ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Phau ntawv "Linux in Action"

Phau ntawv "Linux in Action"

Phau ntawv "Linux in Action" Nyob zoo, cov neeg nyob hauv Khabro! Hauv phau ntawv, David Clinton piav qhia txog 12 txoj haujlwm hauv lub neej tiag tiag, suav nrog kev ua haujlwm ntawm koj lub thaub qab thiab rov qab, teeb tsa Dropbox-style tus kheej cov ntaub ntawv huab, thiab tsim koj tus kheej MediaWiki server. Koj yuav tshawb txog virtualization, kev puas tsuaj rov qab, kev ruaj ntseg, thaub qab, DevOps, thiab kev daws teeb meem los ntawm cov ntaub ntawv nthuav dav. Txhua tshooj xaus nrog kev tshuaj xyuas cov kev coj ua zoo tshaj plaws, cov ntsiab lus ntawm cov ntsiab lus tshiab, thiab kev tawm dag zog.

Cov ntsiab lus "10.1. Tsim ib qho OpenVPN qhov "

Kuv twb tau tham ntau txog kev encryption hauv phau ntawv no. SSH thiab SCP tuaj yeem tiv thaiv cov ntaub ntawv xa mus rau cov chaw taws teeb sib txuas (Tshooj 3), cov ntaub ntawv encryption tuaj yeem tiv thaiv cov ntaub ntawv thaum nws khaws cia rau hauv server (Tshooj 8), thiab daim ntawv pov thawj TLS / SSL tuaj yeem tiv thaiv cov ntaub ntawv pauv ntawm cov chaw thiab cov neeg siv browsers (Tshooj 9) . Tab sis qee zaum koj cov ntaub ntawv xav tau kev tiv thaiv thoob plaws ntau qhov kev sib txuas. Piv txwv li, tej zaum qee tus ntawm koj pab neeg ua haujlwm ntawm txoj kev thaum txuas rau Wi-Fi ntawm pej xeem hotspots. Koj yuav tsum tsis txhob xav tias tag nrho cov ntsiab lus nkag no muaj kev nyab xeeb, tab sis koj cov neeg xav tau txoj hauv kev txuas mus rau cov tuam txhab peev txheej - thiab qhov ntawd yog qhov uas VPN tuaj yeem pab.

Lub qhov VPN tsim tau zoo muab kev sib txuas ncaj qha ntawm cov neeg siv khoom thaj chaw deb thiab cov neeg rau zaub mov hauv txoj hauv kev uas zais cov ntaub ntawv thaum nws mus dhau lub network tsis ruaj ntseg. Yog li cas? Koj twb pom ntau yam cuab yeej uas tuaj yeem ua qhov no nrog encryption. Tus nqi tiag tiag ntawm VPN yog tias los ntawm kev qhib lub qhov, koj tuaj yeem txuas cov chaw taws teeb tswj tau zoo li lawv txhua tus hauv zos. Hauv kev nkag siab, koj siv lub bypass.

Siv lub network txuas ntxiv no, cov thawj coj tuaj yeem ua lawv txoj haujlwm ntawm lawv cov servers los ntawm txhua qhov chaw. Tab sis qhov tseem ceeb tshaj, lub tuam txhab nrog cov peev txheej nthuav dav thoob plaws ntau qhov chaw tuaj yeem ua rau lawv pom thiab nkag mus rau txhua pawg uas xav tau lawv, nyob qhov twg lawv nyob (Daim duab 10.1).

Lub qhov av nws tus kheej tsis lav kev ruaj ntseg. Tab sis ib qho ntawm cov txheej txheem encryption tuaj yeem suav nrog hauv cov qauv network, uas ua rau nce qib ntawm kev ruaj ntseg. Tunnels tsim siv lub pob qhib OpenVPN siv tib TLS/SSL encryption koj twb tau nyeem txog. OpenVPN tsis yog qhov kev xaiv tunneling nkaus xwb, tab sis nws yog ib qho paub zoo tshaj plaws. Nws raug suav tias yog me ntsis sai dua thiab muaj kev nyab xeeb dua li lwm qhov txheej txheem txheej txheem 2 qhov chaw uas siv IPsec encryption.

Koj puas xav kom txhua tus neeg hauv koj pab neeg sib txuas lus ruaj ntseg nrog ib leeg thaum taug kev lossis ua haujlwm hauv ntau lub tsev? Txhawm rau ua qhov no, koj yuav tsum tsim ib qho OpenVPN server kom tso cai rau kev sib koom thiab nkag mus rau tus neeg rau zaub mov hauv zos network ib puag ncig. Txhawm rau ua qhov no, txhua yam koj yuav tsum ua yog khiav ob lub tshuab virtual lossis ob lub thawv: ib qho los ua tus neeg rau zaub mov / tus tswv tsev thiab ib qho los ua tus neeg siv khoom. Tsim lub VPN tsis yog txheej txheem yooj yim, yog li nws yuav tsim nyog siv ob peb feeb kom tau txais daim duab loj hauv siab.

Phau ntawv "Linux in Action"

10.1.1. OpenVPN Server Configuration

Ua ntej koj pib, kuv yuav muab qee cov lus qhia tseem ceeb rau koj. Yog tias koj yuav ua koj tus kheej (thiab kuv xav kom koj ua), koj yuav pom koj tus kheej ua haujlwm nrog ntau lub davhlau ya nyob twg qhib ntawm koj lub Desktop, txhua qhov txuas nrog lub tshuab sib txawv. Muaj kev pheej hmoo tias qee lub sijhawm koj yuav nkag mus rau qhov tsis ncaj ncees lawm hais kom ua rau lub qhov rais. Txhawm rau zam qhov no, koj tuaj yeem siv lub hostname hais kom hloov lub tshuab npe tso tawm ntawm kab hais kom ua rau qee yam uas qhia meej tias koj nyob qhov twg. Thaum koj ua qhov no, koj yuav tsum tau tawm ntawm lub server thiab rov qab nkag rau hauv cov chaw tshiab kom siv tau. Nov yog qhov nws zoo li:

Phau ntawv "Linux in Action"
Los ntawm kev ua raws li txoj hauv kev no thiab muab cov npe tsim nyog rau txhua lub tshuab uas koj ua haujlwm nrog, koj tuaj yeem yooj yim taug qab koj nyob qhov twg.

Tom qab siv hostname, koj yuav ntsib kev ntxhov siab Tsis tuaj yeem daws Host OpenVPN-Server lus thaum ua cov lus txib tom ntej. Hloov kho cov ntaub ntawv /etc/hosts nrog lub npe tshiab tsim nyog yuav tsum daws qhov teeb meem.

Npaj koj lub server rau OpenVPN

Txhawm rau nruab OpenVPN ntawm koj lub server, koj xav tau ob pob: openvpn thiab yooj yim-rsa (los tswj cov txheej txheem encryption tseem ceeb). CentOS cov neeg siv yuav tsum xub nruab lub epel-tso repository yog tias tsim nyog, raws li koj tau ua nyob rau hauv Tshooj 2. Txhawm rau kom nkag mus rau hauv daim ntawv thov server, koj tuaj yeem nruab Apache web server (apache2 ntawm Ubuntu thiab httpd ntawm CentOS).

Thaum koj tab tom teeb tsa koj lub server, kuv xav kom qhib lub firewall uas thaiv txhua qhov chaw nres nkoj tshwj tsis yog 22 (SSH) thiab 1194 (OpenVPN qhov chaw nres nkoj default). Qhov piv txwv no qhia txog yuav ua li cas ufw yuav ua haujlwm ntawm Ubuntu, tab sis kuv paub tseeb tias koj tseem nco txog CentOS firewalld program los ntawm Tshooj 9:

# ufw enable
# ufw allow 22
# ufw allow 1194

Txhawm rau ua kom muaj kev sib txuas sab hauv nruab nrab ntawm kev sib txuas hauv network ntawm tus neeg rau zaub mov, koj yuav tsum tsis hais ib kab (net.ipv4.ip_forward = 1) hauv /etc/sysctl.conf cov ntaub ntawv. Qhov no yuav tso cai rau cov neeg siv khoom nyob deb tau xa rov qab raws li xav tau thaum lawv txuas nrog. Txhawm rau ua qhov kev xaiv tshiab ua haujlwm, khiav sysctl -p:

# nano /etc/sysctl.conf
# sysctl -p

Tam sim no koj lub server ib puag ncig tau teeb tsa tag nrho, tab sis tseem muaj ib qho ntxiv ua ntej koj npaj tau: koj yuav tsum ua kom tiav cov kauj ruam hauv qab no (peb yuav npog lawv kom ntxaws ntxiv tom ntej).

  1. Tsim cov txheej txheem pej xeem tseem ceeb (PKI) cov yuam sij encryption ntawm lub server siv cov ntawv sau nrog cov pob yooj yim-rsa. Qhov tseem ceeb, OpenVPN server kuj ua raws li nws tus kheej daim ntawv pov thawj txoj cai (CA).
  2. Npaj cov yuam sij tsim nyog rau tus neeg siv khoom
  3. Configure server.conf cov ntaub ntawv rau lub server
  4. Teeb tsa koj tus neeg siv khoom OpenVPN
  5. Tshawb xyuas koj lub VPN

Tsim cov yuam sij encryption

Txhawm rau khaws tej yam yooj yim, koj tuaj yeem teeb tsa koj cov txheej txheem tseem ceeb ntawm tib lub tshuab uas OpenVPN server tab tom khiav. Txawm li cas los xij, qhov kev coj ua zoo tshaj plaws ntawm kev nyab xeeb feem ntau qhia tias siv CA cais server rau kev xa tawm ntau lawm. Cov txheej txheem ntawm kev tsim thiab xa tawm encryption cov peev txheej tseem ceeb rau kev siv hauv OpenVPN yog qhia hauv daim duab. 10.2.

Phau ntawv "Linux in Action"
Thaum koj nruab OpenVPN, lub /etc/openvpn/ directory tau txiav txim siab tsim, tab sis tsis muaj dab tsi nyob rau hauv nws tseem. Cov pob khoom openvpn thiab yooj yim-rsa tuaj nrog cov ntaub ntawv piv txwv uas koj tuaj yeem siv ua lub hauv paus rau koj qhov kev teeb tsa. Txhawm rau pib cov txheej txheem ntawv pov thawj, luam daim ntawv qhia yooj yim-rsa template los ntawm /usr/share/ rau /etc/openvpn thiab hloov mus rau qhov yooj yim-rsa/ directory:

# cp -r /usr/share/easy-rsa/ /etc/openvpn
$ cd /etc/openvpn/easy-rsa

Daim ntawv qhia yooj yim-rsa tam sim no yuav muaj ob peb tsab ntawv. Hauv rooj 10.1 teev cov cuab yeej koj yuav siv los tsim cov yuam sij.

Phau ntawv "Linux in Action"

Cov haujlwm saum toj no xav tau cov cai hauv paus, yog li koj yuav tsum tau ua hauv paus ntawm sudo su.

Thawj cov ntaub ntawv koj yuav ua haujlwm nrog yog hu ua vars thiab muaj cov kev hloov pauv ib puag ncig uas yooj yim-rsa siv thaum tsim cov yuam sij. Koj yuav tsum tau kho cov ntaub ntawv siv koj tus kheej qhov tseem ceeb es tsis txhob ntawm lub neej ntawd qhov tseem ceeb uas twb muaj lawm. Nov yog qhov kuv cov ntaub ntawv yuav zoo li (Lus npe 10.1).

Sau npe 10.1. Lub ntsiab fragments ntawm cov ntaub ntawv /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="CA"
export KEY_PROVINCE="ON"
export KEY_CITY="Toronto"
export KEY_ORG="Bootstrap IT"
export KEY_EMAIL="[email protected]"
export KEY_OU="IT"

Khiav cov ntaub ntawv vars yuav dhau nws qhov tseem ceeb rau lub plhaub ib puag ncig, uas lawv yuav suav nrog hauv cov ntsiab lus ntawm koj cov yuam sij tshiab. Vim li cas ho tsis cov lus txib sudo los ntawm nws tus kheej ua haujlwm? Vim tias thawj kauj ruam peb kho cov ntawv sau npe vars thiab tom qab ntawd siv nws. Kev thov thiab txhais tau tias cov ntaub ntawv vars dhau nws qhov tseem ceeb rau lub plhaub ib puag ncig, qhov uas lawv yuav muab tso rau hauv cov ntsiab lus ntawm koj cov yuam sij tshiab.

Nco ntsoov rov ua cov ntaub ntawv siv lub plhaub tshiab kom tiav cov txheej txheem tsis tiav. Thaum qhov no ua tiav, tsab ntawv yuav hais kom koj khiav lwm tsab ntawv, huv-tag nrho, tshem tawm cov ntsiab lus hauv /etc/openvpn/easy-rsa/keys/ directory:

Phau ntawv "Linux in Action"
Lawm, cov kauj ruam tom ntej yog khiav cov ntawv huv-tag nrho, ua raws li tsim-ca, uas siv cov ntawv pkitool los tsim cov ntawv pov thawj hauv paus. Koj yuav raug nug kom paub meej tias tus kheej qhov chaw muab los ntawm vars:

# ./clean-all
# ./build-ca
Generating a 2048 bit RSA private key

Tom ntej no los ntawm build-key-server tsab ntawv. Txij li thaum nws siv tib daim ntawv pkitool nrog rau daim ntawv pov thawj hauv paus tshiab, koj yuav pom cov lus nug tib yam kom paub meej tias kev tsim cov khub tseem ceeb. Cov yuam sij yuav muaj npe raws li cov lus sib cav uas koj dhau, tshwj tsis yog tias koj tab tom khiav ntau lub VPNs ntawm lub tshuab no, feem ntau yuav yog neeg rau zaub mov, xws li hauv qhov piv txwv:

# ./build-key-server server
[...]
Certificate is to be certified until Aug 15 23:52:34 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

OpenVPN siv cov kev ntsuas tsim los ntawm Diffie-Hellman algorithm (siv build-dh) los sib tham txog kev lees paub rau kev sib txuas tshiab. Cov ntaub ntawv tsim los ntawm no tsis tas yuav zais cia, tab sis yuav tsum tau tsim siv cov ntawv tsim-dh rau RSA cov yuam sij uas tam sim no ua haujlwm. Yog tias koj tsim cov yuam sij RSA tshiab yav tom ntej, koj tseem yuav tau hloov kho cov ntaub ntawv Diffie-Hellman:

# ./build-dh

Koj tus neeg rau zaub mov sab yuam sij tam sim no yuav xaus rau hauv /etc/openvpn/easy-rsa/keys/ directory, tab sis OpenVPN tsis paub qhov no. Los ntawm lub neej ntawd, OpenVPN yuav nrhiav cov yuam sij hauv /etc/openvpn/, yog li luam lawv:

# cp /etc/openvpn/easy-rsa/keys/server* /etc/openvpn
# cp /etc/openvpn/easy-rsa/keys/dh2048.pem /etc/openvpn
# cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn

Npaj Client Encryption Keys

Raws li koj tau pom lawm, TLS encryption siv ob peb ntawm cov yuam sij sib xws: ib qho ntsia rau ntawm tus neeg rau zaub mov thiab ib qho ntsia rau ntawm cov neeg siv khoom nyob deb. Qhov no txhais tau tias koj yuav xav tau cov neeg siv khoom yuam sij. Peb tus phooj ywg qub pkitool yog qhov koj xav tau rau qhov no. Hauv qhov piv txwv no, thaum peb khiav qhov kev pab cuam hauv /etc/openvpn/easy-rsa/ directory, peb dhau nws cov lus sib cav los tsim cov ntaub ntawv hu ua client.crt thiab client.key:

# ./pkitool client

Ob tus neeg siv cov ntaub ntawv, nrog rau thawj cov ntaub ntawv ca.crt uas tseem nyob hauv cov yuam sij / phau ntawv qhia, yuav tsum tam sim no muab xa mus rau koj tus neeg siv khoom. Vim lawv cov tswv cuab thiab cov cai nkag, qhov no yuav tsis yooj yim li. Txoj hauv kev yooj yim tshaj plaws yog manually luam cov ntsiab lus ntawm cov ntaub ntawv (thiab tsis muaj dab tsi tab sis cov ntsiab lus ntawd) rau hauv lub davhlau ya nyob twg uas khiav ntawm koj lub PC lub desktop (xaiv cov ntawv, right-click rau nws thiab xaiv Luam tawm los ntawm cov ntawv qhia zaub mov). Tom qab ntawd muab qhov no tso rau hauv cov ntaub ntawv tshiab nrog tib lub npe uas koj tsim hauv lub davhlau ya nyob twg thib ob txuas nrog koj tus neeg siv khoom.

Tab sis leej twg tuaj yeem txiav thiab muab tshuaj txhuam. Hloov chaw, xav zoo li tus thawj tswj hwm vim tias koj yuav tsis tas yuav nkag mus rau GUI qhov chaw ua haujlwm txiav / muab tshuaj txhuam. Luam cov ntaub ntawv rau koj tus neeg siv cov npe hauv tsev (kom cov chaw taws teeb scp tuaj yeem nkag mus rau lawv), thiab tom qab ntawd siv chown los hloov cov tswv cuab ntawm cov ntaub ntawv los ntawm cov hauv paus mus rau cov neeg siv tsis tu ncua kom cov chaw taws teeb scp tuaj yeem ua tiav. Xyuas kom tseeb tias tag nrho koj cov ntaub ntawv tam sim no tau teeb tsa thiab siv tau. Koj yuav txav lawv mus rau tus neeg siv khoom me ntsis tom qab:

# cp /etc/openvpn/easy-rsa/keys/client.key /home/ubuntu/
# cp /etc/openvpn/easy-rsa/keys/ca.crt /home/ubuntu/
# cp /etc/openvpn/easy-rsa/keys/client.crt /home/ubuntu/
# chown ubuntu:ubuntu /home/ubuntu/client.key
# chown ubuntu:ubuntu /home/ubuntu/client.crt
# chown ubuntu:ubuntu /home/ubuntu/ca.crt

Nrog rau tag nrho cov yuam sij encryption npaj mus, koj yuav tsum qhia rau tus neeg rau zaub mov seb koj xav tsim VPN li cas. Qhov no ua tiav siv cov ntaub ntawv server.conf.

Txo tus naj npawb ntawm keystrokes

Puas muaj kev ntaus ntawv ntau dhau lawm? Kev nthuav dav nrog cov hlua khi yuav pab txo cov lus txib rau rau ob. Kuv paub tseeb tias koj tuaj yeem kawm ob qho piv txwv no thiab nkag siab tias muaj dab tsi tshwm sim. Qhov tseem ceeb tshaj, koj yuav tuaj yeem nkag siab yuav ua li cas siv cov ntsiab lus no rau cov haujlwm uas muaj kaum lossis ntau pua lub ntsiab lus:

# cp /etc/openvpn/easy-rsa/keys/{ca.crt,client.{key,crt}} /home/ubuntu/
# chown ubuntu:ubuntu /home/ubuntu/{ca.crt,client.{key,crt}}

Teeb tsa cov ntaub ntawv server.conf

Koj yuav paub li cas cov ntaub ntawv server.conf yuav tsum zoo li cas? Nco ntsoov qhov yooj yim-rsa directory template koj theej los ntawm /usr/share/? Thaum koj nruab OpenVPN, koj tau sab laug nrog cov ntaub ntawv compressed configuration template uas koj tuaj yeem luam rau /etc/openvpn/. Kuv mam li tsim qhov tseeb tias tus qauv yog archived thiab qhia koj txog cov cuab yeej muaj txiaj ntsig: zcat.

Koj twb paub txog kev luam ntawv cov ntsiab lus ntawm cov ntaub ntawv mus rau qhov screen siv cov lus txib miv, tab sis yuav ua li cas yog tias cov ntaub ntawv raug compressed siv gzip? Koj tuaj yeem ib txwm unzip cov ntaub ntawv thiab tom qab ntawd miv yuav zoo siab tso tawm nws, tab sis qhov ntawd yog ib lossis ob kauj ruam ntau tshaj qhov tsim nyog. Hloov chaw, raws li koj tau twv, koj tuaj yeem muab zcat hais kom thauj cov ntawv tsis tau ntim rau hauv lub cim xeeb hauv ib kauj ruam. Hauv qhov piv txwv hauv qab no, es tsis txhob luam ntawv rau lub vijtsam, koj yuav hloov nws mus rau cov ntaub ntawv tshiab hu ua server.conf:

# zcat 
  /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz 
  > /etc/openvpn/server.conf
$ cd /etc/openvpn

Cia peb tso tseg cov ntaub ntawv nthuav dav thiab pab tau uas tuaj nrog cov ntaub ntawv thiab pom tias nws yuav zoo li cas thaum koj ua tiav kho. Nco ntsoov tias lub semicolon (;) qhia OpenVPN kom tsis txhob nyeem lossis ua rau kab tom ntej (Tshooj 10.2).

Phau ntawv "Linux in Action"
Cia peb mus dhau qee qhov kev teeb tsa no.

  • Los ntawm lub neej ntawd, OpenVPN khiav ntawm chaw nres nkoj 1194. Koj tuaj yeem hloov qhov no, piv txwv li, txhawm rau zais koj cov dej num ntxiv lossis zam kev tsis sib haum xeeb nrog lwm qhov chaw ua haujlwm. Txij li thaum 1194 yuav tsum muaj kev sib koom tes me me nrog cov neeg siv khoom, nws yog qhov zoo tshaj los ua qhov no.
  • OpenVPN siv qhov Transmission Control Protocol (TCP) lossis User Datagram Protocol (UDP) los xa cov ntaub ntawv. TCP tej zaum yuav qeeb me ntsis, tab sis nws muaj kev ntseeg siab dua thiab yuav nkag siab ntau dua los ntawm cov ntawv thov khiav ntawm ob qhov kawg ntawm lub qhov.
  • Koj tuaj yeem hais qhia dev tun thaum koj xav tsim qhov yooj yim dua, muaj txiaj ntsig IP qhov uas nqa cov ntaub ntawv cov ntsiab lus thiab tsis muaj dab tsi ntxiv. Yog tias, ntawm qhov tod tes, koj yuav tsum txuas ntau lub network interfaces (thiab cov tes hauj lwm uas lawv sawv cev), tsim tus choj Ethernet, koj yuav tsum xaiv dev kais. Yog tias koj tsis nkag siab qhov no txhais tau li cas, siv qhov kev sib cav tun.
  • Plaub kab tom ntej no muab OpenVPN cov npe ntawm peb cov ntaub ntawv pov thawj ntawm tus neeg rau zaub mov thiab cov ntawv xaiv dh2048 uas koj tau tsim ua ntej.
  • Cov kab neeg rau zaub mov teeb tsa qhov ntau thiab subnet npog uas yuav siv los muab IP chaw nyob rau cov neeg siv khoom thaum nkag mus.
  • Qhov kev xaiv thawb parameter "txoj kev 10.0.3.0 255.255.255.0" tso cai rau cov neeg siv khoom siv nkag mus rau cov subnets ntiag tug tom qab lub server. Ua txoj haujlwm no tseem yuav tsum tau teeb tsa lub network ntawm tus neeg rau zaub mov nws tus kheej kom cov subnet ntiag tug paub txog OpenVPN subnet (10.8.0.0).
  • Qhov chaw nres nkoj-sib qhia localhost 80 kab tso cai rau koj los hloov cov neeg siv tsheb thauj mus los ntawm chaw nres nkoj 1194 mus rau lub vev xaib server hauv zos mloog ntawm chaw nres nkoj 80. (Qhov no yuav muaj txiaj ntsig yog tias koj yuav siv lub vev xaib server los sim koj lub VPN.) Qhov no tsuas yog ua haujlwm. ces thaum xaiv tcp raws tu qauv.
  • Tus neeg siv tsis muaj leej twg thiab pab pawg nogroup kab yuav tsum tau qhib los ntawm kev tshem cov semicolons (;). Kev quab yuam cov neeg siv khoom nyob deb dhau los ua tsis muaj leej twg thiab nogroup ua kom cov kev sib ntsib ntawm cov neeg rau zaub mov tsis muaj txiaj ntsig.
  • log qhia tau hais tias tam sim no log nkag yuav overwrite qub nkag txhua lub sij hawm OpenVPN yog pib, whereas log-appends ntxiv nkag tshiab nkag rau cov ntaub ntawv uas twb muaj lawm. Cov ntaub ntawv openvpn.log nws tus kheej yog sau rau /etc/openvpn/ directory.

Tsis tas li ntawd, tus nqi-rau-tus neeg siv khoom kuj feem ntau ntxiv rau cov ntaub ntawv teeb tsa kom ntau tus neeg tuaj yeem pom ib leeg ntxiv rau OpenVPN server. Yog tias koj txaus siab rau koj qhov kev teeb tsa, koj tuaj yeem pib OpenVPN server:

# systemctl start openvpn

Vim yog qhov hloov pauv ntawm kev sib raug zoo ntawm OpenVPN thiab systemd, cov syntax hauv qab no qee zaum yuav tsum tau pib qhov kev pabcuam: systemctl pib openvpn@server.

Khiav ip addr los sau koj tus neeg rau zaub mov lub network interfaces yuav tsum tam sim no tso tawm qhov txuas mus rau qhov tshiab interface hu ua tun0. OpenVPN yuav tsim nws los pab cov neeg siv khoom tuaj:

$ ip addr
[...]
4: tun0: mtu 1500 qdisc [...]
      link/none
      inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
          valid_lft forever preferred_lft forever

Tej zaum koj yuav tau reboot lub server ua ntej txhua yam pib ua haujlwm tag nrho. Tom ntej no nres yog tus neeg siv lub computer.

10.1.2. Configuring tus neeg siv khoom OpenVPN

Kev lig kev cai, tunnels yog tsim nrog tsawg kawg yog ob qhov kev tawm (tsis li ntawd peb yuav hu lawv lub qhov tsua). Ib qho kev teeb tsa zoo OpenVPN ntawm tus neeg rau zaub mov coj cov tsheb khiav hauv thiab tawm ntawm qhov av ntawm ib sab. Tab sis koj tseem yuav xav tau qee qhov software khiav ntawm tus neeg siv khoom, uas yog, ntawm lwm qhov kawg ntawm lub qhov.

Hauv seem no, kuv yuav tsom mus rau kev teeb tsa qee hom Linux computer los ua tus neeg siv OpenVPN. Tab sis qhov no tsis yog tib txoj hauv kev uas lub sijhawm no muaj. OpenVPN txhawb cov neeg siv cov ntawv thov uas tuaj yeem nruab thiab siv rau ntawm desktops thiab laptops khiav Windows lossis macOS, nrog rau Android thiab iOS smartphones thiab ntsiav tshuaj. Saib openvpn.net kom paub meej.

Lub pob OpenVPN yuav tsum tau muab tso rau ntawm lub tshuab neeg siv khoom raws li nws tau nruab rau ntawm lub server, txawm hais tias tsis muaj qhov xav tau yooj yim-rsa ntawm no txij li cov yuam sij koj siv twb muaj lawm. Koj yuav tsum luam cov ntaub ntawv client.conf template rau /etc/openvpn/ directory uas koj nyuam qhuav tsim. Lub sijhawm no cov ntaub ntawv yuav tsis raug zipped, yog li cov lus txib cp niaj zaus yuav ua haujlwm zoo:

# apt install openvpn
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf 
  /etc/openvpn/

Feem ntau ntawm cov chaw hauv koj cov ntaub ntawv client.conf yuav zoo nkauj rau tus kheej piav qhia: lawv yuav tsum phim cov txiaj ntsig ntawm lub server. Raws li koj tuaj yeem pom los ntawm cov ntaub ntawv piv txwv hauv qab no, qhov tshwj xeeb tsis yog chaw taws teeb 192.168.1.23 1194, uas qhia tus neeg siv khoom tus IP chaw nyob ntawm lub server. Ntxiv dua thiab, xyuas kom meej tias qhov no yog koj qhov chaw nyob server. Koj yuav tsum tau yuam kom tus neeg siv lub khoos phis tawj txheeb xyuas qhov tseeb ntawm daim ntawv pov thawj server kom tiv thaiv tau tus txiv neej-hauv-tus-nruab nrab tawm tsam. Ib txoj hauv kev los ua qhov no yog ntxiv cov kab chaw taws teeb-cert-tls server (Sau npe 10.3).

Phau ntawv "Linux in Action"
Tam sim no koj tuaj yeem mus rau /etc/openvpn/ directory thiab rho tawm cov ntaub ntawv pov thawj los ntawm lub server. Hloov lub server IP chaw nyob lossis lub npe sau npe hauv qhov piv txwv nrog koj qhov tseem ceeb:

Phau ntawv "Linux in Action"
Tsis muaj dab tsi zoo siab yuav tshwm sim txog thaum koj khiav OpenVPN ntawm tus neeg siv khoom. Txij li thaum koj yuav tsum dhau ob peb qhov kev sib cav, koj yuav ua nws los ntawm kab hais kom ua. Cov lus sib cav --tls-neeg qhia rau OpenVPN tias koj yuav ua raws li tus neeg siv khoom thiab txuas ntawm TLS encryption, thiab --config cov ntsiab lus rau koj cov ntaub ntawv teeb tsa:

# openvpn --tls-client --config /etc/openvpn/client.conf

Nyeem cov lus txib kom ua tib zoo kom paub tseeb tias koj txuas nrog raug. Yog tias ib yam dab tsi mus tsis ncaj ncees lawm thawj zaug, nws yuav yog vim qhov tsis sib haum xeeb hauv kev teeb tsa ntawm cov neeg rau zaub mov thiab cov neeg siv cov ntaub ntawv teeb tsa lossis teeb meem kev sib txuas network / firewall. Nov yog qee cov lus qhia daws teeb meem.

  • Ua tib zoo nyeem cov zis ntawm OpenVPN kev ua haujlwm ntawm tus neeg siv khoom. Nws feem ntau muaj cov lus qhia tseem ceeb txog qhov ua tsis tau thiab yog vim li cas.
  • Xyuas cov lus yuam kev hauv openvpn.log thiab openvpn-status.log cov ntaub ntawv hauv /etc/openvpn/ directory ntawm lub server.
  • Tshawb xyuas lub kaw lus kaw ntawm lub server thiab cov neeg siv khoom rau OpenVPN cov lus hais txog thiab sijhawm. (journalctl -ce yuav tso saib cov ntawv nkag tsis ntev los no.)
  • Nco ntsoov tias koj muaj kev sib txuas hauv network ntawm tus neeg rau zaub mov thiab cov neeg siv khoom (ntxiv rau qhov no hauv Tshooj 14).

Txog tus sau

David Clinton - system administrator, xib fwb thiab kws sau ntawv. Nws tau tswj hwm, sau txog, thiab tsim cov ntaub ntawv qhia kev kawm rau ntau yam kev qhuab qhia tseem ceeb, suav nrog Linux systems, huab xam (tshwj xeeb yog AWS), thiab ntim cov thev naus laus zis xws li Docker. Nws tau sau phau ntawv Kawm Amazon Web Services hauv Ib Hlis Ib Hlis (Manning, 2017). Ntau ntawm nws cov kev kawm video tuaj yeem pom ntawm Pluralsight.com, thiab txuas rau nws lwm phau ntawv (ntawm Linux kev tswj hwm thiab server virtualization) muaj nyob ntawm bootstrap-it.com.

Β» Xav paub ntau ntxiv txog phau ntawv tuaj yeem nrhiav tau ntawm tus tshaj tawm lub vev xaib
Β» Cov txheej txheem
Β» Tshaj tawm

Rau Khabrozhiteley 25% luv nqi siv daim coupon - Linux
Thaum them nyiaj ntawm daim ntawv version ntawm phau ntawv, ib phau ntawv hluav taws xob yuav raug xa los ntawm e-mail.

Tau qhov twg los: www.hab.com

Ntxiv ib saib