ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Yuav ua li cas txuas rau lub tuam txhab VPN hauv Linux siv openconnect thiab vpn-slice

Yuav ua li cas txuas rau lub tuam txhab VPN hauv Linux siv openconnect thiab vpn-slice

Koj puas xav siv Linux ntawm kev ua haujlwm, tab sis koj lub tuam txhab VPN yuav tsis cia koj? Tom qab ntawd tsab xov xwm no yuav pab tau, txawm tias qhov no tsis paub tseeb. Kuv xav ceeb toom rau koj ua ntej tias kuv tsis nkag siab txog cov teeb meem kev tswj hwm network zoo, yog li nws muaj peev xwm ua tau txhua yam tsis raug. Ntawm qhov tod tes, nws muaj peev xwm hais tias kuv tuaj yeem sau cov lus qhia hauv txoj hauv kev uas nws yuav nkag siab rau cov neeg zoo tib yam, yog li kuv qhia koj kom sim.

Cov kab lus muaj ntau cov ntaub ntawv tsis tsim nyog, tab sis yog tsis muaj kev paub no kuv yuav tsis tuaj yeem daws cov teeb meem uas tau tshwm sim rau kuv nrog kev teeb tsa VPN. Kuv xav tias leej twg sim siv phau ntawv qhia no yuav muaj teeb meem uas kuv tsis muaj, thiab kuv vam tias cov ntaub ntawv ntxiv no yuav pab daws cov teeb meem no ntawm lawv tus kheej.

Feem ntau ntawm cov lus txib siv nyob rau hauv phau ntawv qhia no yuav tsum tau khiav ntawm sudo, uas tau raug tshem tawm rau brevity. Nco ntsoov.

Feem ntau qhov chaw nyob IP tau ua phem heev, yog li yog tias koj pom qhov chaw nyob zoo li 435.435.435.435, yuav tsum muaj qee tus IP ib txwm muaj, tshwj xeeb rau koj rooj plaub.

Kuv muaj Ubuntu 18.04, tab sis kuv xav tias nrog kev hloov me me cov lus qhia tuaj yeem siv rau lwm qhov kev faib tawm. Txawm li cas los xij, hauv cov ntawv no Linux == Ubuntu.

Cisco Txuas

Cov neeg uas nyob ntawm Windows lossis MacOS tuaj yeem txuas rau peb lub tuam txhab VPN ntawm Cisco Connect, uas yuav tsum tau qhia qhov chaw nyob ntawm lub rooj vag thiab, txhua zaus koj txuas, nkag mus rau lo lus zais uas suav nrog ib feem thiab tus lej tsim los ntawm Google Authenticator.

Nyob rau hauv rooj plaub ntawm Linux, Kuv tsis tuaj yeem tau txais Cisco Connect khiav, tab sis kuv tau tswj hwm google cov lus pom zoo siv openconnect, ua tshwj xeeb los hloov Cisco Connect.

Openconnect

Hauv kev xav, Ubuntu muaj qhov tshwj xeeb graphical interface rau openconnect, tab sis nws tsis ua haujlwm rau kuv. Tej zaum nws yog qhov zoo dua.

Ntawm Ubuntu, openconnect yog ntsia los ntawm tus thawj tswj pob.

apt install openconnect

Tam sim ntawd tom qab kev teeb tsa, koj tuaj yeem sim txuas rau VPN

openconnect --user poxvuibr vpn.evilcorp.com

vpn.evilcorp.com yog qhov chaw nyob ntawm qhov tseeb VPN
poxvuibr - tsis tseeb username

openconnect yuav hais kom koj nkag mus rau lo lus zais, uas, cia kuv ceeb toom rau koj, muaj ib feem ruaj khov thiab cov lej los ntawm Google Authenticator, thiab tom qab ntawd nws yuav sim txuas rau vpn. Yog tias nws ua haujlwm, ua kev zoo siab, koj tuaj yeem muaj kev nyab xeeb hla nruab nrab, uas yog qhov mob hnyav heev, thiab txav mus rau qhov taw qhia txog kev sib txuas ntawm openconnect khiav hauv keeb kwm yav dhau. Yog tias nws tsis ua haujlwm, koj tuaj yeem txuas ntxiv mus. Txawm hais tias nws ua haujlwm thaum sib txuas, piv txwv li, los ntawm cov qhua Wi-Fi tom haujlwm, ces nws yuav ntxov dhau los ua kev zoo siab; koj yuav tsum sim rov ua cov txheej txheem hauv tsev.

Daim ntawv pov thawj

Muaj qhov tshwm sim siab uas tsis muaj dab tsi yuav pib, thiab cov txiaj ntsig openconnect yuav zoo li no:

POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found

Certificate from VPN server "vpn.evilcorp.com" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
    --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress

Ntawm qhov tod tes, qhov no tsis txaus siab, vim tias tsis muaj kev sib txuas rau VPN, tab sis ntawm qhov tod tes, yuav ua li cas kho qhov teeb meem no, hauv txoj cai, meej.

Ntawm no tus neeg rau zaub mov xa peb daim ntawv pov thawj, uas peb tuaj yeem txiav txim siab tias qhov kev sib txuas tau ua rau cov neeg rau zaub mov ntawm peb lub koom haum ib txwm muaj, thiab tsis yog rau tus neeg dag ntxias phem, thiab daim ntawv pov thawj no tsis paub txog qhov system. Thiab yog li ntawd nws tsis tuaj yeem kuaj xyuas seb lub server puas yog tiag lossis tsis yog. Thiab yog li ntawd, nyob rau hauv rooj plaub, nws tsis ua haujlwm.

Txhawm rau qhib kev sib txuas mus txuas rau lub server, koj yuav tsum qhia meej meej tias daim ntawv pov thawj twg yuav tsum tau los ntawm VPN server siv tus yuam sij -servercert

Thiab koj tuaj yeem nrhiav tau daim ntawv pov thawj twg tus neeg rau zaub mov xa tuaj ncaj qha los ntawm dab tsi openconnect luam tawm. Ntawm no yog los ntawm cov khoom no:

To trust this server in future, perhaps add this to your command line:
    --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress

Nrog cov lus txib no koj tuaj yeem sim txuas dua

openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.com

Tej zaum tam sim no nws ua haujlwm, ces koj tuaj yeem txav mus rau qhov kawg. Tab sis tus kheej, Ubunta tau qhia kuv ib daim duab hauv daim ntawv no

POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.evilcorp.com
XML POST enabled
Please enter your username and password.
POST https://vpn.evilcorp.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 300, Keepalive 30
Set up DTLS failed; using SSL instead
Connected as 192.168.333.222, using SSL
NOSSSSSHHHHHHHDDDDD
3
NOSSSSSHHHHHHHDDDDD
3
RTNETLINK answers: File exists
/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf

/etc/resolv.conf

# Generated by NetworkManager
search gst.evilcorpguest.com
nameserver 127.0.0.53

/run/resolvconf/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 192.168.430.534
nameserver 127.0.0.53
search evilcorp.com gst.publicevilcorp.com

habr.com yuav daws, tab sis koj yuav tsis tuaj yeem mus rau ntawd. Chaw nyob zoo li jira.evilcorp.com tsis daws txhua.

Qhov tshwm sim ntawm no tsis meej rau kuv. Tab sis kev sim qhia tau hais tias yog tias koj ntxiv kab rau /etc/resolv.conf

nameserver 192.168.430.534

tom qab ntawd cov chaw nyob hauv VPN yuav pib daws teeb meem thiab koj tuaj yeem taug kev los ntawm lawv, uas yog, qhov DNS tab tom nrhiav los daws qhov chaw nyob tshwj xeeb hauv /etc/resolv.conf, thiab tsis yog lwm qhov.

Koj tuaj yeem txheeb xyuas tau tias muaj kev sib txuas rau VPN thiab nws ua haujlwm yam tsis tau hloov pauv rau /etc/resolv.conf; ua qhov no, tsuas yog nkag mus rau hauv browser tsis yog lub cim lub npe ntawm cov peev txheej los ntawm VPN, tab sis nws qhov chaw nyob IP

Yog li ntawd, muaj ob qho teeb meem

  • Thaum txuas rau VPN, nws cov dns tsis tau khaws
  • tag nrho cov tsheb khiav mus los ntawm VPN, uas tsis tso cai rau kev nkag mus rau Is Taws Nem

Kuv mam li qhia koj yuav ua li cas tam sim no, tab sis ua ntej me ntsis automation.

Tsis siv neeg nkag ntawm qhov chaw ruaj khov ntawm tus password

Txog tam sim no, koj yuav tau nkag mus rau koj tus password tsawg kawg tsib zaug thiab cov txheej txheem no twb nkees koj tawm. Ua ntej, vim hais tias tus password ntev ntev, thiab qhov thib ob, vim tias thaum nkag mus rau koj yuav tsum haum rau lub sijhawm teem sijhawm

Qhov kawg kev daws teeb meem tsis suav nrog hauv tsab xov xwm, tab sis koj tuaj yeem paub tseeb tias qhov chaw ruaj khov ntawm tus password tsis tas yuav nkag mus rau ntau zaus.

Cia peb hais tias qhov ruaj khov ntawm tus password yog fixedPassword, thiab ib feem ntawm Google Authenticator yog 567 987. Tag nrho lo lus zais tuaj yeem dhau mus rau openconnect ntawm tus qauv nkag siv qhov kev sib cav --passwd-on-stdin .

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.com --passwd-on-stdin

Tam sim no koj tuaj yeem rov qab mus rau qhov kawg nkag mus hais kom ua thiab hloov tsuas yog ib feem ntawm Google Authenticator nyob ntawd.

Lub tuam txhab VPN tsis tso cai rau koj mus ncig hauv Internet.

Feem ntau, nws tsis yooj yim heev thaum koj yuav tsum siv lub computer cais mus rau Habr. Qhov tsis muaj peev xwm luam tawm los ntawm stackoverfow feem ntau tuaj yeem ua rau tuag tes tuag taw ua haujlwm, yog li qee yam yuav tsum tau ua.

Peb yuav tsum tau npaj nws li cas thaum koj xav tau nkag mus rau cov peev txheej los ntawm lub network sab hauv, Linux mus rau VPN, thiab thaum koj xav mus rau Habr, nws mus rau Is Taws Nem.

openconnect, tom qab tso tawm thiab tsim kev sib txuas nrog vpn, ua tiav cov ntawv tshwj xeeb, uas nyob hauv /usr/share/vpnc-scripts/vpnc-scripts. Qee qhov hloov pauv tau dhau mus rau tsab ntawv raws li kev nkag, thiab nws teeb tsa VPN. Hmoov tsis zoo, kuv tsis tuaj yeem txiav txim siab yuav ua li cas faib cov tsheb khiav ntawm lub tuam txhab VPN thiab lwm tus hauv Is Taws Nem siv cov ntawv ib txwm muaj.

Pom tau tias, cov khoom siv vpn-slice tau tsim tshwj xeeb rau cov neeg zoo li kuv, uas tso cai rau koj xa tsheb mus los ntawm ob txoj hauv kev yam tsis muaj kev seev cev nrog tambourine. Zoo, uas yog, koj yuav tsum tau seev cev, tab sis koj tsis tas yuav yog ib tug shaman.

Kev sib cais tsheb siv vpn-slice

Ua ntej, koj yuav tau nruab vpn-slice, koj yuav tsum paub qhov no koj tus kheej. Yog tias muaj lus nug hauv cov lus, kuv yuav sau ib tsab ntawv cais txog qhov no. Tab sis qhov no yog qhov program Python tsis tu ncua, yog li yuav tsum tsis txhob muaj teeb meem. Kuv ntsia siv virtualenv.

Thiab tom qab ntawd cov khoom siv hluav taws xob yuav tsum raug siv, siv qhov hloov pauv -script, qhia rau kev sib txuas uas tsis yog tus qauv ntawv, koj yuav tsum siv vpn-slice

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin 
--script "./bin/vpn-slice 192.168.430.0/24  " vpn.evilcorp.com

--script yog dhau ib txoj hlua nrog cov lus txib uas yuav tsum tau hu los ntawm tsab ntawv. ./bin/vpn-slice - txoj kev mus rau vpn-slice executable file 192.168.430.0/24 - daim npog qhov chaw nyob mus rau hauv vpn. Ntawm no, peb txhais tau tias yog qhov chaw nyob pib nrog 192.168.430, ces cov peev txheej nrog qhov chaw nyob no yuav tsum tau tshawb xyuas hauv VPN

Qhov xwm txheej yuav tsum tam sim no yuav luag zoo li qub. Yuav luag. Tam sim no koj tuaj yeem mus rau Habr thiab koj tuaj yeem mus rau cov peev txheej hauv kev lag luam los ntawm ip, tab sis koj tsis tuaj yeem mus rau cov peev txheej hauv kev lag luam los ntawm lub npe cim. Yog tias koj qhia qhov sib tw ntawm lub cim lub npe thiab chaw nyob hauv cov tswv, txhua yam yuav tsum ua haujlwm. Thiab ua hauj lwm kom txog thaum lub ip hloov. Tam sim no Linux tuaj yeem nkag mus rau Is Taws Nem lossis intranet, nyob ntawm tus IP. Tab sis tsis yog koom nrog DNS tseem siv los txiav txim qhov chaw nyob.

Qhov teeb meem kuj tuaj yeem tshwm sim nws tus kheej hauv daim ntawv no - ntawm kev ua haujlwm txhua yam zoo, tab sis hauv tsev koj tuaj yeem nkag mus rau hauv tuam txhab peev txheej ntawm IP nkaus xwb. Qhov no yog vim tias thaum koj txuas nrog lub tuam txhab Wi-Fi, cov tuam txhab DNS kuj tseem siv, thiab cov cim chaw nyob los ntawm VPN raug daws hauv nws, txawm tias nws tseem tsis tuaj yeem mus rau qhov chaw nyob yam tsis siv VPN.

Tsis siv neeg hloov kho ntawm cov ntaub ntawv hosts

Yog tias vpn-slice raug nug kom coj zoo, tom qab tsa lub VPN, nws tuaj yeem mus rau nws cov DNS, pom muaj qhov chaw nyob IP ntawm cov peev txheej tsim nyog los ntawm lawv cov npe cim thiab nkag mus rau hauv cov tswv. Tom qab kaw VPN, cov chaw nyob no yuav raug tshem tawm ntawm cov tswv. Txhawm rau ua qhov no, koj yuav tsum dhau cov cim npe rau vpn-slice ua cov lus sib cav. Zoo li no.

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Tam sim no txhua yam yuav tsum ua haujlwm ob qho tib si hauv chaw ua haujlwm thiab ntawm ntug hiav txwv.

Tshawb nrhiav qhov chaw nyob ntawm txhua tus subdomains hauv DNS muab los ntawm VPN

Yog tias muaj qee qhov chaw nyob hauv lub network, ces txoj hauv kev ntawm kev hloov kho cov ntaub ntawv hosts ua haujlwm zoo heev. Tab sis yog tias muaj ntau qhov kev pab cuam hauv lub network, ces koj yuav tsum tau ntxiv cov kab xws li zoidberg.test.evilcorp.com rau tsab ntawv zoidberg yog lub npe ntawm ib qho ntawm cov rooj zaum xeem.

Tab sis tam sim no peb nkag siab me ntsis vim li cas qhov kev xav tau no tuaj yeem raug tshem tawm.

Yog tias, tom qab tsa lub VPN, koj saib hauv /etc/hosts, koj tuaj yeem pom kab no

192.168.430.534 dns0.tun0 # vpn-slice-tun0 AUTOCREATED

Thiab ib kab tshiab tau ntxiv rau resolv.conf. Hauv luv luv, vpn-slice tau txiav txim siab qhov twg dns server rau vpn nyob.

Tam sim no peb yuav tsum ua kom paub tseeb tias yuav tsum nrhiav tus IP chaw nyob uas xav tau kev ua haujlwm DNAPate, thiab yog tias muaj lwm yam ntxiv, tom qab ntawd rau lub neej ntawd.

Kuv Googled rau qee lub sijhawm thiab pom tias cov haujlwm zoo li no muaj nyob hauv Ubuntu tawm ntawm lub thawv. Qhov no txhais tau tias muaj peev xwm siv lub zos DNS server dnsmasq los daws cov npe.

Ntawd yog, koj tuaj yeem ua kom paub tseeb tias Linux ib txwm mus rau lub zos DNS server rau IP chaw nyob, uas nyob rau hauv lem, nyob ntawm seb lub npe sau, yuav nrhiav tus IP ntawm tus sib raug zoo DNS server.

Txhawm rau tswj hwm txhua yam cuam tshuam nrog kev sib txuas thiab kev sib txuas hauv network, Ubuntu siv NetworkManager, thiab cov duab kos rau kev xaiv, piv txwv li, kev sib txuas Wi-Fi tsuas yog ua ntej kawg rau nws.

Peb yuav tsum tau nce hauv nws qhov kev teeb tsa.

  1. Tsim cov ntaub ntawv hauv /etc/NetworkManager/dnsmasq.d/evilcorp

chaw nyob =/.evilcorp.com/192.168.430.534

Them mloog mus rau lub ntsiab lus nyob rau hauv pem hauv ntej ntawm evilcorp. Nws qhia dnsmasq tias tag nrho cov subdomains ntawm evilcorp.com yuav tsum tau tshawb xyuas hauv cov tuam txhab dns.

  1. Qhia NetworkManager siv dnsmasq rau kev daws teeb meem lub npe

Lub network-tus tswj kev teeb tsa nyob hauv /etc/NetworkManager/NetworkManager.conf Koj yuav tsum tau ntxiv rau qhov ntawd:

[main] dns=dnsmasq

  1. Pib dua NetworkManager

service network-manager restart

Tam sim no, tom qab txuas rau VPN siv openconnect thiab vpn-slice, ip yuav txiav txim siab ib txwm, txawm tias koj tsis ntxiv cov cim chaw nyob rau cov lus sib cav rau vpnslice.

Yuav ua li cas nkag mus rau tus kheej cov kev pabcuam ntawm VPN

Tom qab kuv tswj hwm txuas rau VPN, kuv zoo siab heev rau ob hnub, thiab tom qab ntawd nws tau pom tias yog tias kuv txuas rau VPN los ntawm sab nraud lub chaw ua haujlwm network, xa ntawv tsis ua haujlwm. Cov tsos mob yog paub, puas yog?

Peb cov ntawv xa tuaj nyob rau hauv mail.publicevilcorp.com, uas txhais tau tias nws tsis poob raws li txoj cai hauv dnsmasq thiab qhov chaw nyob xa ntawv tau tshawb xyuas los ntawm pej xeem DNS.

Zoo, lub chaw ua haujlwm tseem siv DNS, uas muaj qhov chaw nyob no. Qhov ntawd yog qhov kuv xav. Qhov tseeb, tom qab ntxiv cov kab rau dnsmasq

chaw nyob =/mail.publicevilcorp.com/192.168.430.534

qhov xwm txheej tsis tau hloov hlo li. ip tseem zoo li qub. Kuv yuav tsum mus ua hauj lwm.

Thiab tsuas yog tom qab ntawd, thaum kuv delved tob rau hauv qhov teeb meem thiab to taub qhov teeb meem me ntsis, ib tug neeg ntse qhia kuv yuav ua li cas daws nws. Nws yog ib qho tsim nyog los txuas rau tus neeg xa ntawv tsis yog li ntawd, tab sis los ntawm VPN

Kuv siv vpn-slice mus dhau lub VPN rau qhov chaw nyob uas pib nrog 192.168.430. Thiab tus neeg rau zaub mov tsis tsuas yog muaj lub cim chaw nyob uas tsis yog subdomain ntawm evilcorp, nws kuj tsis muaj qhov chaw nyob IP uas pib nrog 192.168.430. Thiab ntawm chav kawm nws tsis pub leej twg los ntawm lub network dav dav tuaj rau nws.

Txhawm rau Linux mus dhau VPN thiab mus rau tus xa ntawv xa ntawv, koj yuav tsum tau ntxiv nws rau vpn-slice ib yam. Wb hais tus xa ntawv qhov chaw nyob yog 555.555.555.555

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 555.555.555.555 192.168.430.0/24" vpn.evilcorp.com

Tsab ntawv rau tsa VPN nrog ib qho kev sib cav

Tag nrho cov no, ntawm chav kawm, tsis yooj yim heev. Yog lawm, koj tuaj yeem khaws cov ntawv sau rau hauv cov ntaub ntawv thiab luam tawm rau hauv lub console es tsis txhob ntaus ntawv los ntawm tes, tab sis nws tseem tsis txaus siab heev. Txhawm rau ua kom cov txheej txheem yooj yim dua, koj tuaj yeem qhwv cov lus txib hauv tsab ntawv uas yuav nyob hauv PATH. Thiab tom qab ntawd koj tsuas yog yuav tsum nkag mus rau tus lej tau txais los ntawm Google Authenticator

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Yog tias koj muab tsab ntawv tso rau hauv txuas ~ phemcorp~ koj tuaj yeem sau yooj yim hauv console

connect_evil_corp 567987

Tab sis tam sim no koj tseem yuav tsum khaws lub console uas openconnect tau qhib rau qee yam

Khiav openconnect hauv keeb kwm yav dhau

Hmoov zoo, cov kws sau ntawv ntawm openconnect tau saib xyuas peb thiab ntxiv qhov tseem ceeb tshwj xeeb rau qhov kev pab cuam -background, uas ua rau qhov kev zov me nyuam ua haujlwm hauv keeb kwm yav dhau tom qab tso tawm. Yog tias koj khiav nws zoo li no, koj tuaj yeem kaw lub console tom qab tso tawm

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Tam sim no nws tsuas yog tsis paub meej qhov twg cov cav mus. Feem ntau, peb tsis xav tau cov cav, tab sis koj yeej tsis paub. openconnect tuaj yeem hloov lawv mus rau syslog, qhov twg lawv yuav raug khaws cia kom nyab xeeb thiab nyab xeeb. koj yuav tsum ntxiv qhov -syslog hloov mus rau qhov hais kom ua

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Thiab yog li ntawd, nws hloov tawm tias openconnect ua haujlwm nyob rau hauv keeb kwm yav dhau thiab tsis thab leej twg, tab sis nws tsis paub meej tias yuav ua li cas. Ntawd yog, koj tuaj yeem, tau kawg, lim cov zis ps siv grep thiab nrhiav cov txheej txheem uas nws lub npe muaj openconnect, tab sis qhov no yog qee qhov tedious. Ua tsaug rau cov neeg sau ntawv uas xav txog qhov no thiab. Openconnect muaj qhov tseem ceeb -pid-file, uas koj tuaj yeem qhia openconnect los sau nws cov txheej txheem tus lej rau cov ntaub ntawv.

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background  
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com  
--pid-file ~/vpn-pid

Tam sim no koj yeej ib txwm tua ib tug txheej txheem nrog cov lus txib

kill $(cat ~/vpn-pid)

Yog tsis muaj txheej txheem, tua yuav foom phem, tab sis yuav tsis pov ib qho yuam kev. Yog tias cov ntaub ntawv tsis nyob ntawd, ces tsis muaj dab tsi phem yuav tshwm sim, yog li koj tuaj yeem tua cov txheej txheem hauv thawj kab ntawm tsab ntawv.

kill $(cat ~/vpn-pid)
#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com  
--pid-file ~/vpn-pid

Tam sim no koj tuaj yeem qhib koj lub khoos phis tawm, qhib lub console thiab khiav cov lus txib, hla nws cov lej los ntawm Google Authenticator. Tom qab ntawd lub console tuaj yeem raug ntsia.

Tsis muaj VPN-slice. Es tsis txhob hais lus tom qab

Nws tau dhau los ua nyuaj heev kom nkag siab yuav ua li cas nyob tsis muaj VPN-slice. Kuv yuav tsum tau nyeem thiab google ntau heev. Hmoov zoo, tom qab siv sij hawm ntau nrog ib qho teeb meem, kev qhia ntawv thiab txawm tias tus txiv neej openconnect nyeem zoo li cov dab neeg zoo siab.

Raws li qhov tshwm sim, kuv pom tias vpn-slice, zoo li cov ntawv ib txwm muaj, hloov kho lub rooj sib tham kom cais cov tes hauj lwm.

Routing rooj

Txhawm rau muab nws yooj yim, qhov no yog lub rooj hauv thawj kab uas muaj qhov chaw nyob uas Linux xav mus dhau los yuav tsum pib nrog, thiab hauv kab thib ob uas lub network adapter mus dhau ntawm qhov chaw nyob no. Qhov tseeb, muaj ntau tus neeg hais lus, tab sis qhov no tsis hloov lub ntsiab lus.

Txhawm rau saib cov lus routing, koj yuav tsum khiav ip txoj kev hais kom ua

default via 192.168.1.1 dev wlp3s0 proto dhcp metric 600 
192.168.430.0/24 dev tun0 scope link 
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.534 metric 600 
192.168.430.534 dev tun0 scope link

Ntawm no, txhua kab yog lub luag haujlwm rau qhov chaw koj yuav tsum tau mus txhawm rau txhawm rau xa lus mus rau qee qhov chaw nyob. Thawj yog qhov piav qhia ntawm qhov chaw nyob yuav tsum pib. Yuav kom nkag siab txog yuav ua li cas txiav txim siab tias 192.168.0.0/16 txhais tau tias qhov chaw nyob yuav tsum pib nrog 192.168, koj yuav tsum mus rau google seb qhov chaw nyob IP npog yog dab tsi. Tom qab dev muaj lub npe ntawm lub adapter uas cov lus yuav tsum tau xa.

Rau VPN, Linux ua lub tshuab hloov pauv virtual - tun0. Txoj kab kom ntseeg tau tias kev khiav tsheb rau txhua qhov chaw nyob pib nrog 192.168 mus dhau nws

192.168.0.0/16 dev tun0 scope link

Koj tuaj yeem saib lub xeev tam sim no ntawm lub rooj sib tham siv cov lus txib lawv txoj kev (IP chaw nyob yog cleverly anonymized) Cov lus txib no ua rau hauv ib daim ntawv sib txawv thiab feem ntau deprecated, tab sis nws cov zis feem ntau pom nyob rau hauv phau ntawv qhia hauv Internet thiab koj yuav tsum tau nyeem nws.

Qhov twg IP chaw nyob rau txoj kev yuav tsum pib tuaj yeem nkag siab los ntawm kev sib xyaw ntawm Kab Lus Txhais thiab Genmask. Cov ntu ntawm IP chaw nyob uas sib haum nrog cov lej 255 hauv Genmask raug suav nrog, tab sis cov uas muaj 0 tsis yog. Ntawd yog, kev sib xyaw ntawm Destination 192.168.0.0 thiab Genmask 255.255.255.0 txhais tau tias yog qhov chaw nyob pib nrog 192.168.0, ces qhov kev thov rau nws yuav mus raws txoj kev no. Thiab yog tias Destination 192.168.0.0 tab sis Genmask 255.255.0.0, ces thov rau qhov chaw nyob uas pib nrog 192.168 yuav mus raws txoj kev no

Txhawm rau txheeb xyuas qhov vpn-slice ua tau tiag tiag, kuv txiav txim siab los saib cov xeev ntawm cov ntxhuav ua ntej thiab tom qab.

Ua ntej qhib lub VPN nws zoo li no

route -n 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0

Tom qab hu openconnect tsis muaj vpn-slice nws tau zoo li no

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0
192.168.430.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.430.534 0.0.0.0         255.255.255.255 UH    0      0        0 tun0

Thiab tom qab hu openconnect ua ke nrog vpn-slice li no

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0
192.168.430.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.430.534 0.0.0.0         255.255.255.255 UH    0      0        0 tun0

Nws tuaj yeem pom tias yog tias koj tsis siv vpn-slice, ces openconnect qhia meej tias txhua qhov chaw nyob, tshwj tsis yog cov uas tau hais tshwj xeeb, yuav tsum tau nkag los ntawm vpn.

Ntawm no:

0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0

Nyob ntawd, nyob ib sab ntawm nws, lwm txoj hauv kev tau qhia tam sim ntawd, uas yuav tsum tau siv yog qhov chaw nyob uas Linux tab tom sim hla tsis sib xws ib daim npog ntsej muag ntawm lub rooj.

0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0

Nws twb tau sau ntawm no tias nyob rau hauv cov ntaub ntawv no koj yuav tsum tau siv tus qauv Wi-Fi adapter.

Kuv ntseeg tias txoj kev VPN siv vim nws yog thawj tus hauv cov lus qhia.

Thiab theoretically, yog tias koj tshem tawm txoj hauv kev no los ntawm lub rooj sib tham, tom qab ntawd ua ke nrog dnsmasq openconnect yuav tsum ua kom muaj kev ua haujlwm zoo.

kuv sim

route del default

Thiab txhua yam ua haujlwm.

Routing thov mus rau mail server yam tsis muaj vpn-slice

Tab sis kuv kuj muaj ib tus neeg rau zaub mov xa tuaj nrog qhov chaw nyob 555.555.555.555, uas kuj yuav tsum tau nkag los ntawm VPN. Txoj kev mus rau nws kuj yuav tsum tau ntxiv manually.

ip route add 555.555.555.555 via dev tun0

Thiab tam sim no txhua yam zoo. Yog li koj tuaj yeem ua yam tsis muaj vpn-slice, tab sis koj yuav tsum paub zoo tias koj ua dab tsi. Tam sim no kuv tab tom xav txog kev ntxiv rau kab kawg ntawm haiv neeg openconnect tsab ntawv tshem tawm ntawm txoj kev ua ntej thiab ntxiv txoj hauv kev rau tus xa ntawv tom qab txuas rau vpn, tsuas yog kom muaj tsawg dua qhov txav hauv kuv lub tsheb kauj vab.

Tej zaum, cov lus tom qab no yuav txaus rau ib tus neeg kom nkag siab yuav ua li cas teeb tsa VPN. Tab sis thaum kuv tab tom sim nkag siab tias yuav ua li cas thiab yuav ua li cas, kuv tau nyeem ntau cov lus qhia zoo li no uas ua haujlwm rau tus sau, tab sis rau qee yam tsis ua haujlwm rau kuv, thiab kuv txiav txim siab ntxiv rau ntawm no txhua daim uas kuv pom. Kuv yuav zoo siab heev txog tej yam zoo li ntawd.

Tau qhov twg los: www.hab.com

Ntxiv ib saib