Hnub no peb yuav saib cov kev xaiv VPN teeb tsa uas NSX Edge muab rau peb.
Feem ntau, peb tuaj yeem faib cov thev naus laus zis VPN ua ob hom tseem ceeb:
- Qhov chaw-rau-site VPN. Kev siv ntau tshaj plaws ntawm IPSec yog los tsim qhov chaw ruaj ntseg, piv txwv li, nruab nrab ntawm lub chaw ua haujlwm loj thiab lub network ntawm qhov chaw nyob deb lossis hauv huab.
- Chaw taws teeb Access VPN. Siv los txuas ib tus neeg siv rau lub koom haum ntiag tug network siv VPN tus neeg siv software.
NSX Edge tso cai rau peb ua ob qho tib si.
Peb yuav ua qhov teeb tsa siv lub rooj zaum sim nrog ob lub NSX Ntug, Linux server nrog lub daemon ntsia thiab lub khoos phis tawj Windows los sim Chaw Taws Teeb VPN.
IPsec
- Hauv vCloud Director interface, mus rau ntu Tswjhwm thiab xaiv vDC. Ntawm Edge Gateways tab, xaiv Edge peb xav tau, nyem nyem thiab xaiv Edge Gateway Services.
- Hauv NSX Edge interface, mus rau VPN-IPsec VPN tab, tom qab ntawd mus rau ntu IPsec VPN Sites thiab nyem + ntxiv rau qhov chaw tshiab.
- Sau rau hauv cov teb uas xav tau:
- Enabled - qhib qhov chaw nyob deb.
- PFS - xyuas kom meej tias txhua tus yuam sij cryptographic tshiab tsis cuam tshuam nrog tus yuam sij dhau los.
- Local ID thiab Local Endpointt β NSX Edge chaw nyob sab nraud.
- hauv zos subnets β cov network hauv zos uas yuav siv IPsec VPN.
- Peer ID thiab Peer Endpoint - chaw nyob ntawm qhov chaw nyob deb.
- Peer Subnets - cov tes hauj lwm uas yuav siv IPsec VPN ntawm thaj chaw deb.
- Encryption Algorithm - qhov encryption algorithm.
- authentication - Yuav ua li cas peb yuav txheeb xyuas cov phooj ywg. Koj tuaj yeem siv Pre-Shared Key lossis daim ntawv pov thawj.
- Pre-Shared Ntsiab - qhia tus yuam sij uas yuav raug siv rau kev lees paub thiab yuav tsum sib phim ntawm ob sab.
- Diffie-Hellman Group - key pauv algorithm.
Tom qab sau cov teb uas xav tau, nyem Keep.
- Ua li cas.
- Tom qab ntxiv qhov chaw, mus rau qhov ua kom xwm txheej tab thiab qhib IPsec Service.
- Tom qab kev teeb tsa tau thov, mus rau Statistics -> IPsec VPN tab thiab tshawb xyuas qhov xwm txheej. Peb pom tias qhov av tau nce.
- Cia peb tshawb xyuas qhov xwm txheej los ntawm Edge gateway console:
- qhia kev pabcuam ipsec - xyuas cov xwm txheej pabcuam.
- qhia kev pabcuam ipsec site - cov ntaub ntawv hais txog lub xeev ntawm lub xaib thiab pom zoo tsis pom zoo.
- qhia kev pabcuam ipsec sa β xyuas lub koom haum Security (SA) xwm txheej.
- qhia kev pabcuam ipsec - xyuas cov xwm txheej pabcuam.
- Tshawb xyuas kev sib txuas nrog lub chaw nyob deb:
root@racoon:~# ifconfig eth0:1 | grep inet inet 10.255.255.1 netmask 255.255.255.0 broadcast 0.0.0.0 root@racoon:~# ping -c1 -I 10.255.255.1 192.168.0.10 PING 192.168.0.10 (192.168.0.10) from 10.255.255.1 : 56(84) bytes of data. 64 bytes from 192.168.0.10: icmp_seq=1 ttl=63 time=59.9 ms --- 192.168.0.10 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 59.941/59.941/59.941/0.000 msCov ntaub ntawv teeb tsa thiab cov lus txib ntxiv rau kev kuaj mob los ntawm cov chaw taws teeb Linux server:
root@racoon:~# cat /etc/racoon/racoon.conf log debug; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; listen { isakmp 80.211.43.73 [500]; strict_address; } remote 185.148.83.16 { exchange_mode main,aggressive; proposal { encryption_algorithm aes256; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1536; } generate_policy on; } sainfo address 10.255.255.0/24 any address 192.168.0.0/24 any { encryption_algorithm aes256; authentication_algorithm hmac_sha1; compression_algorithm deflate; } === root@racoon:~# cat /etc/racoon/psk.txt 185.148.83.16 testkey === root@racoon:~# cat /etc/ipsec-tools.conf #!/usr/sbin/setkey -f flush; spdflush; spdadd 192.168.0.0/24 10.255.255.0/24 any -P in ipsec esp/tunnel/185.148.83.16-80.211.43.73/require; spdadd 10.255.255.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/80.211.43.73-185.148.83.16/require; === root@racoon:~# racoonctl show-sa isakmp Destination Cookies Created 185.148.83.16.500 2088977aceb1b512:a4c470cb8f9d57e9 2019-05-22 13:46:13 === root@racoon:~# racoonctl show-sa esp 80.211.43.73 185.148.83.16 esp mode=tunnel spi=1646662778(0x6226147a) reqid=0(0x00000000) E: aes-cbc 00064df4 454d14bc 9444b428 00e2296e c7bb1e03 06937597 1e522ce0 641e704d A: hmac-sha1 aa9e7cd7 51653621 67b3b2e9 64818de5 df848792 seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 22 13:46:13 2019 current: May 22 14:07:43 2019 diff: 1290(s) hard: 3600(s) soft: 2880(s) last: May 22 13:46:13 2019 hard: 0(s) soft: 0(s) current: 72240(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 860 hard: 0 soft: 0 sadb_seq=1 pid=7739 refcnt=0 185.148.83.16 80.211.43.73 esp mode=tunnel spi=88535449(0x0546f199) reqid=0(0x00000000) E: aes-cbc c812505a 9c30515e 9edc8c4a b3393125 ade4c320 9bde04f0 94e7ba9d 28e61044 A: hmac-sha1 cd9d6f6e 06dbcd6d da4d14f8 6d1a6239 38589878 seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 22 13:46:13 2019 current: May 22 14:07:43 2019 diff: 1290(s) hard: 3600(s) soft: 2880(s) last: May 22 13:46:13 2019 hard: 0(s) soft: 0(s) current: 72240(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 860 hard: 0 soft: 0 sadb_seq=0 pid=7739 refcnt=0 - Txhua yam yog npaj txhij, qhov chaw-rau-site IPsec VPN tau teeb tsa thiab ua haujlwm.
Hauv qhov piv txwv no, peb siv PSK los txheeb xyuas cov phooj ywg, tab sis daim ntawv pov thawj authentication kuj yog ib qho kev xaiv. Ua li no, mus rau lub Ntiaj Teb Configuration tab, qhib daim ntawv pov thawj authentication thiab xaiv daim ntawv pov thawj nws tus kheej.
Tsis tas li ntawd, koj yuav tsum tau hloov txoj kev authentication hauv qhov chaw teeb tsa.
Kuv nco ntsoov tias tus naj npawb ntawm IPsec tunnels nyob ntawm qhov loj ntawm Edge Gateway (nyeem txog qhov no hauv peb ).
SSL VPN
SSL VPN-Plus yog ib qho ntawm cov kev xaiv chaw taws teeb nkag VPN. Nws tso cai rau ib tus neeg siv cov chaw taws teeb tswj kom ruaj ntseg txuas mus rau ntiag tug network tom qab NSX Edge rooj vag. Ib qhov encrypted nyob rau hauv rooj plaub ntawm SSL VPN-ntxiv yog tsim los ntawm tus neeg siv khoom (Windows, Linux, Mac) thiab NSX Edge.
- Cia peb pib teeb tsa. Hauv Edge Gateway cov kev pabcuam tswj vaj huam sib luag, mus rau SSL VPN-Plus tab, tom qab ntawd mus rau Chaw Xa Khoom. Peb xaiv qhov chaw nyob thiab chaw nres nkoj uas tus neeg rau zaub mov yuav mloog rau kev sib txuas tuaj, pab kom nkag mus thiab xaiv qhov tsim nyog encryption algorithms.
Ntawm no koj tuaj yeem hloov daim ntawv pov thawj uas lub server yuav siv. - Tom qab txhua yam npaj txhij, qhib lub server thiab tsis txhob hnov ββββqab txuag cov chaw.
- Tom ntej no, peb yuav tsum tau teeb tsa lub pas dej ntawm qhov chaw nyob uas peb yuav muab rau cov neeg siv khoom thaum txuas. Lub network no yog cais los ntawm ib qho subnet uas twb muaj lawm hauv koj qhov NSX ib puag ncig thiab tsis tas yuav tsum tau teeb tsa ntawm lwm cov khoom siv ntawm lub cev sib txuas uas tsis yog cov kev taw qhia rau nws.
Mus rau IP Pools tab thiab nyem +.
- Xaiv qhov chaw nyob, subnet mask thiab lub rooj vag. Ntawm no koj tuaj yeem hloov qhov chaw rau DNS thiab WINS servers.
- Lub pas dej ua ke.
- Tam sim no cia peb ntxiv cov tes hauj lwm uas cov neeg siv txuas rau VPN yuav nkag mus rau. Cia peb mus rau Private Networks tab thiab nyem +.
- Sau rau hauv:
- Network - lub network hauv zos uas cov neeg siv nyob deb yuav nkag tau.
- Xa tsheb khiav, nws muaj ob txoj kev xaiv:
- hla lub qhov - xa tsheb mus rau lub network los ntawm lub qhov,
- bypass qhov - xa tsheb mus rau lub network ncaj qha hla lub qhov. - Qhib TCP Optimization - khij lub npov no yog tias koj tau xaiv qhov kev xaiv dhau qhov. Thaum optimization yog enabled, koj tuaj yeem qhia cov lej chaw nres nkoj uas koj xav kom ua kom zoo tshaj tsheb. Tsheb thauj mus los rau cov chaw nres nkoj uas tseem tshuav ntawm lub network tshwj xeeb yuav tsis ua kom zoo dua. Yog tias tus lej chaw nres nkoj tsis tau teev tseg, kev khiav tsheb rau txhua qhov chaw nres nkoj tau zoo. Nyeem ntxiv txog qhov no .
- Tom ntej no, mus rau qhov kev lees paub tab thiab nyem +. Rau authentication peb yuav siv lub zos server ntawm NSX Edge nws tus kheej.
- Ntawm no peb tuaj yeem xaiv cov cai tsim cov passwords tshiab thiab teeb tsa cov kev xaiv rau thaiv cov neeg siv nyiaj (piv txwv li, tus lej ntawm kev rov ua dua yog tias tus password nkag tsis raug).
- Txij li thaum peb tab tom siv cov ntawv pov thawj hauv zos, peb yuav tsum tsim cov neeg siv.
- Ntxiv nrog rau tej yam yooj yim xws li lub npe thiab tus password, ntawm no koj tuaj yeem, piv txwv li, txwv tsis pub tus neeg siv hloov tus password lossis, hloov pauv, yuam nws hloov tus password rau lwm zaus nws nkag mus.
- Tom qab tag nrho cov tsim nyog cov neeg siv tau ntxiv lawm, mus rau lub Installation Packages tab, nyem + thiab tsim lub installer nws tus kheej, uas tus neeg ua hauj lwm tej thaj chaw deb yuav download tau rau installation.
- Nyem +. Peb xaiv qhov chaw nyob thiab chaw nres nkoj ntawm cov neeg rau zaub mov uas tus neeg siv yuav txuas, thiab cov platforms uas peb xav tau los tsim cov pob teeb tsa.
Hauv qab no hauv lub qhov rai no koj tuaj yeem qhia meej cov neeg siv khoom teeb tsa rau Windows. Xaiv:- pib tus neeg siv khoom ntawm lub logon - tus neeg siv khoom VPN yuav raug ntxiv rau kev pib ntawm lub tshuab tej thaj chaw deb;
- tsim duab icon - yuav tsim ib tus neeg siv VPN icon ntawm lub desktop;
- server kev ruaj ntseg daim ntawv pov thawj validation β yuav validate tus neeg rau zaub mov daim ntawv pov thawj raws li kev twb kev txuas.
Kev teeb tsa server tiav.
- Tam sim no cia peb rub tawm cov pob teeb tsa uas peb tau tsim hauv cov kauj ruam kawg mus rau cov chaw taws teeb PC. Thaum teeb tsa lub server, peb teev nws qhov chaw nyob sab nraud (185.148.83.16) thiab chaw nres nkoj (445). Nws yog rau qhov chaw nyob no uas peb yuav tsum mus rau hauv lub web browser. Hauv kuv qhov xwm txheej nws yog : 445.
Hauv qhov rai tso cai, koj yuav tsum nkag mus rau cov ntaub ntawv pov thawj ntawm tus neeg siv peb tau tsim ua ntej.
- Tom qab kev tso cai, peb pom ib daim ntawv teev cov pob khoom tsim muaj rau rub tawm. Peb tau tsim ib qho xwb - peb yuav rub tawm nws.
- Nyem rau ntawm qhov txuas thiab cov neeg siv khoom rub tawm pib.
- Unpack lub downloaded archive thiab khiav lub installer.
- Tom qab kev teeb tsa, tso tus neeg siv khoom thiab nyem Nkag mus rau hauv lub qhov rai tso cai.
- Hauv daim ntawv pov thawj qhov rai, xaiv Yog.
- Peb nkag mus rau cov ntawv pov thawj rau cov neeg siv yav dhau los tsim thiab pom tias kev sib txuas ua tiav tiav.
- Tshawb xyuas VPN tus neeg siv txheeb cais ntawm lub computer hauv zos.
- Hauv Windows hais kom ua kab (ipconfig / tag nrho) peb pom tias ib qho ntxiv virtual adapter tau tshwm sim thiab muaj kev sib txuas nrog cov chaw taws teeb network, txhua yam ua haujlwm:
- Thiab thaum kawg, kos los ntawm Edge Gateway console.
L2VPN
L2VPN yuav xav tau thaum koj xav tau los ua ke ntau thaj chaw
faib network rau hauv ib qho chaw tshaj tawm.
Qhov no tuaj yeem pab tau, piv txwv li, thaum tsiv lub tshuab virtual: thaum VM txav mus rau lwm qhov chaw nyob, lub tshuab yuav khaws nws qhov chaw nyob IP thiab yuav tsis poob kev sib txuas nrog lwm lub tshuab nyob hauv tib lub npe L2 nrog nws.
Hauv peb qhov chaw sim, peb yuav txuas ob qhov chaw rau ib leeg, cia peb hu lawv A thiab B, raws li peb muaj ob lub NSX thiab ob qhov sib txawv tsim kev sib txuas, khi rau sib txawv Edges. Tshuab A muaj qhov chaw nyob 10.10.10.250/24, tshuab B muaj qhov chaw nyob 10.10.10.2/24.
- Hauv vCloud Tus Thawj Coj, mus rau Kev Tswj tab, mus rau VDC peb xav tau, mus rau Org VDC Networks tab thiab ntxiv ob lub network tshiab.
- Peb xaiv hom kev xa tawm network thiab khi lub network no rau peb NSX. Kos lub Create as subinterface checkbox.
- Yog li ntawd, peb yuav tsum muaj ob lub network. Hauv peb qhov piv txwv, lawv hu ua network-a thiab network-b nrog tib lub rooj vag teeb tsa thiab tib lub npog ntsej muag.
- Tam sim no cia peb mus rau qhov chaw ntawm thawj NSX. Qhov no yuav yog NSX uas Network A txuas nrog. Nws yuav ua raws li lub server.
Rov qab mus rau NSx Edge interface / Mus rau VPN tab -> L2VPN. Peb pab L2VPN, xaiv tus neeg rau zaub mov kev khiav hauj lwm hom, thiab nyob rau hauv lub neeg rau zaub mov Ntiaj teb no chaw teev cov sab nraud IP chaw nyob ntawm NSX uas qhov chaw nres nkoj rau lub qhov yuav mloog. Los ntawm lub neej ntawd, lub qhov (socket) yuav qhib rau ntawm qhov chaw nres nkoj 443, tab sis qhov no tuaj yeem hloov pauv. Tsis txhob hnov ββββqab xaiv qhov chaw encryption rau lub qhov av yav tom ntej.
- Mus rau Server Sites tab thiab ntxiv ib tus phooj ywg.
- Peb tig rau tus phooj ywg, teeb lub npe, piav qhia, yog tias tsim nyog, teeb tsa tus username thiab password. Peb yuav xav tau cov ntaub ntawv no tom qab thaum teeb tsa tus neeg siv khoom.
Hauv Egress Optimization Gateway Chaw Nyob peb tau teeb tsa qhov chaw nyob qhov rooj. Qhov no yog qhov tsim nyog kom tsis txhob muaj qhov tsis sib haum xeeb ntawm IP chaw nyob, vim tias lub rooj vag ntawm peb cov tes hauj lwm muaj tib qhov chaw nyob. Tom qab ntawd nias lub pob SELECT SUB-INTERFACES.
- Ntawm no peb xaiv qhov xav tau subinterface. Txuag cov chaw.
- Peb pom tias cov neeg siv khoom tsim tshiab tau tshwm sim hauv qhov chaw.
- Tam sim no cia peb mus rau configuring NSX los ntawm tus neeg siv khoom sab.
Peb mus rau NSX sab B, mus rau VPN -> L2VPN, pab L2VPN, teeb L2VPN hom rau cov neeg siv khoom siv. Ntawm Client Global tab, teeb qhov chaw nyob thiab chaw nres nkoj ntawm NSX A, uas peb yav dhau los tau teev tseg raws li Kev Mloog IP thiab Chaw nres nkoj ntawm sab server. Nws tseem yog ib qho tsim nyog los teeb tsa tib qhov chaw encryption kom lawv zoo ib yam thaum lub qhov tau tsa.
Scroll cia thiab xaiv lub subinterface los ntawm qhov qhov rau L2VPN yuav raug tsim.
Hauv Egress Optimization Gateway Chaw Nyob peb tau teeb tsa qhov chaw nyob qhov rooj. Teem tus user-id thiab password. Xaiv lub subinterface thiab tsis txhob hnov ββββqab txuag cov chaw. - Qhov tseeb, yog tag nrho. Cov neeg siv khoom thiab server sab teeb tsa yuav luag zoo ib yam, tshwj tsis yog qee qhov nuances.
- Tam sim no peb tuaj yeem pom tias peb qhov av ua haujlwm los ntawm kev mus rau Statistics -> L2VPN ntawm ib qho NSX.
- Yog tias peb tam sim no mus rau lub console ntawm Edge Gateway, peb yuav pom qhov chaw nyob ntawm ob qho tib si VMs hauv arp rooj rau lawv txhua tus.
Qhov ntawd yog txhua yam rau kuv txog VPN ntawm NSX Edge. Nug seb muaj dab tsi tseem tsis meej. Qhov no kuj yog qhov kawg ntawm cov kab lus ntawm kev ua haujlwm nrog NSX Edge. Peb vam tias lawv muaj txiaj ntsig :)
Tau qhov twg los: www.hab.com