Ịchọrọ iji Linux na-arụ ọrụ, mana VPN ụlọ ọrụ gị agaghị ekwe ka ị? Mgbe ahụ isiokwu a nwere ike inye aka, ọ bụ ezie na nke a ejighị n'aka. Ọ ga-amasị m ịdọ gị aka ná ntị n'ihu na aghọtaghị m okwu nchịkwa netwọk nke ọma, ya mere ọ ga-ekwe omume na m mere ihe ọ bụla na-ezighị ezi. N'aka nke ọzọ, ọ ga-ekwe omume na m nwere ike ide akwụkwọ ntuziaka n'ụzọ ga-eme ka ndị nkịtị ghọta ya, n'ihi ya, m na-adụ gị ọdụ ka ị gbalịa.
Edemede ahụ nwere ọtụtụ ozi na-enweghị isi, mana na-enweghị ihe ọmụma a, agaraghị m enwe ike idozi nsogbu ndị na-atụghị anya ya pụtara na ịtọlite VPN. Echere m na onye ọ bụla nke na-agbalị iji ntuziaka a ga-enwe nsogbu ndị m na-enweghị, na enwere m olileanya na ozi ọzọ a ga-enyere aka dozie nsogbu ndị a n'onwe ha.
Ọtụtụ n'ime iwu ndị ejiri na ntuziaka a kwesịrị ka agba ya site na sudo, nke ewepụrụ maka nkenke. Buru n'uche.
Ọtụtụ adreesị IP emechiela nke ukwuu, yabụ ọ bụrụ na ị hụ adreesị dị ka 435.435.435.435, a ga-enwerịrị IP nkịtị ebe ahụ, akọwapụtara maka ikpe gị.
Ọ na-eri Ubuntu Eprel 18.04, mana echere m na enwere ike itinye ntuziaka ahụ n'ọrụ na nkesa ndị ọzọ na obere mgbanwe. Agbanyeghị, n'isiokwu a, Linux == Ubuntu.
Cisco njikọ
Ndị nọdụrụ ala Windows ma ọ bụ MacOS nwere ike ijikọ na VPN ụlọ ọrụ anyị site na Cisco Connect, nke chọrọ ịkọwapụta adreesị ọnụ ụzọ ámá na itinye paswọọdụ nke nwere akụkụ edobere na koodu nke Google Authenticator mepụtara oge ọ bụla ha jikọọ.
N'ihe banyere Linux, enweghị m ike ịnweta Cisco Connect na-agba ọsọ, mana ejiri m google ndụmọdụ iji openconnect, mere kpọmkwem iji dochie Cisco Connect.
Mepee njikọ
Na tiori, Ubuntu nwere interface eserese pụrụ iche maka openconnect, mana ọ naghị arụ ọrụ maka m. Ma eleghị anya, ọ bụ maka mma.
Na Ubuntu, a na-etinye openconnect site na njikwa ngwugwu.
apt install openconnectOzugbo echichichara, ị nwere ike ịnwale ijikọ na VPN
openconnect --user poxvuibr vpn.evilcorp.comvpn.evilcorp.com bụ adreesị nke VPN efu
poxvuibr - aha njirimara efu
openconnect ga-ajụ gị ka itinye paswọọdụ, nke, ka m chetara gị, nwere akụkụ a kapịrị ọnụ yana koodu sitere na Google Authenticator, mgbe ahụ ọ ga-agbalị ijikọ na vpn. Ọ bụrụ na ọ na-arụ ọrụ, daalụ, ị nwere ike ịfefe etiti ahụ n'enweghị nsogbu, nke bụ nnukwu ihe mgbu, wee gaa n'ihu banyere openconnect na-agba ọsọ n'azụ. Ọ bụrụ na ọ naghị arụ ọrụ, ị nwere ike ịga n'ihu. Ọ bụ ezie na ọ bụrụ na ọ na-arụ ọrụ mgbe ị na-ejikọta, dịka ọmụmaatụ, site na Wi-Fi onye ọbịa na-arụ ọrụ, mgbe ahụ, ọ nwere ike ịbụ n'oge ka ị ṅụrịa ọṅụ;
Asambodo
Enwere ike dị elu na ọ nweghị ihe ga-amalite, na mmepụta openconnect ga-adị ka nke a:
POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found
Certificate from VPN server "vpn.evilcorp.com" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
--servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progressN'otu aka ahụ, nke a adịghị mma, n'ihi na ọ dịghị njikọ na VPN, ma n'aka nke ọzọ, otu esi edozi nsogbu a bụ, ụkpụrụ, doro anya.
N'ebe a, ihe nkesa ahụ zitere anyị akwụkwọ, nke anyị nwere ike ikpebi na a na-eme njikọ ahụ na ihe nkesa nke ụlọ ọrụ obodo anyị, ọ bụghịkwa onye aghụghọ ọjọọ, na akwụkwọ ahụ amaghị na usoro ahụ. Ya mere ọ nweghị ike ịlele ma ihe nkesa ọ dị adị ma ọ bụ na ọ bụghị. Ya mere, ọ bụrụ na ọ kwụsịrị ịrụ ọrụ.
Ka imeghe njikọ iji jikọọ na ihe nkesa ahụ, ịkwesịrị ịgwa ya nke ọma akwụkwọ asambodo kwesịrị isi na sava VPN bịa na iji igodo —servert.
Na ị nwere ike chọpụta nke akwụkwọ nke ihe nkesa zitere anyị ozugbo si ihe openconnect e biri ebi. Nke a sitere na mpempe a:
To trust this server in future, perhaps add this to your command line:
--servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progressSite na iwu a, ị nwere ike ịnwa jikọọ ọzọ
openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.comIkekwe ugbu a ọ na-arụ ọrụ, mgbe ahụ ị nwere ike ịga n'ihu na njedebe. Mana n'onwe ya, Ubuntu gosiri m fig n'ụdị a
POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.evilcorp.com
XML POST enabled
Please enter your username and password.
POST https://vpn.evilcorp.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 300, Keepalive 30
Set up DTLS failed; using SSL instead
Connected as 192.168.333.222, using SSL
NOSSSSSHHHHHHHDDDDD
3
NOSSSSSHHHHHHHDDDDD
3
RTNETLINK answers: File exists
/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf/etc/resolv.conf
# Generated by NetworkManager
search gst.evilcorpguest.com
nameserver 127.0.0.53/run/resolvconf/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 192.168.430.534
nameserver 127.0.0.53
search evilcorp.com gst.publicevilcorp.comhabr.com ga-edozi, mana ị gaghị enwe ike ịga ebe ahụ. A naghị edozi adreesị dị ka jira.evilcorp.com ma ọlị.
Ihe mere ebe a edoghị m anya. Mana nnwale na-egosi na ọ bụrụ na ị gbakwunye ahịrị na /etc/resolv.conf
nameserver 192.168.430.534mgbe ahụ adreesị ndị dị n'ime VPN ga-amalite ịmebi nke ọma ma ị nwere ike ịgafe na ha, ya bụ, ihe DNS na-achọ iji dozie adreesị na-ele anya kpọmkwem na /etc/resolv.conf, ọ bụghị ebe ọzọ.
Ị nwere ike ịchọpụta na enwere njikọ na VPN na ọ na-arụ ọrụ na-enweghị mgbanwe ọ bụla na /etc/resolv.conf; iji mee nke a, tinye na ihe nchọgharị ahụ ọ bụghị aha ihe atụ nke ihe onwunwe site na VPN, kama adreesị IP ya
N'ihi ya, enwere nsogbu abụọ
- Mgbe ị na-ejikọ na VPN, anaghị eburu dns ya
- okporo ụzọ niile na-aga site na VPN, nke na-adịghị ekwe ka ịnweta ịntanetị
Aga m agwa gị ihe ị ga-eme ugbu a, mana buru ụzọ nweta obere akpaaka.
Ntinye akpaaka nke akụkụ a kapịrị ọnụ nke paswọọdụ
Ka ọ dị ugbu a, o yikarịrị ka i tinyelarị paswọọdụ gị opekata mpe ugboro ise na usoro a agwụla gị ike. Nke mbụ, n'ihi na paswọọdụ dị ogologo, na nke abụọ, n'ihi na mgbe ị na-abanye, ịkwesịrị ịkwado n'ime oge a kapịrị ọnụ
E tinyeghị ihe ngwọta ikpeazụ maka nsogbu ahụ n'ime akụkọ ahụ, mana ị nwere ike ijide n'aka na etinyeghị akụkụ nke paswọọdụ ahụ ọtụtụ oge.
Ka anyị were na akụkụ nke paswọọdụ a kapịrị ọnụ bụ paswọọdụ, yana akụkụ sitere na Google Authenticator bụ 567 Okwuntughe niile enwere ike ịmepe njikọ site na ntinye ọkọlọtọ site na iji arụmụka -passwd-on-stdin.
echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.com --passwd-on-stdinUgbu a, ị nwere ike ịlaghachi na iwu abanye ikpeazụ wee gbanwee naanị akụkụ nke Google Authenticator ebe ahụ.
VPN ụlọ ọrụ anaghị enye gị ohere ịgagharị ịntanetị.
N'ozuzu, ọ bụghị ihe na-adịghị mma mgbe ị ga-eji kọmputa dị iche iche gaa Habr. Enweghi ike idetuo-tapawa site na stackoverfow nwere ike mebie ọrụ n'ozuzu ya, yabụ ọ dị mkpa ka emee ihe.
Anyị kwesịrị ịhazi ya n'ụzọ ụfọdụ ka ọ bụrụ na ịchọrọ ịnweta akụrụngwa sitere na netwọkụ dị n'ime, Linux na-aga na VPN, mgbe ịchọrọ ịga Habr, ọ na-aga na ịntanetị.
openconnect, mgbe ịmalitechara ma guzobe njikọ na vpn, na-eme edemede pụrụ iche, nke dị na /usr/share/vpnc-scripts/vpnc-script. A na-ebufe ụfọdụ mgbanwe na edemede dị ka ntinye, ọ na-ahazi VPN. N'ụzọ dị mwute, enweghị m ike ịchọpụta otu esi ekewa okporo ụzọ n'etiti VPN ụlọ ọrụ na ịntanetị ndị ọzọ site na iji edemede obodo.
N'ụzọ doro anya, e mepụtara vpn-slice utility karịsịa maka ndị dị ka m, nke na-enye gị ohere iziga okporo ụzọ site na ọwa abụọ na-ejighi egwu egwu egwu. Ọfọn, ya bụ, ị ga-agba egwu, ma ị gaghị abụ onye na-agba ọsọ.
Nkewa okporo ụzọ site na iji vpn-slice
Nke mbụ, ị ga-etinye vpn-slice, ị ga-achọpụta nke a n'onwe gị. Ọ bụrụ na enwere ajụjụ na nkọwa, m ga-ede akwụkwọ ozi dị iche gbasara nke a. Mana nke a bụ mmemme Python mgbe niile, yabụ na ekwesighi inwe ihe isi ike. Ejiri m Virtualenv tinye ya.
Ma mgbe ahụ, a ga-etinyerịrị ngwa ahụ, na-eji mgba ọkụ -script, na-egosi imeghe njikọ na kama ederede ọkọlọtọ, ịkwesịrị iji vpn-slice.
echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 192.168.430.0/24 " vpn.evilcorp.com --script na-agafe eriri nwere iwu nke kwesịrị ịkpọ kama ederede. ./bin/vpn-slice - ụzọ gaa na faịlụ vpn-slice executable 192.168.430.0/24 - nkpuchi nke adreesị iji gaa na vpn. N'ebe a, anyị na-ekwu na ọ bụrụ na adreesị na-amalite na 192.168.430, mgbe ahụ, ihe onwunwe nwere adreesị a kwesịrị ịchọ n'ime VPN.
Ọnọdụ ahụ kwesịrị ịdị ugbu a ọ fọrọ nke nta ka ọ bụrụ nkịtị. Fọrọ nke nta. Ugbu a ị nwere ike ịga Habr ma ị nwere ike ịga na akụrụngwa intra-corporate site na ip, mana ị nweghị ike ịga na akụrụngwa intra-corporate site na aha ihe atụ. Ọ bụrụ na ị kọwapụta egwuregwu n'etiti aha ihe atụ na adreesị na ndị ọbịa, ihe niile kwesịrị ịrụ ọrụ. Ma rụọ ọrụ ruo mgbe ip gbanwere. Linux nwere ike nweta ịntanetị ugbu a ma ọ bụ intranet, dabere na IP. Mana DNS na-abụghị ụlọọrụ ka na-eji chọpụta adreesị.
Nsogbu ahụ nwekwara ike igosipụta onwe ya n'ụdị a - na-arụ ọrụ ihe niile dị mma, ma n'ụlọ ị nwere ike ịnweta naanị ihe onwunwe nke ụlọ ọrụ site na IP. Nke a bụ n'ihi na mgbe ejikọrọ na Wi-Fi ụlọ ọrụ, a na-ejikwa DNS ụlọ ọrụ, na adreesị ihe atụ sitere na VPN na-edozi na ya, n'agbanyeghị na ọ ka na-agaghị ekwe omume ịga na adreesị dị otú ahụ n'ejighị VPN.
Mgbanwe akpaaka nke faịlụ ndị ọbịa
Ọ bụrụ na a jụrụ vpn-slice nke ọma, mgbe ahụ, mgbe o welitere VPN, ọ nwere ike ịga na DNS ya, chọta ebe ahụ adreesị IP nke ihe ndị dị mkpa site na aha ihe atụ ha wee tinye ha na ndị ọbịa. Mgbe gbanyụọ VPN, a ga-ewepụ adreesị ndị a na ndị ọbịa. Iji mee nke a, ịkwesịrị ịnyefe aha ihe atụ na vpn-slice dị ka arụmụka. Dị ka nke a.
echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 192.168.430.0/24 jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com Ugbu a ihe niile kwesịrị ịrụ ọrụ ma n'ọfịs ma n'akụkụ osimiri.
Chọọ adreesị nke subdomains niile na DNS nke VPN nyere
Ọ bụrụ na enwere adreesị ole na ole n'ime netwọkụ ahụ, mgbe ahụ, usoro ịmegharị faịlụ ndị ọbịa na-akpaghị aka na-arụ ọrụ nke ọma. Ma ọ bụrụ na e nwere ọtụtụ ihe onwunwe na netwọk, mgbe ahụ, ị ga-mgbe niile mkpa ịgbakwunye ahịrị dị ka zoidberg.test.evilcorp.com na script zoidberg bụ aha nke otu n'ime ule bench.
Ma ugbu a anyị ghọtara ntakịrị ihe mere a ga-eji wepụ mkpa a.
Ọ bụrụ na, mgbe ịkwalite VPN, ileba anya na /etc/hosts, ị nwere ike ịhụ ahịrị a
192.168.430.534 dns0.tun0 # vpn-slice-tun0 AUTOCREATED
Ma gbakwunyere ahịrị ọhụrụ na resolv.conf. Na nkenke, vpn-slice kpebiri n'ụzọ ụfọdụ ebe ihe nkesa dns maka vpn dị.
Ugbu a, anyị kwesịrị ijide n'aka na iji chọpụta adreesị IP nke ngalaba aha na-agwụ na evilcorp.com, Linux na-aga na DNS ụlọ ọrụ, ma ọ bụrụ na ihe ọzọ dị mkpa, wee gaa na nke ndabara.
M Googled ruo oge ụfọdụ wee chọpụta na ọrụ dị otú ahụ dị na Ubuntu site na igbe. Nke a pụtara ike iji DNS nkesa dnsmasq dozie aha.
Nke ahụ bụ, ị nwere ike ijide n'aka na Linux na-aga mgbe niile na sava DNS mpaghara maka adreesị IP, nke n'aka nke ya, dabere na ngalaba aha, ga-achọ IP na sava DNS mpụga kwekọrọ.
Iji jikwaa ihe niile metụtara netwọkụ na njikọ netwọkụ, Ubuntu na-eji NetworkManager, yana interface eserese maka ịhọrọ, dịka ọmụmaatụ, njikọ Wi-Fi bụ naanị njedebe n'ihu ya.
Anyị ga-achọ ịrị elu na nhazi ya.
- Mepụta faịlụ na /etc/NetworkManager/dnsmasq.d/evilcorp
adreesị=/.evilcorp.com/192.168.430.534
Lezienụ anya na isi ihe dị n'ihu evilcorp. Ọ na-egosi dnsmasq na ekwesịrị ịchọgharị subdomains nke evilcorp.com na dns ụlọ ọrụ.
- Gwa NetworkManager ka ọ jiri dnsmasq maka mkpebi aha
Nhazi onye njikwa netwọkụ dị na /etc/NetworkManager/NetworkManager.conf Ịkwesịrị ịgbakwunye ebe ahụ:
[isi]
dns=dnsmasq
- Malitegharịa ekwentị Onye njikwa netwọkụ
service network-manager restartUgbu a, mgbe ijikọ na VPN site na iji openconnect na vpn-slice, IP ga-ekpebi nke ọma, ọbụlagodi na itinyeghị adreesị ihe atụ na arụmụka na vpnslice.
Otu esi enweta ọrụ n'otu n'otu site na VPN
Mgbe m jisiri ike jikọọ na VPN, enwere m nnọọ obi ụtọ ruo ụbọchị abụọ, mgbe ahụ, ọ bụrụ na m jikọọ na VPN site na netwọk ụlọ ọrụ, mgbe ahụ mail anaghị arụ ọrụ. Amara ihe mgbaàmà ahụ, ọ́ bụghị ya?
Ozi anyị dị na mail.publicevilcorp.com, nke pụtara na ọ naghị adaba n'okpuru iwu na dnsmasq na adreesị ozi-e a na-enyocha site na DNS ọha.
Ọfọn, ụlọ ọrụ ka na-eji DNS, nke nwere adreesị a. Nke ahụ bụ ihe m chere. N'ezie, mgbe gbakwunyere ahịrị na dnsmasq
adreesị=/mail.publicevilcorp.com/192.168.430.534
ọnọdụ ahụ agbanwebeghị ma ọlị. ip nọgidere otu. M ga-aga ọrụ.
Ma naanị mgbe e mesịrị, mgbe m debanyere n'ime ọnọdụ ahụ ma ghọta ntakịrị nsogbu ahụ, otu onye maara ihe gwara m ka m ga-esi dozie ya. Ọ dị mkpa ijikọ na ihe nkesa ozi ọ bụghị naanị nke ahụ, mana site na VPN
Ana m eji vpn-slice gafere VPN gaa na adreesị na-amalite na 192.168.430. Na ihe nkesa ozi ọ bụghị naanị nwere adreesị ihe atụ nke na-abụghị subdomain nke evilcorp, ọ nweghịkwa adreesị IP nke na-amalite na 192.168.430. Na n'ezie ọ naghị ekwe ka onye ọ bụla si na netwọk n'ozuzu bịakwute ya.
Ka Linux wee gafee VPN yana na nkesa ozi, ịkwesịrị ịgbakwunye ya na vpn-slice. Ka anyị kwuo na adreesị onye nzipu ozi bụ 555.555.555.555
echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 555.555.555.555 192.168.430.0/24" vpn.evilcorp.com Edemede maka ibulite VPN na otu arụmụka
N'ezie, ihe a niile adịghị adaba. Ee, ị nwere ike ichekwa ederede na faịlụ wee detuo ya na njikwa kama iji aka dee ya, mana ọ kabeghị mma. Iji mee ka usoro ahụ dịkwuo mfe, ị nwere ike kechie iwu ahụ na edemede nke ga-adị na PATH. Mgbe ahụ ị ga-achọ naanị itinye koodu enwetara n'aka Google Authenticator
#!/bin/sh
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 192.168.430.0/24 jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com Ọ bụrụ na itinye script na connect~evilcorp~ ị nwere ike dee na console
connect_evil_corp 567987Mana ugbu a, ị ka ga-edobe console nke openconnect na-emeghe maka ihe ụfọdụ
Na-agba ọsọ openconnect n'azụ
Ọ dabara nke ọma, ndị na-ede akwụkwọ nke openconnect lekọtara anyị ma tinye igodo pụrụ iche na mmemme ahụ - ndabere, nke na-eme ka mmemme ahụ rụọ ọrụ n'azụ mgbe mmalite. Ọ bụrụ na ị na-agba ya dị ka nke a, ị nwere ike mechie console ka emechara ya
#!/bin/sh
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
--user poxvuibr
--passwd-on-stdin
--background
--script "./bin/vpn-slice 192.168.430.0/24 jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com Ugbu a amabeghị ebe ndekọ na-aga. N'ozuzu, anyị achọghị ndekọ n'ezie, mana ị maghị. openconnect nwere ike ibugharị ha na syslog, ebe a ga-echekwa ha na nchekwa. ịkwesịrị ịgbakwunye -syslog mgbanwe na iwu
#!/bin/sh
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
--user poxvuibr
--passwd-on-stdin
--background
--syslog
--script "./bin/vpn-slice 192.168.430.0/24 jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com Ya mere, ọ na-apụta na openconnect na-arụ ọrụ ebe dị n'azụ ma ọ dịghị enye onye ọ bụla nsogbu, ma ọ bụghị ihe doro anya ka esi kwụsị ya. Ya bụ, ị nwere ike, n'ezie, nyochaa ps mmepụta site na iji grep wee chọọ usoro aha ya nwere openconnect, mana nke a na-agwụ ike. Ekele dịrị ndị odee chekwara echiche banyere nke a. Openconnect nwere igodo -pid-file, nke ị nwere ike iji nye ntụziaka openconnect ka o dee ihe nchọpụta usoro ya na faịlụ.
#!/bin/sh
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
--user poxvuibr
--passwd-on-stdin
--background
--syslog
--script "./bin/vpn-slice 192.168.430.0/24 jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com
--pid-file ~/vpn-pidUgbu a ị nwere ike igbu usoro mgbe niile site na iji iwu
kill $(cat ~/vpn-pid)Ọ bụrụ na enweghị usoro, igbu mmadụ ga-abụ ọnụ, ma ọ gaghị atụfu njehie. Ọ bụrụ na faịlụ ahụ adịghị ebe ahụ, mgbe ahụ ọ dịghị ihe ọjọọ ga-eme, n'ihi ya ị nwere ike igbu usoro ahụ n'enweghị nsogbu na ahịrị mbụ nke edemede ahụ.
kill $(cat ~/vpn-pid)
#!/bin/sh
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
--user poxvuibr
--passwd-on-stdin
--background
--syslog
--script "./bin/vpn-slice 192.168.430.0/24 jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com
--pid-file ~/vpn-pidUgbu a ị nwere ike ịgbanwuo kọmputa gị, mepee njikwa ma mee iwu ahụ, na-ebufe ya koodu site na Google Authenticator. Enwere ike ịkụtu ihe njikwa ahụ.
Na-enweghị VPN-ibe. Kama okwu ikpeazụ
Ọ tụgharịrị bụrụ ihe siri ike nghọta ka esi ebi ndụ na-enweghị iberi VPN. M ga-agụ na google ọtụtụ. Ọ dabara nke ọma, ka iwere oge dị ukwuu na nsogbu, akwụkwọ ntuziaka teknụzụ na ọbụna mmadụ mepere emepe na-agụ dị ka akwụkwọ akụkọ na-atọ ụtọ.
N'ihi ya, achọpụtara m na vpn-slice, dị ka edemede nke ala, na-agbanwe tebụl ntụgharị iji kewaa netwọk.
Tebụl ụzọ
N'ikwu ya n'ụzọ dị mfe, nke a bụ tebụl dị na kọlụm nke mbụ nke nwere ihe adreesị nke Linux chọrọ ịbanye kwesịrị ịmalite na kọlụm nke abụọ nke nkwụnye netwọk ga-agafe na adreesị a. N'ezie, enwere ọtụtụ ndị na-ekwu okwu, mana nke a anaghị agbanwe isi ihe.
Iji lelee tebụl ntụgharị, ịkwesịrị ịgba ọsọ iwu ụzọ ip
default via 192.168.1.1 dev wlp3s0 proto dhcp metric 600
192.168.430.0/24 dev tun0 scope link
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.534 metric 600
192.168.430.534 dev tun0 scope link N'ebe a, ahịrị ọ bụla na-ahụ maka ebe ịchọrọ ịga iji zipu ozi na adreesị ụfọdụ. Nke mbụ bụ nkọwa nke ebe adreesị kwesịrị ịmalite. Iji ghọta otu esi achọpụta na 192.168.0.0/16 pụtara na adreesị kwesịrị ịmalite na 192.168, ịkwesịrị google ihe mkpuchi adreesị IP. Mgbe dev nwere aha nkwụnye nke ekwesịrị iziga ozi.
Maka VPN, Linux mere ihe nkwụnye mebere - tun0. Ahịrị ahụ na-eme ka okporo ụzọ maka adreesị niile malite na 192.168 na-aga na ya
192.168.0.0/16 dev tun0 scope link Ị nwekwara ike ileba anya ugbu a ọnọdụ tebụl ntụgharị site na iji iwu ahụ ụzọ -n (A na-edobe adreesị IP n'ụzọ aghụghọ) Iwu a na-arụpụta nsonaazụ n'ụdị dị iche ma na-emebikarị ya, mana a na-ahụkarị nsonaazụ ya na akwụkwọ ntuziaka na ịntanetị yana ịkwesịrị inwe ike ịgụ ya.
Ebe adreesị IP maka ụzọ kwesịrị ịmalite, enwere ike ịghọta ya site na nchikota nke kọlụm Destination na Genmask. A na-eburu n'uche akụkụ nke adreesị IP ndị ahụ kwekọrọ na nọmba 255 na Genmask, mana ndị ebe 0 adịghị. Ya bụ, nchikota nke Destination 192.168.0.0 na Genmask 255.255.255.0 pụtara na ọ bụrụ na adreesị na-amalite na 192.168.0, mgbe ahụ arịrịọ ya ga-aga n'ụzọ a. Ma ọ bụrụ na ebe 192.168.0.0 kama Genmask 255.255.0.0, mgbe ahụ, arịrịọ maka adreesị nke na-amalite na 192.168 ga-aga n'ụzọ a.
Iji chọpụta ihe vpn-slice na-eme n'ezie, ekpebiri m ileba anya na steeti ndị dị na tebụl tupu na mgbe emechara.
Tupu ịgbanwuo VPN ọ dị ka nke a
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 222.222.222.1 0.0.0.0 UG 600 0 0 wlp3s0
222.222.222.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
333.333.333.333 222.222.222.1 255.255.255.255 UGH 0 0 0 wlp3s0Mgbe akpọchara openconnect na-enweghị vpn-slice ọ dị ka nke a
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
0.0.0.0 222.222.222.1 0.0.0.0 UG 600 0 0 wlp3s0
222.222.222.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
333.333.333.333 222.222.222.1 255.255.255.255 UGH 0 0 0 wlp3s0
192.168.430.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.430.534 0.0.0.0 255.255.255.255 UH 0 0 0 tun0Ma mgbe ịkpọchara openconnect yana njikọ vpn-slice dị ka nke a
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 222.222.222.1 0.0.0.0 UG 600 0 0 wlp3s0
222.222.222.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
333.333.333.333 222.222.222.1 255.255.255.255 UGH 0 0 0 wlp3s0
192.168.430.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.430.534 0.0.0.0 255.255.255.255 UH 0 0 0 tun0Enwere ike ịhụ na ọ bụrụ na ị naghị eji vpn-slice, mgbe ahụ openconnect na-ede n'ụzọ doro anya na adresị niile, ma e wezụga ndị ahụ akọwapụtara, ga-enwerịrị ike ịnweta site na vpn.
Ebe a:
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0N'ebe ahụ, n'akụkụ ya, a na-egosi ụzọ ọzọ ozugbo, nke a ga-eji mee ihe ma ọ bụrụ na adreesị nke Linux na-agbalị ịgafe adịghị adabara nkpuchi ọ bụla site na tebụl.
0.0.0.0 222.222.222.1 0.0.0.0 UG 600 0 0 wlp3s0Edeworị ya ebe a na na nke a ịkwesịrị iji ihe nkwụnye Wi-Fi ọkọlọtọ.
Ekwenyere m na a na-eji ụzọ VPN n'ihi na ọ bụ nke mbụ na tebụl ntụgharị.
Na usoro iwu, ọ bụrụ na i wepụ ụzọ ndabara a na tebụl ntụgharị, mgbe ahụ na njikọ dnsmasq openconnect kwesịrị hụ na arụ ọrụ nkịtị.
Anwara m
route del defaultNa ihe niile rụrụ ọrụ.
Arịrịọ mbugharị na sava ozi na-enweghị vpn-slice
Mana enwere m ihe nkesa ozi nwere adreesị 555.555.555.555, nke dịkwa mkpa ịnweta site na VPN. Ụzọ e si aga ya kwesịkwara iji aka tinyekwuo ya.
ip route add 555.555.555.555 via dev tun0Ma ugbu a ihe niile dị mma. Yabụ ị nwere ike ịme na-enweghị vpn-slice, mana ịkwesịrị ịma ihe ị na-eme nke ọma. Ana m eche ugbu a itinye n'ahịrị ikpeazụ nke akwụkwọ mmeghe mepere emepe mwepụ nke ụzọ ndabara wee gbakwunye ụzọ maka onye na-eziga ozi mgbe ejikọtara na vpn, naanị ka enwere obere akụkụ mmegharị na igwe kwụ otu ebe.
Eleghị anya, okwu ikpeazụ a ga-ezuru mmadụ ịghọta otu esi edozi VPN. Ma mgbe m na-agbalị ịghọta ihe na otú e si eme, m na-agụ nnọọ ọtụtụ ndị dị otú ahụ ndu na-arụ ọrụ maka onye na-ede akwụkwọ, ma n'ihi na ihe ụfọdụ adịghị arụ ọrụ maka m, na m kpebiri itinye ebe a niile iberibe na m hụrụ. M ga-enwe nnọọ obi ụtọ banyere ihe dị otú ahụ.
isi: www.habr.com
