ProHoster > Pūnaewele > Nā Administration > Pehea e hoʻopili ai i kahi VPN hui ma Linux me ka hoʻohana ʻana i openconnect a me vpn-slice

Pehea e hoʻopili ai i kahi VPN hui ma Linux me ka hoʻohana ʻana i openconnect a me vpn-slice

Makemake ʻoe e hoʻohana i Linux ma ka hana, akā ʻaʻole ʻae kāu ʻoihana VPN iā ʻoe? A laila hiki ke kōkua kēia ʻatikala, ʻoiai ʻaʻole maopopo kēia. Makemake wau e aʻo mua iā ʻoe ʻaʻole maopopo iaʻu nā pilikia hoʻokele pūnaewele, no laila hiki paha iaʻu ke hana hewa. Ma ka ʻaoʻao ʻē aʻe, hiki iaʻu ke kākau i kahi alakaʻi ma ke ʻano e hiki ai ke hoʻomaopopo ʻia e ka poʻe maʻamau, no laila ke aʻo aku nei au iā ʻoe e hoʻāʻo.

Aia ka ʻatikala i ka nui o nā ʻike pono ʻole, akā me ka ʻole o kēia ʻike ʻaʻole hiki iaʻu ke hoʻoponopono i nā pilikia i ʻike ʻole ʻia iaʻu me ka hoʻonohonoho ʻana i kahi VPN. Manaʻo wau e loaʻa nā pilikia i loaʻa ʻole iaʻu i ka mea e hoʻāʻo e hoʻohana i kēia alakaʻi, a ke manaʻo nei au e kōkua kēia ʻike hou aku e hoʻoponopono i kēia mau pilikia ma o lākou iho.

ʻO ka hapa nui o nā kauoha i hoʻohana ʻia i kēia alakaʻi e pono e holo ma sudo, i wehe ʻia no ka pōkole. E hoʻomanaʻo.

ʻO ka hapa nui o nā helu IP i hoʻopaʻa ʻia, no laila inā ʻike ʻoe i kahi helu e like me 435.435.435.435, pono e loaʻa kekahi IP maʻamau ma laila, kikoʻī i kāu hihia.

Loaʻa iaʻu ʻo Ubuntu 18.04, akā manaʻo wau me nā loli liʻiliʻi hiki ke hoʻohana ʻia ke alakaʻi i nā māhele ʻē aʻe. Eia naʻe, ma kēia kikokikona Linux == Ubuntu.

Hoʻohui ʻo Cisco

Hiki i ka poʻe ma Windows a i ʻole MacOS ke hoʻopili i kā mākou hui VPN ma o Cisco Connect, pono e kuhikuhi i ka helu ʻīpuka a, i kēlā me kēia manawa āu e hoʻopili ai, e hoʻokomo i kahi ʻōlelo huna me kahi ʻāpana paʻa a me kahi code i hana ʻia e Google Authenticator.

I ka hihia o Linux, ʻaʻole hiki iaʻu ke holo ʻo Cisco Connect, akā hiki iaʻu ke google i kahi ʻōlelo aʻoaʻo e hoʻohana i ka openconnect, i hana ʻia e hoʻololi iā Cisco Connect.

Openconnect

Ma ke kumumanaʻo, he kikowaena kiʻi kūikawā ko Ubuntu no ka openconnect, akā ʻaʻole ia i hana iaʻu. Malia paha no ka maikaʻi.

Ma Ubuntu, ua hoʻokomo ʻia ka openconnect mai ka luna hoʻonohonoho.

apt install openconnect

Ma hope koke o ke kau ʻana, hiki iā ʻoe ke hoʻāʻo e hoʻopili i kahi VPN

openconnect --user poxvuibr vpn.evilcorp.com

ʻO vpn.evilcorp.com ka helu wahi o kahi VPN fictitious
poxvuibr - mea hoʻohana fictitious

E noi ʻo openconnect iā ʻoe e hoʻokomo i kahi ʻōlelo huna, e hoʻomanaʻo wau iā ʻoe, aia kahi ʻāpana paʻa a me kahi code mai Google Authenticator, a laila e hoʻāʻo e hoʻopili i ka vpn. Inā hana ia, mahalo, hiki iā ʻoe ke hoʻokuʻu i ka waena, kahi nui o ka ʻeha, a neʻe i kahi e pili ana i ka openconnect e holo ana ma ke kua. Inā ʻaʻole pono, a laila hiki iā ʻoe ke hoʻomau. ʻOiai inā hana ia i ka wā e hoʻopili ai, no ka laʻana, mai kahi Wi-Fi malihini ma ka hana, a laila hiki i ke kakahiaka nui ke hauʻoli; pono ʻoe e hoʻāʻo e hana hou i ke kaʻina hana mai ka home.

Palapala

Aia ke kūlana kiʻekiʻe ʻaʻohe mea e hoʻomaka, a ʻo ka puka openconnect e like me kēia:

POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found

Certificate from VPN server "vpn.evilcorp.com" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
    --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress

Ma kekahiʻaoʻao, he meaʻoluʻoluʻole kēia, no ka mea,ʻaʻohe pili i ka VPN, akā ma kekahiʻaoʻao, pehea e hoʻoponopono ai i kēia pilikia, ma keʻano, maopopo.

Maanei ua hoʻouna mai ke kikowaena iā mākou i palapala hōʻoia, kahi e hiki ai iā mākou ke hoʻoholo i ka pili ʻana i ke kikowaena o kā mākou hui kamaʻāina, ʻaʻole i kahi hoʻopunipuni hewa, a ʻaʻole ʻike ʻia kēia palapala hōʻoia e ka ʻōnaehana. A no laila ʻaʻole hiki iā ia ke nānā inā he ʻoiaʻiʻo paha ka server. A no laila, i ka hihia, pau ka hana.

I mea e hoʻopili ai ka openconnect i ke kikowaena, pono ʻoe e haʻi pololei iā ia i ka palapala hōʻoia e hele mai mai ka server VPN me ka hoʻohana ʻana i ke kī —servercert

A hiki iā ʻoe ke ʻike i ka palapala i hoʻouna pololei ʻia e ke kikowaena iā mākou mai ka mea i paʻi ʻia e openconnect. Eia mai kēia ʻāpana:

To trust this server in future, perhaps add this to your command line:
    --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress

Me kēia kauoha hiki iā ʻoe ke hoʻāʻo e hoʻohui hou

openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.com

Malia paha i kēia manawa ke hana nei, a laila hiki iā ʻoe ke neʻe i ka hopena. Akā ʻo ia iho, ua hōʻike mai ʻo Ubunta iaʻu i kahi fig ma kēia ʻano

POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.evilcorp.com
XML POST enabled
Please enter your username and password.
POST https://vpn.evilcorp.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 300, Keepalive 30
Set up DTLS failed; using SSL instead
Connected as 192.168.333.222, using SSL
NOSSSSSHHHHHHHDDDDD
3
NOSSSSSHHHHHHHDDDDD
3
RTNETLINK answers: File exists
/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf

/etc/resolv.conf

# Generated by NetworkManager
search gst.evilcorpguest.com
nameserver 127.0.0.53

/run/resolvconf/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 192.168.430.534
nameserver 127.0.0.53
search evilcorp.com gst.publicevilcorp.com

E hoʻoholo ka habr.com, akā ʻaʻole hiki iā ʻoe ke hele i laila. ʻAʻole hoʻoholo ʻia nā ʻōlelo e like me jira.evilcorp.com.

ʻAʻole maopopo iaʻu ka mea i hana ʻia ma ʻaneʻi. Akā, hōʻike ka hoʻokolohua inā ʻoe e hoʻohui i ka laina i /etc/resolv.conf

nameserver 192.168.430.534

a laila e hoʻomaka ana nā ʻōlelo i loko o ka VPN e hoʻoholo maʻalea a hiki iā ʻoe ke hele ma waena o lākou, ʻo ia hoʻi, ʻo ka mea a DNS e ʻimi nei e hoʻonā i nā helu e nānā pono i /etc/resolv.conf, ʻaʻole ma kahi ʻē aʻe.

Hiki iā ʻoe ke hōʻoia aia kahi pilina i ka VPN a hana ia me ka ʻole e hoʻololi i /etc/resolv.conf; no ka hana ʻana i kēia, e hoʻokomo wale i ka polokalamu kele pūnaewele ʻaʻole ka inoa hōʻailona o ka waiwai mai ka VPN, akā ʻo kāna IP address.

ʻO ka hopena, ʻelua pilikia

  • Ke hoʻopili nei i kahi VPN, ʻaʻole i ʻohi ʻia kāna dns
  • hele nā ​​kaʻa a pau ma VPN, ʻaʻole e ʻae i ke komo ʻana i ka Pūnaewele

E haʻi aku wau iā ʻoe i ka mea e hana ai i kēia manawa, akā mua i kahi automation liʻiliʻi.

Hoʻokomo ʻakomi o ka ʻāpana paʻa o ka ʻōlelo huna

I kēia manawa, ua hoʻokomo paha ʻoe i kāu ʻōlelo huna ma kahi o ʻelima mau manawa a ua luhi ʻoe i kēia kaʻina hana. ʻO ka mea mua, no ka lōʻihi o ka ʻōlelo huna, a ʻo ka lua, no ka mea i ke komo ʻana pono ʻoe e kūpono i loko o kahi manawa paʻa

ʻAʻole i hoʻokomo ʻia ka hopena hope loa i ka pilikia, akā hiki iā ʻoe ke hōʻoia ʻaʻole pono e hoʻokomo ʻia ka ʻāpana paʻa o ka ʻōlelo huna i nā manawa he nui.

E noʻonoʻo kākou he fixedPassword ka ʻāpana paʻa o ka ʻōlelo huna, a ʻo ka ʻāpana mai Google Authenticator ʻo 567. Hiki ke hāʻawi ʻia ka ʻōlelo huna holoʻokoʻa i openconnect ma o ka hoʻokomo maʻamau me ka hoʻohana ʻana i ka hoʻopaʻapaʻa --passwd-on-stdin.

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.com --passwd-on-stdin

I kēia manawa hiki iā ʻoe ke hoʻi mau i ke kauoha i hoʻokomo ʻia a hoʻololi wale i kahi hapa o Google Authenticator ma laila.

ʻAʻole ʻae ka VPN hui iā ʻoe e heʻenalu i ka Pūnaewele.

Ma keʻano holoʻokoʻa, ʻaʻole ia he mea maʻalahi ke hoʻohana ʻoe i kahi kamepiula kaʻawale e hele ai i Habr. ʻO ka hiki ʻole ke kope-paʻi mai stackoverfow hiki ke hoʻopau i ka hana, no laila pono e hana ʻia kekahi mea.

Pono mākou e hoʻonohonoho iā ia i ka wā e pono ai ʻoe e komo i kahi kumuwaiwai mai ka pūnaewele kūloko, hele ʻo Linux i ka VPN, a inā pono ʻoe e hele i Habr, hele ia i ka Pūnaewele.

openconnect, ma hope o ka hoʻomaka ʻana a me ka hoʻokumu ʻana i kahi pilina me vpn, hoʻokō i kahi palapala kūikawā, aia ma /usr/share/vpnc-scripts/vpnc-script. Hāʻawi ʻia kekahi mau mea hoʻololi i ka palapala ma ke ʻano he hoʻokomo, a hoʻonohonoho ia i ka VPN. ʻO ka mea pōʻino, ʻaʻole hiki iaʻu ke noʻonoʻo pehea e hoʻokaʻawale ai i nā kahe kaʻa ma waena o kahi VPN hui a me ke koena o ka Pūnaewele me ka hoʻohana ʻana i kahi palapala maoli.

ʻIke ʻia, ua hoʻomohala ʻia ka pono vpn-slice no ka poʻe e like me aʻu, e hiki ai iā ʻoe ke hoʻouna i nā kaʻa ma nā ala ʻelua me ka hula ʻole me ka pahu kani. ʻAe, ʻo ia hoʻi, pono ʻoe e hula, akā ʻaʻole pono ʻoe e lilo i shaman.

Hoʻokaʻawale kaʻahele me ka vpn-slice

ʻO ka mea mua, pono ʻoe e hoʻokomo i ka vpn-slice, pono ʻoe e noʻonoʻo iā ʻoe iho. Inā he mau nīnau i loko o nā manaʻo, e kākau wau i kahi pou kaʻawale e pili ana i kēia. Akā he polokalamu Python maʻamau kēia, no laila ʻaʻohe pilikia. Ua hoʻokomo wau me ka hoʻohana ʻana i virtualenv.

A laila pono e hoʻohana ʻia ka pono, me ka hoʻohana ʻana i ka hoʻololi -script, e hōʻike ana i ka wehe ʻana ma kahi o ka palapala maʻamau, pono ʻoe e hoʻohana i ka vpn-slice.

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin 
--script "./bin/vpn-slice 192.168.430.0/24  " vpn.evilcorp.com

--script ua hāʻawi ʻia i kahi kaula me kahi kauoha e pono ke kāhea ʻia ma kahi o ka palapala. ./bin/vpn-slice - ala i ka vpn-slice file executable 192.168.430.0/24 - mask o nā helu wahi e hele ai ma vpn. Maʻaneʻi, ke manaʻo nei mākou inā hoʻomaka ka helu wahi me 192.168.430, pono e ʻimi ʻia ka kumuwaiwai me kēia helu wahi i loko o ka VPN.

He mea maʻamau ke kūlana i kēia manawa. Kokoke. I kēia manawa hiki iā ʻoe ke hele i Habr a hiki iā ʻoe ke hele i ka waiwai intra-corporate e ip, akā ʻaʻole hiki iā ʻoe ke hele i ka waiwai intra-corporate ma ka inoa hōʻailona. Inā ʻoe e kuhikuhi i kahi pāʻani ma waena o ka inoa hōʻailona a me ka helu wahi i nā pūʻali, pono e hana nā mea āpau. A hana a hiki i ka hoʻololi ʻana o ka ip. Hiki iā Linux ke komo i ka Pūnaewele a i ʻole ka intranet, ma muli o ka IP. Akā, hoʻohana mau ʻia ka DNS ʻaʻole hui e hoʻoholo i ka helu wahi.

Hiki i ka pilikia ke hōʻike iā ia iho ma kēia ʻano - ma ka hana ua maikaʻi nā mea āpau, akā ma ka home hiki iā ʻoe ke komo i nā kumuwaiwai kūloko ma o IP. ʻO kēia no ka mea inā pili ʻoe i ka Wi-Fi hui, hoʻohana pū ʻia ka DNS hui, a ua hoʻoholo ʻia nā ʻōlelo hōʻailona mai ka VPN, ʻoiai ʻaʻole hiki ke hele i kēlā ʻōlelo me ka hoʻohana ʻole ʻana i kahi VPN.

Hoʻololi ʻakomi o ka faila hosts

Inā nīnau maikaʻi ʻia ka vpn-slice, a laila ma hope o ka hoʻokiʻekiʻe ʻana i ka VPN, hiki iā ia ke hele i kāna DNS, e ʻike ma laila i nā IP address o nā kumuwaiwai e pono ai e ko lākou mau inoa hōʻailona a hoʻokomo iā lākou i nā pūʻali. Ma hope o ka hoʻopau ʻana i ka VPN, e hoʻopau ʻia kēia mau ʻōlelo mai nā pūʻali koa. No ka hana ʻana i kēia, pono ʻoe e hāʻawi i nā inoa hōʻailona i vpn-slice e like me nā hoʻopaʻapaʻa. E like me kēia.

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

I kēia manawa pono e hana nā mea a pau ma ke keʻena a ma kahakai.

E ʻimi i nā helu wahi o nā subdomain a pau i ka DNS i hāʻawi ʻia e ka VPN

Inā he liʻiliʻi nā helu i loko o ka pūnaewele, a laila e hana maikaʻi ke ala o ka hoʻololi ʻana i ka faila hosts. Akā inā he nui nā kumuwaiwai ma ka pūnaewele, a laila pono ʻoe e hoʻohui i nā laina e like me zoidberg.test.evilcorp.com i ka palapala zoidberg ka inoa o kekahi o nā papa hoʻāʻo.

Akā i kēia manawa ua maopopo iki mākou i ke kumu e hiki ai ke hoʻopau ʻia kēia pono.

Inā, ma hope o ka hāpai ʻana i ka VPN, nānā ʻoe i /etc/hosts, hiki iā ʻoe ke ʻike i kēia laina

192.168.430.534 dns0.tun0 # vpn-slice-tun0 AUTOCREATED

A ua hoʻohui ʻia kahi laina hou i resolv.conf. I ka pōkole, ua hoʻoholo ʻo vpn-slice i kahi o ka server dns no ka vpn.

I kēia manawa, pono mākou e hōʻoia i ka ʻike ʻana i ka IP address o kahi inoa domain e pau ana ma evilcorp.com, hele ʻo Linux i ka DNS hui, a inā pono kekahi mea ʻē aʻe, a laila i ka mea paʻamau.

Ua huli au iā Google no kekahi manawa a ʻike wau aia kēlā ʻano hana ma Ubuntu ma waho o ka pahu. ʻO kēia ke ʻano o ka hiki ke hoʻohana i ka server DNS kūloko dnsmasq e hoʻoholo i nā inoa.

ʻO ia hoʻi, hiki iā ʻoe ke hōʻoia e hele mau ʻo Linux i ka kikowaena DNS kūloko no nā helu IP, a ma ka huli ʻana, e pili ana i ka inoa domain, e ʻimi i ka IP ma ka kikowaena DNS waho e pili ana.

No ka mālamaʻana i nā mea a pau e pili ana i nā pūnaewele a me nā pili pūnaewele, hoʻohanaʻo Ubuntu i NetworkManager, a me kaʻokoʻa kiʻi no ke kohoʻana, no ka laʻana,ʻo nā pilina Wi-Fi he mua wale nō ia.

Pono mākou e piʻi i kāna hoʻonohonoho.

  1. E hana i kahi faila ma /etc/NetworkManager/dnsmasq.d/evilcorp

address=/.evilcorp.com/192.168.430.534

E noʻonoʻo i ke kiko i mua o evilcorp. Hōʻailona ia i ka dnsmasq e ʻimi ʻia nā subdomain a pau o evilcorp.com ma ka dns hui.

  1. E haʻi iā NetworkManager e hoʻohana i ka dnsmasq no ka hoʻonā inoa

Aia ka hoʻonohonoho pūnaewele-manager ma /etc/NetworkManager/NetworkManager.conf Pono ʻoe e hoʻohui i laila:

[kumu] dns=dnsmasq

  1. Hoʻomaka hou NetworkManager

service network-manager restart

I kēia manawa, ma hope o ka hoʻopili ʻana i kahi VPN me ka hoʻohana ʻana i ka openconnect a me ka vpn-slice, e hoʻoholo ʻia ka ip ma ke ʻano maʻamau, ʻoiai inā ʻaʻole ʻoe e hoʻohui i nā ʻōlelo hōʻailona i nā hoʻopaʻapaʻa i vpnslice.

Pehea e komo ai i nā lawelawe pilikino ma o VPN

Ma hope o koʻu hoʻokō ʻana i ka hoʻopili ʻana i ka VPN, hauʻoli nui wau no nā lā ʻelua, a laila ua ʻike ʻia inā pili wau i ka VPN mai waho o ka pūnaewele keʻena, a laila ʻaʻole hana ka leka uila. Ua kamaʻāina ka hōʻailona, ​​ʻaʻole anei?

Aia kā mākou leka uila ma mail.publicevilcorp.com, ʻo ia hoʻi, ʻaʻole ia e hāʻule i lalo o ka lula ma dnsmasq a ʻimi ʻia ka helu kikowaena leka uila ma o DNS lehulehu.

ʻAe, hoʻohana mau ke keʻena i ka DNS, aia kēia helu wahi. ʻO ia koʻu manaʻo. ʻOiaʻiʻo, ma hope o ka hoʻohui ʻana i ka laina i dnsmasq

address=/mail.publicevilcorp.com/192.168.430.534

ʻaʻole i loli iki ke kūlana. ua mau ka ip. Pono wau e hele i ka hana.

A ma hope wale nō, i koʻu ʻimi hohonu ʻana i ke kūlana a hoʻomaopopo iki i ka pilikia, haʻi mai kekahi kanaka akamai iaʻu pehea e hoʻoponopono ai. Ua pono e hoʻohui i ka leka uila ʻaʻole e like me kēlā, akā ma o VPN

Hoʻohana au i ka vpn-slice e hele i ka VPN i nā ʻōlelo e hoʻomaka me 192.168.430. A ʻaʻole i loaʻa i ka server leka uila kahi helu hōʻailona ʻaʻole ia he subdomain o evilcorp, ʻaʻohe ona IP IP e hoʻomaka me 192.168.430. A ʻoiaʻiʻo ʻaʻole ʻo ia e ʻae i kekahi mai ka pūnaewele nui e hele mai iā ia.

I mea e hele ai ʻo Linux ma o ka VPN a i ke kikowaena leka uila, pono ʻoe e hoʻohui iā ia i vpn-slice pū kekahi. E ʻōlelo kākou ʻo 555.555.555.555 ka helu o ka leka uila.

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 555.555.555.555 192.168.430.0/24" vpn.evilcorp.com

Palapala no ka hoʻonui ʻana i ka VPN me hoʻokahi manaʻo

ʻO kēia mau mea a pau, ʻoiaʻiʻo, ʻaʻole kūpono loa. ʻAe, hiki iā ʻoe ke mālama i ka kikokikona i kahi faila a kope-paʻi i loko o ka console ma mua o ka paʻi ʻana me ka lima, akā ʻaʻole maikaʻi loa. I mea e maʻalahi ai ke kaʻina hana, hiki iā ʻoe ke kāʻei i ke kauoha i kahi palapala e loaʻa ana ma PATH. A laila pono ʻoe e hoʻokomo i ke code i loaʻa mai Google Authenticator

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Inā ʻoe e hoʻokomo i ka palapala i connect~evilcorp~ hiki iā ʻoe ke kākau ma ka console

connect_evil_corp 567987

Akā i kēia manawa pono ʻoe e mālama i ka console kahi e wehe ai ka openconnect no kekahi kumu

E holo ana i openconnect ma ke kua

ʻO ka mea pōmaikaʻi, ua mālama nā mea kākau o openconnect iā mākou a hoʻohui i kahi kī kūikawā i ka papahana -background, kahi e hana ai ka papahana ma hope ma hope o ka hoʻomaka ʻana. Inā holo ʻoe e like me kēia, hiki iā ʻoe ke pani i ka console ma hope o ka hoʻomaka ʻana

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

I kēia manawa ʻaʻole maopopo i kahi e hele ai nā lāʻau. Ma ka laulā, ʻaʻole pono mākou i nā lāʻau, akā ʻaʻole ʻoe i ʻike. hiki iā openconnect ke hoʻihoʻi hou iā lākou i ka syslog, kahi e mālama pono ai lākou. pono ʻoe e hoʻohui i ka hoʻololi –syslog i ke kauoha

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

A no laila, ua ʻike ʻia e hana ana ka openconnect ma kahi o ke kua a ʻaʻole hoʻopilikia i kekahi, akā ʻaʻole maopopo pehea e hoʻōki ai. ʻO ia, hiki iā ʻoe, ʻoiaʻiʻo, kānana i ka ps output me ka hoʻohana ʻana i ka grep a e ʻimi i kahi kaʻina i loaʻa ka inoa openconnect, akā paʻakikī kēia. Mahalo i nā mea kākau i noʻonoʻo pū i kēia. Loaʻa iā Openconnect kahi kī -pid-file, kahi hiki iā ʻoe ke aʻo iā openconnect e kākau i kāna ʻike kaʻina hana i kahi faila.

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background  
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com  
--pid-file ~/vpn-pid

I kēia manawa hiki iā ʻoe ke pepehi i kahi kaʻina hana me ke kauoha

kill $(cat ~/vpn-pid)

Inā ʻaʻohe kaʻina hana, e hōʻino ka pepehi, akā ʻaʻole e hoʻolei i kahi hewa. Inā ʻaʻole i laila ka faila, ʻaʻohe mea ʻino e hiki mai, no laila hiki iā ʻoe ke pepehi palekana i ke kaʻina hana ma ka laina mua o ka palapala.

kill $(cat ~/vpn-pid)
#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com  
--pid-file ~/vpn-pid

I kēia manawa hiki iā ʻoe ke hoʻohuli i kāu kamepiula, wehe i ka console a holo i ke kauoha, e hāʻawi ana i ke code mai Google Authenticator. Hiki ke hoʻokuʻu ʻia ka console.

Me ka ʻole VPN-slice. Ma kahi o ka ʻōlelo hope

Ua lilo ia i mea paʻakikī loa e hoʻomaopopo pehea e ola ai me ka ʻole VPN-slice. Pono au e heluhelu a me google he nui. ʻO ka mea pōmaikaʻi, ma hope o ka hoʻolilo ʻana i ka manawa me kahi pilikia, heluhelu ʻia nā puke ʻenehana a me ke kanaka openconnect e like me nā moʻolelo hoihoi.

ʻO ka hopena, ua ʻike au i ka vpn-slice, e like me ka palapala maoli, hoʻololi i ka papa kuhikuhi e hoʻokaʻawale i nā pūnaewele.

Papa alahele

No ka maʻalahi, he papa kēia ma ke kolamu mua kahi e hoʻomaka ai ka ʻōlelo a Linux e makemake ai e hele, a ma ka kolamu ʻelua kahi mea hoʻopili pūnaewele e hele ai ma kēia helu wahi. ʻOiaʻiʻo, ʻoi aku ka nui o nā mea kamaʻilio, akā ʻaʻole kēia e hoʻololi i ke ʻano.

I mea e ʻike ai i ka papa kuhikuhi, pono ʻoe e holo i ke kauoha ip route

default via 192.168.1.1 dev wlp3s0 proto dhcp metric 600 
192.168.430.0/24 dev tun0 scope link 
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.534 metric 600 
192.168.430.534 dev tun0 scope link

Ma ʻaneʻi, ʻo kēlā me kēia laina ke kuleana no kahi āu e hele ai i mea e hoʻouna ai i kahi leka i kekahi helu wahi. ʻO ka mea mua he wehewehe i kahi e hoʻomaka ai ka helu wahi. I mea e maopopo ai pehea e hoʻoholo ai i ka 192.168.0.0/16 ʻo ia hoʻi e hoʻomaka ka helu wahi me 192.168, pono ʻoe e google i ke ʻano o ka IP address mask. Ma hope o dev aia ka inoa o ka adapter kahi e hoʻouna ʻia ai ka leka.

No VPN, ua hana ʻo Linux i kahi mea hoʻopili virtual - tun0. ʻO ka laina e hōʻoia i ka hele ʻana no nā helu āpau e hoʻomaka ana me 192.168

192.168.0.0/16 dev tun0 scope link

Hiki iā ʻoe ke nānā i ke kūlana o kēia manawa o ka papa kuhikuhi e hoʻohana ana i ke kauoha ala hele -n (ʻAʻole ʻike inoa ʻia nā IP address) Hoʻopuka kēia kauoha i nā hopena ma kahi ʻano ʻokoʻa a ʻaʻole maʻamau, akā ʻike pinepine ʻia kāna huahana ma nā manual ma ka Pūnaewele a pono ʻoe e heluhelu.

Ma kahi e hoʻomaka ai ka helu IP no kahi ala e hiki ke hoʻomaopopo ʻia mai ka hui ʻana o nā kolamu Destination a me Genmask. ʻO kēlā mau ʻāpana o ka IP address e pili ana i nā helu 255 ma Genmask e noʻonoʻo ʻia, akā ʻo nā mea ma kahi o 0 ʻaʻole. ʻO ia hoʻi, ʻo ka hui pū ʻana o Destination 192.168.0.0 a me Genmask 255.255.255.0 ʻo ia ka mea inā hoʻomaka ka helu me 192.168.0, a laila e hele ka noi iā ia ma kēia ala. A inā ʻo Destination 192.168.0.0 akā ʻo Genmask 255.255.0.0, a laila e noi i nā ʻōlelo i hoʻomaka me 192.168 e hele ma kēia ala.

I mea e ʻike ai i ka hana a vpn-slice, ua hoʻoholo wau e nānā i nā mokuʻāina o nā papa ma mua a ma hope.

Ma mua o ka hoʻohuli ʻana i ka VPN ua like ia me kēia

route -n 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0

Ma hope o ke kāhea ʻana iā openconnect me ka ʻole vpn-slice ua like ia me kēia

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0
192.168.430.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.430.534 0.0.0.0         255.255.255.255 UH    0      0        0 tun0

A ma hope o ke kāhea ʻana iā openconnect i hui pū me ka vpn-slice e like me kēia

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0
192.168.430.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.430.534 0.0.0.0         255.255.255.255 UH    0      0        0 tun0

Hiki ke ʻike ʻia inā ʻaʻole ʻoe e hoʻohana i ka vpn-slice, a laila kākau ʻo openconnect i nā helu āpau, koe wale nā ​​​​mea i kuhikuhi ʻia, pono e komo ma o vpn.

Eia iho:

0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0

Ma laila, ma ka ʻaoʻao, hōʻike koke ʻia kahi ala ʻē aʻe, pono e hoʻohana ʻia inā ʻaʻole kūlike ka helu a Linux e hoʻāʻo nei e hele i kahi mask mai ka papaʻaina.

0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0

Ua kākau ʻia ma ʻaneʻi i kēia hihia pono ʻoe e hoʻohana i kahi adapter Wi-Fi maʻamau.

Manaʻo wau ua hoʻohana ʻia ke ala VPN no ka mea ʻo ia ka mea mua ma ka papa kuhikuhi.

A ma ka manaʻo, inā ʻoe e wehe i kēia ala paʻamau mai ka papa kuhikuhi, a laila e hui pū me ka dnsmasq openconnect e hōʻoia i ka hana maʻamau.

Ua ho'āʻo wau

route del default

A hana nā mea a pau.

Ke alahele i nā noi i kahi kikowaena leka uila me ka ʻole vpn-slice

Akā, loaʻa iaʻu kahi kikowaena leka uila me ka helu helu 555.555.555.555, pono hoʻi e kiʻi ʻia ma o VPN. Pono e hoʻohui lima ʻia ke ala e hele ai.

ip route add 555.555.555.555 via dev tun0

A i kēia manawa ua maikaʻi nā mea a pau. No laila hiki iā ʻoe ke hana me ka ʻole vpn-slice, akā pono ʻoe e ʻike pono i kāu mea e hana nei. Ke noʻonoʻo nei au i ka hoʻohui ʻana i ka laina hope o ka palapala openconnect maoli i ka wehe ʻana i ke ala paʻamau a hoʻohui i kahi ala no ka mea leka uila ma hope o ka hoʻopili ʻana i ka vpn, no ka liʻiliʻi o nā wahi neʻe i kaʻu kaʻa.

Malia paha, lawa kēia ʻōlelo hope i kekahi e hoʻomaopopo pehea e hoʻonohonoho ai i kahi VPN. Akā i koʻu hoʻāʻo ʻana e hoʻomaopopo i ka mea a pehea e hana ai, ua heluhelu au i ka nui o ia mau alakaʻi e hana ana no ka mea kākau, akā no kekahi kumu ʻaʻole pono iaʻu, a ua hoʻoholo wau e hoʻohui i nā ʻāpana āpau i loaʻa iaʻu. E hauʻoli loa wau i kekahi mea like.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka