A na-amụ akụkọ n'ezie site na akwụkwọ ozi na nkwado teknụzụ Tucha. Dịka ọmụmaatụ, otu onye ahịa bịakwutere anyị n'oge na-adịbeghị anya na arịrịọ iji dokwuo anya ihe na-eme n'oge njikọ dị n'ime ọwara VPN n'etiti ụlọ ọrụ onye ọrụ na gburugburu igwe ojii, yana n'oge njikọ na mpụga ọwara VPN. Ya mere, ederede dum dị n'okpuru bụ akwụkwọ ozi nke anyị zigara otu n'ime ndị ahịa anyị nzaghachi nye ajụjụ ya. N'ezie, a gbanwere adreesị IP ndị ahụ ka ọ ghara imebi onye ahịa ahụ. Mana, ee, nkwado teknụzụ Tucha bụ onye ama ama maka azịza ya zuru oke yana ozi ịntanetị na-enye nkọwa. 🙂
N'ezie, anyị ghọtara na maka ọtụtụ ndị isiokwu a agaghị abụ mkpughe. Mana, ebe ọ bụ na akụkọ maka ndị nchịkwa novice na-apụta na Habr site n'oge ruo n'oge, yana ebe ọ bụ na akụkọ a sitere na ezigbo akwụkwọ ozi nye onye ahịa n'ezie, anyị ka ga-ekekọrịta ozi a ebe a. Enwere ike dị elu na ọ ga-aba uru nye mmadụ.
Ya mere, anyị na-akọwa n'ụzọ zuru ezu ihe na-eme n'etiti ihe nkesa na ígwé ojii na ụlọ ọrụ ma ọ bụrụ na ha jikọọ na saịtị-na-saịtị netwọk. Rịba ama na a na-enweta ụfọdụ ọrụ naanị site na ụlọ ọrụ, ụfọdụ na-enwetakwa site na ebe ọ bụla na ịntanetị.
Ka anyị kọwaa ozugbo ihe onye ahịa anyị chọrọ na ihe nkesa 192.168.A.1 ị nwere ike si ebe ọ bụla site na RDP, jikọọ na A.A.A.2:13389, na ịnweta ọrụ ndị ọzọ naanị site na ụlọ ọrụ (192.168.B.0/24)ejikọrọ site na VPN. Ọzọkwa, onye ahịa na mbụ nwere ya ahazi ụgbọ ala ahụ 192.168.B.2 n'ime ụlọ ọrụ ọ nwekwara ike iji RDP site na ebe ọ bụla, na-ejikọta na B.B.B.1:11111. Anyị nyere aka hazie njikọ IPSec n'etiti ígwé ojii na ụlọ ọrụ ahụ, ọkachamara IT nke onye ahịa wee malite ịjụ ajụjụ banyere ihe ga-eme na nke a ma ọ bụ ikpe ahụ. Iji zaa ajụjụ ndị a niile, anyị, n'ezie, degara ya akwụkwọ niile ị nwere ike ịgụ n'okpuru ebe a.
Ugbu a, ka anyị leba anya na usoro ndị a n'ụzọ zuru ezu.
Nọkwa otu
Mgbe ezitere ihe site na 192.168.B.0/24 в 192.168.A.0/24 ma obu site na 192.168.A.0/24 в 192.168.B.0/24, ọ na-abanye na VPN. Ya bụ, agbakwunyere ngwugwu a ezoro ezo ma bufee ya n'etiti B.B.B.1 и A.A.A.1ma 192.168.A.1 na-ahụ ngwugwu kpọmkwem site na 192.168.B.1. Ha nwere ike ịkparịta ụka n'etiti onwe ha site na iji protocol ọ bụla. A na-ebunye nzaghachi nloghachi n'otu ụzọ ahụ site na VPN, nke pụtara na ngwugwu sitere na 192.168.A.1 n'ihi na 192.168.B.1 a ga-eziga dị ka ESP datagram si A.A.A.1 on B.B.B.1, nke rawụta ga-ekpughere n'akụkụ ahụ, wepụ ngwugwu ahụ na ya ma ziga ya 192.168.B.1 dị ka ngwugwu si 192.168.A.1.
Ọmụmaatụ akọwapụtara:
1) 192.168.B.1 na-ezo aka 192.168.A.1, chọrọ iji guzobe njikọ TCP na 192.168.A.1:3389;
2) 192.168.B.1 na-eziga arịrịọ njikọ site na 192.168.B.1:55555 (ọ na-ahọrọ nọmba ọdụ ụgbọ mmiri maka nzaghachi n'onwe ya; mgbe nke a gasịrị, anyị ga-eji nọmba 55555 dị ka ihe atụ nke nọmba ọdụ ụgbọ mmiri nke usoro ahụ na-ahọrọ mgbe ị na-eme njikọ TCP) na 192.168.A.1:3389;
3) sistemụ arụmọrụ na-arụ ọrụ na kọmpụta nwere adreesị 192.168.B.1, kpebiri ibuga ngwugwu a na adreesị ọnụ ụzọ ámá nke rawụta (192.168.B.254 n'ọnọdụ anyị), n'ihi na ndị ọzọ, ndị ọzọ kpọmkwem ụzọ maka 192.168.A.1, ọ nweghị, ya mere, ọ na-ebufe ngwugwu ahụ site na ụzọ ndabara (0.0.0.0/0);
4) maka nke a ọ na-agbalị ịchọta adreesị MAC maka adreesị IP 192.168.B.254 na tebụl cache protocol ARP. Ọ bụrụ na ahụghị ya, na-eziga site na adreesị 192.168.B.1 gbasaa onye-nwere arịrịọ na netwọk 192.168.B.0/24. Mgbe ole 192.168.B.254 na nzaghachi, ọ na-eziga ya adreesị MAC ya, usoro ahụ na-ebufe ngwugwu Ethernet maka ya wee tinye ozi a na tebụl cache ya;
5) rawụta ahụ na-enweta ngwugwu a wee kpebie ebe ọ ga-ebufe ya: o nwere amụma ederede nke ọ ga-ezigarịrị ngwugwu niile n'etiti. 192.168.B.0/24 и 192.168.A.0/24 nyefee njikọ VPN n'etiti B.B.B.1 и A.A.A.1;
6) rawụta na-ewepụta datagram ESP site na B.B.B.1 on A.A.A.1;
7) rawụta kpebiri onye ga-ezigara ngwugwu a, ọ na-ezigara ya, sị, B.B.B.254 (ISP ọnụ ụzọ ámá) n'ihi na e nwere ndị ọzọ kpọmkwem ụzọ A.A.A.1, karịa 0.0.0.0/0, ọ nweghị;
8) kpọmkwem otu dị ka ugbua kwuru, ọ na-achọta Mac adreesị maka B.B.B.254 ma nyefee ngwugwu ahụ na ọnụ ụzọ ISP;
9) Ndị na-eweta ịntanetị na-ebufe datagram ESP site na B.B.B.1 on A.A.A.1;
10) Virtual router na A.A.A.1 na-enweta datagram a, decrypt ya wee nata ngwugwu site na 192.168.B.1:55555 n'ihi na 192.168.A.1:3389;
11) mebere rawụta na-enyocha onye ga-ebufe ya, chọta netwọkụ na tebụl ntụgharị 192.168.A.0/24 ma na-ezigara ya ozugbo 192.168.A.1, n'ihi na ọ nwere interface 192.168.A.254/24;
12) maka nke a, mebere rawụta na-achọta adreesị MAC maka 192.168.A.1 ma na-ebufe ya ngwugwu a site na netwọk Ethernet mebere;
13) 192.168.A.1 na-enweta ngwugwu a na ọdụ ụgbọ mmiri 3389, kwenye ịmepụta njikọ wee wepụta ngwugwu na nzaghachi site na 192.168.A.1:3389 on 192.168.B.1:55555;
14) usoro ya na-ebufe ngwugwu a na adreesị ọnụ ụzọ nke rawụta mebere (192.168.A.254 n'ọnọdụ anyị), n'ihi na ndị ọzọ, ndị ọzọ kpọmkwem ụzọ maka 192.168.B.1, ọ nweghị, ya mere, ọ ga-ebufe ngwugwu site na ụzọ ndabara (0.0.0.0/0);
15) dị ka ọ dị na mbụ ikpe, a usoro na-agba ọsọ na ihe nkesa na adreesị 192.168.A.1, chọta adreesị MAC 192.168.A.254, ebe ọ bụ na otu netwọk na interface ya 192.168.A.1/24;
16) rawụta mebere na-enweta ngwugwu a wee kpebie ebe ọ ga-ebufe ya: o nwere amụma ederede nke ọ ga-ezigarịrị ngwugwu niile n'etiti. 192.168.A.0/24 и 192.168.B.0/24 nyefee njikọ VPN n'etiti A.A.A.1 и B.B.B.1;
17) mebere rawụta site na ESP datagram A.A.A.1 n'ihi na B.B.B.1;
18) mebere rawụta kpebiri onye ga-ezigara ngwugwu a, zigara ya A.A.A.254 (ọnụ ụzọ ISP, na nke a, nke ahụ bụkwa anyị), n'ihi na enwere ụzọ ndị ọzọ akọwapụtara B.B.B.1, karịa 0.0.0.0/0, ọ nweghị;
19) Ndị na-enye ịntanetị na-ebufe datagram ESP na netwọk ha A.A.A.1 on B.B.B.1;
20) rawụta na B.B.B.1 na-enweta datagram a, decrypt ya wee nata ngwugwu site na 192.168.A.1:3389 n'ihi na 192.168.B.1:55555;
21) ọ ghọtara na a ga-ebufe ya kpọmkwem 192.168.B.1, ebe ọ bụ na ya na ya nọ n'otu netwọk ahụ, ya mere, o nwere ntinye kwekọrọ na tebụl ntụgharị, nke na-amanye ya izipu ngwugwu maka dum. 192.168.B.0/24 ozugbo;
22) rawụta ahụ chọta adreesị MAC maka 192.168.B.1 ma nye ya ngwugwu a;
23) Sistemụ arụmọrụ na kọmputa nwere adreesị 192.168.B.1 na-enweta ngwugwu site na 192.168.A.1:3389 n'ihi na 192.168.B.1:55555 wee malite usoro ndị ọzọ iji guzobe njikọ TCP.
Ihe atụ a n'ụzọ dị nkenke na n'ụzọ dị mfe (na ebe a ị nwere ike icheta ụyọkọ nkọwa ndị ọzọ) na-akọwa ihe na-eme na ọkwa 2-4. A naghị atụle ọkwa 1, 5-7.
Ọkwa abụọ
Ọ bụrụ na ya 192.168.B.0/24 ihe ezigara kpọmkwem A.A.A.2, ọ naghị aga na VPN, mana ozugbo. Nke ahụ bụ, ọ bụrụ na onye ọrụ si adreesị 192.168.B.1 na-ezo aka A.A.A.2:13389, ngwugwu a sitere na adreesị B.B.B.1, na-agafe A.A.A.2, na mgbe ahụ, rawụta na-enweta ya ma nyefee ya 192.168.A.1. 192.168.A.1 amaghị ihe ọ bụla gbasara 192.168.B.1, ọ na-ahụ ngwugwu si B.B.B.1, n'ihi na o nwetara ya. Ya mere, nzaghachi nye arịrịọ a na-esote ụzọ izugbe, ọ na-abịa site na adreesị ahụ n'otu ụzọ ahụ A.A.A.2 wee gaa B.B.B.1, na rawụta ahụ na-eziga azịza a 192.168.B.1, ọ na-ahụ azịza si A.A.A.2, onye ọ gwara.
Ọmụmaatụ akọwapụtara:
1) 192.168.B.1 na-ezo aka A.A.A.2, chọrọ iji guzobe njikọ TCP na A.A.A.2:13389;
2) 192.168.B.1 na-eziga arịrịọ njikọ site na 192.168.B.1:55555 (nọmba a, dị ka ọ dị na ihe atụ gara aga, nwere ike ịdị iche) na A.A.A.2:13389;
3) sistemụ arụmọrụ na-arụ ọrụ na kọmpụta nwere adreesị 192.168.B.1, kpebiri ibuga ngwugwu a na adreesị ọnụ ụzọ ámá nke rawụta (192.168.B.254 n'ọnọdụ anyị), n'ihi na ndị ọzọ, ndị ọzọ kpọmkwem ụzọ maka A.A.A.2, ọ nweghị otu, nke pụtara na ọ na-ebufe ngwugwu ahụ site na ụzọ ndabara (0.0.0.0/0);
4) maka nke a, dị ka anyị kwuru na mbụ ihe atụ, ọ na-agbalị ịchọta MAC adreesị maka adreesị IP 192.168.B.254 na tebụl cache protocol ARP. Ọ bụrụ na ahụghị ya, na-eziga site na adreesị 192.168.B.1 gbasaa onye-nwere arịrịọ na netwọk 192.168.B.0/24. Mgbe ole 192.168.B.254 na nzaghachi, ọ na-eziga ya adreesị MAC ya, usoro ahụ na-ebufe ngwugwu Ethernet maka ya wee tinye ozi a na tebụl cache ya;
5) rawụta ahụ na-enweta ngwugwu a wee kpebie ebe ọ ga-ebufe ya: o nwere amụma ederede nke ọ ga-ebufe (dochie adreesị nloghachi) ngwugwu niile sitere na. 192.168.B.0/24 na ọnụ ọgụgụ ịntanetị ndị ọzọ;
6) ebe ọ bụ na iwu a na-egosi na adreesị nloghachi ga-adaba na adreesị dị ala na interface nke a ga-ebufe ngwugwu a, onye na-ahụ maka rawụta na-ebu ụzọ kpebie onye ga-ezigara ngwugwu a na ya, dị ka ọ dị na ihe atụ gara aga, ga-eziga ya. ka B.B.B.254 (ISP ọnụ ụzọ ámá) n'ihi na e nwere ndị ọzọ kpọmkwem ụzọ A.A.A.2, karịa 0.0.0.0/0, ọ nweghị;
7) ya mere, rawụta na-anọchi adreesị nloghachi nke ngwugwu ahụ, site ugbu a gaa n'ihu, ngwugwu ahụ sitere B.B.B.1:44444 (nọmba ọdụ ụgbọ mmiri, n'ezie, nwere ike ịdị iche) ka A.A.A.2:13389;
8) rawụta na-echeta ihe o mere, nke pụtara mgbe A.A.A.2:13389 к B.B.B.1:44444 nzaghachi bịarutere, ọ ga-ama na o kwesịrị ịgbanwe adreesị ebe na ọdụ ụgbọ mmiri na-aga 192.168.B.1:55555.
9) ugbu a, rawụta kwesịrị ibufe ya na netwọk ISP site na B.B.B.254N'ihi ya, dị nnọọ ka anyị kwurula, ọ na-achọta adreesị MAC maka B.B.B.254 ma nyefee ngwugwu ahụ na ọnụ ụzọ ISP;
10) Ndị na-eweta ịntanetị na-ebufe ngwugwu site na B.B.B.1 on A.A.A.2;
11) Virtual router na A.A.A.2 na-enweta ngwugwu a na ọdụ ụgbọ mmiri 13389;
12) enwere iwu na rawụta mebere nke na-ekwupụta na enwere ike ibunye ngwugwu enwetara n'aka onye zitere ọ bụla na ọdụ ụgbọ mmiri a. 192.168.A.1:3389;
13) mebere rawụta na-achọta netwọk na tebụl ntụgharị 192.168.A.0/24 na-eziga ya ozugbo 192.168.A.1 n'ihi na ọ nwere interface 192.168.A.254/24;
14) maka nke a, mebere rawụta na-achọta adreesị MAC maka 192.168.A.1 ma na-ebufe ya ngwugwu a site na netwọk Ethernet mebere;
15) 192.168.A.1 na-enweta ngwugwu a na ọdụ ụgbọ mmiri 3389, kwenye ịmepụta njikọ wee wepụta ngwugwu na nzaghachi site na 192.168.A.1:3389 on B.B.B.1:44444;
16) usoro ya na-ebufe ngwugwu a na adreesị ọnụ ụzọ nke rawụta mebere (192.168.A.254 n'ọnọdụ anyị), n'ihi na ndị ọzọ, ndị ọzọ kpọmkwem ụzọ maka B.B.B.1, ọ nweghị, ya mere, ọ ga-ebufe ngwugwu site na ụzọ ndabara (0.0.0.0/0);
17) kpọmkwem dị ka ọ dị na mbụ ikpe, a usoro na-agba ọsọ na ihe nkesa na adreesị 192.168.A.1, chọta adreesị MAC 192.168.A.254, ebe ọ bụ na otu netwọk na interface ya 192.168.A.1/24;
18) Virtual router na-enweta ngwugwu a. Okwesiri iburu n'uche na o chetara ihe o nwetara A.A.A.2:13389 ngwugwu si B.B.B.1:44444 ma gbanwee adreesị na ọdụ ụgbọ mmiri onye nnata ya ka ọ bụrụ 192.168.A.1:3389, Ya mere, ngwugwu si 192.168.A.1:3389 n'ihi na B.B.B.1:44444 ọ na-agbanwe adreesị izipu ka ọ bụrụ A.A.A.2:13389;
19) Virtual router na-ekpebi onye ga-ezigara ngwugwu a, ọ na-ezigara ya A.A.A.254 (ọnụ ụzọ ISP, na nke a, nke ahụ bụkwa anyị), n'ihi na enwere ụzọ ndị ọzọ akọwapụtara B.B.B.1, karịa 0.0.0.0/0, ọ nweghị;
20) Ndị na-eweta ịntanetị na-ebufe ngwugwu na A.A.A.2 on B.B.B.1;
21) rawụta na B.B.B.1 na-enweta ngwugwu a ma cheta na mgbe o zigara ngwugwu ahụ 192.168.B.1:55555 n'ihi na A.A.A.2:13389, ọ gbanwere adreesị ya na ọdụ ụgbọ mmiri na-ezigara ya B.B.B.1:44444, mgbe ahụ nke a bụ nzaghachi nke kwesịrị iziga ya 192.168.B.1:55555 (n'ezie, enwere ọtụtụ ndenye ego n'ebe ahụ, mana anyị anaghị abanye n'ime nke ahụ);
22) ọ ghọtara na a ga-ebunye ya ozugbo 192.168.B.1, ebe ọ bụ na ya na ya nọ n'otu netwọk ahụ, ya mere, o nwere ntinye kwekọrọ na tebụl ntụgharị, nke na-amanye ya izipu ngwugwu maka dum. 192.168.B.0/24 ozugbo;
23) rawụta ahụ chọta adreesị MAC maka 192.168.B.1 ma nye ya ngwugwu a;
24) Sistemụ arụmọrụ na kọmputa nwere adreesị 192.168.B.1 na-enweta ngwugwu site na A.A.A.2:13389 n'ihi na 192.168.B.1:55555 wee malite usoro ndị ọzọ iji guzobe njikọ TCP.
Ekwesiri iburu n'uche na n'okwu a, kọmputa nwere adreesị 192.168.B.1 amaghị ihe ọ bụla gbasara ihe nkesa nwere adreesị 192.168.A.1, naanị ya na-ekwurịta okwu A.A.A.2. N'otu aka ahụ, ihe nkesa nwere adreesị 192.168.A.1 amaghị ihe ọ bụla gbasara kọmputa nwere adreesị 192.168.B.1. O kwenyere na e jikọtara ya na adreesị ahụ B.B.B.1, ma ọ maghị ihe ọ bụla ọzọ, dị ka a pụrụ isi kwuo ya.
O kwesịkwara ịmara na ọ bụrụ na kọmputa a na-abanye A.A.A.2:1540, Agaghị eguzobe njikọ ahụ n'ihi na ahazighị njikọ na-ebugharị na ọdụ ụgbọ mmiri 1540 na rawụta mebere, ọbụlagodi na sava ọ bụla na netwọkụ mebere. 192.168.A.0/24 (dịka ọmụmaatụ, na sava nwere adreesị 192.168.A.1) na enwere ụfọdụ ọrụ na-echere njikọ na ọdụ ụgbọ mmiri a. Ọ bụrụ na onye ọrụ kọmputa nwere adreesị 192.168.B.1 Ọ dị mkpa iji guzobe njikọ na ọrụ a, ọ ga-eji VPN, ya bụ. kpọtụrụ ozugbo 192.168.A.1:1540.
Ekwesịrị imesi ya ike na mbọ ọ bụla iji guzobe njikọ ya A.A.A.1 (belụsọ maka njikọ IPSec sitere na B.B.B.1 agaghị aga nke ọma. Mgbalị ọ bụla iji guzobe njikọ ya A.A.A.2, ma e wezụga njikọ na ọdụ ụgbọ mmiri 13389, agaghịkwa aga nke ọma.
Anyị na-marakwa na ọ bụrụ na A.A.A.2 Ọ bụrụ na onye ọzọ akpọtụrụ gị (dịka ọmụmaatụ, C.C.C.C), ihe niile e gosiri na paragraf nke 10 ruo 20 ga-emetụtakwa ya. Ihe na-eme tupu nke a na mgbe nke a gasịrị dabere na ihe dị n'azụ C.C.C.C. Anyị enweghị ozi dị otú ahụ, ya mere anyị na-adụ ọdụ ka ị chọọ ndụmọdụ n'aka ndị nchịkwa nke saịtị na adreesị C.C.C.C.
Ọnọdụ atọ
Na, ọzọ, ọ bụrụ na ya 192.168.A.1 a na-ezigara ihe n'ọdụ ụgbọ mmiri nke ahaziri ka ọ banye n'ime B.B.B.1 (dịka ọmụmaatụ, 11111), ọ naghị abanyekwa na VPN, kama ọ na-esi na ya pụta. A.A.A.1 wee banye B.B.B.1, ma o bufegoro ya ebe n'ime, sị, 192.168.B.2:3389. Ọ na-ahụ ngwugwu a esiteghị na ya 192.168.A.1, na site na A.A.A.1. Na mgbe 192.168.B.2 zaghachi, ngwugwu na-abịa B.B.B.1 on A.A.A.1, ma emesia gakwuru onye mbido njikọ - 192.168.A.1.
Ọmụmaatụ akọwapụtara:
1) 192.168.A.1 na-ezo aka B.B.B.1, chọrọ iji guzobe njikọ TCP na B.B.B.1:11111;
2) 192.168.A.1 na-eziga arịrịọ njikọ site na 192.168.A.1:55555 (nọmba a, dị ka ọ dị na ihe atụ gara aga, nwere ike ịdị iche) na B.B.B.1:11111;
3) sistemụ arụmọrụ na-arụ ọrụ na sava nwere adreesị 192.168.A.1, kpebiri ibuga ngwugwu a na adreesị ọnụ ụzọ ámá nke rawụta (192.168.A.254 n'ọnọdụ anyị), n'ihi na ndị ọzọ, ndị ọzọ kpọmkwem ụzọ maka B.B.B.1, ọ nweghị, ya mere, ọ na-ebufe ngwugwu ahụ site na ụzọ ndabara (0.0.0.0/0);
4) maka nke a, dị ka anyị kwuru na gara aga ihe atụ, ọ na-agbalị ịchọta MAC adreesị maka adreesị IP 192.168.A.254 na tebụl cache protocol ARP. Ọ bụrụ na ahụghị ya, na-eziga site na adreesị 192.168.A.1 gbasaa onye-nwere arịrịọ na netwọk 192.168.A.0/24. Mgbe ole 192.168.A.254 na nzaghachi, ọ na-ezigara ya adreesị MAC ya, usoro ahụ na-ebufe ngwugwu Ethernet maka ya wee tinye ozi a n'ime tebụl cache ya;
5) Virtual router na-enweta ngwugwu a wee kpebie ebe ọ ga-ebufe ya: o nwere amụma ederede nke ọ ga-ebufe (dochie adreesị nloghachi) ngwugwu niile sitere na. 192.168.A.0/24 na ọnụ ọgụgụ ịntanetị ndị ọzọ;
6) ebe ọ bụ na iwu a na-eche na adreesị nloghachi ga-adaba na adreesị dị ala na interface nke a ga-ebufe ngwugwu a, onye na-ahụ maka rawụta mebere na-ekpebi onye ga-ezigara ngwugwu a, ma ya, dị ka ọ dị na mbụ ihe atụ, ga-eziga. ya na A.A.A.254 (ọnụ ụzọ ISP, na nke a, nke ahụ bụkwa anyị), n'ihi na enwere ụzọ ndị ọzọ akọwapụtara B.B.B.1, karịa 0.0.0.0/0, ọ nweghị;
7) nke a pụtara na mebere rawụta nọchiri adreesị nloghachi nke ngwugwu ahụ, site ugbu a gaa n'ihu, ọ bụ ngwugwu sitere na ya. A.A.A.1:44444 (nọmba ọdụ ụgbọ mmiri, n'ezie, nwere ike ịdị iche) ka B.B.B.1:11111;
8) mebere rawụta na-echeta ihe o mere, ya mere, mgbe si B.B.B.1:11111 n'ihi na A.A.A.1:44444 nzaghachi bịarutere, ọ ga-ama na o kwesịrị ịgbanwe adreesị ebe na ọdụ ụgbọ mmiri na-aga 192.168.A.1:55555.
9) ugbu a mebere rawụta kwesịrị ibufe ya na netwọk ISP site na A.A.A.254, Ya mere, dị nnọọ ka anyị kwurula, ọ na-achọta adreesị MAC maka A.A.A.254 ma nyefee ngwugwu ahụ na ọnụ ụzọ ISP;
10) Ndị na-eweta ịntanetị na-ebufe ngwugwu site na A.A.A.1 ka B.B.B.1;
11) rawụta na B.B.B.1 na-enweta ngwugwu a na ọdụ ụgbọ mmiri 11111;
12) enwere iwu na rawụta mebere nke na-ekwupụta na ekwesịrị ibunye ngwugwu ndị sitere n'aka onye zitere ọ bụla na ọdụ ụgbọ mmiri a. 192.168.B.2:3389;
13) rawụta ahụ na-ahụ netwọkụ na tebụl ntụgharị 192.168.B.0/24 ma na-ezigara ya ozugbo 192.168.B.2, n'ihi na ọ nwere interface 192.168.B.254/24;
14) maka nke a, mebere rawụta na-achọta adreesị MAC maka 192.168.B.2 ma na-ebufe ya ngwugwu a site na netwọk Ethernet mebere;
15) 192.168.B.2 na-enweta ngwugwu a na ọdụ ụgbọ mmiri 3389, kwenye ịmepụta njikọ wee wepụta ngwugwu na nzaghachi site na 192.168.B.2:3389 on A.A.A.1:44444;
16) sistemu ya na-ebufe ngwugwu a na adreesị ọnụ ụzọ rawụta.192.168.B.254 n'ọnọdụ anyị), n'ihi na ndị ọzọ, ndị ọzọ kpọmkwem ụzọ maka A.A.A.1, ọ nweghị, ya mere, ọ ga-ebufe ngwugwu site na ụzọ ndabara (0.0.0.0/0);
17) n'otu ụzọ ahụ dị na mbụ ikpe, a usoro na-agba ọsọ na kọmputa na adreesị 192.168.B.2, chọta adreesị MAC 192.168.B.254, ebe ọ bụ na otu netwọk na interface ya 192.168.B.2/24;
18) rawụta na-enweta ngwugwu a. Okwesiri iburu n'uche na o chetara ihe o nwetara B.B.B.1:11111 ngwugwu si A.A.A.1 ma gbanwee adreesị na ọdụ ụgbọ mmiri onye nnata ya ka ọ bụrụ 192.168.B.2:3389, Ya mere, ngwugwu si 192.168.B.2:3389 n'ihi na A.A.A.1:44444 ọ na-agbanwe adreesị izipu ka ọ bụrụ B.B.B.1:11111;
19) rawụta na-ekpebi onye ga-ezigara ngwugwu a. Ọ na-ezipụ ya, sị, B.B.B.254 (ISP ọnụ ụzọ ámá, kpọmkwem adreesị nke anyị na-amaghị), n'ihi na e nweghị ọzọ kpọmkwem ụzọ A.A.A.1, karịa 0.0.0.0/0, ọ nweghị;
20) Ndị na-eweta ịntanetị na-ebufe ngwugwu na B.B.B.1 on A.A.A.1;
21) Virtual router na A.A.A.1 na-enweta ngwugwu a ma cheta na mgbe o zigara ngwugwu ahụ 192.168.A.1:55555 n'ihi na B.B.B.1:11111, ọ gbanwere adreesị ya na ọdụ ụgbọ mmiri na-ezigara ya A.A.A.1:44444. Nke a pụtara na nke a bụ azịza kwesịrị iziga ya 192.168.A.1:55555 (n'ezie, dị ka anyị kwuru na mbụ ihe atụ, e nwekwara ọtụtụ ndị ọzọ checks, ma oge a anyị na-adịghị abanye na omimi na ha);
22) ọ ghọtara na a ga-ebunye ya ozugbo 192.168.A.1, ebe ọ bụ na ya na ya nọ n'otu netwọk ahụ, ọ pụtara na o nwere ntinye kwekọrọ na tebụl ntụgharị nke na-amanye ya iziga ngwugwu na dum. 192.168.A.0/24 ozugbo;
23) rawụta ahụ chọta adreesị MAC maka 192.168.A.1 ma nye ya ngwugwu a;
24) Sistemụ arụmọrụ na sava nwere adreesị 192.168.A.1 na-enweta ngwugwu site na B.B.B.1:11111 maka 192.168.A.1:55555 wee malite usoro ndị ọzọ iji guzobe njikọ TCP.
Kpọmkwem otu ihe ahụ dị na nke gara aga, na nke a, ihe nkesa nwere adreesị 192.168.A.1 amaghị ihe ọ bụla gbasara kọmputa nwere adreesị 192.168.B.1, naanị ya na-ekwurịta okwu B.B.B.1. Kọmputa nwere adreesị 192.168.B.1 amaghịkwa ihe ọ bụla gbasara ihe nkesa nwere adreesị 192.168.A.1. O kwenyere na e jikọtara ya na adreesị ahụ A.A.A.1, ma ihe fọduru ezonariwo ya.
nkwubi
Nke a bụ otu ihe niile si eme maka njikọ dị n'ime oghere VPN n'etiti ụlọ ọrụ onye ahịa na gburugburu igwe ojii, yana maka njikọ na mpụga oghere VPN. Ma ọ bụrụ na ị nwere ajụjụ ọ bụla ma ọ bụ chọọ enyemaka anyị iji dozie nsogbu igwe ojii,
isi: www.habr.com