Cov kab lus piav qhia txog kev teeb tsa OpenVPN server los ua kom muaj ob qhov kev lees paub nrog Telegram bot uas yuav xa daim ntawv thov kev pom zoo thaum txuas.
OpenVPN yog qhov paub zoo, pub dawb, qhib qhov chaw VPN server uas tau siv dav los teeb tsa cov neeg ua haujlwm ruaj ntseg nkag mus rau hauv lub koom haum cov peev txheej.
Raws li kev lees paub rau kev txuas mus rau VPN server, kev sib txuas ntawm tus yuam sij thiab tus neeg siv nkag / lo lus zais feem ntau yog siv. Nyob rau tib lub sijhawm, tus password khaws cia ntawm tus neeg siv khoom hloov tag nrho cov txheej txheem rau hauv ib qho tseem ceeb uas tsis muab cov qib kev ruaj ntseg zoo. Tus neeg tawm tsam, tau nkag mus rau tus neeg siv lub computer, kuj tau nkag mus rau VPN server. Qhov no yog qhov tseeb tshwj xeeb rau kev sib txuas los ntawm cov tshuab ua haujlwm Windows.
Kev siv qhov thib ob txo qhov kev pheej hmoo ntawm kev nkag mus tsis raug cai los ntawm 99% thiab tsis cuam tshuam cov txheej txheem kev sib txuas rau cov neeg siv txhua.
Cia kuv ua ib qho kev tshwj tseg tam sim ntawd: rau kev siv koj yuav tsum tau txuas tus thib peb-tog authentication server multifactor.ru, uas koj tuaj yeem siv tus nqi dawb rau koj cov kev xav tau.
Yuav ua li cas nws ua hauj lwm
- OpenVPN siv openvpn-plugin-auth-pam plugin rau kev lees paub
- Lub plugin kuaj xyuas tus neeg siv tus password ntawm lub server thiab thov qhov thib ob ntawm RADIUS raws tu qauv hauv Multifactor kev pabcuam
- Multifactor xa lus rau tus neeg siv ntawm Telegram bot lees paub kev nkag
- Tus neeg siv lees paub qhov kev thov nkag hauv Telegram tham thiab txuas rau VPN
Txhim kho OpenVPN server
Muaj ntau cov ntawv hauv Is Taws Nem piav qhia txog cov txheej txheem ntawm kev txhim kho thiab teeb tsa OpenVPN, yog li peb yuav tsis luam lawv. Yog tias koj xav tau kev pab, muaj ntau qhov txuas mus rau cov lus qhia tom kawg ntawm kab lus.
Kev teeb tsa Multifactor
Mus rau , mus rau ntu "Cov peev txheej" thiab tsim VPN tshiab.
Thaum tsim, koj yuav muaj ob txoj kev xaiv rau koj: NAS-IDentifier ΠΈ Koom Kev Pub Yuam, lawv yuav tsum tau rau configuration tom ntej.
Hauv seem "Cov pab pawg", mus rau "Tag nrho cov neeg siv" pawg teeb tsa thiab tshem tawm "Tag nrho cov peev txheej" chij kom tsuas yog cov neeg siv ntawm qee pawg tuaj yeem txuas rau VPN server.
Tsim ib pab pawg tshiab "VPN cov neeg siv", lov tes taw tag nrho cov txheej txheem kev lees paub tshwj tsis yog Telegram thiab qhia tias cov neeg siv tau nkag mus rau VPN tsim.
Hauv ntu "Cov neeg siv", tsim cov neeg siv uas yuav nkag mus rau VPN, ntxiv lawv rau "VPN cov neeg siv" pab pawg thiab xa lawv mus rau kev teeb tsa thib ob ntawm kev lees paub. Tus neeg siv nkag mus yuav tsum phim tus ID nkag mus ntawm VPN server.
Kev teeb tsa OpenVPN server
Qhib cov ntawv /etc/openvpn/server.conf thiab ntxiv ib lub plugin rau authentication siv PAM module
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpnLub plugin tuaj yeem nyob hauv phau ntawv qhia /usr/lib/openvpn/plugins/ los yog /usr/lib64/openvpn/plugins/ nyob ntawm koj qhov system.
Tom ntej no koj yuav tsum nruab lub pam_radius_auth module
$ sudo yum install pam_radiusQhib cov ntaub ntawv rau kev kho /etc/pam_radius.conf thiab qhia qhov chaw nyob ntawm RADIUS server ntawm Multifactor
radius.multifactor.ru shared_secret 40qhov twg:
- radius.multifactor.ru β chaw nyob server
- shared_secret - luam tawm los ntawm qhov sib thooj VPN nqis parameter
- 40 vib nas this - lub sijhawm tos rau kev thov nrog cov npoo loj
Cov servers uas tseem tshuav yuav tsum tau muab tshem tawm lossis tawm tswv yim tawm (muab ib lub cim ntawm qhov pib)
Tom ntej no, tsim cov ntaub ntawv rau kev pabcuam-hom openvpn
$ sudo vi /etc/pam.d/openvpnthiab sau rau hauv
auth required pam_radius_auth.so skip_passwd client_id=[NAS-IDentifier]
auth substack password-auth
account substack password-authThawj kab txuas PAM module pam_radius_auth nrog cov tsis muaj:
- skip_passwd - lov tes taw kev sib kis ntawm tus neeg siv tus password rau RADIUS Multifactor server (nws tsis tas yuav paub nws).
- client_id - hloov [NAS-Identifier] nrog rau qhov tsis sib xws los ntawm qhov chaw muab kev pabcuam VPN.
Txhua qhov ua tau tau piav qhia hauv .
Cov kab thib ob thiab thib peb suav nrog kev txheeb xyuas qhov system ntawm tus ID nkag mus, lo lus zais thiab cov cai siv ntawm koj lub server nrog rau qhov thib ob authentication yam.
Pib dua OpenVPN
$ sudo systemctl restart openvpn@serverKev teeb tsa tus neeg siv khoom
suav nrog kev thov rau tus neeg siv nkag mus thiab tus password hauv tus neeg siv cov ntaub ntawv teeb tsa
auth-user-passsoj ntsuam
Tua tawm OpenVPN tus thov kev pab, txuas mus rau lub server, sau koj tus username thiab password. Telegram bot yuav xa ib daim ntawv thov nkag nrog ob lub khawm
Ib lub pob tso cai nkag mus, qhov thib ob thaiv nws.
Tam sim no koj tuaj yeem txuag koj tus password rau tus neeg siv khoom ruaj ntseg; qhov thib ob qhov tseem ceeb yuav tiv thaiv koj tus neeg rau zaub mov OpenVPN los ntawm kev nkag tsis tau.
Yog ib yam dab tsi tsis ua hauj lwm
Sequentially xyuas tias koj tsis tau plam dab tsi:
- Muaj ib tus neeg siv ntawm lub server nrog OpenVPN nrog tus password
- Cov neeg rau zaub mov tau nkag mus ntawm UDP chaw nres nkoj 1812 mus rau qhov chaw nyob radius.multifactor.ru
- NAS-Identifier thiab Shared Secret parameters raug teev kom raug
- Ib tus neeg siv nrog tib tus ID nkag mus tau raug tsim nyob rau hauv Multifactor system thiab tau tso cai nkag mus rau pawg neeg siv VPN
- Tus neeg siv tau teeb tsa txoj hauv kev authentication ntawm Telegram
Yog tias koj tsis tau teeb tsa OpenVPN ua ntej, nyeem .
Cov lus qhia tau ua nrog piv txwv ntawm CentOS 7.
Tau qhov twg los: www.hab.com