Zolemba zenizeni zimabadwa kuchokera ku makalata kupita ku Tucha technical support. Mwachitsanzo, kasitomala wabwera kwa ife posachedwa ndi pempho loti tifotokoze bwino zomwe zimachitika mkati mwa njira ya VPN pakati pa ofesi ya ogwiritsa ntchito ndi chilengedwe chamtambo, komanso panthawi yolumikizana kunja kwa msewu wa VPN. Choncho, mawu onse pansipa ndi kalata yeniyeni imene tinatumiza kwa mmodzi wa makasitomala athu poyankha funso lake. Zachidziwikire, ma adilesi a IP adasinthidwa kuti asatchule kasitomala. Koma, inde, thandizo laukadaulo la Tucha ndilodziwika bwino chifukwa cha mayankho ake atsatanetsatane komanso maimelo odziwitsa. π
Inde, tikumvetsetsa kuti kwa ambiri nkhaniyi sidzakhala vumbulutso. Koma, popeza zolemba za oyang'anira oyambira zimawonekera pa Habr nthawi ndi nthawi, komanso popeza nkhaniyi idatuluka kuchokera ku kalata yeniyeni kupita kwa kasitomala weniweni, tidzagawanabe izi. Pali mwayi waukulu kuti udzakhala wothandiza kwa wina.
Chifukwa chake, tikufotokozera mwatsatanetsatane zomwe zimachitika pakati pa seva mumtambo ndi ofesi ngati alumikizidwa ndi netiweki yapatsamba. Dziwani kuti mautumiki ena amapezeka kuofesi kokha, ndipo ena amapezeka paliponse pa intaneti.
Tiyeni tifotokoze nthawi yomweyo zomwe kasitomala wathu amafuna pa seva 192.168.A.1 mutha kubwera kuchokera kulikonse kudzera pa RDP, kulumikizana ndi AAA2:13389, ndi kupeza ntchito zina kuchokera ku ofesi kokha (192.168.B.0/24)yolumikizidwa kudzera pa VPN. Komanso, kasitomala poyamba anali izo kukhazikitsidwa kuti galimoto 192.168.B.2 muofesi zinali zothekanso kugwiritsa ntchito RDP kuchokera kulikonse, kulumikizana ndi BBB1:11111. Tinathandizira kukonza maulumikizidwe a IPSec pakati pa mtambo ndi ofesi, ndipo katswiri wa IT wamakasitomala adayamba kufunsa mafunso okhudza zomwe zingachitike mu izi kapena izi. Kuti tiyankhe mafunso onsewa, ife, kwenikweni, tinamulembera iye chirichonse chimene inu mukhoza kuwerenga pansipa.
Tsopano tiyeni tione njira izi mwatsatanetsatane.
Malo amodzi
Pamene chinachake chatumizidwa kuchokera 192.168.B.0/24 Π² 192.168.A.0/24 kapena kuchokera 192.168.A.0/24 Π² 192.168.B.0/24, imalowa mu VPN. Ndiye kuti, paketi iyi imasungidwanso encrypted ndikufalitsidwa pakati BBB1 ΠΈ AAA1, koma 192.168.A.1 amawona phukusi ndendende kuchokera 192.168.B.1. Amatha kulumikizana wina ndi mnzake pogwiritsa ntchito protocol iliyonse. Mayankho obweza amaperekedwa chimodzimodzi kudzera mu VPN, zomwe zikutanthauza kuti paketi kuchokera 192.168.A.1 chifukwa 192.168.B.1 idzatumizidwa ngati datagram ya ESP kuchokera AAA1 pa BBB1, yomwe rauta idzawululira mbali imeneyo, chotsani paketiyo ndikuitumiza 192.168.B.1 monga phukusi kuchokera 192.168.A.1.
Chitsanzo chenicheni:
1) 192.168.B.1 apempha ku 192.168.A.1, akufuna kukhazikitsa kulumikizana kwa TCP ndi 192.168.A.1:3389;
2) 192.168.B.1 imatumiza pempho lolumikizana kuchokera 192.168.B.1:55555 (amasankha nambala ya doko kuti ayankhe yekha; pambuyo pake tidzagwiritsa ntchito nambala 55555 monga chitsanzo cha nambala ya doko yomwe dongosolo limasankha popanga mgwirizano wa TCP) 192.168.A.1:3389;
3) makina ogwiritsira ntchito omwe amayenda pakompyuta ndi adilesi 192.168.B.1, asankha kutumiza paketi iyi ku adilesi yachipata cha rauta (192.168.B.254 kwa ife), chifukwa zina, njira zenizeni za 192.168.A.1, ilibe, choncho, imatumiza paketi kudzera mu njira yokhazikika (0.0.0.0/0);
4) chifukwa cha izi amayesa kupeza adilesi ya MAC ya IP adilesi 192.168.B.254 mu tebulo la cache la ARP protocol. Ngati sichidziwika, imatumiza kuchokera ku adilesi 192.168.B.1 ulutsa amene ali ndi pempho ku netiweki 192.168.B.0/24. Nthawi 192.168.B.254 poyankha, imatumiza adilesi yake ya MAC, dongosolo limatumiza paketi ya Ethernet kwa iyo ndikulowetsa chidziwitsochi mu tebulo lake la cache;
5) rauta ilandila paketi iyi ndikusankha komwe ingayitumizire: ili ndi ndondomeko yolembedwa momwe iyenera kutumiza mapaketi onse pakati pawo. 192.168.B.0/24 ΠΈ 192.168.A.0/24 kusamutsa kudzera pa kulumikizana kwa VPN pakati BBB1 ΠΈ AAA1;
6) rauta imapanga ESP datagram kuchokera BBB1 pa AAA1;
7) rauta imasankha yemwe angatumize paketi iyi, imatumiza kwa, kunena, BBB254 (Chipata cha ISP), chifukwa pali njira zambiri zolowera AAA1, kuposa 0.0.0.0/0, ilibe;
8) chimodzimodzi monga tanena kale, imapeza adilesi ya MAC BBB254 ndikutumiza paketi kupita kuchipata cha ISP;
9) Othandizira pa intaneti amatumiza datagram ya ESP kuchokera BBB1 pa AAA1;
10) pafupifupi rauta pa AAA1 amalandira datagram iyi, amayichotsa ndikulandila paketi kuchokera 192.168.B.1:55555 chifukwa 192.168.A.1:3389;
11) rauta yeniyeni imayang'ana yemwe angapatsire, imapeza netiweki patebulo lolowera 192.168.A.0/24 ndikutumiza mwachindunji ku 192.168.A.1, chifukwa ili ndi mawonekedwe 192.168.A.254/24;
12) pa izi, rauta yeniyeni imapeza adilesi ya MAC 192.168.A.1 ndikutumiza paketi iyi kwa iye kudzera pa intaneti ya Efaneti;
13) 192.168.A.1 amalandira paketi iyi pa doko 3389, amavomereza kukhazikitsa kulumikizana ndikupanga paketi poyankha kuchokera 192.168.A.1:3389 pa 192.168.B.1:55555;
14) dongosolo lake limatumiza paketi iyi ku adilesi yachipata cha rauta yeniyeni (192.168.A.254 kwa ife), chifukwa zina, njira zenizeni za 192.168.B.1, ilibe, choncho, iyenera kufalitsa paketiyo kudzera mu njira yokhazikika (0.0.0.0/0);
15) mofanana ndi zochitika zam'mbuyomu, dongosolo lomwe limayenda pa seva ndi adilesi 192.168.A.1, imapeza adilesi ya MAC 192.168.A.254, popeza ili pa netiweki yomweyo ndi mawonekedwe ake 192.168.A.1/24;
16) rauta yeniyeni imalandira paketi iyi ndikusankha komwe ingayitumizire: ili ndi ndondomeko yolembedwa momwe iyenera kutumiza mapaketi onse pakati pawo. 192.168.A.0/24 ΠΈ 192.168.B.0/24 kusamutsa kudzera pa kulumikizana kwa VPN pakati AAA1 ΠΈ BBB1;
17) rauta yeniyeni imapanga ESP datagram kuchokera AAA1 chifukwa BBB1;
18) rauta yeniyeni imasankha yemwe angatumize paketi iyi, amatumiza kwa AAA254 (Chipata cha ISP, pakadali pano, ndi ifenso), chifukwa pali njira zina zolowera BBB1, kuposa 0.0.0.0/0, ilibe;
19) Othandizira pa intaneti amatumiza datagram ya ESP pamanetiweki awo ndi AAA1 pa BBB1;
20) router pa BBB1 amalandira datagram iyi, amayichotsa ndikulandila paketi kuchokera 192.168.A.1:3389 chifukwa 192.168.B.1:55555;
21) amamvetsetsa kuti iyenera kusamutsidwa mwachindunji 192.168.B.1, popeza ali pa netiweki yomweyo ndi iye, chifukwa chake, ali ndi cholowa chofananira patebulo lolowera, zomwe zimamukakamiza kutumiza mapaketi amtundu wonse. 192.168.B.0/24 mwachindunji;
22) rauta imapeza adilesi ya MAC 192.168.B.1 ndikumupatsa paketi iyi;
23) makina ogwiritsira ntchito pakompyuta ndi adilesi 192.168.B.1 amalandira phukusi kuchokera 192.168.A.1:3389 chifukwa 192.168.B.1:55555 ndikuyambitsa masitepe otsatirawa kukhazikitsa kulumikizana kwa TCP.
Chitsanzochi mwachidule komanso chosavuta (ndipo apa mutha kukumbukira zambiri zina) chimafotokoza zomwe zimachitika pamilingo 2-4. Miyezo 1, 5-7 saganiziridwa.
Udindo wachiwiri
Ngati ndi 192.168.B.0/24 chinachake chimatumizidwa mwachindunji AAA2, sichipita ku VPN, koma mwachindunji. Ndiko kuti, ngati wosuta ku adiresi 192.168.B.1 apempha ku AAA2:13389, paketi iyi imachokera ku adilesi BBB1, amapita AAA2, ndiyeno rauta amachilandira ndikuchitumiza ku 192.168.A.1. 192.168.A.1 samadziwa kalikonse za 192.168.B.1, akuwona phukusi kuchokera BBB1, chifukwa anamupeza. Choncho, yankho la pempholi likutsatira njira yonse, imachokera ku adiresi mofananamo AAA2 ndi kupita ku BBB1, ndipo rautayo imatumiza yankho ili 192.168.B.1,akuwona yankho kuchokera AAA2, amene analankhula.
Chitsanzo chenicheni:
1) 192.168.B.1 apempha ku AAA2, akufuna kukhazikitsa kulumikizana kwa TCP ndi AAA2:13389;
2) 192.168.B.1 imatumiza pempho lolumikizana kuchokera 192.168.B.1:55555 (chiwerengerochi, monga mu chitsanzo chapitachi, chikhoza kukhala chosiyana) pa AAA2:13389;
3) makina ogwiritsira ntchito omwe amayenda pakompyuta ndi adilesi 192.168.B.1, asankha kutumiza paketi iyi ku adilesi yachipata cha rauta (192.168.B.254 kwa ife), chifukwa zina, njira zenizeni za AAA2, ilibe imodzi, zomwe zikutanthauza kuti imatumiza paketi kudzera mu njira yokhazikika (0.0.0.0/0);
4) chifukwa cha izi, monga tafotokozera m'chitsanzo chapitachi, amayesa kupeza adilesi ya MAC ya IP 192.168.B.254 mu tebulo la cache la ARP protocol. Ngati sichidziwika, imatumiza kuchokera ku adilesi 192.168.B.1 ulutsa amene ali ndi pempho ku netiweki 192.168.B.0/24. Nthawi 192.168.B.254 poyankha, imatumiza adilesi yake ya MAC, dongosolo limatumiza paketi ya Ethernet kwa iyo ndikulowetsa chidziwitsochi mu tebulo lake la cache;
5) rauta ilandila paketi iyi ndikusankha komwe ingayitumizire: ili ndi ndondomeko yolembedwa molingana ndi momwe iyenera kutumizira (m'malo mwa adilesi yobwerera) mapaketi onse kuchokera. 192.168.B.0/24 ku malo ena a intaneti;
6) popeza ndondomekoyi ikutanthauza kuti adiresi yobwerera iyenera kufanana ndi adiresi yotsika pa mawonekedwe omwe paketiyi idzatumizidwa, rauta choyamba amasankha kuti ndani kwenikweni kuti atumize paketi iyi, ndipo iye, monga momwe tawonetsera kale, ayenera kutumiza. ku BBB254 (Chipata cha ISP), chifukwa pali njira zambiri zolowera AAA2, kuposa 0.0.0.0/0, ilibe;
7) chifukwa chake, rauta imalowetsa adilesi yobwerera ya paketi, kuyambira pano paketiyo ikuchokera BBB1:44444 (chiwerengero cha doko, ndithudi, chingakhale chosiyana) ku AAA2:13389;
8) rauta imakumbukira zomwe idachita, zomwe zikutanthauza liti AAA2:13389 ΠΊ BBB1:44444 Yankho likafika, adzadziwa kuti asinthe adilesi yopita ndi doko 192.168.B.1:55555.
9) tsopano rauta iyenera kudutsa ku netiweki ya ISP kudzera BBB254Chifukwa chake, monga tanena kale, imapeza adilesi ya MAC BBB254 ndikutumiza paketi kupita kuchipata cha ISP;
10) Othandizira pa intaneti amatumiza mapaketi kuchokera BBB1 pa AAA2;
11) pafupifupi rauta pa AAA2 amalandira paketi iyi pa doko 13389;
12) pali lamulo pa rauta yeniyeni yomwe imanena kuti mapaketi omwe alandilidwa kuchokera kwa wotumiza aliyense padokoli ayenera kutumizidwa ku 192.168.A.1:3389;
13) rauta yeniyeni imapeza maukonde patebulo lolowera 192.168.A.0/24 ndikutumiza mwachindunji 192.168.A.1 chifukwa ili ndi mawonekedwe 192.168.A.254/24;
14) pa izi, rauta yeniyeni imapeza adilesi ya MAC 192.168.A.1 ndikutumiza paketi iyi kwa iye kudzera pa intaneti ya Efaneti;
15) 192.168.A.1 amalandira paketi iyi pa doko 3389, amavomereza kukhazikitsa kulumikizana ndikupanga paketi poyankha kuchokera 192.168.A.1:3389 pa BBB1:44444;
16) dongosolo lake limatumiza paketi iyi ku adilesi yachipata cha rauta yeniyeni (192.168.A.254 kwa ife), chifukwa zina, njira zenizeni za BBB1, ilibe, choncho, iyenera kufalitsa paketiyo kudzera mu njira yokhazikika (0.0.0.0/0);
17) chimodzimodzi monga momwe zakhalira kale, kachitidwe kamene kamayendera pa seva yokhala ndi adilesi 192.168.A.1, imapeza adilesi ya MAC 192.168.A.254, popeza ili pa netiweki yomweyo ndi mawonekedwe ake 192.168.A.1/24;
18) rauta yeniyeni imalandira paketi iyi. Tiyenera kukumbukira kuti amakumbukira zomwe adalandira AAA2:13389 phukusi kuchokera BBB1:44444 ndikusintha adilesi ndi doko la womulandira 192.168.A.1:3389, Choncho, phukusi kuchokera 192.168.A.1:3389 chifukwa BBB1:44444 imasintha adilesi yotumiza AAA2:13389;
19) rauta yeniyeni imasankha yemwe angatumize paketi iyi, imatumiza kwa AAA254 (Chipata cha ISP, pakadali pano, ndi ifenso), chifukwa pali njira zina zolowera BBB1, kuposa 0.0.0.0/0, ilibe;
20) Opereka intaneti amatumiza paketi ndi AAA2 pa BBB1;
21) router pa BBB1 analandira paketi iyi ndipo anakumbukira kuti pamene anatumiza paketi kuchokera 192.168.B.1:55555 chifukwa AAA2:13389, adasintha adilesi yake ndi doko lotumiza BBB1:44444, ndiye yankho lomwe likufunika kutumizidwa 192.168.B.1:55555 (M'malo mwake, pali macheke ena angapo pamenepo, koma sitilowa mozama);
22) amamvetsetsa kuti iyenera kuperekedwa mwachindunji kwa 192.168.B.1, popeza ali pa netiweki yomweyo ndi iye, chifukwa chake, ali ndi cholowa chofananira patebulo lolowera, zomwe zimamukakamiza kutumiza mapaketi amtundu wonse. 192.168.B.0/24 mwachindunji;
23) rauta imapeza adilesi ya MAC 192.168.B.1 ndikumupatsa paketi iyi;
24) makina ogwiritsira ntchito pakompyuta ndi adilesi 192.168.B.1 amalandira phukusi kuchokera AAA2:13389 chifukwa 192.168.B.1:55555 ndikuyambitsa masitepe otsatirawa kukhazikitsa kulumikizana kwa TCP.
Kuyenera kudziΕ΅ika kuti mu nkhani iyi kompyuta ndi adiresi 192.168.B.1 sadziwa kanthu za seva yokhala ndi adilesi 192.168.A.1, amangolankhula ndi AAA2. Momwemonso, seva yokhala ndi adilesi 192.168.A.1 sadziwa kanthu za kompyuta ndi adilesi 192.168.B.1. Amakhulupirira kuti adalumikizidwa kuchokera ku adilesi BBB1, ndipo sadziwa china chilichonse, titero kunena kwake.
Tiyeneranso kudziwa kuti ngati kompyuta iyi ifika AAA2:1540, kulumikizana sikungakhazikitsidwe chifukwa kutumizira ku doko 1540 sikunakhazikitsidwe pa rauta yeniyeni, ngakhale pa ma seva aliwonse pa intaneti. 192.168.A.0/24 (mwachitsanzo, pa seva yokhala ndi adilesi 192.168.A.1) ndipo pali mautumiki ena omwe akuyembekezera kulumikizidwa padoko ili. Ngati wosuta kompyuta ndi adiresi 192.168.B.1 Ndikofunikira kukhazikitsa kulumikizana ndi ntchitoyi, iyenera kugwiritsa ntchito VPN, i.e. kukhudzana mwachindunji 192.168.A.1:1540.
Iyenera kutsindika kuti kuyesa kulikonse kukhazikitsa kugwirizana ndi AAA1 (kupatula kulumikizidwa kwa IPSec kuchokera ku BBB1 sichidzapambana. Kuyesera kulikonse kukhazikitsa kulumikizana ndi AAA2, kupatula zolumikizira ku doko 13389, sizingakhale bwino.
Timazindikiranso kuti ngati AAA2 Ngati wina angagwire ntchito (mwachitsanzo, CCCC), chirichonse chosonyezedwa mβndime 10-20 chidzagwiranso ntchito kwa iyenso. Zomwe zimachitika izi zisanachitike komanso zitatha izi zimatengera zomwe zili kumbuyo kwa CCCC Tilibe chidziwitso chotere, chifukwa chake tikukulangizani kuti mufunsane ndi oyang'anira node ndi adilesi ya CCCC.
Udindo wachitatu
Ndipo, mosiyana, ngati ndi 192.168.A.1 chinachake chimatumizidwa ku doko lina lomwe lakonzedwa kuti lipititse patsogolo ku BBB1 (mwachitsanzo, 11111), silimathera mu VPN, koma limangotuluka kuchokera. AAA1 ndi kulowa BBB1, ndipo amatumiza kale kwina kwake, kuti, 192.168.B.2:3389. Iye amawona phukusili osati kuchokera 192.168.A.1,ndi ku AAA1. Ndipo liti 192.168.B.2 amayankha, phukusi likuchokera BBB1 pa AAA1, ndipo kenako amafika kwa woyambitsa kulumikizana - 192.168.A.1.
Chitsanzo chenicheni:
1) 192.168.A.1 apempha ku BBB1, akufuna kukhazikitsa kulumikizana kwa TCP ndi BBB1:11111;
2) 192.168.A.1 imatumiza pempho lolumikizana kuchokera 192.168.A.1:55555 (chiwerengerochi, monga mu chitsanzo chapitachi, chikhoza kukhala chosiyana) pa BBB1:11111;
3) makina ogwiritsira ntchito omwe amayenda pa seva yokhala ndi adilesi 192.168.A.1, asankha kutumiza paketi iyi ku adilesi yachipata cha rauta (192.168.A.254 kwa ife), chifukwa zina, njira zenizeni za BBB1, ilibe, choncho, imatumiza paketi kudzera mu njira yokhazikika (0.0.0.0/0);
4) pa izi, monga tafotokozera m'zitsanzo zam'mbuyomu, zimayesa kupeza adilesi ya MAC ya adilesi ya IP 192.168.A.254 mu tebulo la cache la ARP protocol. Ngati sichidziwika, imatumiza kuchokera ku adilesi 192.168.A.1 ulutsa amene ali ndi pempho ku netiweki 192.168.A.0/24. Nthawi 192.168.A.254 poyankha, amamutumizira adilesi yake ya MAC, makinawo amatumiza paketi ya Efaneti kwa iyo ndikulowetsa chidziwitsochi mu tebulo lake la cache;
5) rauta yeniyeni imalandira paketi iyi ndikusankha komwe ingayitumizire: ili ndi ndondomeko yolembedwa monga momwe iyenera kutumizira (m'malo mwa adilesi yobwerera) mapaketi onse kuchokera. 192.168.A.0/24 ku malo ena a intaneti;
6) popeza ndondomekoyi ikuganiza kuti adiresi yobwerera iyenera kufanana ndi adiresi yotsika pa mawonekedwe omwe paketiyi idzatumizidwa, router yeniyeni imasankha kuti ndani kwenikweni kuti atumize paketi iyi, ndipo iye, monga momwe tawonetsera kale, ayenera kutumiza. izo pa AAA254 (Chipata cha ISP, pakadali pano, ndi ifenso), chifukwa pali njira zina zolowera BBB1, kuposa 0.0.0.0/0, ilibe;
7) izi zikutanthauza kuti rauta yeniyeni imalowetsa adilesi yobwerera ya paketi, kuyambira pano ndi paketi yochokera. AAA1:44444 (chiwerengero cha doko, ndithudi, chingakhale chosiyana) ku BBB1:11111;
8) rauta yeniyeni imakumbukira zomwe idachita, chifukwa chake, idachokera BBB1:11111 chifukwa AAA1:44444 Yankho likafika, adzadziwa kuti asinthe adilesi yopita ndi doko 192.168.A.1:55555.
9) tsopano rauta yeniyeni iyenera kuyipereka ku netiweki ya ISP kudzera AAA254, monga momwe tafotokozera kale, imapeza adilesi ya MAC AAA254 ndikutumiza paketi kupita kuchipata cha ISP;
10) Othandizira pa intaneti amatumiza mapaketi kuchokera AAA1 mpaka BBB1;
11) router pa BBB1 amalandira paketi iyi pa doko 11111;
12) pali lamulo pa rauta yeniyeni yomwe imanena kuti mapaketi omwe adabwera kuchokera kwa wotumiza aliyense padokoli ayenera kutumizidwa 192.168.B.2:3389;
13) rauta imapeza maukonde patebulo lolowera 192.168.B.0/24 ndikutumiza mwachindunji ku 192.168.B.2, chifukwa ili ndi mawonekedwe 192.168.B.254/24;
14) pa izi, rauta yeniyeni imapeza adilesi ya MAC 192.168.B.2 ndikutumiza paketi iyi kwa iye kudzera pa intaneti ya Efaneti;
15) 192.168.B.2 amalandira paketi iyi pa doko 3389, amavomereza kukhazikitsa kulumikizana ndikupanga paketi poyankha kuchokera 192.168.B.2:3389 pa AAA1:44444;
16) makina ake amatumiza paketi iyi ku adilesi yachipata cha rauta (192.168.B.254 kwa ife), chifukwa zina, njira zenizeni za AAA1, ilibe, choncho, iyenera kufalitsa paketiyo kudzera mu njira yokhazikika (0.0.0.0/0);
17) monga momwe zinalili kale, kachitidwe kamene kamayendera pakompyuta ndi adilesi 192.168.B.2, imapeza adilesi ya MAC 192.168.B.254, popeza ili pa netiweki yomweyo ndi mawonekedwe ake 192.168.B.2/24;
18) rauta imalandira paketi iyi. Tiyenera kukumbukira kuti amakumbukira zomwe adalandira BBB1:11111 phukusi kuchokera AAA1 ndikusintha adilesi ndi doko la womulandira 192.168.B.2:3389, Choncho, phukusi kuchokera 192.168.B.2:3389 chifukwa AAA1:44444 imasintha adilesi yotumiza BBB1:11111;
19) rauta imasankha yemwe angatumize paketi iyi. Anatumiza kuti, BBB254 (Chipata cha ISP, adilesi yeniyeni yomwe sitikudziwa), chifukwa palibenso njira zina zolowera AAA1, kuposa 0.0.0.0/0, ilibe;
20) Opereka intaneti amatumiza paketi ndi BBB1 pa AAA1;
21) pafupifupi rauta pa AAA1 analandira paketi iyi ndipo anakumbukira kuti pamene anatumiza paketi kuchokera 192.168.A.1:55555 chifukwa BBB1:11111, adasintha adilesi yake ndi doko lotumiza AAA1:44444. Izi zikutanthauza kuti ili ndi yankho lomwe likufunika kutumizidwa 192.168.A.1:55555 (kwenikweni, monga tanenera mu chitsanzo chapita, palinso macheke ena angapo, koma nthawi ino sitipita mozama nawo);
22) amamvetsetsa kuti iyenera kuperekedwa mwachindunji kwa 192.168.A.1, popeza ali pa netiweki yomweyo ndi iye, zikutanthauza kuti ali ndi cholowa chofananira pa tebulo lolowera chomwe chimamukakamiza kutumiza mapaketi ku gulu lonse. 192.168.A.0/24 mwachindunji;
23) rauta imapeza adilesi ya MAC 192.168.A.1 ndikumupatsa paketi iyi;
24) makina ogwiritsira ntchito pa seva ndi adilesi 192.168.A.1 amalandira phukusi kuchokera BBB1:11111 chifukwa 192.168.A.1:55555 ndikuyambitsa masitepe otsatirawa kukhazikitsa kulumikizana kwa TCP.
Ndendende monga momwe zinalili kale, mu nkhani iyi seva ndi adiresi 192.168.A.1 sadziwa kanthu za kompyuta ndi adilesi 192.168.B.1, amangolankhula ndi BBB1. Kompyuta yokhala ndi adilesi 192.168.B.1 samadziwanso kalikonse za seva yokhala ndi adilesi 192.168.A.1. Amakhulupirira kuti adalumikizidwa kuchokera ku adilesi AAA1, ndipo zotsalazo zabisika kwa iye.
Pomaliza
Umu ndi momwe zonse zimachitikira polumikizana mkati mwa msewu wa VPN pakati pa ofesi ya kasitomala ndi chilengedwe chamtambo, komanso zolumikizira kunja kwa msewu wa VPN. Ndipo ngati muli ndi mafunso kapena mukufuna thandizo lathu kuthetsa mavuto amtambo,
Source: www.habr.com