I roto i tenei aratohu taahiraa-i-te-taahiraa, ka korero atu ahau ki a koe me pehea te whakarite i te Mikrotik kia tuwhera aunoa nga waahi aukati na roto i tenei VPN ka taea e koe te karo i te kanikani me nga timipera: whakaritea kia kotahi ka mahi nga mea katoa.
I whiriwhiria e ahau a SoftEther hei VPN: he ngawari ki te whakarite me te tere tonu. I te taha o te tūmau VPN, i whakahohea e ahau a Secure NAT; kaore i mahia etahi atu tautuhinga.
I whakaarohia e ahau te RRAS hei rereke, engari kaore a Mikrotik e mohio ki te mahi ki a ia. Ka whakapumautia te hononga, ka mahi te VPN, engari kaore e taea e Mikrotik te pupuri i te hononga me te kore e hono tonu me nga hapa i roto i te raarangi.
I whakahaerehia te tatūnga ma te whakamahi i te tauira o RB3011UiAS-RM i runga i te firmware putanga 6.46.11.
Inaianei, kia raupapa, he aha me te aha.
1. Whakaritea he hononga VPN
Ko te tikanga, ko SoftEther, L2TP me te taviri tiritahi i mua, i whiriwhiria hei otinga VPN. Ko tenei taumata o te haumarutanga he nui mo te tangata, no te mea ko te pouara anake me tona rangatira e mohio ana ki te matua.
Haere ki te waahanga atanga. Tuatahi, ka taapirihia he atanga hou, katahi ka uru ki te ip, takiuru, kupuhipa me te taviri tiri ki te atanga. Pāwhiri pai.
Ko te whakahau ano:
/interface l2tp-client
name="LD8" connect-to=45.134.254.112 user="Administrator" password="PASSWORD" profile=default-encryption use-ipsec=yes ipsec-secret="vpn"
Ka mahi a SoftEther me te kore e whakarereke i nga tono ipsec me nga korero ipsec, kaore matou e whakaaro ki te whakatu i aua mea, engari i waiho e te kaituhi nga whakaahua o ana korero, mo te keehi.
Mo te RRAS i roto i nga Tohunga IPsec, huri noa te Rōpū PFS ki te kore.
Inaianei me tu koe ki muri i te NAT o tenei tūmau VPN. Ki te mahi i tenei me haere ki te IP> Pātūahi> NAT.
I konei ka taea e maatau te whakahiato mo tetahi atanga PPP motuhake ranei. Ko te pouara o te kaituhi e hono ana ki nga VPN e toru i te wa kotahi, no reira ka mahia e au:
Ko te whakahau ano:
/ip firewall nat
chain=srcnat action=masquerade out-interface=all-ppp
2. Tāpirihia nga ture ki a Mangle
Ko te mea tuatahi e hiahia ana ahau, ara, ko te tiaki i nga mea katoa e tino whai kiko ana, e kore e arai, ara ko te hokohoko DNS me te HTTP. Me timata ma te HTTP.
Haere ki IP → Pātūahi → Mangle ka waihanga ture hōu.
I roto i te ture, Chain, tīpako Prerouting.
Mena he Smart SFP tetahi atu pouara ranei kei mua i te pouara, ka hiahia koe ki te hono atu ma te atanga tukutuku, i te mara Dst. Wāhitau me whakauru koe ki tana wahitau IP, ki te kupengaroto ranei ka hoatu he tohu kino kia kore ai e pa atu a Mangle ki te wahitau, ki tenei kupengaroto ranei. Ko te kaituhi he SFP GPON ONU i roto i te aratau piriti, na te kaituhi i mau tonu te kaha ki te hono atu ki tana atanga tukutuku.
Ma te taunoa, ka tono a Mangle i tana ture ki nga whenua NAT katoa, na tenei ka kore e taea te tuku tauranga whakamua i runga i to IP ma, na i te Hononga NAT State ka hoatu he tohutaki ki te dstnat me te tohu kino. Ma tenei ka taea e maatau te tuku waka puta i runga i te whatunga na roto i te VPN, engari ka tukuna tonu nga tauranga ma o maatau IP ma.
Whai muri, ki te ripa Mahi, tohua te tohu ararere, karangahia te Tohu Ararere Hou kia marama ai ki a tatou a muri ake nei ka haere tonu.
Ko te whakahau ano:
/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=HTTP passthrough=no connection-nat-state=!dstnat protocol=tcp dst-address=!192.168.1.1 dst-port=80
Inaianei me neke atu ki te tiaki DNS. I tenei take, me hanga e koe nga ture e rua. Ko tetahi mo te pouara, ko tetahi mo nga taputapu e hono ana ki te pouara.
Mena ka whakamahi koe i te DNS i hangaia ki roto i te pouara, ka mahia e te kaituhi, me tiaki ano. Na reira, mo te ture tuatahi, pera i runga ake nei, ka tohua e matou te arataki mekameka, mo te tuarua me kowhiria te putanga.
Ko te putanga ko te ara iahiko e whakamahia ana e te pouara ki te tono tono ma te whakamahi i tana mahi. He rite nga mea katoa ki te HTTP, te kawa UDP, te tauranga 53.
Ko nga whakahau ano:
/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=DNS passthrough=no protocol=udp
add chain=output action=mark-routing new-routing-mark=DNS-Router passthrough=no protocol=udp dst-port=53
3. Te hanga huarahi ma te VPN
Haere ki te IP → Nga huarahi ka hanga huarahi hou.
Ararere mo te ararere HTTP ki runga VPN. Ka tohuhia te ingoa o a maatau hononga VPN ka tohua te Tohu Ararere.
I tenei wahanga, kua rongo ke koe i te ahua o te whakamutu o to kaiwhakahaere .
Ko te whakahau ano:
/ip route
add dst-address=0.0.0.0/0 gateway=LD8 routing-mark=HTTP distance=2 comment=HTTP
Ko nga ture mo te tiaki DNS ka rite tonu te ahua, tohua te tapanga e hiahiatia ana:
Na ka mohio koe kua mutu te whakarongo ki o tono DNS. Ko nga whakahau ano:
/ip route
add dst-address=0.0.0.0/0 gateway=LD8 routing-mark=DNS distance=1 comment=DNS
add dst-address=0.0.0.0/0 gateway=LD8 routing-mark=DNS-Router distance=1 comment=DNS-Router
Ana, i te mutunga, me wetewete a Rutracker. Nona te kupengaroto katoa, no reira kua tohua te kupengaroto.
Koina te ngawari ki te whakahoki mai i to ipurangi. Rōpū:
/ip route
add dst-address=195.82.146.0/24 gateway=LD8 distance=1 comment=Rutracker.Org
He rite tonu te ahua ki te kaataki pakiaka, ka taea e koe te arahi i nga rauemi umanga me etahi atu waahi kua aukatihia.
Ko te tumanako o te kaituhi ka maioha koe ki te pai o te whakauru ki roto i te arataki pakiaka me te tomokanga umanga i te wa ano me te kore e tango i to koti.
Source: will.com