Nga take

No tata nei, he tokomaha kare i mohio he aha te ahua o te mahi mai i te kainga. Ko te mate urutaru kua tino rerekee te ahuatanga o te ao; kua timata nga tangata katoa ki te urutau ki nga ahuatanga o naianei, ara ki te kore e pai ki te wehe atu i te whare. A he maha nga mea i tere ki te whakarite mahi mai i te kaainga mo a raatau kaimahi.

Heoi, ko te kore o te huarahi mohio ki te whiriwhiri otinga mo nga mahi mamao ka arai i nga mate kore e taea te whakahoki. Ka taea te tahaetia nga kupuhipa kaiwhakamahi, a ma tenei ka taea e te kaitukino te hono atu ki te whatunga me nga rauemi IT o te hinonga.

Koinei te take kua piki ake te hiahia mo te hanga hononga VPN umanga pono. Ka korerotia e ahau ki a koe pono, haumaru и māmā i roto i te whakamahi i te whatunga VPN.

Ka mahi i runga i te kaupapa IPsec/L2TP, e whakamahi ana i nga taviri e kore e taea te tiki me nga tiwhikete kei te rongoa i runga i nga tohu hei whakamotuhēhē i nga kiritaki, me te tuku raraunga hoki i runga i te whatunga i roto i te ahua whakamunatia.

He tūmau me te CentOS 7 (wāhitau: centos.vpn.server.ad) me te kiritaki me te Ubuntu 20.04, me te kiritaki me Windows 10, i whakamahia hei whakaaturanga mo te whirihoranga.

Whakaahuatanga punaha

Ka mahi te VPN i runga i te kaupapa IPSec + L2TP + PPP. Kawa Kawa Tohu-ki-Ira (PPP) e mahi ana i te paparanga hononga raraunga o te tauira OSI me te whakarato i te motuhēhēnga kaiwhakamahi me te whakamunatanga o nga raraunga tuku. Ko ona raraunga kei roto i nga raraunga o te kawa L2TP, e tino whakarite ana i te hanga hononga i roto i te whatunga VPN, engari kaore i te whakarato i te whakamotuhēhē me te whakamunatanga.

Ko nga raraunga L2TP kei roto i te IPSec, e whakarato ana hoki i te whakamotuhēhēnga me te whakamunatanga, engari kaore i te PPP, ka puta te motuhēhēnga me te whakamunatanga i te taumata o te taputapu, kaore i te taumata kaiwhakamahi.

Ma tenei waahanga ka taea e koe te whakamotuhēhē i nga kaiwhakamahi mai i etahi taputapu anake. Ka whakamahia e matou te kawa IPSec me te mea ka whakaaehia te motuhēhēnga kaiwhakamahi mai i tetahi taputapu.

Ko te motuhēhēnga kaiwhakamahi mā te whakamahi i ngā kāri atamai ka mahia ki te taumata kawa PPP ma te whakamahi i te kawa EAP-TLS.

Ka kitea etahi atu korero mo te mahi o tenei ara iahiko i roto tenei tuhinga.

He aha tenei kaupapa e tutuki ai nga whakaritenga e toru mo te whatunga VPN pai?

Ko te pono o tenei kaupapa kua whakamatauria e te waa. Kua whakamahia ki te tuku whatunga VPN mai i te tau 2000.
Ko te motuhēhēnga kaiwhakamahi haumaru e whakaratohia ana e te kawa PPP. Te whakatinanatanga paerewa o te kawa PPP i hangaia e Paul Mackerras e kore e whakarato i te taumata rawaka o te haumarutanga, no te mea Mo te whakamotuhēhēnga, i roto i te take pai, ka whakamahia te motuhēhēnga mā te takiuru me te kupuhipa. E mohio ana tatou ka taea te tirotiro, te whakapae, te tahae ranei te kupuhipa takiuru. Heoi, mo te wa roa inaianei te kaiwhakawhanake Jan Just Keijser в tona whakatinanatanga I whakatikahia e tenei kawa tenei take me te taapiri i te kaha ki te whakamahi i nga kawa i runga i te whakamunatanga hangarite, penei i te EAP-TLS, mo te motuhēhēnga. I tua atu, i tapirihia e ia te kaha ki te whakamahi i nga kaari atamai mo te whakamotuhēhēnga, i pai ake ai te punaha.
I tenei wa, kei te haere tonu nga whiriwhiringa mo te whakakotahi i enei kaupapa e rua, ka tino mohio koe ka tupu tonu tenei. Hei tauira, kua roa te putanga papaki o te PPP i roto i nga whare putunga Fedora, ma te whakamahi i nga kawa haumaru mo te motuhēhēnga.
I mua tata nei, ka taea e nga kaiwhakamahi Windows anake te whakamahi i tenei whatunga, engari i kitea e o maatau hoa o Moscow State University Vasily Shokov me Alexander Smirnov. kaupapa kiritaki L2TP tawhito mo Linux me te whakarereke. Tahi, i whakatikahia e matou he maha nga hapa me nga hapa i roto i nga mahi a te kaihoko, i ngawari te whakaurunga me te whirihoranga o te punaha, ahakoa te hanga mai i te puna. Ko nga mea tino nui o ratou ko:
- Kua whakatika nga raruraru hototahi o te kiritaki tawhito me te atanga o nga putanga hou o openssl me qt.
- I tangohia te pppd mai i te tuku i te PIN tohu ma te konae rangitahi.
- Kua whakatikahia te whakarewatanga he o te kaupapa tono kupuhipa ma te atanga kauwhata. I mahia tenei ma te whakauru i te taiao tika mo te ratonga xl2tpd.
- Ko te hanga o te L2tpIpsecVpn daemon kei te mahia tahi me te hanga o te kiritaki ake, e whakangwari ana i te hanga me te whirihoranga.
- Mo te ngawari o te whakawhanaketanga, ka hono te punaha Azure Pipelines ki te whakamatautau i te tika o te hanga.
- Kua taapirihia te kaha ki te whakaheke kaha taumata haumaru i roto i te horopaki o openssl. He pai tenei mo te tautoko tika i nga punaha whakahaere hou ka whakatauhia te taumata haumarutanga paerewa ki te 2, me nga whatunga VPN e whakamahi ana i nga tiwhikete kaore e tutuki i nga whakaritenga haumarutanga o tenei taumata. Ka whai hua tenei whiringa mo te mahi me nga whatunga VPN tawhito.

Ka kitea te putanga whakatika i roto tenei putunga.

Ka tautokohia e tenei kiritaki te whakamahi i nga kaari atamai mo te whakamotuhēhēnga, me te huna ano i nga uaua me nga uaua katoa o te whakatu i tenei kaupapa i raro i te Linux, kia ngawari, kia tere hoki te whakarite a te kiritaki.

Ae ra, mo te hononga watea i waenga i te PPP me te GUI kiritaki, kaore i taea te kore he whakarereketanga taapiri mo ia kaupapa, engari ahakoa i whakaitihia, ka whakahekehia ki te iti rawa:

Whakatika he he te tuku i te waehere PIN tohu mai i te PPP ki te horopaki openssl
Whakatika hapa i roto i te raupapa o te uta i te whirihoranga me te arawhiti i te horopaki openssl. Ko tenei hapa kaore i taea e matou te uta i tetahi mea mai i te konae whirihoranga /etc/ppp/openssl.cnf engari ko nga korero mo nga miihini openssl mo te mahi me nga kaari atamai, he raru nui mena, hei tauira, i tua atu i nga korero mo nga miihini, i hiahia matou ki te whakatakoto i tetahi mea ke atu. Hei tauira, whakatikahia te taumata haumarutanga ina whakatu hononga.

Inaianei ka taea e koe te timata ki te whakarite.

Whakaritea Tūmau

Kia whakaurua nga kohinga katoa e tika ana.

E tāuta ana i te strongswan (IPsec)

Tuatahi, me whirihora i te paahi ahi mo te mahi ipsec

sudo firewall-cmd --permanent --add-port=1701/{tcp,udp}
sudo firewall-cmd --permanent --add-service=ipsec
sudo firewall-cmd --reload

Na ka timata te whakauru

sudo yum install epel-release ipsec-tools dnf
sudo dnf install strongswan

I muri i te whakaurunga, me whirihora koe i te strongswan (tetahi o nga whakatinanatanga IPSec). Hei mahi i tenei, whakatikahia te konae /etc/strongswan/ipsec.conf :

config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    protostack=netkey 

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=%any
    leftprotoport=udp/1701
    right=%any
    rightprotoport=udp/%any
    ike=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024
    esp=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024

Ka tautuhia e matou he kupuhipa takiuru noa. Me mohio te kupuhipa tiritahi ki nga kaiuru whatunga katoa mo te motuhēhēnga. Ko tenei tikanga kaore i te pono, na te mea ka ngawari te mohio o tenei kupuhipa ki nga tangata kaore matou e pai ki te tuku uru ki te whatunga.
Heoi, ahakoa tenei meka e kore e pa ki te haumarutanga o te whatunga, no te mea Ko te whakamunatanga raraunga taketake me te motuhēhēnga kaiwhakamahi ka mahia e te kawa PPP. Engari i runga i te tika, he mea tika kia mohiohia kei te tautoko a strongswan i nga hangarau haumaru ake mo te whakamotuhēhēnga, hei tauira, te whakamahi i nga taviri motuhake. Kei a Strongswan hoki te kaha ki te whakarato motuhēhēnga mā te whakamahi kāri atamai, engari i tenei wa he iti noa nga momo taputapu e tautokohia ana, na reira he uaua tonu te whakamotuhēhē mā te whakamahi i ngā tohu Rutoken me ngā kāri atamai. Kia tautuhia he kupuhipa whanui ma te konae /etc/strongswan/ipsec.secrets:

# ipsec.secrets - strongSwan IPsec secrets file
%any %any : PSK "SECRET_PASSPHRASE"

Me timata ano a strongswan:

sudo systemctl enable strongswan
sudo systemctl restart strongswan

Tāuta xl2tp

sudo dnf install xl2tpd

Me whirihora ma te konae /etc/xl2tpd/xl2tpd.conf:

[global]
force userspace = yes
listen-addr = 0.0.0.0
ipsec saref = yes

[lns default]
exclusive = no
; определяет статический адрес сервера в виртуальной сети
local ip = 100.10.10.1
; задает диапазон виртуальных адресов
ip range = 100.10.10.1-100.10.10.254
assign ip = yes
refuse pap = yes
require authentication = yes
; данную опцию можно отключить после успешной настройки сети
ppp debug = yes
length bit = yes
pppoptfile = /etc/ppp/options.xl2tpd
; указывает адрес сервера в сети
name = centos.vpn.server.ad

Me timata ano te ratonga:

sudo systemctl enable xl2tpd
sudo systemctl restart xl2tpd

Whakaritenga PPP

He mea tika kia whakauruhia te putanga hou o pppd. Hei mahi i tenei, mahia te raupapa whakahau e whai ake nei:

sudo yum install git make gcc openssl-devel
git clone "https://github.com/jjkeijser/ppp"
cd ppp
./configure --prefix /usr
make -j4
sudo make install

Tuhia ki te konae /etc/ppp/options.xl2tpd e whai ake nei (mehemea he uara kei reira, ka taea e koe te whakakore):

ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
ms-dns 1.1.1.1

noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

Ka tukuna e matou te tiwhikete pakiaka me te tiwhikete tūmau:

#директория с сертификатами пользователей, УЦ и сервера
sudo mkdir /etc/ppp/certs
#директория с закрытыми ключами сервера и УЦ
sudo mkdir /etc/ppp/keys
#запрещаем любой доступ к этой дирректории кроме администатора
sudo chmod 0600 /etc/ppp/keys/

#генерируем ключ и выписываем сертификат УЦ
sudo openssl genrsa -out /etc/ppp/keys/ca.pem 2048
sudo openssl req -key /etc/ppp/keys/ca.pem -new -x509 -out /etc/ppp/certs/ca.pem -subj "/C=RU/CN=L2TP CA"

#генерируем ключ и выписываем сертификат сервера
sudo openssl genrsa -out /etc/ppp/keys/server.pem 2048
sudo openssl req -new -out server.req -key /etc/ppp/keys/server.pem -subj "/C=RU/CN=centos.vpn.server.ad"
sudo openssl x509 -req -in server.req -CAkey /etc/ppp/keys/ca.pem -CA /etc/ppp/certs/ca.pem -out /etc/ppp/certs/server.pem -CAcreateserial

Na, kua oti taatau ki te tatūnga tūmau taketake. Ko te toenga o te whirihoranga tūmau ko te taapiri i nga kiritaki hou.

Te taapiri i tetahi kaihoko hou

Hei taapiri i tetahi kiritaki hou ki te whatunga, me taapiri e koe tana tiwhikete ki te rarangi o nga mea pono mo tenei kaihoko.

Mena kei te hiahia tetahi kaiwhakamahi ki te whakauru hei mema mo te whatunga VPN, ka hangaia e ia he takirua matua me tetahi tono tiwhikete mo tenei kaihoko. Mena ka whakawhirinakihia te kaiwhakamahi, katahi ka hainatia tenei tono, ka taea te tuhi i te tiwhikete ki te raarangi tiwhikete:

sudo openssl x509 -req -in client.req -CAkey /etc/ppp/keys/ca.pem -CA /etc/ppp/certs/ca.pem -out /etc/ppp/certs/client.pem -CAcreateserial

Me taapiri he raina ki te konae /etc/ppp/eaptls-server kia rite ki te ingoa o te kiritaki me tana tiwhikete:

"client" * /etc/ppp/certs/client.pem /etc/ppp/certs/server.pem /etc/ppp/certs/ca.pem /etc/ppp/keys/server.pem *

FAKATOKANGA
Hei karo i te rangirua, he pai ake kia: Ingoa noa, ingoa konae tiwhikete me te ingoa kaiwhakamahi kia ahurei.

He mea tika ano kia tirohia ko te ingoa o te kaiwhakamahi e taapirihia ana e matou karekau e puta ki hea i etahi atu konae whakamotuhēhēnga, ki te kore ka puta he raruraru ki te huarahi mo te whakamotuhēhēnga o te kaiwhakamahi.

Ko taua tiwhikete me whakahoki ano ki te kaiwhakamahi.

Te whakaputa i te takirua matua me te tiwhikete

Mo te motuhēhēnga angitu, me:

hangaia he takirua matua;
he tiwhikete pakiaka CA;
whai tiwhikete mo to takirua matua kua hainatia e te CA pakiaka.

mo te kiritaki i runga i te Linux

Tuatahi, me hanga he takirua matua ki runga i te tohu me te hanga tono mo te tiwhikete:

#идентификатор ключа (параметр --id) можно заменить на любой другой.
pkcs11-tool --module /usr/lib/librtpkcs11ecp.so --keypairgen --key-type rsa:2048 -l --id 45

openssl
OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:librtpkcs11ecp.so
...
OpenSSL> req -engine pkcs11 -new -key 45 -keyform engine -out client.req -subj "/C=RU/CN=client"

Tukuna te tono client.req ka puta ki te CA. Ina whiwhi koe i tetahi tiwhikete mo to takirua matua, tuhia ki te tohu me te id rite ki te ki:

pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -l -y cert -w ./client.pem --id  45

mo nga kiritaki Windows me Linux (he tikanga mo te ao)

Ko tenei tikanga he ao ake, no te mea ka taea e koe te whakaputa i tetahi kii me te tiwhikete ka tino mohiohia e nga kaiwhakamahi Windows me Linux, engari ka hiahiatia he miihini Windows hei whakahaere i nga tikanga whakangao matua.

I mua i te whakaputa tono me te kawemai i nga tiwhikete, me tapiri e koe te tiwhikete pakiaka o te whatunga VPN ki te rarangi o nga mea pono. Ki te mahi i tenei, whakatuwheratia a i roto i te matapihi e tuwhera ana, tohua te waahanga "Tāuta Tiwhikete":

I te matapihi e tuwhera ana, tohua te whakauru i tetahi tiwhikete mo te kaiwhakamahi rohe:

Me whakauru te tiwhikete ki te toa tiwhikete pakiaka whakawhirinaki a CA:

I muri i enei mahi katoa, ka whakaae matou ki nga korero katoa. Kua whirihorahia te punaha inaianei.

Me hanga he kōnae cert.tmp me nga mea e whai ake nei:

[NewRequest]
Subject = "CN=client"
KeyLength = 2048
KeySpec = "AT_KEYEXCHANGE" 
ProviderName = "Microsoft Base Smart Card Crypto Provider"
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"
KeyUsageProperty = "NCRYPT_ALLOW_DECRYPT_FLAG"
RequestType = PKCS10
SMIME = FALSE

I muri i tenei, ka whakaputahia e matou he takirua matua me te hanga tono mo te tiwhikete. Ki te mahi i tenei, whakatuwherahia te powershell ka uru ki te whakahau e whai ake nei:

certreq.exe -new -pin $PIN .cert.tmp .client.req

Tukuna te tono client.req ki to CA ka tatari kia riro mai te tiwhikete client.pem. Ka taea te tuhi ki tetahi tohu ka taapiri atu ki te toa tiwhikete Windows ma te whakamahi i te whakahau e whai ake nei:

certreq.exe -accept .client.pem

He mea pai kia mohiohia ka taea te whakaputa i nga mahi rite ma te whakamahi i te atanga kauwhata o te kaupapa mmc, engari he nui ake te wa e pau ana tenei tikanga me te iti ake o te kaupapa.

Te whakarite i te kiritaki Ubuntu

FAKATOKANGA
Ko te whakatu i tetahi kaihoko i runga i te Linux i tenei wa ka pau te waa, na te mea ... me hanga kaupapa motuhake mai i te puna. Ka ngana matou ki te whakarite kia whakauruhia nga huringa katoa ki roto i nga putunga whaimana i nga ra e heke mai nei.

Hei whakarite hononga i te taumata IPSec ki te tūmau, ka whakamahia te mōkihi strongswan me te xl2tp daemon. Hei whakangwari i te hono ki te whatunga ma te whakamahi i nga kaari atamai, ka whakamahia e matou te kete l2tp-ipsec-vpn, e whakarato ana i te anga whakairoiro mo te tatūnga hononga ngawari.

Me timata taatau ki te whakahiato i nga huānga ma te taahiraa, engari i mua i tera ka whakauruhia e matou nga kohinga katoa e tika ana kia mahi tika te VPN:

sudo apt-get install xl2tpd strongswan libp11-3

Te whakauru i te rorohiko mo te mahi me nga tohu

Tāutahia te whare pukapuka librtpkcs11ecp.so hou mai i papaanga, he whare pukapuka hoki mo te mahi me nga kaari atamai:

sudo apt-get install pcscd pcsc-tools opensc libengine-pkcs11-openssl

Honoa a Rutoken ka tirohia kei te mohiohia e te punaha:

pkcs11-tool --module /usr/lib/librtpkcs11ecp.so  -O -l

Te whakauru i te ppp papaki

sudo apt-get -y install git make gcc libssl-dev
git clone "https://github.com/jjkeijser/ppp"
cd ppp
./configure --prefix /usr
make -j4
sudo make install

Te whakauru i te kiritaki L2tpIpsecVpn

I tenei wa, me whakahiatohia te kiritaki mai i te waehere puna. Ka mahia tenei ma te whakamahi i nga raupapa whakahau e whai ake nei:

sudo apt-get -y install git qt5-qmake qt5-default build-essential libctemplate-dev libltdl-dev
git clone "https://github.com/Sander80/l2tp-ipsec-vpn"
cd l2tp-ipsec-vpn
make -j4
sudo make install

Te whakarite i te kiritaki L2tpIpsecVpn

Whakarewahia te kiritaki kua whakauruhia:

I muri i te whakarewatanga, me tuwhera te aporo L2tpIpsecVPN. Pāwhiri-matau ki runga ka whirihora i te hononga:

Hei mahi me nga tohu, tuatahi, ka tohuhia te huarahi ki te miihini opensc o te miihini OpenSSL me te whare pukapuka PKCS#11. Ki te mahi i tenei, whakatuwhera te ripa "Manakohanga" ki te whirihora i nga tawhā openssl:

Katia te matapihi tautuhinga OpenSSL ka haere tonu ki te whakarite i te whatunga. Me taapiri he whatunga hou ma te panui i te paatene Tāpiri... i te paewhiri tautuhinga ka whakauru i te ingoa whatunga:

Whai muri i tenei, ka watea tenei whatunga ki te paewhiri tautuhinga. Pāwhiri-matau-rua ki te whatunga hou hei whirihora. I te ripa tuatahi me hanga e koe nga tautuhinga IPsec. Me tautuhi te wāhitau tūmau me te kī tūmatanui:

I muri i tenei, haere ki te ripa tautuhinga PPP ka tohu ki reira te ingoa kaiwhakamahi e hiahia ana matou ki te uru ki te whatunga:

I muri i tenei, whakatuwheratia te ripa Properties me te tohu i te ara ki te matua, tiwhikete kiritaki me te CA:

Katia tenei ripa ka mahia nga tautuhinga whakamutunga; ki te mahi i tenei, whakatuwhera i te ripa "Tautuhinga IP" ka tirotirohia te pouaka i te taha o te whiringa "Tikina aunoatia te wahitau tūmau DNS":

Ma tenei kōwhiringa ka taea e te kiritaki te whiwhi i tetahi wahitau IP whaiaro i roto i te whatunga mai i te tūmau.

I muri i nga tautuhinga katoa, kati nga ripa katoa ka whakaara ano i te kiritaki:

Hononga whatunga

I muri i nga tautuhinga, ka taea e koe te hono atu ki te whatunga. Ki te mahi i tenei, whakatuwhera i te ripa aporoiti ka kowhiri i te whatunga e hiahia ana matou ki te hono atu:

I te wa o te hanga hononga, ka tono mai te kaihoko ki a maatau ki te whakauru i te waehere PIN Rutoken:

Mena ka puta he panui ki te pae mana kua tutuki pai te hononga, ko te tikanga kua angitu te tatūnga:

Ki te kore, he mea tika kia mohio koe he aha i kore ai te hononga i whakapumautia. Ki te mahi i tenei, me titiro koe ki te raarangi hotaka ma te kowhiri i te whakahau "Nga korero hono" kei te aporo:

Te whakarite i te kiritaki Windows

He maamaa ake te whakatu i tetahi kaihoko ki runga Windows i te Linux, na te mea... Ko nga raupaparorohiko katoa e tika ana kua whakauruhia ki roto i te punaha.

Tatūnga Pūnaha

Ka whakauruhia e matou nga taraiwa e tika ana mo te mahi tahi me Rutokens ma te tango mai i a raatau o. pae.

Te kawemai i te tiwhikete pakiaka mo te motuhēhēnga

Tangohia te tiwhikete pakiaka tūmau me te whakauru ki runga i te punaha. Ki te mahi i tenei, whakatuwheratia a i te matapihi e tuwhera ana, tohua te waahanga "Tāuta Tiwhikete":

I te matapihi e tuwhera ana, tohua te whakauru i tetahi tiwhikete mo te kaiwhakamahi rohe. Mena kei te pirangi koe kia waatea te tiwhikete ki nga kaiwhakamahi katoa i runga i te rorohiko, me whiriwhiri koe ki te whakauru i te tiwhikete ki te rorohiko o te rohe:

Me whakauru te tiwhikete ki te toa tiwhikete pakiaka whakawhirinaki a CA:

I muri i enei mahi katoa, ka whakaae matou ki nga korero katoa. Kua whirihorahia te punaha inaianei.

Te whakarite hononga VPN

Hei whakarite hononga VPN, haere ki te paewhiri mana ka kowhiri i te whiringa hei hanga hononga hou.

I te matapihi pakū-ake, tīpakohia te kōwhiringa ki te hanga hononga ki te hono atu ki to waahi mahi:

I te matapihi e whai ake nei, tohua he hononga VPN:

ka uru ki nga taipitopito hononga VPN, ka tohua hoki te whiringa ki te whakamahi i te kaari atamai:

Ko te tatūnga kaore ano kia oti. Ko nga mea e toe ana ko te tautuhi i te taviri tiritahi mo te kawa IPsec; ki te mahi i tenei, haere ki te ripa "Tautuhinga hononga Whatunga" ka haere ki te ripa "Ahuatanga mo tenei hononga":

I te matapihi e tuwhera ana, haere ki te ripa "Haumarutanga", tohua "L2TP/IPsec Whatunga" hei momo whatunga ka kowhiria "Tautuhinga Arā":

I te matapihi e tuwhera ana, tohua te kī IPsec tiritahi:

Hononga

Ka oti te tatūnga, ka taea e koe te ngana ki te hono ki te whatunga:

I roto i te tukanga hononga, ka hiahiatia matou ki te whakauru i te waehere PIN tohu:

Kua whakaritea e matou he whatunga VPN haumaru me te whakarite kia kaua e uaua.

Nga Mihi

Ka mihi ano ahau ki o maatau hoa mahi a Vasily Shokov me Alexander Smirnov mo nga mahi i mahi tahi raua ki te whakangawari i te hanga hononga VPN mo nga kaihoko Linux.

Source: will.com

Te whakarite motuhēhēnga i te whatunga L2TP mā te whakamahi i te Rutoken EDS 2.0 me te Rutoken PKI