Pulogalamu ya ProHoster > Blog > Ulamuliro > Momwe mungalumikizire ku VPN yamakampani ku Linux pogwiritsa ntchito openconnect ndi vpn-slice

Momwe mungalumikizire ku VPN yamakampani ku Linux pogwiritsa ntchito openconnect ndi vpn-slice

Kodi mukufuna kugwiritsa ntchito Linux kuntchito, koma VPN yanu yamakampani sikukulolani? Ndiye nkhaniyi ingathandize, ngakhale kuti izi siziri zotsimikizika. Ndikufuna kukuchenjezani pasadakhale kuti sindikumvetsetsa bwino nkhani zoyendetsera maukonde, ndiye ndizotheka kuti ndidalakwitsa chilichonse. Kumbali ina, ndizotheka kuti ndikhoza kulemba chitsogozo m'njira yoti chikhale chomveka kwa anthu wamba, kotero ndikukulangizani kuti muyese.

Nkhaniyi ili ndi zambiri zosafunikira, koma popanda chidziwitso ichi sindikanatha kuthetsa mavuto omwe mosayembekezereka adawonekera kwa ine ndikukhazikitsa VPN. Ndikuganiza kuti aliyense amene ayesa kugwiritsa ntchito bukhuli adzakhala ndi mavuto omwe ndinalibe, ndipo ndikuyembekeza kuti chidziwitso chowonjezerachi chithandiza kuthetsa mavutowa paokha.

Malamulo ambiri omwe amagwiritsidwa ntchito mu bukhuli ayenera kuyendetsedwa kudzera pa sudo, yomwe yachotsedwa kuti ikhale yofupikitsa. Kumbukirani.

Maadiresi ambiri a IP asokonezedwa kwambiri, kotero ngati muwona adilesi ngati 435.435.435.435, payenera kukhala IP yokhazikika pamenepo, yokhudzana ndi vuto lanu.

Ndili ndi Ubuntu 18.04, koma ndikuganiza kuti ndikusintha pang'ono kalozerayo angagwiritsidwe ntchito pazogawa zina. Komabe, m'malemba awa Linux == Ubuntu.

Cisco Connect

Amene ali pa Windows kapena MacOS akhoza kulumikiza ku VPN yathu yamakampani kudzera pa Cisco Connect, yomwe imayenera kufotokoza adilesi yachipata ndipo, nthawi iliyonse mukalumikiza, lowetsani mawu achinsinsi omwe ali ndi gawo lokhazikika ndi code yopangidwa ndi Google Authenticator.

Pankhani ya Linux, sindinathe kuyendetsa Cisco Connect, koma ndidakwanitsa google malingaliro ogwiritsira ntchito openconnect, opangidwa makamaka kuti alowe m'malo mwa Cisco Connect.

Openconnect

Mwachidziwitso, Ubuntu ali ndi mawonekedwe apadera owonetsera otseguka, koma sizinandigwire ntchito. Mwina ndi zabwino.

Pa Ubuntu, openconnect imayikidwa kuchokera kwa woyang'anira phukusi.

apt install openconnect

Mukangokhazikitsa, mutha kuyesa kulumikizana ndi VPN

openconnect --user poxvuibr vpn.evilcorp.com

vpn.evilcorp.com ndi adilesi ya VPN yopeka
poxvuibr - lolowera zabodza

openconnect idzakufunsani kuti mulowetse mawu achinsinsi, omwe, ndiloleni ndikukumbutseni, ali ndi gawo lokhazikika ndi code kuchokera ku Google Authenticator, ndiyeno idzayesa kugwirizanitsa ndi vpn. Ngati zikugwira ntchito, zikomo, mutha kudumpha motetezeka pakati, zomwe zimakhala zowawa kwambiri, ndikupita ku nsonga za openconnect kuthamanga kumbuyo. Ngati sizikugwira ntchito, mutha kupitiliza. Ngakhale zitagwira ntchito polumikizana, mwachitsanzo, kuchokera kwa mlendo Wi-Fi kuntchito, ndiye kuti kungakhale koyambirira kwambiri kuti musasangalale; muyenera kuyesa kubwereza ndondomekoyi kunyumba.

Satifiketi

Pali kuthekera kwakukulu kuti palibe chomwe chingayambike, ndipo kutulutsa kwa openconnect kudzawoneka motere:

POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found

Certificate from VPN server "vpn.evilcorp.com" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
    --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress

Kumbali imodzi, izi ndizosasangalatsa, chifukwa panalibe kugwirizana kwa VPN, koma kumbali inayo, momwe mungakonzere vutoli, ndithudi, momveka bwino.

Apa seva idatitumizira satifiketi, momwe tingadziwire kuti kulumikizana kukuchitika ku seva ya bungwe lathu, osati kwa wachinyengo woyipa, ndipo satifiketi iyi sichidziwika ndi dongosolo. Chifukwa chake sangathe kuwona ngati sevayo ndi yeniyeni kapena ayi. Ndipo kotero, zikangochitika, imasiya kugwira ntchito.

Kuti openconnect kuti alumikizane ndi seva, muyenera kufotokoza momveka bwino kuti ndi satifiketi iti yomwe iyenera kubwera kuchokera ku seva ya VPN pogwiritsa ntchito kiyi ya -servercert.

Ndipo mutha kudziwa kuti ndi satifiketi iti yomwe seva idatitumizira mwachindunji kuchokera pa zomwe openconnect idasindikiza. Nazi kuchokera pachidutswa ichi:

To trust this server in future, perhaps add this to your command line:
    --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress

Ndi lamuloli mutha kuyesa kulumikizanso

openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.com

Mwina tsopano ikugwira ntchito, ndiye mutha kupitilira mpaka kumapeto. Koma pandekha, Ubunta anandiwonetsa nkhuyu mu mawonekedwe awa

POST https://vpn.evilcorp.com/
Connected to 777.777.777.777:443
SSL negotiation with vpn.evilcorp.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.evilcorp.com
XML POST enabled
Please enter your username and password.
POST https://vpn.evilcorp.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 300, Keepalive 30
Set up DTLS failed; using SSL instead
Connected as 192.168.333.222, using SSL
NOSSSSSHHHHHHHDDDDD
3
NOSSSSSHHHHHHHDDDDD
3
RTNETLINK answers: File exists
/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf

/etc/resolv.conf

# Generated by NetworkManager
search gst.evilcorpguest.com
nameserver 127.0.0.53

/run/resolvconf/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 192.168.430.534
nameserver 127.0.0.53
search evilcorp.com gst.publicevilcorp.com

habr.com idzathetsa, koma simungathe kupita kumeneko. Maadiresi ngati jira.evilcorp.com samathetsedwa konse.

Zomwe zachitika pano sindikuziwa. Koma kuyesa kukuwonetsa kuti ngati muwonjezera mzere ku /etc/resolv.conf

nameserver 192.168.430.534

ndiye maadiresi mkati mwa VPN ayamba kuthetsa mwamatsenga ndipo mukhoza kuyenda mwa iwo, ndiko kuti, zomwe DNS ikuyang'ana kuti athetse maadiresi amawoneka makamaka /etc/resolv.conf, osati kwinakwake.

Mutha kutsimikizira kuti pali kulumikizana ndi VPN ndipo imagwira ntchito popanda kusintha /etc/resolv.conf; kuti muchite izi, ingolowetsani msakatuli osati dzina lophiphiritsira lazinthu zochokera ku VPN, koma adilesi yake ya IP.

Zotsatira zake, pali mavuto awiri

  • Mukalumikizana ndi VPN, ma dns ake samatengedwa
  • magalimoto onse amadutsa VPN, zomwe sizimalola kugwiritsa ntchito intaneti

Ndikuwuzani choti muchite tsopano, koma choyamba chongopanga pang'ono.

Kulowa modzidzimutsa kwa gawo lokhazikika lachinsinsi

Pakali pano, mwina mwalowetsa kale mawu anu achinsinsi osachepera kasanu ndipo njirayi yakutopetsani kale. Choyamba, chifukwa mawu achinsinsi ndi aatali, ndipo kachiwiri, chifukwa mukalowa muyenera kukwanira mkati mwa nthawi yokhazikika

Njira yothetsera vutoli sinaphatikizidwe m'nkhaniyi, koma mutha kuonetsetsa kuti gawo lokhazikika la mawu achinsinsi siliyenera kulowetsedwa nthawi zambiri.

Tiyeni tiyerekeze kuti gawo lokhazikika la mawu achinsinsi ndi fixedPassword, ndipo gawo lochokera ku Google Authenticator ndi 567. Mawu achinsinsi onse atha kuperekedwa kuti openconnect kudzera muzolowera wamba pogwiritsa ntchito --passwd-on-stdin mkangano.

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr vpn.evilcorp.com --passwd-on-stdin

Tsopano mutha kubwerera nthawi zonse ku lamulo lomaliza lolowa ndikusintha gawo lokha la Google Authenticator pamenepo.

VPN yamakampani sikukulolani kuti mufufuze pa intaneti.

Nthawi zambiri, sizovuta kwambiri mukamagwiritsa ntchito kompyuta ina kupita ku Habr. Kulephera kukopera-kumata kuchokera ku stackoverfow kumatha kuyimitsa ntchito, ndiye kuti pali china chake chomwe chiyenera kuchitika.

Tiyenera kulinganiza mwanjira ina kuti mukafuna kupeza gwero kuchokera pa intaneti yamkati, Linux imapita ku VPN, ndipo mukafunika kupita ku Habr, imapita ku intaneti.

openconnect, mutatha kuyambitsa ndi kukhazikitsa kugwirizana ndi vpn, imapanga script yapadera, yomwe ili mu /usr/share/vpnc-scripts/vpnc-script. Zosintha zina zimaperekedwa ku script ngati zolowetsa, ndipo zimakonza VPN. Tsoka ilo, sindinathe kudziwa momwe ndingagawire kuchuluka kwa magalimoto pakati pa VPN yamakampani ndi intaneti yonse pogwiritsa ntchito zolemba zakubadwa.

Mwachiwonekere, chida cha vpn-gawo chinapangidwa makamaka kwa anthu ngati ine, omwe amakulolani kutumiza magalimoto kudzera muzitsulo ziwiri popanda kuvina ndi maseche. Chabwino, ndiye kuti, muyenera kuvina, koma simukuyenera kukhala shaman.

Kulekanitsa magalimoto pogwiritsa ntchito vpn-slice

Choyamba, muyenera kukhazikitsa vpn-slice, muyenera kudzifufuza nokha. Ngati pali mafunso mu ndemanga, ndilemba positi yosiyana pa izi. Koma iyi ndi pulogalamu yanthawi zonse ya Python, kotero sipayenera kukhala zovuta. Ndinayika pogwiritsa ntchito virtualenv.

Kenako zofunikirazo ziyenera kugwiritsidwa ntchito, pogwiritsa ntchito -script switch, kuwonetsa kutsegulira kuti m'malo mwazolemba zokhazikika, muyenera kugwiritsa ntchito vpn-slice.

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin 
--script "./bin/vpn-slice 192.168.430.0/24  " vpn.evilcorp.com

--script imadutsa chingwe chokhala ndi lamulo lomwe liyenera kutchedwa m'malo mwa script. ./bin/vpn-slice - njira yopita ku fayilo ya vpn-gawo 192.168.430.0/24 - chigoba cha ma adilesi oti mupiteko mu vpn. Apa, tikutanthauza kuti ngati adilesi ikuyamba ndi 192.168.430, ndiye kuti gwero lomwe lili ndi adilesiyi liyenera kufufuzidwa mkati mwa VPN.

Zinthu zikuyenera kukhala bwino tsopano. Pafupifupi. Tsopano mutha kupita ku Habr ndipo mutha kupita ku intra-corporate gwero ndi ip, koma simungathe kupita kuzinthu zamabizinesi ndi dzina lophiphiritsa. Ngati mungatchule machesi pakati pa dzina lophiphiritsa ndi adilesi mu makamu, zonse ziyenera kugwira ntchito. Ndipo gwiritsani ntchito mpaka ip isinthe. Linux tsopano ikhoza kupeza intaneti kapena intranet, kutengera IP. Koma DNS yosakhala yamakampani imagwiritsidwabe ntchito kudziwa adilesi.

Vutoli likhoza kudziwonetseranso mu mawonekedwe awa - kuntchito zonse zili bwino, koma kunyumba mungathe kupeza zothandizira zamkati kudzera pa IP. Izi ndichifukwa choti mukalumikizidwa ndi Wi-Fi yamakampani, DNS yamakampani imagwiritsidwanso ntchito, ndipo ma adilesi ophiphiritsa ochokera ku VPN amathetsedwa mmenemo, ngakhale kuti sizingatheke kupita ku adiresi yotere popanda kugwiritsa ntchito VPN.

Kusintha kwachangu kwa fayilo ya makamu

Ngati vpn-kagawo ikufunsidwa mwaulemu, ndiye pambuyo pokweza VPN, ikhoza kupita ku DNS yake, kupeza ma adilesi a IP azinthu zofunikira ndi mayina awo ophiphiritsa ndikuwalowetsa mu makamu. Mukathimitsa VPN, maadiresi awa adzachotsedwa kwa olandira. Kuti muchite izi, muyenera kupereka mayina ophiphiritsa ku vpn-gawo ngati mikangano. Ngati chonchi.

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Tsopano zonse ziyenera kugwira ntchito muofesi komanso pagombe.

Sakani ma adilesi a subdomain onse mu DNS yoperekedwa ndi VPN

Ngati pali ma adilesi ochepa mkati mwa netiweki, ndiye kuti njira yosinthira mafayilo amakamu imagwira ntchito bwino. Koma ngati pali zinthu zambiri pa intaneti, ndiye kuti nthawi zonse muyenera kuwonjezera mizere monga zoidberg.test.evilcorp.com ku script zoidberg ndilo dzina la imodzi mwa mabenchi oyesera.

Koma tsopano popeza tikumvetsetsa pang'ono chifukwa chake chosowa ichi chikhoza kuthetsedwa.

Ngati, mutakweza VPN, muyang'ana mu /etc/hosts, mukhoza kuwona mzerewu

192.168.430.534 dns0.tun0 # vpn-slice-tun0 AUTOCREATED

Ndipo mzere watsopano unawonjezedwa ku resolv.conf. Mwachidule, vpn-gawo mwanjira ina idatsimikiza komwe seva ya dns ya vpn ili.

Tsopano tikuyenera kuonetsetsa kuti kuti tipeze adilesi ya IP ya dzina lachidziwitso lomwe limatha ndi evilcorp.com, Linux imapita ku kampani ya DNS, ndipo ngati pakufunika china chake, ndiye kuti chokhazikika.

Ndakhala ndi Google kwa nthawi yayitali ndikuwona kuti magwiridwe antchito akupezeka ku Ubuntu kunja kwa bokosi. Izi zikutanthauza kuthekera kogwiritsa ntchito seva yapa DNS dnsmasq kuthetsa mayina.

Ndiko kuti, mutha kuwonetsetsa kuti Linux nthawi zonse imapita ku seva yapafupi ya DNS kwa ma adilesi a IP, omwenso, kutengera dzina la domain, adzayang'ana IP pa seva yakunja ya DNS.

Kuwongolera chilichonse chokhudzana ndi maukonde ndi maukonde, Ubuntu amagwiritsa ntchito NetworkManager, ndi mawonekedwe ojambulira posankha, mwachitsanzo, kulumikizana kwa Wi-Fi ndikumapeto kwake.

Tiyenera kukwera mu kasinthidwe ake.

  1. Pangani fayilo mu /etc/NetworkManager/dnsmasq.d/evilcorp

adilesi=/.evilcorp.com/192.168.430.534

Samalani pa mfundo pamaso pa evilcorp. Zimawonetsa dnsmasq kuti ma subdomain onse a evilcorp.com afufuzidwe mu dns zamakampani.

  1. Uzani NetworkManager kuti agwiritse ntchito dnsmasq pakusankha dzina

Kukonzekera kwa network-manager kuli /etc/NetworkManager/NetworkManager.conf Muyenera kuwonjezera pamenepo:

[main] dns=dnsmasq

  1. Yambitsaninso NetworkManager

service network-manager restart

Tsopano, mutatha kulumikiza ku VPN pogwiritsa ntchito openconnect ndi vpn-slice, ip idzatsimikiziridwa bwinobwino, ngakhale simukuwonjezera maadiresi ophiphiritsira pamikangano ku vpnslice.

Momwe mungapezere ntchito zapayekha kudzera pa VPN

Nditakwanitsa kulumikiza VPN, ndinali wokondwa kwambiri kwa masiku awiri, ndipo zinapezeka kuti ngati ndikugwirizanitsa ndi VPN kuchokera kunja kwa ofesi, ndiye kuti makalata sagwira ntchito. Chizindikirocho ndi chodziwika bwino, sichoncho?

Imelo yathu ili mu mail.publicevilcorp.com, zomwe zikutanthauza kuti sizigwera pansi paulamuliro mu dnsmasq ndipo adilesi ya seva yamakalata imafufuzidwa kudzera pagulu la DNS.

Chabwino, ofesi ikugwiritsabe ntchito DNS, yomwe ili ndi adilesiyi. Ndi zimene ndinaganiza. M'malo mwake, mutatha kuwonjezera mzere ku dnsmasq

adilesi=/mail.publicevilcorp.com/192.168.430.534

zinthu sizinasinthe ngakhale pang’ono. ip idakhalabe chimodzimodzi. Ndinayenera kupita kuntchito.

Ndipo kenako, nditafufuza mozama za vutolo ndikumvetsetsa pang'ono vutolo, munthu wina wanzeru adandiuza momwe ndingathetsere. Zinali zofunikira kulumikiza ku seva yamakalata osati monga choncho, koma kudzera mu VPN

Ndimagwiritsa ntchito vpn-slice kudutsa VPN kupita ku ma adilesi omwe amayamba ndi 192.168.430. Ndipo seva yamakalata sikuti ili ndi adilesi yophiphiritsira yomwe siili gawo la evilcorp, ilinso ndi adilesi ya IP yomwe imayamba ndi 192.168.430. Ndipo ndithudi samalola aliyense kuchokera pa intaneti kuti abwere kwa iye.

Kuti Linux idutse VPN ndi seva yamakalata, muyenera kuwonjezera pa vpn-gawo. Tinene kuti adilesi ya wotumiza ndi 555.555.555.555

echo "fixedPassword567987" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin
--script "./bin/vpn-slice 555.555.555.555 192.168.430.0/24" vpn.evilcorp.com

Script yokweza VPN ndi mkangano umodzi

Zonsezi, ndithudi, sizothandiza kwambiri. Inde, mukhoza kusunga malembawo ku fayilo ndikuyiyika mu console m'malo molemba pamanja, komabe sizosangalatsa kwambiri. Kuti ntchitoyi ikhale yosavuta, mutha kukulunga lamulolo mu script yomwe idzakhale PATH. Kenako mudzangofunika kulowa nambala yomwe mwalandira kuchokera ku Google Authenticator

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 --user poxvuibr --passwd-on-stdin 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Mukayika script mu connect~evilcorp~ mutha kungolemba mu console

connect_evil_corp 567987

Koma tsopano mukuyenerabe kusunga cholumikizira chomwe openconnect chikutseguka pazifukwa zina

Kuthamanga openconnect kumbuyo

Mwamwayi, olemba a openconnect adatisamalira ndikuwonjezera chinsinsi chapadera ku pulogalamu -background, zomwe zimapangitsa kuti pulogalamuyi igwire ntchito kumbuyo pambuyo poyambitsa. Ngati muthamanga motere, mutha kutseka kontrakitala mukakhazikitsa

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Tsopano sizikudziwikiratu kumene mitengoyo imapita. Nthawi zambiri, sitifunikira zipika, koma simudziwa. Openconnect ikhoza kuwatsogolera ku syslog, komwe adzasungidwa otetezeka. muyenera kuwonjezera -syslog switch ku lamulo

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com

Ndipo kotero, zikuwoneka kuti openconnect ikugwira ntchito kwinakwake kumbuyo ndipo sizikuvutitsa aliyense, koma sizikuwonekeratu momwe mungaletsere. Ndiye kuti, mutha kusefa zotulutsa za ps pogwiritsa ntchito grep ndikuyang'ana njira yomwe dzina lake lili ndi openconnect, koma izi ndizotopetsa. Zikomo kwa olemba omwe adaganizanso za izi. Openconnect ili ndi kiyi -pid-file, yomwe mutha kulangiza openconnect kuti alembe chizindikiritso chake pafayilo.

#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background  
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com  
--pid-file ~/vpn-pid

Tsopano mutha kupha njira ndi lamulo

kill $(cat ~/vpn-pid)

Ngati palibe njira, kupha kutemberera, koma sikutaya cholakwika. Ngati fayiloyo palibe, ndiye kuti palibe choipa chomwe chidzachitike, kotero mutha kupha mosamala ndondomekoyi pamzere woyamba wa script.

kill $(cat ~/vpn-pid)
#!/bin/sh  
echo "fixedPassword$1" | openconnect --servercert sha256:4444444444444444444444444444444444444444444444444444444444444444 
--user poxvuibr 
--passwd-on-stdin 
--background 
--syslog 
--script "./bin/vpn-slice 192.168.430.0/24  jira.vpn.evilcorp.com git.vpn.evilcorp.com " vpn.evilcorp.com  
--pid-file ~/vpn-pid

Tsopano mutha kuyatsa kompyuta yanu, tsegulani kontena ndikuyendetsa lamulo, ndikupatseni code kuchokera ku Google Authenticator. Kenako console ikhoza kukhomeredwa pansi.

Popanda VPN-gawo. M'malo mwa mawu omaliza

Zinakhala zovuta kwambiri kumvetsetsa momwe mungakhalire popanda VPN-gawo. Ndinayenera kuwerenga ndi google kwambiri. Mwamwayi, titatha nthawi yochuluka ndi vuto, zolemba zamaluso komanso munthu openconnect amawerenga ngati mabuku osangalatsa.

Zotsatira zake, ndidapeza kuti vpn-kagawo, monga script yachibadwidwe, imasintha tebulo lanjira kuti lilekanitse maukonde.

Tabu yolowera

Kunena mwachidule, ili ndi tebulo lomwe lili mugawo loyamba lomwe lili ndi zomwe adilesi yomwe Linux ikufuna kudutsa iyenera kuyamba, ndipo mgawo lachiwiri ndi adaputala ya netiweki yomwe idutse pa adilesi iyi. M'malo mwake, pali olankhula ambiri, koma izi sizisintha kwenikweni.

Kuti muwone tebulo lamayendedwe, muyenera kuyendetsa lamulo la ip

default via 192.168.1.1 dev wlp3s0 proto dhcp metric 600 
192.168.430.0/24 dev tun0 scope link 
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.534 metric 600 
192.168.430.534 dev tun0 scope link

Apa, mzere uliwonse uli ndi udindo wa komwe muyenera kupita kuti mutumize uthenga ku adilesi ina. Choyamba ndi kufotokoza kumene adilesi iyenera kuyamba. Kuti mumvetsetse momwe mungadziwire kuti 192.168.0.0/16 zikutanthauza kuti adilesi iyenera kuyamba ndi 192.168, muyenera google kuti IP adilesi mask ndi chiyani. Pambuyo pa dev pali dzina la adapter komwe uthenga uyenera kutumizidwa.

Kwa VPN, Linux idapanga adapter - tun0. Mzerewu umatsimikizira kuti magalimoto amaadiresi onse kuyambira 192.168 amadutsamo

192.168.0.0/16 dev tun0 scope link

Mukhozanso kuyang'ana momwe zilili panopa pa tebulo la mayendedwe pogwiritsa ntchito lamulo njira -n (Maadiresi a IP ndi osadziwika bwino) Lamuloli limatulutsa zotsatira mu mawonekedwe osiyana ndipo nthawi zambiri limachotsedwa, koma zotsatira zake nthawi zambiri zimapezeka m'mabuku a pa Intaneti ndipo muyenera kuziwerenga.

Kumene adilesi ya IP ya njira iyenera kuyambika zitha kumveka kuchokera kuphatikiziro la Destination ndi Genmask columns. Zigawo za adilesi ya IP zomwe zimagwirizana ndi manambala 255 ku Genmask zimaganiziridwa, koma zomwe zili 0 siziri. Ndiko kuti, kuphatikiza kwa Destination 192.168.0.0 ndi Genmask 255.255.255.0 kumatanthauza kuti ngati adiresi ikuyamba ndi 192.168.0, ndiye kuti pempho kwa ilo lidzadutsa njira iyi. Ndipo ngati Kopita 192.168.0.0 koma Genmask 255.255.0.0, ndiye zopempha maadiresi amene amayamba ndi 192.168 adzapita njira imeneyi.

Kuti ndidziwe zomwe vpn-slice imachita, ndidaganiza zoyang'ana zomwe zili pamagome asanachitike komanso pambuyo pake.

Musanayatse VPN zinali chonchi

route -n 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0

Nditayimba openconnect popanda vpn-slice zidakhala chonchi

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0
192.168.430.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.430.534 0.0.0.0         255.255.255.255 UH    0      0        0 tun0

Ndipo mutatha kuyimba openconnect kuphatikiza ndi vpn-gawo monga chonchi

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0
222.222.222.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
333.333.333.333 222.222.222.1   255.255.255.255 UGH   0      0        0 wlp3s0
192.168.430.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.430.534 0.0.0.0         255.255.255.255 UH    0      0        0 tun0

Zitha kuwoneka kuti ngati simugwiritsa ntchito vpn-slice, ndiye openconnect amalemba momveka bwino kuti maadiresi onse, kupatula omwe asonyezedwa, ayenera kupezeka kudzera mu vpn.

Pomwe pano:

0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0

Kumeneko, pafupi ndi izo, njira ina imasonyezedwa nthawi yomweyo, yomwe iyenera kugwiritsidwa ntchito ngati adiresi yomwe Linux ikuyesera kudutsa sagwirizana ndi chigoba chilichonse patebulo.

0.0.0.0         222.222.222.1   0.0.0.0         UG    600    0        0 wlp3s0

Zalembedwa kale apa kuti mu nkhani iyi muyenera kugwiritsa ntchito muyezo Wi-Fi adaputala.

Ndikukhulupirira kuti njira ya VPN imagwiritsidwa ntchito chifukwa ndiyo yoyamba patebulo lolowera.

Ndipo mwachidziwitso, ngati muchotsa njira yosasinthika iyi patebulo lolowera, ndiye molumikizana ndi dnsmasq openconnect iyenera kuwonetsetsa kuti ikugwira ntchito bwino.

ndinayes

route del default

Ndipo zonse zinayenda bwino.

Kutumiza zopempha ku seva yamakalata popanda vpn-gawo

Koma ndilinso ndi seva yamakalata ndi adilesi 555.555.555.555, yomwe ikufunikanso kupezeka kudzera VPN. Njira yopitako iyeneranso kuwonjezeredwa pamanja.

ip route add 555.555.555.555 via dev tun0

Ndipo tsopano zonse ziri bwino. Kotero mutha kuchita popanda vpn-gawo, koma muyenera kudziwa bwino zomwe mukuchita. Tsopano ndikuganiza kuwonjezera pamzere womaliza wa script yachibadwidwe ya openconnect kuchotsa njira yosasinthika ndikuwonjezera njira yotumizira maimelo pambuyo polumikizana ndi vpn, kungoti pali magawo ochepa osuntha panjinga yanga.

Mwinamwake, mawu omalizawa angakhale okwanira kuti wina amvetse momwe angakhazikitsire VPN. Koma ndikuyesera kumvetsetsa zomwe ndiyenera kuchita, ndidawerenga maupangiri ambiri otere omwe amagwira ntchito kwa wolemba, koma pazifukwa zina sizikundigwirira ntchito, ndipo ndidasankha kuwonjezera apa zidutswa zonse zomwe ndapeza. Ndingasangalale kwambiri ndi chinthu ngati chimenecho.

Source: www.habr.com

Kuwonjezera ndemanga