Labarin ya bayyana kafa uwar garken OpenVPN don ba da damar tantance abubuwa biyu tare da bot ɗin Telegram wanda zai aika buƙatar tabbatarwa lokacin haɗawa.
OpenVPN sanannen, kyauta, uwar garken VPN mai buɗaɗɗen tushe wanda ake amfani da shi sosai don tsara amintaccen damar ma'aikaci zuwa albarkatun ƙungiyar cikin gida.
A matsayin tabbaci don haɗawa zuwa uwar garken VPN, haɗin maɓalli da mabuɗin shiga / kalmar sirri yawanci ana amfani da su. A lokaci guda, kalmar sirrin da aka adana akan abokin ciniki yana juya gaba ɗaya saitin zuwa wani abu guda ɗaya wanda baya samar da ingantaccen matakin tsaro. Wani maharin, da ya sami damar shiga kwamfutar abokin ciniki, kuma yana samun damar shiga uwar garken VPN. Wannan gaskiya ne musamman ga haɗin gwiwa daga injinan da ke aiki da Windows.
Yin amfani da abu na biyu yana rage haɗarin shiga mara izini da kashi 99% kuma baya dagula tsarin haɗin kai ga masu amfani kwata-kwata.
Bari in yi ajiyar wuri nan da nan: don aiwatarwa kuna buƙatar haɗa uwar garken tabbatarwa ta ɓangare na uku multifactor.ru, wanda zaku iya amfani da jadawalin kuɗin fito don bukatunku.
Yadda yake aiki
- OpenVPN yana amfani da kayan aikin openvpn-plugin-auth-pam don tantancewa
- Plugin yana bincika kalmar sirrin mai amfani akan uwar garken kuma yana buƙatar abu na biyu ta hanyar ka'idar RADIUS a cikin sabis na Multifactor.
- Multifactor yana aika sako ga mai amfani ta hanyar Telegram bot yana tabbatar da samun dama
- Mai amfani yana tabbatar da buƙatun samun dama a cikin Taɗi na Telegram kuma ya haɗa zuwa VPN
Sanya uwar garken OpenVPN
Akwai labarai da yawa akan Intanet da ke bayyana tsarin shigarwa da daidaita OpenVPN, don haka ba za mu kwafi su ba. Idan kuna buƙatar taimako, akwai hanyoyin haɗi da yawa zuwa koyawa a ƙarshen labarin.
Saita Multifactor
Je zuwa , je zuwa sashin "Resources" kuma ƙirƙirar sabon VPN.
Da zarar an ƙirƙira, za ku sami zaɓuɓɓuka guda biyu da ke sama muku: NAS-mai ganowa и Sirrin Raba, za a buƙaci su don daidaitawa na gaba.
A cikin sashin "Ƙungiyoyi", je zuwa saitunan rukunin "Duk masu amfani" kuma cire alamar "Dukkan albarkatun" ta yadda masu amfani da wata ƙungiya kawai za su iya haɗi zuwa uwar garken VPN.
Ƙirƙiri sabon rukuni "masu amfani da VPN", kashe duk hanyoyin tantancewa banda Telegram kuma nuna cewa masu amfani suna da damar yin amfani da albarkatun VPN da aka ƙirƙira.
A cikin sashin "Masu amfani", ƙirƙirar masu amfani waɗanda za su sami damar yin amfani da VPN, ƙara su zuwa rukunin "masu amfani da VPN" kuma aika musu hanyar haɗin yanar gizo don saita abu na biyu na tantancewa. Dole ne shigar mai amfani ya dace da shiga akan sabar VPN.
Kafa uwar garken OpenVPN
Bude fayil /etc/openvpn/server.conf kuma ƙara plugin don tantancewa ta amfani da tsarin PAM
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpnAna iya samun plugin ɗin a cikin kundin adireshi /usr/lib/openvpn/plugins/ ko /usr/lib64/openvpn/plugins/ dangane da tsarin ku.
Na gaba kuna buƙatar shigar da tsarin pam_radius_auth
$ sudo yum install pam_radiusBude fayil ɗin don gyarawa /etc/pam_radius.conf kuma saka adireshin uwar garken RADIUS na Multifactor
radius.multifactor.ru shared_secret 40inda:
- radius.multifactor.ru - adireshin uwar garke
- shared_asiri - kwafi daga madaidaicin saitunan VPN
- 40 seconds - lokaci ya ƙare don jiran buƙata tare da babban gefe
Dole ne a share sauran sabar ko yin sharhi (sanya semicolon a farkon)
Na gaba, ƙirƙiri fayil don nau'in sabis na openvpn
$ sudo vi /etc/pam.d/openvpnkuma rubuta shi a ciki
auth required pam_radius_auth.so skip_passwd client_id=[NAS-IDentifier]
auth substack password-auth
account substack password-authLayin farko ya haɗa tsarin PAM pam_radius_auth tare da sigogi:
- skip_passwd - yana hana watsa kalmar sirrin mai amfani zuwa uwar garken RADIUS Multifactor (ba ya buƙatar saninsa).
- client_id - maye gurbin [NAS-Identifier] tare da madaidaicin ma'auni daga saitunan albarkatun VPN.
An bayyana duk sigogin da za a iya yi a ciki .
Layukan na biyu da na uku sun haɗa da tabbatar da tsarin shiga, kalmar sirri da haƙƙin mai amfani akan sabar ku tare da ma'aunin tantancewa na biyu.
Sake kunna OpenVPN
$ sudo systemctl restart openvpn@serverSaitin abokin ciniki
Haɗa buƙatun shiga mai amfani da kalmar wucewa a cikin fayil ɗin daidaitawar abokin ciniki
auth-user-passdubawa
Kaddamar da OpenVPN abokin ciniki, haɗi zuwa uwar garken, shigar da sunan mai amfani da kalmar wucewa. Bot ɗin Telegram zai aika buƙatun samun dama tare da maɓalli biyu
Maɓalli ɗaya yana ba da damar shiga, na biyu yana toshe shi.
Yanzu zaku iya adana kalmar sirrinku cikin aminci a kan abokin ciniki; abu na biyu zai dogara da aminci ga uwar garken OpenVPN daga shiga mara izini.
Idan wani abu bai yi aiki ba
A bi da bi ka bincika cewa ba ka rasa komai ba:
- Akwai mai amfani akan uwar garken tare da OpenVPN tare da saitin kalmar sirri
- Sabar tana da damar ta hanyar tashar tashar UDP 1812 zuwa adireshin radius.multifactor.ru
- An kayyade ma'auni na NAS-Identifier da Shared Secret daidai
- An ƙirƙiri mai amfani da shiga iri ɗaya a cikin tsarin Multifactor kuma an ba shi damar shiga rukunin masu amfani da VPN
- Mai amfani ya tsara hanyar tantancewa ta hanyar Telegram
Idan baku kafa OpenVPN a baya ba, karanta .
An yi umarnin tare da misalai akan CentOS 7.
source: www.habr.com