinsa;

5) na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya karbi wannan fakiti kuma ya yanke shawarar inda za a tura shi: yana da tsarin da aka rubuta wanda dole ne ya aika duk fakiti tsakanin. 192.168.B.0/24 и 192.168.A.0/24 canja wurin ta hanyar haɗin VPN tsakanin BBB1 и AAA1;

6) na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana haifar da ESP datagram daga BBB1 a kan AAA1;

7) na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya yanke shawarar wanda zai aika wa wannan fakitin, ya aika masa, ya ce, BBB254 (ISP ƙofar) saboda akwai ƙarin takamaiman hanyoyin zuwa AAA1, fiye da 0.0.0.0/0, ba shi da;

8) daidai kamar yadda aka riga aka fada, yana samo adireshin MAC don BBB254 kuma yana watsa fakitin zuwa ƙofar ISP;

9) Masu samar da Intanet suna watsa bayanan ESP daga BBB1 a kan AAA1;

10) Virtual Router a kunne AAA1 ya karɓi wannan datagram, ya ɓoye shi kuma ya karɓi fakiti daga 192.168.B.1:55555 to 192.168.A.1:3389;

11) na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana duba wanda zai mika shi, ya nemo hanyar sadarwa a cikin tebur 192.168.A.0/24 kuma ya aika kai tsaye zuwa 192.168.A.1, saboda yana da hanyar sadarwa 192.168.A.254/24;

12) don wannan, mai ba da hanya tsakanin hanyoyin sadarwa ya sami adireshin MAC don 192.168.A.1 kuma yana aika masa wannan fakiti ta hanyar hanyar sadarwa ta Ethernet;

13) 192.168.A.1 ya karɓi wannan fakiti akan tashar jiragen ruwa 3389, ya yarda ya kafa haɗin gwiwa kuma ya samar da fakitin amsa daga 192.168.A.1:3389 a kan 192.168.B.1:55555;

14) tsarinsa yana watsa wannan fakitin zuwa adireshin ƙofa na na'ura mai ba da hanya tsakanin hanyoyin sadarwa.192.168.A.254 a cikin yanayinmu), saboda wasu, ƙarin takamaiman hanyoyi don 192.168.B.1, ba shi da, sabili da haka, dole ne ya watsa fakiti ta hanyar da aka saba (0.0.0.0/0);

15) daidai da a lokuta da suka gabata, tsarin da ke aiki akan uwar garken tare da adireshin 192.168.A.1, nemo adireshin MAC 192.168.A.254, tunda yana kan hanyar sadarwa ɗaya ne tare da haɗin gwiwarsa 192.168.A.1/24;

16) na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana karɓar wannan fakiti kuma ya yanke shawarar inda za a tura shi: yana da ka'idar da aka rubuta bisa ga abin da dole ne ya aika duk fakiti tsakanin. 192.168.A.0/24 и 192.168.B.0/24 canja wurin ta hanyar haɗin VPN tsakanin AAA1 и BBB1;

17) na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana haifar da ESP datagram daga AAA1 to BBB1;

18) na'ura mai ba da hanya tsakanin hanyoyin sadarwa ta yanke shawarar wanda zai aika wa wannan fakitin, aika zuwa gare ta AAA254 (Kofar ISP, a wannan yanayin, mu ma), saboda akwai ƙarin takamaiman hanyoyin zuwa BBB1, fiye da 0.0.0.0/0, ba shi da;

19) Masu ba da Intanet suna watsa bayanan ESP akan hanyoyin sadarwar su tare da AAA1 a kan BBB1;

20) na'ura mai ba da hanya tsakanin hanyoyin sadarwa BBB1 ya karɓi wannan datagram, ya ɓoye shi kuma ya karɓi fakiti daga 192.168.A.1:3389 to 192.168.B.1:55555;

21) ya fahimci cewa ya kamata a canza shi musamman zuwa 192.168.B.1, tun da yake yana kan hanyar sadarwa guda ɗaya tare da shi, saboda haka, yana da shigarwar da ta dace a cikin tebur na routing, wanda ya tilasta masa ya aika fakiti ga duka. 192.168.B.0/24 kai tsaye;

22) na'ura mai ba da hanya tsakanin hanyoyin sadarwa sami adireshin MAC don 192.168.B.1 sannan ya mika masa wannan kunshin;

23) Tsarin aiki a kwamfuta mai adireshin 192.168.B.1 yana karɓar kunshin daga 192.168.A.1:3389 to 192.168.B.1:55555 kuma ya fara matakai na gaba don kafa haɗin TCP.

Wannan misalin a takaice kuma a sauƙaƙe (kuma a nan zaku iya tunawa da tarin wasu bayanai) yana bayyana abin da ke faruwa a matakan 2-4. Ba a la'akari da matakan 1, 5-7.

Matsayi na biyu

Idan tare da 192.168.B.0/24 ana aika wani abu musamman zuwa AAA2, ba ya zuwa VPN, amma kai tsaye. Wato, idan mai amfani daga adireshin 192.168.B.1 roko zuwa AAA2: 13389, wannan fakiti ya fito daga adireshin BBB1, wucewa AAA2, sa'an nan kuma na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya karba shi kuma aika shi zuwa 192.168.A.1. 192.168.A.1 bai san komai ba 192.168.B.1, yana ganin kunshin daga BBB1, domin ya same shi. Saboda haka, amsa wannan buƙatar ya bi hanyar gabaɗaya, yana fitowa daga adireshin a cikin hanyar AAA2 kuma zuwa BBB1, kuma wannan na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya aika da wannan amsar 192.168.B.1, yana ganin amsar daga AAA2, wanda ya yi magana.

Misali na musamman:

1) 192.168.B.1 roko zuwa AAA2, yana so ya kafa haɗin TCP tare da AAA2: 13389;

2) 192.168.B.1 aika bukatar haɗi daga 192.168.B.1:55555 (wannan lambar, kamar yadda yake a cikin misali na baya, na iya zama daban) akan AAA2: 13389;

3) tsarin aiki wanda ke aiki akan kwamfuta mai adireshin 192.168.B.1, ya yanke shawarar tura wannan fakitin zuwa adireshin ƙofar na'ura mai ba da hanya tsakanin hanyoyin sadarwa (192.168.B.254 a cikin yanayinmu), saboda wasu, ƙarin takamaiman hanyoyi don AAA2, ba shi da ɗaya, wanda ke nufin yana watsa fakiti ta hanyar da aka saba (0.0.0.0/0);

4) don wannan, kamar yadda muka ambata a cikin misali na baya, yana ƙoƙarin nemo adireshin MAC don adireshin IP 192.168.B.254 a cikin tebur cache yarjejeniya na ARP. Idan ba a gano shi ba, aika daga adireshin 192.168.B.1 watsa wanda ke da buƙatun zuwa cibiyar sadarwa 192.168.B.0/24. Lokacin 192.168.B.254 a mayar da martani, sai ya aika mata da adireshin MAC nasa, tsarin yana aika mata da fakitin Ethernet kuma ya shigar da wannan bayanin a cikin tebur ɗinsa;

5) na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya karbi wannan fakiti kuma ya yanke shawarar inda za a tura shi: yana da tsarin da aka rubuta wanda dole ne ya tura (maye gurbin adireshin dawowa) duk fakiti daga 192.168.B.0/24 zuwa sauran nodes na Intanet;

6) Tun da wannan manufar tana nuna cewa adireshin dawowa dole ne ya dace da ƙaramin adireshin da ke cikin keɓancewa ta hanyar da za a watsa wannan fakitin, mai ba da hanya tsakanin hanyoyin sadarwa ya fara yanke shawarar wanda zai aika wannan fakitin, kuma kamar yadda yake a cikin misalin da ya gabata, dole ne ya aika. ku BBB254 (ISP ƙofar) saboda akwai ƙarin takamaiman hanyoyin zuwa AAA2, fiye da 0.0.0.0/0, ba shi da;

7) don haka, na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya maye gurbin adireshin dawowa na fakiti, daga yanzu fakitin ya fito BBB1:44444 (lambar tashar jiragen ruwa, ba shakka, na iya zama daban) zuwa AAA2: 13389;

8) na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya tuna abin da ya yi, wanda ke nufin lokacin AAA2: 13389 к BBB1:44444 amsa ya iso, zai san cewa ya kamata ya canza adireshin da tashar jiragen ruwa zuwa 192.168.B.1:55555.

9) yanzu ya kamata mai na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya wuce shi zuwa cibiyar sadarwar ISP ta hanyar BBB254Saboda haka, kamar yadda muka riga aka ambata, yana samun adireshin MAC don BBB254 kuma yana watsa fakitin zuwa ƙofar ISP;

10) Masu samar da Intanet suna watsa fakiti daga BBB1 a kan AAA2;

11) Virtual Router a kunne AAA2 yana karɓar wannan fakiti akan tashar jiragen ruwa 13389;

12) akwai ka'ida akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa wanda ya nuna cewa fakitin da aka karɓa daga kowane mai aikawa a wannan tashar jiragen ruwa ya kamata a aika zuwa 192.168.A.1:3389;

13) na'ura mai ba da hanya tsakanin hanyoyin sadarwa ta sami hanyar sadarwa a cikin tebur mai tuƙi 192.168.A.0/24 kuma ya aika kai tsaye 192.168.A.1 saboda yana da interface 192.168.A.254/24;

14) don wannan, mai ba da hanya tsakanin hanyoyin sadarwa ya sami adireshin MAC don 192.168.A.1 kuma yana aika masa wannan fakiti ta hanyar hanyar sadarwa ta Ethernet;

15) 192.168.A.1 ya karɓi wannan fakiti akan tashar jiragen ruwa 3389, ya yarda ya kafa haɗin gwiwa kuma ya samar da fakitin amsa daga 192.168.A.1:3389 a kan BBB1:44444;

16) tsarinsa yana watsa wannan fakitin zuwa adireshin ƙofa na na'ura mai ba da hanya tsakanin hanyoyin sadarwa.192.168.A.254 a cikin yanayinmu), saboda wasu, ƙarin takamaiman hanyoyi don BBB1, ba shi da, sabili da haka, dole ne ya watsa fakiti ta hanyar da aka saba (0.0.0.0/0);

17) daidai yake da a lokuta da suka gabata, tsarin da ke gudana akan uwar garken tare da adireshi 192.168.A.1, nemo adireshin MAC 192.168.A.254, tunda yana kan hanyar sadarwa ɗaya ne tare da haɗin gwiwarsa 192.168.A.1/24;

18) na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana karɓar wannan fakitin. Ya kamata a lura cewa ya tuna abin da ya karɓa AAA2: 13389 kunshin daga BBB1:44444 kuma ya canza adireshin mai karɓa da tashar jiragen ruwa zuwa 192.168.A.1:3389, saboda haka, kunshin daga 192.168.A.1:3389 to BBB1:44444 yana canza adireshin mai aikawa zuwa AAA2: 13389;

19) na'ura mai ba da hanya tsakanin hanyoyin sadarwa ta yanke shawarar wanda zai aika wa wannan fakitin, ta aika zuwa gare ta AAA254 (Kofar ISP, a wannan yanayin, mu ma), saboda akwai ƙarin takamaiman hanyoyin zuwa BBB1, fiye da 0.0.0.0/0, ba shi da;

20) Masu samar da Intanet suna watsa fakiti tare da AAA2 a kan BBB1;

21) na'ura mai ba da hanya tsakanin hanyoyin sadarwa BBB1 ya karɓi wannan fakitin kuma ya tuna cewa lokacin da ya aika fakitin daga 192.168.B.1:55555 to AAA2: 13389, ya canza adireshinsa da tashar jiragen ruwa zuwa BBB1:44444, to wannan ita ce martanin da ya kamata a aika 192.168.B.1:55555 (a zahiri, akwai ƙarin bincike da yawa a can, amma ba mu zurfafa cikin hakan ba);

22) ya fahimci cewa ya kamata a watsa shi kai tsaye zuwa ga 192.168.B.1, tun da yake yana kan hanyar sadarwa guda ɗaya tare da shi, saboda haka, yana da shigarwar da ta dace a cikin tebur na routing, wanda ya tilasta masa ya aika fakiti ga duka. 192.168.B.0/24 kai tsaye;

23) na'ura mai ba da hanya tsakanin hanyoyin sadarwa sami adireshin MAC don 192.168.B.1 sannan ya mika masa wannan kunshin;

24) Tsarin aiki a kwamfuta mai adireshin 192.168.B.1 yana karɓar kunshin daga AAA2: 13389 to 192.168.B.1:55555 kuma ya fara matakai na gaba don kafa haɗin TCP.

Ya kamata a lura cewa a cikin wannan yanayin kwamfutar da adireshin 192.168.B.1 bai san kome ba game da uwar garken tare da adireshin 192.168.A.1, kawai yana sadarwa da AAA2. Hakanan, uwar garken tare da adireshin 192.168.A.1 bai san komai ba game da kwamfutar da adireshin 192.168.B.1. Ya yi imanin cewa an haɗa shi daga adireshin BBB1, kuma bai san wani abu ba, don haka a ce.

Ya kamata kuma a lura cewa idan wannan kwamfutar ta shiga AAA2: 1540, ba za a kafa haɗin ba saboda haɗin kai zuwa tashar jiragen ruwa 1540 ba a saita shi akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa, ko da a kan kowane sabar a cikin hanyar sadarwa mai mahimmanci. 192.168.A.0/24 (misali, akan uwar garken mai adireshin 192.168.A.1) kuma akwai wasu ayyuka da ke jiran haɗin kai akan wannan tashar jiragen ruwa. Idan mai amfani da kwamfuta mai adireshi 192.168.B.1 Yana da mahimmanci don kafa haɗin kai zuwa wannan sabis ɗin, dole ne ya yi amfani da VPN, watau. tuntuɓar kai tsaye 192.168.A.1:1540.

Ya kamata a jaddada cewa duk wani ƙoƙari na kulla alaka da shi AAA1 (sai dai haɗin IPSec daga BBB1 ba zai yi nasara ba. Duk wani ƙoƙari na kafa haɗin gwiwa tare da AAA2, sai dai haɗin kai zuwa tashar jiragen ruwa 13389, kuma ba zai yi nasara ba.
Mun kuma lura cewa idan to AAA2 Idan wani ya nema (misali, CCCC), duk abin da aka nuna a sakin layi na 10-20 zai shafi shi ma. Abin da ke faruwa kafin da kuma bayan wannan ya dogara da abin da ke bayan wannan CCCC Ba mu da irin wannan bayanin, don haka muna ba ku shawara ku tuntuɓi masu gudanar da node tare da adireshin CCCC.

Matsayi na uku

Kuma, akasin haka, idan tare da 192.168.A.1 Ana aika wani abu zuwa wasu tashar jiragen ruwa wanda aka saita don tura ciki zuwa BBB1 (misali, 11111), kuma baya ƙarewa a cikin VPN, amma kawai yana gudana daga. AAA1 kuma ya shiga BBB1, kuma ya riga ya watsa shi a wani wuri, ya ce, 192.168.B.2:3389. Yana ganin wannan kunshin ba daga 192.168.A.1, kuma daga AAA1. Kuma yaushe 192.168.B.2 amsa, kunshin yana fitowa daga BBB1 a kan AAA1, kuma daga baya ya isa wurin mahaɗin mahaɗa - 192.168.A.1.

Misali na musamman:

1) 192.168.A.1 roko zuwa BBB1, yana so ya kafa haɗin TCP tare da BBB1:11111;

2) 192.168.A.1 aika bukatar haɗi daga 192.168.A.1:55555 (wannan lambar, kamar yadda yake a cikin misali na baya, na iya zama daban) akan BBB1:11111;

3) tsarin aiki wanda ke gudana akan uwar garken mai adireshin 192.168.A.1, ya yanke shawarar tura wannan fakitin zuwa adireshin ƙofar na'ura mai ba da hanya tsakanin hanyoyin sadarwa (192.168.A.254 a cikin yanayinmu), saboda wasu, ƙarin takamaiman hanyoyi don BBB1, ba shi da, sabili da haka, yana watsa fakiti ta hanyar tsoho (0.0.0.0/0);

4) don wannan, kamar yadda muka ambata a cikin misalai na baya, yana ƙoƙarin nemo adireshin MAC don adireshin IP 192.168.A.254 a cikin tebur cache yarjejeniya na ARP. Idan ba a gano shi ba, aika daga adireshin 192.168.A.1 watsa wanda ke da buƙatun zuwa cibiyar sadarwa 192.168.A.0/24. Lokacin 192.168.A.254 a mayar da martani, sai ya aika mata da adireshin MAC nasa, tsarin ya aika masa da fakitin Ethernet kuma ya shigar da wannan bayanin a cikin tebur ɗinsa;

5) na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana karɓar wannan fakiti kuma ya yanke shawarar inda za a tura shi: yana da ka'idar da aka rubuta bisa ga abin da dole ne ya tura (maye gurbin adireshin dawowa) duk fakiti daga 192.168.A.0/24 zuwa sauran nodes na Intanet;

6) Tun da wannan manufar ta ɗauka cewa adireshin dawowa dole ne ya dace da ƙaramin adireshin da ke cikin keɓancewa ta hanyar da za a watsa wannan fakitin, mai amfani da na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya fara yanke shawarar wanda zai aika wannan fakitin, kuma kamar yadda yake a cikin misalin da ya gabata, dole ne ya aika. kan shi AAA254 (Kofar ISP, a wannan yanayin, mu ma), saboda akwai ƙarin takamaiman hanyoyin zuwa BBB1, fiye da 0.0.0.0/0, ba shi da;

7) wannan yana nufin cewa mai amfani da na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya maye gurbin adireshin dawo da fakiti, daga yanzu fakiti ne daga. AAA1: 44444 (lambar tashar jiragen ruwa, ba shakka, na iya zama daban) zuwa BBB1:11111;

8) na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana tuna abin da ya yi, sabili da haka, lokacin daga BBB1:11111 to AAA1: 44444 amsa ya iso, zai san cewa ya kamata ya canza adireshin da tashar jiragen ruwa zuwa 192.168.A.1:55555.

9) yanzu mai amfani da na'ura mai ba da hanya tsakanin hanyoyin sadarwa yakamata ya wuce shi zuwa cibiyar sadarwar ISP ta hanyar AAA254, don haka kamar yadda muka riga muka ambata, yana samun adireshin MAC don AAA254 kuma yana watsa fakitin zuwa ƙofar ISP;

10) Masu samar da Intanet suna watsa fakiti daga AAA1 zuwa BBB1;

11) na'ura mai ba da hanya tsakanin hanyoyin sadarwa BBB1 yana karɓar wannan fakiti akan tashar jiragen ruwa 11111;

12) akwai ka'ida akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa wanda ya nuna cewa fakitin da suka zo daga duk wani mai aikawa a wannan tashar jiragen ruwa ya kamata a aika su zuwa. 192.168.B.2:3389;

13) na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya sami hanyar sadarwa a cikin tebur mai tuƙi 192.168.B.0/24 kuma ya aika kai tsaye zuwa 192.168.B.2, saboda yana da hanyar sadarwa 192.168.B.254/24;

14) don wannan, mai ba da hanya tsakanin hanyoyin sadarwa ya sami adireshin MAC don 192.168.B.2 kuma yana aika masa wannan fakiti ta hanyar hanyar sadarwa ta Ethernet;

15) 192.168.B.2 ya karɓi wannan fakiti akan tashar jiragen ruwa 3389, ya yarda ya kafa haɗin gwiwa kuma ya samar da fakitin amsa daga 192.168.B.2:3389 a kan AAA1: 44444;

16) tsarinsa yana watsa wannan fakiti zuwa adireshin ƙofar na'ura mai ba da hanya tsakanin hanyoyin sadarwa.192.168.B.254 a cikin yanayinmu), saboda wasu, ƙarin takamaiman hanyoyi don AAA1, ba shi da, sabili da haka, dole ne ya watsa fakiti ta hanyar da aka saba (0.0.0.0/0);

17) kamar yadda aka saba a baya, tsarin da ke aiki akan kwamfuta mai adireshin 192.168.B.2, nemo adireshin MAC 192.168.B.254, tunda yana kan hanyar sadarwa ɗaya ne tare da haɗin gwiwarsa 192.168.B.2/24;

18) na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana karɓar wannan fakitin. Ya kamata a lura cewa ya tuna abin da ya karɓa BBB1:11111 kunshin daga AAA1 kuma ya canza adireshin mai karɓa da tashar jiragen ruwa zuwa 192.168.B.2:3389, saboda haka, kunshin daga 192.168.B.2:3389 to AAA1: 44444 yana canza adireshin mai aikawa zuwa BBB1:11111;

19) na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya yanke shawarar wanda zai aika wa wannan fakitin. Yana aika masa, ya ce. BBB254 (Kofar ISP, ainihin adireshin da ba mu sani ba), saboda babu ƙarin takamaiman hanyoyin zuwa AAA1, fiye da 0.0.0.0/0, ba shi da;

20) Masu samar da Intanet suna watsa fakiti tare da BBB1 a kan AAA1;

21) Virtual Router a kunne AAA1 ya karɓi wannan fakitin kuma ya tuna cewa lokacin da ya aika fakitin daga 192.168.A.1:55555 to BBB1:11111, ya canza adireshinsa da tashar jiragen ruwa zuwa AAA1: 44444. Wannan yana nufin cewa wannan ita ce amsar da ya kamata a aika zuwa gare ta 192.168.A.1:55555 (a zahiri, kamar yadda muka ambata a cikin misalin da ya gabata, akwai kuma ƙarin bincike da yawa, amma a wannan lokacin ba mu shiga zurfi tare da su ba);

22) ya fahimci cewa ya kamata a watsa shi kai tsaye zuwa ga 192.168.A.1, tun da yana kan hanyar sadarwa guda ɗaya tare da shi, yana nufin cewa yana da shigarwa daidai a cikin tebur mai tuƙi wanda ke tilasta shi aika fakiti zuwa ga duka. 192.168.A.0/24 kai tsaye;

23) na'ura mai ba da hanya tsakanin hanyoyin sadarwa sami adireshin MAC don 192.168.A.1 sannan ya mika masa wannan kunshin;

24) tsarin aiki akan uwar garken tare da adireshin 192.168.A.1 yana karɓar kunshin daga BBB1:11111 don 192.168.A.1:55555 kuma ya fara matakai na gaba don kafa haɗin TCP.

Daidai daidai da yanayin da ya gabata, a wannan yanayin uwar garken tare da adireshin 192.168.A.1 bai san komai ba game da kwamfutar da adireshin 192.168.B.1, kawai yana sadarwa da BBB1. Kwamfuta mai adireshin 192.168.B.1 kuma bai san komai ba game da uwar garken da adireshin 192.168.A.1. Ya yi imanin cewa an haɗa shi daga adireshin AAA1, sauran kuma a ɓoye gare shi.

ƙarshe

Wannan shine yadda komai ke faruwa don haɗin kai a cikin rami na VPN tsakanin ofishin abokin ciniki da yanayin girgije, da kuma haɗin kai a waje da rami na VPN. Kuma idan kuna da wasu tambayoyi ko buƙatar taimakonmu don magance matsalolin girgije, tuntube mu 24x7.

source: www.habr.com

Abin da ke faruwa akan haɗin ciki da waje da rami na VPN

Matsayi na daya

Matsayi na biyu

Matsayi na uku

ƙarshe

Add a comment Отменить ответ