Buku "Linux in Action"

Moni, okhala ku Khabro! M'bukuli, David Clinton akufotokoza ntchito zenizeni za 12, kuphatikizapo kusungirako zosunga zobwezeretsera ndi kuchira, kukhazikitsa mtambo wa fayilo ya Dropbox, ndikupanga seva yanu ya MediaWiki. Mudzayang'ana mawonekedwe, kubwezeretsa masoka, chitetezo, zosunga zobwezeretsera, DevOps, ndi zovuta zamakina kudzera mumaphunziro osangalatsa. Mutu uliwonse umathera ndi ndemanga ya machitidwe abwino, ndandanda ya mawu atsopano, ndi zolimbitsa thupi.

Chigawo "10.1. Kupanga njira ya OpenVPN"

Ndalankhula kale zambiri za kubisa m'bukuli. SSH ndi SCP zingateteze deta yomwe imasamutsidwa pamalumikizidwe akutali (Chaputala 3), kubisa mafayilo kumatha kuteteza deta pamene ikusungidwa pa seva (Chaputala 8), ndipo ziphaso za TLS/SSL zimatha kuteteza deta yomwe imasamutsidwa pakati pa masamba ndi asakatuli a kasitomala (Chaputala 9) . Koma nthawi zina deta yanu iyenera kutetezedwa pamalumikizidwe osiyanasiyana. Mwachitsanzo, mwina ena agulu lanu amagwira ntchito pamsewu pomwe akulumikizana ndi Wi-Fi kudzera m'malo opezeka anthu ambiri. Simuyenera kuganiza kuti malo onsewa ndi otetezeka, koma anthu anu amafunikira njira yolumikizirana ndi zida zakampani - ndipo ndipamene VPN ingathandize.

Msewu wa VPN wopangidwa bwino umapereka kulumikizana kwachindunji pakati pa makasitomala akutali ndi seva m'njira yomwe imabisala deta pamene ikuyenda pa intaneti yosatetezeka. Ndiye? Mwawona kale zida zambiri zomwe zitha kuchita izi ndi kubisa. Mtengo weniweni wa VPN ndikuti potsegula njira, mutha kulumikiza maukonde akutali ngati kuti onse ndi amderalo. Mwanjira ina, mukugwiritsa ntchito njira yolambalala.

Pogwiritsa ntchito netiweki yotalikitsidwa iyi, olamulira amatha kugwira ntchito yawo pamaseva awo kulikonse. Koma chofunika kwambiri, kampani yomwe ili ndi zothandizira zomwe zimafalikira kumadera ambiri zimatha kuzipangitsa kuti ziwonekere komanso zopezeka kwa magulu onse omwe amawafuna, kulikonse kumene ali (Chithunzi 10.1).

Njira yokhayo sikutanthauza chitetezo. Koma imodzi mwamiyezo ya kubisa imatha kuphatikizidwa mumtundu wa maukonde, omwe amawonjezera kwambiri chitetezo. Makona opangidwa pogwiritsa ntchito phukusi lotseguka la OpenVPN amagwiritsa ntchito encryption yomweyi ya TLS/SSL yomwe mudawerengapo kale. OpenVPN si njira yokhayo yolumikizira yomwe ilipo, koma ndi imodzi mwazodziwika bwino. Imawerengedwa kuti ndiyofulumira komanso yotetezeka kwambiri kuposa njira ina ya Layer 2 yomwe imagwiritsa ntchito kubisa kwa IPsec.

Kodi mukufuna kuti aliyense pagulu lanu azilankhulana mosatekeseka ali panjira kapena akugwira ntchito m'nyumba zosiyanasiyana? Kuti muchite izi, muyenera kupanga seva ya OpenVPN kuti mulole kugawana mapulogalamu ndikupeza malo ochezera amtundu wa seva. Kuti izi zitheke, zomwe muyenera kuchita ndikuyendetsa makina awiri kapena zotengera ziwiri: imodzi kukhala ngati seva / wolandila ndi ina kukhala ngati kasitomala. Kumanga VPN si njira yophweka, kotero ndikofunika kutenga mphindi zochepa kuti mukhale ndi chithunzi chachikulu.

10.1.1. Kusintha kwa Seva ya OpenVPN

Musanayambe, ndikupatsani malangizo othandiza. Ngati muzichita nokha (ndipo ndikupangirani kuti mutero), mwina mudzapeza kuti mukugwira ntchito ndi ma terminal angapo otsegulidwa pa Desktop yanu, iliyonse yolumikizidwa ndi makina osiyanasiyana. Pali chiopsezo kuti nthawi ina mudzalowetsa lamulo lolakwika pawindo. Kuti mupewe izi, mutha kugwiritsa ntchito lamulo la hostname kuti musinthe dzina la makina lomwe likuwonetsedwa pamzere wolamula kukhala chinthu chomwe chimakuwuzani komwe muli. Mukachita izi, muyenera kutuluka mu seva ndikulowanso kuti zosintha zatsopano ziyambe kugwira ntchito. Izi ndi momwe zimawonekera:

Potsatira njirayi ndikupereka mayina oyenerera pamakina aliwonse omwe mumagwira nawo ntchito, mutha kudziwa komwe muli.

Mukatha kugwiritsa ntchito dzina la alendo, mutha kukumana ndi zokwiyitsa Kulephera Kuthetsa mauthenga a Host OpenVPN-Server mukamatsatira malamulo otsatirawa. Kusintha fayilo ya /etc/hosts ndi dzina latsopano loyenera kuyenera kuthetsa vutoli.

Kukonzekera seva yanu ya OpenVPN

Kuti muyike OpenVPN pa seva yanu, mukufunikira maphukusi awiri: openvpn ndi Easy-rsa (kuwongolera njira yopangira makiyi). Ogwiritsa ntchito a CentOS ayenera choyamba kukhazikitsa malo osungiramo epel ngati kuli kofunikira, monga momwe munachitira mu Mutu 2. Kuti muthe kuyesa kupeza ntchito ya seva, mukhoza kukhazikitsa Apache web server (apache2 pa Ubuntu ndi httpd pa CentOS).

Pamene mukukhazikitsa seva yanu, ndikupangira kuyambitsa chozimitsa moto chomwe chimatseka madoko onse kupatula 22 (SSH) ndi 1194 (doko la OpenVPN). Chitsanzochi chikuwonetsa momwe ufw angagwirire ntchito pa Ubuntu, koma ndikukhulupirira kuti mukukumbukira pulogalamu ya CentOS firewalld kuchokera ku Mutu 9:

# ufw enable
# ufw allow 22
# ufw allow 1194

Kuti muwongolere njira zamkati pakati pa maukonde ochezera pa seva, muyenera kumasula mzere umodzi (net.ipv4.ip_forward = 1) mu fayilo ya /etc/sysctl.conf. Izi zidzalola makasitomala akutali kuti atumizidwenso ngati akufunikira atalumikizidwa. Kuti njira yatsopanoyo igwire ntchito, yesani sysctl -p:

# nano /etc/sysctl.conf
# sysctl -p

Malo a seva yanu tsopano ali okonzeka kwathunthu, koma pali chinthu chinanso choti muchite musanakonzekere: muyenera kumaliza zotsatirazi (tidzawafotokozera mwatsatanetsatane).

1. Pangani gulu la makiyi achinsinsi (PKI) encryption makiyi pa seva pogwiritsa ntchito zolemba zomwe zaperekedwa ndi phukusi losavuta la rsa. Kwenikweni, seva ya OpenVPN imagwiranso ntchito ngati satifiketi yake (CA).
2. Konzani makiyi oyenera kwa kasitomala
3. Konzani fayilo ya seva.conf ya seva
4. Konzani kasitomala wanu wa OpenVPN
5. Onani VPN yanu

Kupanga makiyi achinsinsi

Kuti zinthu zikhale zosavuta, mutha kukhazikitsa maziko anu ofunikira pamakina omwewo pomwe seva ya OpenVPN ikuyenda. Komabe, njira zabwino zachitetezo nthawi zambiri zimalimbikitsa kugwiritsa ntchito seva yosiyana ya CA potumiza zopanga. Njira yopangira ndi kugawa zofunikira zolembera kuti zigwiritsidwe ntchito ku OpenVPN zikuwonetsedwa mkuyu. 10.2.

Mukayika OpenVPN, chikwatu cha /etc/openvpn/ chinangopangidwa, koma mulibe chilichonse. Maphukusi a openvpn ndi osavuta-rsa amabwera ndi mafayilo achitsanzo omwe mungagwiritse ntchito ngati maziko a kasinthidwe kanu. Kuti muyambe ntchito yotsimikizira, lembani zolemba zosavuta za rsa kuchokera ku / usr/share/ mpaka / etc/openvpn ndikusintha ku chikwatu chosavuta-rsa/:

# cp -r /usr/share/easy-rsa/ /etc/openvpn
$ cd /etc/openvpn/easy-rsa

Buku losavuta la rsa tsopano likhala ndi zolemba zingapo. Mu tebulo 10.1 imatchula zida zomwe mungagwiritse ntchito popanga makiyi.

Zochita pamwambapa zimafuna mwayi wa mizu, chifukwa chake muyenera kukhala mizu kudzera pa sudo su.

Fayilo yoyamba yomwe mudzagwire nayo ntchito imatchedwa vars ndipo ili ndi zosintha zachilengedwe zomwe zosavuta-rsa amagwiritsa ntchito popanga makiyi. Muyenera kusintha fayiloyo kuti mugwiritse ntchito zomwe mumakonda m'malo mwazomwe zilipo kale. Izi ndi zomwe fayilo yanga idzawonekere (Mndandanda wa 10.1).

Mndandanda wa 10.1. Zidutswa zazikulu za fayilo /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="CA"
export KEY_PROVINCE="ON"
export KEY_CITY="Toronto"
export KEY_ORG="Bootstrap IT"
export KEY_EMAIL="[email protected]"
export KEY_OU="IT"

Kuthamangitsa fayilo ya vars kudzapereka zikhalidwe zake kumalo a zipolopolo, komwe zidzaphatikizidwe m'makiyi anu atsopano. Chifukwa chiyani lamulo la sudo palokha silimagwira ntchito? Chifukwa mu sitepe yoyamba timasintha script yotchedwa vars ndikuyiyika. Kugwiritsa ntchito ndikutanthauza kuti fayilo ya vars imadutsa zomwe zili m'malo a zipolopolo, pomwe zidzaphatikizidwa zomwe zili m'makiyi anu atsopano.

Onetsetsani kuti mukuyendetsanso fayiloyo pogwiritsa ntchito chipolopolo chatsopano kuti mumalize zomwe sizinamalizidwe. Izi zikachitika, script idzakupangitsani kuti muthamangitse script ina, kuyeretsa-zonse, kuchotsa zonse mu /etc/openvpn/easy-rsa/keys/ directory:

Mwachibadwa, sitepe yotsatira ndiyo kuyendetsa zolemba zonse zoyera, zotsatiridwa ndi build-ca, zomwe zimagwiritsa ntchito pkitool script kuti apange chiphaso cha mizu. Mudzafunsidwa kuti mutsimikizire zokonda zoperekedwa ndi ma vars:

# ./clean-all
# ./build-ca
Generating a 2048 bit RSA private key

Kenako pakubwera script build-key-server. Popeza imagwiritsa ntchito pkitool script yomweyi pamodzi ndi chiphaso chatsopano cha mizu, mudzawona mafunso omwewo kuti mutsimikizire kulengedwa kwa makiyi awiriwo. Makiyi adzatchulidwa kutengera mikangano yomwe mumadutsa, yomwe, pokhapokha mutagwiritsa ntchito ma VPN angapo pamakina awa, nthawi zambiri imakhala seva, monga chitsanzo:

# ./build-key-server server
[...]
Certificate is to be certified until Aug 15 23:52:34 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

OpenVPN imagwiritsa ntchito magawo opangidwa ndi algorithm ya Diffie-Hellman (pogwiritsa ntchito build-dh) kukambirana za kutsimikizika kwa maulumikizidwe atsopano. Fayilo yomwe idapangidwa pano sikuyenera kukhala yachinsinsi, koma iyenera kupangidwa pogwiritsa ntchito build-dh script ya makiyi a RSA omwe akugwira ntchito pano. Mukapanga makiyi atsopano a RSA mtsogolomo, mudzafunikanso kusintha fayilo ya Diffie-Hellman:

# ./build-dh

Makiyi anu am'mbali mwa seva tsopano atha kukhala /etc/openvpn/easy-rsa/keys/ directory, koma OpenVPN sakudziwa izi. Mwachikhazikitso, OpenVPN idzayang'ana makiyi mu /etc/openvpn/, kotero ikopeni:

# cp /etc/openvpn/easy-rsa/keys/server* /etc/openvpn
# cp /etc/openvpn/easy-rsa/keys/dh2048.pem /etc/openvpn
# cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn

Kukonzekera Makasitomala Obisa Makiyi

Monga momwe mwawonera kale, kubisa kwa TLS kumagwiritsa ntchito makiyi awiri ofananira: imodzi yoyikidwa pa seva ndi imodzi yoyikidwa pa kasitomala wakutali. Izi zikutanthauza kuti mudzafunika makiyi a kasitomala. Mnzathu wakale pkitool ndizomwe mukufunikira pa izi. Mu chitsanzo ichi, tikamayendetsa pulogalamuyo mu /etc/openvpn/easy-rsa/ directory, timadutsa mkangano wa kasitomala kuti apange mafayilo otchedwa client.crt ndi client.key:

# ./pkitool client

Mafayilo awiri a kasitomala, pamodzi ndi fayilo yoyambirira ya ca.crt yomwe idakali m'makiyi/chikwatu, iyenera kusamutsidwa motetezedwa kwa kasitomala wanu. Chifukwa cha umwini wawo ndi ufulu wopeza, izi sizingakhale zophweka. Njira yosavuta ndiyo kukopera pamanja zomwe zili mufayilo (ndipo palibe chilichonse koma zomwe zili) mu terminal yomwe ikuyenda pakompyuta ya PC yanu (sankhani mawuwo, dinani kumanja ndikusankha Matulani kuchokera pamenyu). Kenako ikani izi mufayilo yatsopano yokhala ndi dzina lomwelo lomwe mumapanga mu terminal yachiwiri yolumikizidwa ndi kasitomala wanu.

Koma aliyense akhoza kudula ndi kumata. M'malo mwake, ganizani ngati woyang'anira chifukwa simudzakhala ndi mwayi wofikira ku GUI komwe ntchito zodula / kumata zimatheka. Koperani mafayilo ku chikwatu chakunyumba kwa wosuta wanu (kotero kuti scp yakutali ikhoza kuwapeza), ndiyeno gwiritsani ntchito chown kusintha umwini wa mafayilo kuchokera muzu kupita kwa wogwiritsa ntchito omwe alibe mizu kuti ntchito yakutali scp ichitike. Onetsetsani kuti mafayilo anu onse adayikidwa pano komanso kupezeka. Muwasamutsa kwa kasitomala pakapita nthawi:

# cp /etc/openvpn/easy-rsa/keys/client.key /home/ubuntu/
# cp /etc/openvpn/easy-rsa/keys/ca.crt /home/ubuntu/
# cp /etc/openvpn/easy-rsa/keys/client.crt /home/ubuntu/
# chown ubuntu:ubuntu /home/ubuntu/client.key
# chown ubuntu:ubuntu /home/ubuntu/client.crt
# chown ubuntu:ubuntu /home/ubuntu/ca.crt

Ndi makiyi athunthu achinsinsi okonzeka kupita, muyenera kuuza seva momwe mukufuna kupanga VPN. Izi zimachitika pogwiritsa ntchito fayilo ya seva.conf.

Kuchepetsa chiwerengero cha makiyi

Kodi kutaipa kwachuluka? Kukulitsa ndi mabulaketi kudzathandiza kuchepetsa malamulo asanu ndi limodziwa kukhala awiri. Ndikukhulupirira kuti mutha kuphunzira zitsanzo ziwirizi ndikumvetsetsa zomwe zikuchitika. Chofunika kwambiri, mudzatha kumvetsetsa momwe mungagwiritsire ntchito mfundozi pazochitika zokhudzana ndi makumi kapena mazana azinthu:

# cp /etc/openvpn/easy-rsa/keys/{ca.crt,client.{key,crt}} /home/ubuntu/
# chown ubuntu:ubuntu /home/ubuntu/{ca.crt,client.{key,crt}}

Kukhazikitsa fayilo ya seva.conf

Kodi mungadziwe bwanji momwe fayilo ya seva.conf iyenera kuwoneka? Kumbukirani template yosavuta ya rsa yomwe mudakopera kuchokera ku /usr/share/? Pamene mudayika OpenVPN, munasiyidwa ndi fayilo ya template yokhazikika yomwe mungathe kukopera ku /etc/openvpn/. Ndimanga pa mfundo yakuti template yasungidwa ndikukudziwitsani chida chothandiza: zcat.

Mukudziwa kale za kusindikiza zomwe zili mufayilo pazenera pogwiritsa ntchito lamulo la mphaka, koma bwanji ngati fayiloyo yapanikizidwa pogwiritsa ntchito gzip? Mutha kumasula fayiloyo nthawi zonse kenako mphaka adzaitulutsa mosangalala, koma ndi sitepe imodzi kapena ziwiri kuposa zofunika. M'malo mwake, monga momwe mungaganizire, mutha kutulutsa lamulo la zcat kuti mulowetse mawu osalemba pamtima mu sitepe imodzi. Muchitsanzo chotsatirachi, m'malo mosindikiza mawu pa zenera, mudzawalozera ku fayilo yatsopano yotchedwa server.conf:

# zcat 
  /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz 
  > /etc/openvpn/server.conf
$ cd /etc/openvpn

Tiyeni tiyike pambali zolemba zambiri komanso zothandiza zomwe zimabwera ndi fayiloyo ndikuwona momwe zingawonekere mukamaliza kukonza. Dziwani kuti semicolon (;) imauza OpenVPN kuti asawerenge kapena kuchita mzere wotsatira (Mndandanda wa 10.2).

Tiyeni tidutse zina mwazokonda izi.

• Mwachikhazikitso, OpenVPN imayenda pa doko 1194. Mutha kusintha izi, mwachitsanzo, kuti mubisenso zochita zanu kapena kupewa mikangano ndi ma tunnel ena omwe akugwira ntchito. Popeza 1194 imafuna kugwirizana kochepa ndi makasitomala, ndi bwino kuchita izi.
• OpenVPN imagwiritsa ntchito Transmission Control Protocol (TCP) kapena User Datagram Protocol (UDP) kutumiza deta. TCP ikhoza kukhala yocheperako pang'ono, koma ndiyodalirika komanso yotheka kuti imvetsetsedwe ndi mapulogalamu omwe akuyenda mbali zonse ziwiri za ngalandeyo.
• Mutha kutchula dev tun mukafuna kupanga njira yosavuta, yothandiza kwambiri ya IP yomwe imanyamula zomwe zili ndi data osati china chilichonse. Ngati, kumbali ina, muyenera kulumikiza maukonde angapo (ndi maukonde omwe amayimira), ndikupanga mlatho wa Ethernet, muyenera kusankha dev tap. Ngati simukumvetsa tanthauzo la izi, gwiritsani ntchito mfundo ya tun.
• Mizere inayi yotsatira imapatsa OpenVPN mayina a mafayilo atatu otsimikizira pa seva ndi fayilo ya dh2048 yomwe mudapanga kale.
• Mzere wa seva umayika masanjidwe ndi subnet chigoba chomwe chidzagwiritsidwe ntchito popereka ma adilesi a IP kwa makasitomala akalowa.
• Zosankha zokankhira "njira 10.0.3.0 255.255.255.0" imalola makasitomala akutali kupeza ma subnets achinsinsi kumbuyo kwa seva. Kupanga ntchitoyi kumafunanso kukhazikitsa netiweki pa seva yokhayo kuti subnet yachinsinsi idziwe za OpenVPN subnet (10.8.0.0).
• Mzere wa port-share localhost 80 umakulolani kuti muwongolere magalimoto a kasitomala akubwera pa doko 1194 ku seva yapaintaneti yapafupi yomwe imamvetsera pa port 80. (Izi zidzakhala zothandiza ngati mutagwiritsa ntchito seva ya intaneti kuyesa VPN yanu.) Izi zimangogwira ntchito ndiye pamene tcp protocol yasankhidwa.
• Wogwiritsa ntchito palibe ndi mizere ya nogroup iyenera kuyatsidwa pochotsa ma semicolons (;). Kukakamiza makasitomala akutali kuti azithamanga ngati palibe aliyense komanso palibe gulu kumawonetsetsa kuti magawo pa seva alibe mwayi.
• log imanena kuti zolemba zaposachedwa zimalemba zolemba zakale nthawi iliyonse OpenVPN ikayambika, pomwe log-append imawonjezera zolemba zatsopano ku fayilo yomwe ilipo. Fayilo ya openvpn.log yokha idalembedwa ku /etc/openvpn/ directory.

Kuphatikiza apo, mtengo wa kasitomala-kasitomala umawonjezeredwanso ku fayilo yosinthira kuti makasitomala angapo athe kuwonana kuphatikiza pa seva ya OpenVPN. Ngati mwakhutitsidwa ndi kasinthidwe kwanu, mutha kuyambitsa seva ya OpenVPN:

# systemctl start openvpn

Chifukwa cha kusintha kwa ubale pakati pa OpenVPN ndi systemd, mawu otsatirawa nthawi zina angafunike kuyambitsa ntchito: systemctl start openvpn@server.

Kuthamangitsa ip addr kuti mutchule ma network a seva yanu kuyenera tsopano kutulutsa ulalo wa mawonekedwe atsopano otchedwa tun0. OpenVPN ipanga kuti itumikire makasitomala omwe akubwera:

$ ip addr
[...]
4: tun0: mtu 1500 qdisc [...]
      link/none
      inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
          valid_lft forever preferred_lft forever

Mungafunike kuyambitsanso seva zonse zisanayambe kugwira ntchito. Choyimitsa chotsatira ndi kompyuta ya kasitomala.

10.1.2. Kukonza kasitomala wa OpenVPN

Mwachizoloŵezi, ngalandezi zimamangidwa ndi njira zosachepera ziwiri (kupanda kutero tingati mapanga). OpenVPN yokonzedwa bwino pa seva imawongolera magalimoto kulowa ndi kutuluka mumsewu mbali imodzi. Koma mudzafunikanso mapulogalamu ena omwe akuyenda kumbali ya kasitomala, ndiko kuti, kumbali ina ya ngalandeyo.

Mu gawo ili, ndikuyang'ana kwambiri kukhazikitsa pamanja mtundu wina wa kompyuta ya Linux kuti ikhale ngati kasitomala wa OpenVPN. Koma iyi si njira yokhayo yomwe mwayiwu ulipo. OpenVPN imathandizira mapulogalamu a kasitomala omwe amatha kukhazikitsidwa ndikugwiritsidwa ntchito pamakompyuta ndi laputopu omwe ali ndi Windows kapena macOS, komanso mafoni ndi mapiritsi a Android ndi iOS. Onani openvpn.net kuti mumve zambiri.

Phukusi la OpenVPN liyenera kukhazikitsidwa pamakina a kasitomala monga momwe adayikidwira pa seva, ngakhale palibe chifukwa chosavuta-rsa apa popeza makiyi omwe mukugwiritsa ntchito alipo kale. Muyenera kukopera fayilo ya template ya client.conf ku /etc/openvpn/ directory yomwe mwangopanga kumene. Nthawi ino fayilo sidzatsekedwa, kotero lamulo la cp lokhazikika lidzachita ntchitoyi bwino:

# apt install openvpn
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf 
  /etc/openvpn/

Zokonda zambiri mufayilo yanu ya client.conf zidzakhala zongofotokoza bwino: ziyenera kufanana ndi zomwe zili pa seva. Monga mukuwonera pa fayilo yotsatirayi, gawo lapadera lili kutali 192.168.1.23 1194, lomwe limauza kasitomala adilesi ya IP ya seva. Apanso, onetsetsani kuti iyi ndi adilesi yanu ya seva. Muyenera kukakamizanso kompyuta ya kasitomala kuti itsimikizire ngati satifiketi ya seva ndiyowona kuti mupewe kuukira komwe kungachitike kwa munthu wapakati. Njira imodzi yochitira izi ndikuwonjezera seva ya remote-cert-tls (Mndandanda 10.3).

Tsopano mutha kupita ku / etc/openvpn/ chikwatu ndikuchotsa makiyi a certification kuchokera pa seva. Bwezerani adilesi ya IP ya seva kapena dzina lachitsanzo muzotsatira zanu:

Palibe chosangalatsa chomwe chingachitike mpaka mutayendetsa OpenVPN pa kasitomala. Popeza muyenera kudutsa mikangano ingapo, muzichita kuchokera pamzere wolamula. Mtsutso wa --tls-client umauza OpenVPN kuti mudzakhala ngati kasitomala ndikulumikizana kudzera pa TLS encryption, ndi --config amalozera ku fayilo yanu yosinthira:

# openvpn --tls-client --config /etc/openvpn/client.conf

Werengani lamulo lotulutsa mosamala kuti muwonetsetse kuti mwalumikizidwa bwino. Ngati china chake sichikuyenda bwino nthawi yoyamba, zitha kukhala chifukwa chosagwirizana pakati pa seva ndi mafayilo amasinthidwe a kasitomala kapena vuto la network/firewall. Nawa maupangiri othetsera mavuto.

• Werengani mosamala zotsatira za ntchito ya OpenVPN pa kasitomala. Nthawi zambiri limakhala ndi malangizo othandiza pa zomwe sizingachitike komanso chifukwa chake.
• Onani mauthenga olakwika mu Openvpn.log ndi Openvpn-status.log mafayilo mu /etc/openvpn/ directory pa seva.
• Yang'anani zipika zamakina pa seva ndi kasitomala pa mauthenga okhudzana ndi OpenVPN komanso nthawi yake. (journalctl -ce iwonetsa zolemba zaposachedwa.)
• Onetsetsani kuti muli ndi intaneti yolumikizana pakati pa seva ndi kasitomala (zambiri pa izi mu Mutu 14).

Za wolemba

David Clinton - woyang'anira dongosolo, mphunzitsi ndi wolemba. Adayang'anira, kulemba, ndikupanga zida zophunzitsira zamaukadaulo ambiri ofunikira, kuphatikiza makina a Linux, cloud computing (makamaka AWS), ndi matekinoloje otengera zinthu monga Docker. Adalemba buku la Phunzirani Amazon Web Services in a Month of Lunches (Manning, 2017). Maphunziro ake ambiri amakanema akupezeka pa Pluralsight.com, ndipo maulalo amabuku ake ena (pa Linux management and server virtualization) akupezeka bootstrap-it.com.

» Zambiri za bukuli zitha kupezeka pa tsamba la osindikiza
» Zamkatimu
» Chidule

Kwa Khabrozhiteley 25% kuchotsera pogwiritsa ntchito kuponi - Linux
Pakulipira kwa pepala la bukhuli, buku lamagetsi lidzatumizidwa ndi imelo.

Source: www.habr.com