Hauv phau ntawv qhia ib kauj ruam dhau los no, kuv yuav qhia koj yuav ua li cas teeb tsa Mikrotik kom cov chaw txwv tsis pub qhib los ntawm VPN no thiab koj tuaj yeem zam kev seev cev nrog tambourines: teeb tsa ib zaug thiab txhua yam ua haujlwm.
Kuv xaiv SoftEther ua VPN: nws yooj yim rau kev teeb tsa li thiab sai li sai tau. Ntawm VPN server sab, Kuv tau qhib NAT ruaj ntseg; tsis muaj lwm qhov chaw tau ua.
Kuv xav tias RRAS yog lwm txoj hauv kev, tab sis Mikrotik tsis paub yuav ua li cas nrog nws. Kev sib txuas tau tsim, VPN ua haujlwm, tab sis Mikrotik tsis tuaj yeem tswj hwm qhov kev sib txuas yam tsis tas yuav txuas ntxiv thiab ua yuam kev hauv lub cav.
Kev teeb tsa tau ua tiav siv qhov piv txwv ntawm RB3011UiAS-RM ntawm firmware version 6.46.11.
Tam sim no, nyob rau hauv kev txiav txim, dab tsi thiab yog vim li cas.
1. Tsim kom muaj kev sib txuas VPN
Tau kawg, SoftEther, L2TP nrog tus yuam sij ua ntej sib koom, raug xaiv los ua kev daws teeb meem VPN. Qhov kev ruaj ntseg qib no txaus rau leej twg, vim tias tsuas yog lub router thiab nws tus tswv paub tus yuam sij.
Mus rau ntu interfaces. Ua ntej, peb ntxiv ib qho tshiab interface, thiab tom qab ntawd nkag mus rau ip, tus ID nkag mus, lo lus zais thiab tus yuam sij sib koom rau hauv lub interface. Nyem ok.
Tib lo lus txib:
/interface l2tp-client
name="LD8" connect-to=45.134.254.112 user="Administrator" password="PASSWORD" profile=default-encryption use-ipsec=yes ipsec-secret="vpn"
SoftEther yuav ua haujlwm yam tsis tau hloov ipsec cov lus pom zoo thiab ipsec profiles, peb tsis tau txiav txim siab teeb tsa lawv, tab sis tus kws sau ntawv tau tso cov screenshots ntawm nws cov ntaub ntawv, tsuas yog hauv rooj plaub.
Rau RRAS hauv IPsec Cov Lus Pom Zoo, tsuas yog hloov PFS Pawg tsis muaj.
Tam sim no koj yuav tsum tau sawv tom qab NAT ntawm lub VPN server. Txhawm rau ua qhov no peb yuav tsum mus rau IP> Firewall> NAT.
Ntawm no peb pab masquerade rau ib qho tshwj xeeb lossis tag nrho PPP interfaces. Tus sau lub router txuas nrog peb VPNs ib zaug, yog li kuv tau ua qhov no:
Tib lo lus txib:
/ip firewall nat
chain=srcnat action=masquerade out-interface=all-ppp
2. Ntxiv cov cai rau Mangle
Thawj qhov kuv xav tau, ntawm chav kawm, yog los tiv thaiv txhua yam uas muaj txiaj ntsig tshaj plaws thiab tsis muaj kev tiv thaiv, xws li DNS thiab HTTP tsheb. Cia peb pib nrog HTTP.
Mus rau IP β Firewall β Mangle thiab tsim txoj cai tshiab.
Hauv txoj cai, Chain, xaiv Prerouting.
Yog tias muaj Smart SFP lossis lwm lub router nyob rau pem hauv ntej ntawm router, thiab koj xav txuas rau nws ntawm lub vev xaib interface, hauv Dst teb. Chaw nyob koj yuav tsum tau nkag mus rau nws qhov chaw nyob IP lossis subnet thiab muab lub cim tsis zoo kom tsis txhob siv Mangle rau qhov chaw nyob lossis rau lub subnet no. Tus sau muaj SFP GPON ONU nyob rau hauv choj hom, yog li tus sau khaws cia lub peev xwm mus cuag nws lub web interface.
Los ntawm lub neej ntawd, Mangle yuav siv nws txoj cai rau txhua lub xeev NAT, qhov no yuav ua rau qhov chaw nres nkoj xa mus rau koj tus IP dawb tsis tuaj yeem ua tsis tau, yog li hauv Kev Sib Txuas NAT Lub Xeev peb muab lub cim kos rau ntawm dstnat thiab kos npe tsis zoo. Qhov no yuav tso cai rau peb xa cov tsheb khiav tawm hauv lub network los ntawm VPN, tab sis tseem xa cov chaw nres nkoj los ntawm peb tus IP dawb.
Tom ntej no, ntawm Qhov Kev Ua Haujlwm tab, xaiv cov cim routing, hu nws New Routing Mark kom nws yuav pom tseeb rau peb yav tom ntej thiab txav mus.
Tib lo lus txib:
/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=HTTP passthrough=no connection-nat-state=!dstnat protocol=tcp dst-address=!192.168.1.1 dst-port=80
Tam sim no cia peb mus rau DNS kev tiv thaiv. Hauv qhov no, koj yuav tsum tsim ob txoj cai. Ib qho rau lub router, lwm qhov rau cov khoom siv txuas nrog lub router.
Yog tias koj siv DNS tsim rau hauv router, uas tus sau ua, nws kuj yuav tsum tau tiv thaiv. Yog li ntawd, rau thawj txoj cai, raws li saum toj no, peb xaiv saw prerouting, rau qhov thib ob peb yuav tsum xaiv cov zis.
Cov zis yog lub voj voog uas lub router nws tus kheej siv los thov siv nws cov haujlwm. Txhua yam ntawm no zoo ib yam li HTTP, UDP raws tu qauv, chaw nres nkoj 53.
Tib cov lus txib:
/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=DNS passthrough=no protocol=udp
add chain=output action=mark-routing new-routing-mark=DNS-Router passthrough=no protocol=udp dst-port=53
3. Tsim ib txoj hauv kev los ntawm VPN
Mus rau IP β Routes thiab tsim txoj kev tshiab.
Txoj kev rau routing HTTP hla VPN. Peb qhia lub npe ntawm peb VPN interfaces thiab xaiv Routing Mark.
Nyob rau theem no, koj twb xav li cas koj tus neeg teb xov tooj tau nres .
Tib lo lus txib:
/ip route
add dst-address=0.0.0.0/0 gateway=LD8 routing-mark=HTTP distance=2 comment=HTTP
Cov kev cai rau kev tiv thaiv DNS yuav zoo ib yam nkaus, tsuas yog xaiv cov ntawv uas xav tau:
Tom qab ntawd koj xav li cas koj qhov kev thov DNS tau tso tseg tsis mloog. Tib cov lus txib:
/ip route
add dst-address=0.0.0.0/0 gateway=LD8 routing-mark=DNS distance=1 comment=DNS
add dst-address=0.0.0.0/0 gateway=LD8 routing-mark=DNS-Router distance=1 comment=DNS-Router
Zoo, thaum kawg, cia peb qhib Rutracker. Tag nrho subnet belongs rau nws, yog li lub subnet tau teev tseg.
Nws yog qhov yooj yim npaum li cas kom tau txais koj internet rov qab. Pab neeg:
/ip route
add dst-address=195.82.146.0/24 gateway=LD8 distance=1 comment=Rutracker.Org
Raws nraim tib yam li nrog lub hauv paus tracker, koj tuaj yeem xa cov peev txheej koom nrog thiab lwm qhov chaw thaiv.
Tus sau cia siab tias koj yuav txaus siab rau qhov yooj yim ntawm kev nkag mus rau hauv lub hauv paus tracker thiab cov tuam txhab portal tib lub sijhawm yam tsis tau tshem koj lub tsho.
Tau qhov twg los: www.hab.com