ProHoster > Блог > Whakahaerenga > Me pehea te hono atu ki tetahi VPN umanga i Linux ma te whakamahi i te hononga tuwhera me te vpn-slice

Me pehea te hono atu ki tetahi VPN umanga i Linux ma te whakamahi i te hononga tuwhera me te vpn-slice

Kei te pirangi koe ki te whakamahi i te Linux i te mahi, engari kaore to umanga VPN e whakaae? Ka awhina pea tenei tuhinga, ahakoa kaore i te tino mohio. E hiahia ana ahau ki te whakatupato i a koe i mua kaore au i te tino mohio ki nga take whakahaere whatunga, na reira ka taea e au nga mahi he katoa. I tetahi atu taha, tera pea ka taea e au te tuhi i tetahi aratohu kia mohio ai nga tangata noa, na reira ka tohutohu ahau ki a koe kia whakamatau.

Kei roto i te tuhinga te maha o nga korero kaore e tika ana, engari me te kore tenei matauranga e kore e taea e au te whakaoti i nga raruraru i puta ohorere mai ki ahau me te whakatu i tetahi VPN. Ki taku whakaaro ko te tangata e ngana ana ki te whakamahi i tenei aratohu ka raru pea karekau i a au, a ko taku tumanako ka awhina enei korero taapiri ki te whakaoti rapanga i a raatau ano.

Ko te nuinga o nga whakahau e whakamahia ana i tenei aratohu me whakahaere ma te sudo, kua tangohia mo te poto. Kia maumahara.

Ko te nuinga o nga wahitau IP kua tino whakapourihia, na, ki te kite koe i tetahi wahitau penei i te 435.435.435.435, me noho etahi IP noa i reira, he mea motuhake mo to keehi.

Kei a au te Ubuntu 18.04, engari ki taku whakaaro me nga huringa iti ka taea te whakamahi i te aratohu ki etahi atu tohatoha. Heoi, i roto i tenei tuhinga Linux == Ubuntu.

Hononga Cisco

Ka taea e te hunga kei runga Windows, MacOS ranei te hono atu ki to tatou umanga VPN ma te Cisco Connect, me tohu te wahitau kuaha, a, ia wa ka hono koe, whakauruhia he kupuhipa kei roto i tetahi waahanga kua whakaritea me tetahi waehere i hangaia e Google Authenticator.

Mo te Linux, kaore i taea e au te whakahaere i a Cisco Connect, engari i whakahaere ahau ki te google he kupu tohutohu ki te whakamahi i te hononga tuwhera, i hangaia hei whakakapi i a Cisco Connect.

Tuwhera hono

I roto i te ariā, he atanga kauwhata motuhake a Ubuntu mo te hono tuwhera, engari kaore i pai ki ahau. He pai ake pea.

I runga i te Ubuntu, ka whakauruhia te hononga tuwhera mai i te kaiwhakahaere kete.

apt install openconnect

I muri tonu i te whakaurunga, ka taea e koe te ngana ki te hono ki te VPN

openconnect --user poxvuibr vpn.evilcorp.com

vpn.evilcorp.com Ko te wahitau o te VPN tito noa
poxvuibr - ingoa ingoa tito

ka tono a openconnect ki a koe ki te whakauru i tetahi kupu huna, me whakamahara ahau ki a koe, he waahanga kua whakaritea me tetahi waehere mai i a Google Authenticator, katahi ka ngana ki te hono atu ki te vpn. Mena ka pai, tena koe, ka taea e koe te peke i te waenganui, he nui te mamae, ka neke ki te waahi mo te openconnect e rere ana i muri. Ki te kore e mahi, ka taea e koe te haere tonu. Ahakoa i mahi i te wa e hono ana, hei tauira, mai i te Wi-Fi manuhiri i te mahi, katahi ka moata rawa ki te koa; me ngana koe ki te whakahoki ano i te tikanga mai i te kainga.

Tiwhikete

He nui te tūponotanga karekau he mea ka timata, ka penei te ahua o te putanga tuwhera:

POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found

Certificate from VPN server "vpn.evilcorp.com" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
    --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress

I tetahi taha, he kino tenei, no te mea kaore he hononga ki te VPN, engari i tetahi atu taha, me pehea te whakatika i tenei raruraru, he maamaa, he maamaa.

I konei ka tukuna mai e te kaimau he tiwhikete ki a matou, ma reira matou e mohio ai kei te hono te hononga ki te tūmau o to tatou kaporeihana taketake, kaua ki te tangata tinihanga kino, a ko tenei tiwhikete kaore i te mohiotia e te punaha. Na reira kaore e taea e ia te tirotiro mena he pono te tūmau, kaore ranei. Na, mena ka mutu, ka mutu te mahi.

Kia hono atu ai te hononga tuwhera ki te tūmau, me tino whakaatu koe ko tehea tiwhikete ka puta mai i te tūmau VPN mā te whakamahi i te kī —servercert

A ka taea e koe te mohio ko tehea tiwhikete i tukuna mai e te tūmau ki a maatau mai i te mea i taia e te openconnect. Anei mai i tenei waahanga:

To trust this server in future, perhaps add this to your command line:
    --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress

Ma tenei tono ka taea e koe te ngana ki te hono ano

openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.com

Inaianei pea kei te mahi, katahi ka taea e koe te haere ki te mutunga. Engari ko te tangata ake, i whakaatu mai a Ubunta ki ahau he piki i tenei ahua

POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.evilcorp.com
XML POST enabled
Please enter your username and password.
POST https://vpn.evilcorp.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 300, Keepalive 30
Set up DTLS failed; using SSL instead
Connected as 192.168.333.222, using SSL
NOSSSSSHHHHHHHDDDDD
3
NOSSSSSHHHHHHHDDDDD
3
RTNETLINK answers: File exists
/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf

/etc/resolv.conf

# Generated by NetworkManager
search gst.evilcorpguest.com
nameserver 127.0.0.53

/run/resolvconf/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 192.168.430.534
nameserver 127.0.0.53
search evilcorp.com gst.publicevilcorp.com

Ka whakatau te habr.com, engari kare e taea e koe te haere ki reira. Ko nga wahitau penei i te jira.evilcorp.com kaore ano kia whakatauhia.

Ko nga mea i tupu i konei kaore i te marama ki ahau. Engari ka whakaatu te whakamatautau mena ka taapirihia e koe te raina ki /etc/resolv.conf

nameserver 192.168.430.534

katahi ka timata nga wahitau kei roto i te VPN ki te whakatau makutu ka taea e koe te hikoi i roto, ara, ko ta DNS e rapu ana hei whakatau i nga wahitau ka titiro ki /etc/resolv.conf, kaua ki tetahi atu wahi.

Ka taea e koe te manatoko he hononga ki te VPN ka mahi me te kore e whakarereke i te /etc/resolv.conf; ki te mahi i tenei, tomo noa ki roto i te kaitirotiro kaua ko te ingoa tohu o te rauemi mai i te VPN, engari ko tana wahitau IP.

Ko te mutunga, e rua nga raruraru

  • Ina hono ana ki te VPN, kaore e tangohia ana dns
  • ka haere nga waka katoa ma te VPN, kaore e taea te uru ki te Ipurangi

Ka korerotia e ahau ki a koe he aha te mahi inaianei, engari ko te tuatahi he iti noa.

Te urunga aunoa o te waahanga kua whakaritea o te kupuhipa

I tenei wa, kua whakauruhia e koe to kupuhipa i te iti rawa e rima nga wa, a kua hoha koe i tenei tikanga. Tuatahi, na te mea he roa te kupuhipa, tuarua, na te mea ka uru koe me uru ki roto i te waa kua whakaritea

Ko te otinga whakamutunga mo te raru kaore i whakauruhia ki roto i te tuhinga, engari ka taea e koe te whakarite kia kaua e whakauruhia te waahanga o te kupuhipa kia maha nga wa.

Me kii ko te waahanga kua whakaritea o te kupuhipa he fixedPassword, a ko te waahanga mai i a Google Authenticator ko 567. Ka taea te tuku i te kupuhipa katoa ki te tuwhera hono ma te whakauru paerewa ma te whakamahi i te tautohe --passwd-on-stdin .

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.com --passwd-on-stdin

Inaianei ka taea e koe te hoki tonu ki te whakahau kua whakauruhia ka huri noa i tetahi waahanga o Google Authenticator ki reira.

Ko te VPN rangatōpū e kore e taea e koe te ngaru i te Ipurangi.

I te nuinga o te waa, ehara i te mea tino pai ki te whakamahi koe i tetahi rorohiko motuhake ki te haere ki Habr. Ko te kore e kaha ki te kape-whakapiri mai i te stackoverfow i te nuinga o te waa ka parea te mahi, no reira me mahi tetahi mea.

Me whakarite e maatau kia tae atu koe ki tetahi rauemi mai i te whatunga o roto, ka haere a Linux ki te VPN, a ka hiahia koe ki te haere ki Habr, ka haere ki te Ipurangi.

openconnect, i muri i te whakarewatanga me te whakatuu hononga ki te vpn, ka mahia he tuhinga motuhake, kei roto /usr/share/vpnc-scripts/vpnc-script. Ko etahi taurangi ka tukuna ki te tuhinga hei whakaurunga, ka whirihora i te VPN. Engari, kaore au i mohio me pehea te wehewehe i nga rerenga waka i waenga i te VPN umanga me te toenga o te Ipurangi ma te whakamahi i te tuhinga taketake.

Te ahua nei, i whakawhanakehia te taputapu vpn-slice mo nga tangata penei i ahau, e taea ai e koe te tuku waka ma roto i nga hongere e rua me te kore kanikani me te timini. Kaati, ara, me kanikani koe, engari kaore koe e noho hei shaman.

Te wehewehe waka ma te whakamahi i te vpn-slice

Tuatahi, me whakauru koe i te vpn-slice, me whakaaro koe ki tenei. Mena he patai kei roto i nga korero, ka tuhia e ahau he panui motuhake mo tenei. Engari he kaupapa Python auau tenei, na reira kaua e raru. I whakauruhia e ahau ma te whakamahi i te virtualenv.

Na me tono te whaipainga, ma te whakamahi i te huringa -script, e tohu ana ki te whakatuwhera i te hono, hei utu mo te tuhinga paerewa, me whakamahi koe i te vpn-slice

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin 
--script "./bin/vpn-slice 192.168.430.0/24  " vpn.evilcorp.com

--script ka tukuna he aho me te whakahau me karanga hei utu mo te tuhi. ./bin/vpn-slice - ara ki te vpn-slice kōnae ka taea te whakahaere 192.168.430.0/24 - kanohi o nga wahitau hei haere ki roto i te vpn. I konei, ko te tikanga mena ka timata te wahitau ki te 192.168.430, me rapu te rauemi me tenei wahitau i roto i te VPN

Ko te ahuatanga inaianei ka tata noa. Tata tonu. Inaianei ka taea e koe te haere ki Habr ka taea e koe te haere ki te rauemi intra-corporate ma te ip, engari kaore e taea e koe te haere ki te rauemi intra-corporate ma te ingoa tohu. Mena ka tohua e koe he whakataetae i waenga i te ingoa tohu me te wahitau i roto i nga kaihautu, me mahi nga mea katoa. A mahi kia huri noa te ip. Ka taea e Linux te uru atu ki te Ipurangi, ki te ipurangiroto ranei, i runga i te IP. Engari ka whakamahia tonu te DNS kore-rangatōpū ki te whakatau i te wāhitau.

Ka taea ano e te raru te whakaatu i roto i tenei ahua - kei te mahi he pai nga mea katoa, engari i te kainga ka taea e koe te uru atu ki nga rauemi umanga a-roto ma te IP. Ko tenei na te mea ka hono koe ki te Wi-Fi umanga, ka whakamahia ano hoki te DNS umanga, ka whakatauhia nga wahitau tohu mai i te VPN, ahakoa te mea kaore e taea te haere ki taua wahitau me te kore whakamahi VPN.

Te whakarerekētanga aunoa o te konae kaihautu

Mena ka pataihia te vpn-slice, katahi ka whakaarahia te VPN, ka taea te haere ki tana DNS, ka kitea nga wahitau IP o nga rauemi e tika ana ma o raatau ingoa tohu ka uru ki roto i nga kaihautu. I muri i te whakakore i te VPN, ka tangohia enei wahitau mai i nga kaihautu. Ki te mahi i tenei, me tuku e koe nga ingoa tohu ki te vpn-slice hei tohenga. Pēnei.

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Inaianei me mahi nga mea katoa i te tari me te takutai.

Rapua nga wahitau o nga roheroto katoa i roto i te DNS i homai e te VPN

Mena he iti noa nga wahitau kei roto i te whatunga, ka pai te huarahi ki te whakarereke aunoa i te konae kaihautu. Engari mena he maha nga rauemi kei runga i te whatunga, katahi ka hiahia koe ki te taapiri i nga raina penei i te zoidberg.test.evilcorp.com ko zoidberg te ingoa o tetahi o nga taumanu whakamatautau.

Engari i tenei wa ka mohio tatou he aha te take ka taea te whakakore i tenei hiahia.

Mena, i muri i te whakatairanga i te VPN, ka titiro koe ki /etc/hosts, ka kite koe i tenei raina

192.168.430.534 dns0.tun0 # vpn-slice-tun0 KAUPAPA MONO

Na ka taapirihia he raina hou ki resolv.conf. I roto i te poto, vpn-slice te ahua kua whakatauhia kei hea te tuunga dns mo te vpn.

Inaianei me whakarite kia kitea te wahitau IP o te ingoa rohe ka mutu i te evilcorp.com, ka haere a Linux ki te DNS umanga, a, ki te hiahiatia he mea ke atu, katahi ka ki te taunoa.

I Google ahau mo etahi wa ka kitea e waatea ana nga mahi penei i Ubuntu i waho o te pouaka. Ko te tikanga tenei ko te kaha ki te whakamahi i te dnsmasq tūmau DNS rohe ki te whakatau ingoa.

Arā, ka taea e koe te whakarite kia haere tonu a Linux ki te tūmau DNS rohe mo nga wahitau IP, ka huri, i runga i te ingoa rohe, ka rapu i te IP i runga i te tūmau DNS o waho.

Hei whakahaere i nga mea katoa e pa ana ki nga whatunga me nga hononga whatunga, ka whakamahi a Ubuntu i te NetworkManager, me te atanga kauwhata mo te whiriwhiri, hei tauira, ko nga hononga Wi-Fi he pito o mua noa iho.

Me piki tatou ki tona whirihoranga.

  1. Waihangahia he konae ki /etc/NetworkManager/dnsmasq.d/evilcorp

address=/.evilcorp.com/192.168.430.534

Kia tupato ki te waahi kei mua i te evilcorp. Ka tohu te dnsmasq me rapu nga subdomains katoa o evilcorp.com i roto i nga dns umanga.

  1. Mea atu ki a NetworkManager kia whakamahia te dnsmasq mo te whakatau ingoa

Ko te whirihoranga kaiwhakahaere whatunga kei roto i /etc/NetworkManager/NetworkManager.conf Me taapiri koe ki reira:

[matua] dns=dnsmasq

  1. Tīmata anō NetworkManager

service network-manager restart

Na, i muri i te hono ki te VPN ma te whakamahi i te hononga tuwhera me te vpn-slice, ka whakatauhia te ip i te tikanga, ahakoa kaore koe e taapiri i nga wahitau tohu ki nga tautohetohe ki te vpnslice.

Me pehea te uru atu ki nga ratonga takitahi ma te VPN

I muri i taku whakahaere ki te hono atu ki te VPN, i tino koa ahau mo nga ra e rua, katahi ka puta mai mena ka hono atu ahau ki te VPN mai i waho o te tari tari, karekau e mahi te mēra. Kei te mohio te tohu, kaore?

Ko ta matou mēra kei mail.publicevilcorp.com, ko te tikanga kaore e taka ki raro i te ture i roto i te dnsmasq ka rapua te wahitau tūmau mēra na roto i te DNS whanui.

Ana, kei te whakamahi tonu te tari i te DNS, kei roto tenei wahitau. Koia taku i whakaaro ai. Inaa, i muri i te taapiri i te raina ki te dnsmasq

address=/mail.publicevilcorp.com/192.168.430.534

kaore ano kia rereke te ahuatanga. ip tonu tonu. Me haere ahau ki te mahi.

I muri noa iho, i taku hohonutanga ki roto i te ahuatanga me te mohio iti ki te raru, ka kii mai tetahi tangata mohio me pehea te whakaoti. He mea tika kia hono atu ki te tūmau mēra ehara i tera noa, engari ma VPN

Ka whakamahi ahau i te vpn-slice ki te haere ma te VPN ki nga wahitau ka tiimata me te 192.168.430. Na te tūmau mēra ehara i te mea he wahitau tohu anake ehara i te subdomain o evilcorp, kaore ano he wahitau IP e timata ana i te 192.168.430. A ko te tikanga kaore ia e tuku i tetahi mai i te whatunga whanui kia haere mai ki a ia.

Kia taea ai e Linux te haere i roto i te VPN me te tūmau mēra, me whakauru ano koe ki te vpn-slice. Me kii ko te wahitau o te meera ko 555.555.555.555

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 555.555.555.555 192.168.430.0/24" vpn.evilcorp.com

Hōtuhi mo te whakaara VPN me te tohenga kotahi

Ko enei katoa, ko te tikanga, ehara i te mea tino watea. Ae, ka taea e koe te tiaki i te tuhinga ki te konae me te kape-whakapiri ki roto i te papatohu hei utu mo te tuhi ma te ringaringa, engari kaore i te tino pai. Kia ngawari ake te mahi, ka taea e koe te takai i te whakahau ki tetahi tuhinga ka noho ki PATH. Na ka hiahia koe ki te whakauru i te waehere kua riro mai i a Google Authenticator

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Mena ka whakauruhia e koe te tuhinga ki te hono~evilcorp~ ka taea e koe te tuhi noa ki te papatohu

connect_evil_corp 567987

Engari inaianei me pupuri tonu koe i te papatohu kei te tuwhera te openconnect mo etahi take

E whakahaere ana i te hononga tuwhera i te papamuri

Waimarie, ko nga kaituhi o openconnect i tiaki i a matou me te taapiri i tetahi taviri motuhake ki te kaupapa -background, e mahi ai te kaupapa i muri i te whakarewatanga. Mena ka rere koe penei, ka taea e koe te kati i te papatohu i muri i te whakarewatanga

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Inaianei kaore i te maarama kei hea nga rakau e haere ana. I te nuinga o te waa, kaore matou e tino hiahia ki nga raarangi, engari kaore koe e mohio. Ka taea e openconnect te tuku i a raatau ki te syslog, ka noho haumaru, ka noho haumaru. me taapiri koe i te -syslog whakawhiti ki te whakahau

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Na, ka puta ko te openconnect kei te mahi i tetahi waahi kei te papamuri me te kore e whakararuraru i tetahi, engari kaore i te maarama me pehea te aukati. Ko te tikanga, ka taea e koe te tarai i te putanga ps ma te whakamahi i te grep me te rapu i tetahi tukanga kei roto tona ingoa openconnect, engari he ahua pouri tenei. Me mihi ano ki nga kaituhi i whakaaro mo tenei. He matua -pid-file a Openconnect, ka taea e koe te ako i a Openconnect ki te tuhi i tana tohu tohu ki tetahi konae.

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background  
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com  
--pid-file ~/vpn-pid

Inaianei ka taea e koe te patu i tetahi tukanga me te whakahau

kill $(cat ~/vpn-pid)

Mena karekau he tukanga, ka kanga te patu, engari kaore e maka he hapa. Mena karekau te konae i kona, katahi ka kore he kino ka pa mai, na reira ka taea e koe te patu i te mahi i te rarangi tuatahi o te tuhinga.

kill $(cat ~/vpn-pid)
#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com  
--pid-file ~/vpn-pid

Inaianei ka taea e koe te huri i to rorohiko, whakatuwhera i te papatohu me te whakahaere i te whakahau, ka tukuna te waehere mai i a Google Authenticator. Ka taea te whao i te papatohu.

Te kore VPN-poro. Engari he kupu whai muri

I puta he tino uaua ki te mohio me pehea te noho me te kore VPN-poro. He nui taku panui me te google. Waimarie, i muri i te whakapau kaha ki te raru, ka panuihia nga pukapuka hangarau me te hononga tuwhera tangata ano he pukapuka whakaihiihi.

Ko te mutunga mai, i kitea e au ko te vpn-slice, penei i te tuhinga taketake, ka whakarereke i te ripanga ararere ki te wehe i nga whatunga.

Ripanga ararere

Ki te whakamaarama, he ripanga tenei kei te pou tuatahi kei roto he aha te wahitau e hiahia ana a Linux ki te haere me timata, a i te rarangi tuarua ko te urutau whatunga hei haere ki tenei wahitau. Inaa, he maha ake nga kaikorero, engari kaore tenei e huri i te mauri.

Hei tiro i te ripanga ararere, me whakahaere e koe te whakahau ara ip

default via 192.168.1.1 dev wlp3s0 proto dhcp metric 600 
192.168.430.0/24 dev tun0 scope link 
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.534 metric 600 
192.168.430.534 dev tun0 scope link

I konei, kei ia raina te kawenga mo te waahi me haere koe ki te tuku karere ki etahi waahi noho. Ko te tuatahi he whakaahuatanga mo te waahi ka timata te wahitau. Kia mohio ai koe me pehea te whakatau ko te 192.168.0.0/16 te tikanga me timata te wahitau ki te 192.168, me rapu koe ki te google he aha te maataki IP IP. I muri i te dev kei reira te ingoa o te urutau e tukuna ai te karere.

Mo te VPN, i hanga e Linux he urutau mariko - tun0. Ma te raina e whakarite kia haere nga waka mo nga wahitau katoa timata mai i te 192.168

192.168.0.0/16 dev tun0 scope link

Ka taea hoki e koe te titiro ki te ahua o te ripanga ararere inaianei ma te whakamahi i te whakahau ara -n (Ko nga wahitau IP he maamaa te ingoamuna) Ko tenei whakahau ka whakaputa i nga hua rereke me te nuinga o te waa kaore i whakamahia, engari ka kitea te whakaputanga i roto i nga pukapuka i runga i te Ipurangi ka hiahia koe ki te panui.

Ko te wahitau IP mo te huarahi ka tiimata ka maarama mai i te huinga o nga pou Destination me Genmask. Ko nga waahanga o te wahitau IP e rite ana ki nga nama 255 i Genmask ka whakaarohia, engari ko nga mea kei reira te 0 kaore. Arā, ko te whakakotahitanga o Destination 192.168.0.0 me Genmask 255.255.255.0 te tikanga mena ka timata te wahitau ki te 192.168.0, ka haere te tono ki a ia i tenei huarahi. A ki te mea ko Destination 192.168.0.0 engari ko Genmask 255.255.0.0, katahi ka tono ki nga wahitau ka tiimata me te 192.168 ka haere ma tenei huarahi

Kia mohio ai ahau he aha te mahi a vpn-slice, i whakatau ahau ki te titiro ki nga ahuatanga o nga teepu i mua me muri.

I mua i te huri i te VPN he penei

route -n 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0

I muri i te karanga i te openconnect me te kore vpn-slice ka penei

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0
192.168.430.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.430.534 0.0.0.0         255.255.255.255 UH    0      0        0 tun0

A i muri i te karanga i te openconnect me te vpn-slice penei

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0
192.168.430.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.430.534 0.0.0.0         255.255.255.255 UH    0      0        0 tun0

Ka kitea mena karekau koe e whakamahi i te vpn-slice, katahi ka tuhi maatatia e openconnect ko nga wahitau katoa, haunga nga mea kua tohua, me uru ma te vpn.

I konei tonu:

0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0

I reira, i te taha o tera, ka tohuhia tetahi atu huarahi, me whakamahi mena ko te wahitau e ngana ana a Linux ki te whakawhiti kaore e rite ki tetahi kanohi mai i te tepu.

0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0

Kua tuhia ki konei i tenei keehi me whakamahi koe i te urutau Wi-Fi paerewa.

E whakapono ana ahau kei te whakamahia te ara VPN na te mea koinei te mea tuatahi i te ripanga ararere.

A, ki te tangohia e koe tenei ara taunoa mai i te ripanga ararere, katahi ka hono tahi me te dnsmasq openconnect me whakarite te mahi noa.

I whakamatau ahau

route del default

Na ka mahi nga mea katoa.

Nga tono ararere ki te tūmau mēra kaore he vpn-slice

Engari he tūmau mēra ano taku me te wahitau 555.555.555.555, me uru ano ma VPN. Ko te huarahi ki reira me taapiri a ringa.

ip route add 555.555.555.555 via dev tun0

Na inaianei kua pai nga mea katoa. Na ka taea e koe te mahi me te kore vpn-slice, engari me tino mohio koe ki taau mahi. Kei te whakaaro ahau inaianei ki te taapiri atu ki te rarangi whakamutunga o te tuhinga openconnect taketake te tango i te huarahi taunoa me te taapiri i tetahi ara mo te kaimera i muri i te hono atu ki te vpn, kia iti ake ai nga waahanga neke o taku paihikara.

Akene, ka ranea tenei kupu muri mo te tangata ki te mohio me pehea te whakarite VPN. Engari i a au e ngana ana ki te maarama he aha me pehea te mahi, ka panuihia e au te maha o nga kaiarahi penei e mahi ana mo te kaituhi, engari mo etahi take kaore e pai ki ahau, ka whakatau ahau ki te taapiri i nga waahanga katoa i kitea e au. Ka tino koa ahau mo tetahi mea penei.

Source: will.com

Tāpiri i te kōrero