Nkhani
Posachedwapa, ambiri sanadziwe momwe zimakhalira kugwira ntchito kunyumba. Mliriwu wasintha kwambiri momwe zinthu zilili padziko lapansi; aliyense wayamba kuzolowera momwe zinthu zilili pano, poti zakhala zosatetezeka kutuluka mnyumbamo. Ndipo ambiri adayenera kukonza mwachangu ntchito kunyumba kwa antchito awo.
Komabe, kusowa kwa njira yoyenera yosankha njira zothetsera ntchito zakutali kumatha kubweretsa zotayika zosasinthika. Mawu achinsinsi a ogwiritsa ntchito amatha kubedwa, ndipo izi zilola wowukirayo kuti alumikizane mosagwirizana ndi maukonde ndi zida za IT zabizinesiyo.
Ichi ndichifukwa chake kufunikira kopanga maukonde odalirika amakampani a VPN tsopano kwakula. Ndikukuuzani za odalirika, otetezeka ΠΈ zosavuta pakugwiritsa ntchito netiweki ya VPN.
Zimagwira ntchito molingana ndi dongosolo la IPsec/L2TP, lomwe limagwiritsa ntchito makiyi osabwezeredwa ndi ziphaso zosungidwa pa tokeni kuti zitsimikizire makasitomala, komanso kutumiza deta pamaneti mu mawonekedwe obisika.
Seva yokhala ndi CentOS 7 (adilesi: centos.vpn.server.ad) ndi kasitomala yemwe ali ndi Ubuntu 20.04, komanso kasitomala yemwe ali ndi Windows 10, adagwiritsidwa ntchito ngati mawonekedwe owonetsera.
Kufotokozera Kwadongosolo
VPN idzagwira ntchito molingana ndi dongosolo la IPSec + L2TP + PPP. Ndondomeko Lowani-ku-Mfundo Protocol (PPP) imagwira ntchito pamtundu wa data wamtundu wa OSI ndipo imapereka kutsimikizika kwa ogwiritsa ntchito ndi kubisa kwa data yotumizidwa. Deta yake imayikidwa mu data ya L2TP protocol, yomwe imatsimikizira kuti kukhazikitsidwa kwa kugwirizana kwa intaneti ya VPN, koma sikumapereka chitsimikiziro ndi kubisa.
Deta ya L2TP imayikidwa mu IPSec, yomwe imaperekanso kutsimikizika ndi kubisa, koma mosiyana ndi PPP, kutsimikizika ndi kubisa kumachitika pamlingo wa chipangizocho, osati pamlingo wa ogwiritsa ntchito.
Izi zimakupatsani mwayi wotsimikizira ogwiritsa ntchito kuchokera pazida zina. Tidzagwiritsa ntchito protocol ya IPSec momwe ilili ndikuloleza kutsimikizika kwa wosuta kuchokera ku chipangizo chilichonse.
Kutsimikizika kwa ogwiritsa ntchito pogwiritsa ntchito makhadi anzeru kudzachitidwa pamlingo wa protocol wa PPP pogwiritsa ntchito protocol ya EAP-TLS.
Zambiri zokhudzana ndi magwiridwe antchito aderali zitha kupezeka mu .
Chifukwa chiyani chiwembuchi chikukwaniritsa zofunikira zonse zitatu za netiweki yabwino ya VPN?
- Kudalirika kwa ndondomekoyi kwayesedwa ndi nthawi. Yakhala ikugwiritsidwa ntchito kutumiza maukonde a VPN kuyambira 2000.
- Kutsimikizika kwa ogwiritsa ntchito kotetezedwa kumaperekedwa ndi protocol ya PPP. sichipereka mlingo wokwanira wa chitetezo, chifukwa Kuti mutsimikizire, muzochitika zabwino kwambiri, kutsimikizira pogwiritsa ntchito malowedwe ndi mawu achinsinsi kumagwiritsidwa ntchito. Tonse tikudziwa kuti mawu achinsinsi olowera amatha kuyang'aniridwa, kuganiziridwa kapena kubedwa. Komabe, kwa nthawi yayitali tsopano wopanga Π² Protocol iyi idakonza nkhaniyi ndikuwonjezera kuthekera kogwiritsa ntchito ma protocol asymmetric encryption, monga EAP-TLS, kuti atsimikizire. Kuphatikiza apo, adawonjezera luso logwiritsa ntchito makhadi anzeru kuti atsimikizire, zomwe zidapangitsa kuti dongosololi likhale lotetezeka.
Pakali pano, zokambirana zikuyenda kuti aphatikize mapulojekiti awiriwa ndipo mutha kukhala otsimikiza kuti posachedwa izi zidzachitika. Mwachitsanzo, mtundu wa PPP wokhala ndi zigamba wakhala mu nkhokwe za Fedora kwa nthawi yayitali, pogwiritsa ntchito ma protocol otetezedwa kuti atsimikizire. - Mpaka posachedwa, maukondewa amatha kugwiritsidwa ntchito ndi ogwiritsa ntchito Windows okha, koma anzathu aku Moscow State University Vasily Shokov ndi Alexander Smirnov adapeza. ndikusintha. Pamodzi, ife anakonza nsikidzi zambiri ndi zofooka ntchito kasitomala, kuphweka unsembe ndi kasinthidwe dongosolo, ngakhale pomanga kuchokera gwero. Odziwika kwambiri mwa iwo ndi awa:
- Kuthana ndi zovuta zofananira za kasitomala wakale ndi mawonekedwe amitundu yatsopano ya openssl ndi qt.
- Yachotsedwa pppd popereka PIN ya chizindikiro kudzera mufayilo yakanthawi.
- Kukhazikitsa kolakwika kwa pulogalamu yofunsira mawu achinsinsi kudzera pazithunzi. Izi zidachitika pokhazikitsa malo oyenera a ntchito ya xl2tpd.
- Kumanga kwa L2tpIpsecVpn daemon tsopano kukuchitika pamodzi ndi kumangidwa kwa kasitomala mwiniyo, zomwe zimathandizira kamangidwe kake ndi kasinthidwe.
- Kuti chitukuko chikhale chosavuta, makina a Azure Pipelines amalumikizidwa kuti ayese kulondola kwamangawo.
- Anawonjezera luso kukakamiza kutsitsa m'mawu a openssl. Izi ndizothandiza pothandizira makina atsopano ogwiritsira ntchito pomwe mulingo wachitetezo wokhazikika wakhazikitsidwa kukhala 2, ndi maukonde a VPN omwe amagwiritsa ntchito ziphaso zomwe sizikukwaniritsa zofunikira zachitetezo pamlingo uwu. Izi zitha kukhala zothandiza pogwira ntchito ndi maukonde akale a VPN.
Mtundu wokonzedwa umapezeka mu .
Makasitomala uyu amathandizira kugwiritsa ntchito makhadi anzeru kuti atsimikizire, komanso amabisa momwe angathere zovuta zonse ndi zovuta zokhazikitsa dongosololi pansi pa Linux, kupangitsa kukhazikitsidwa kwa kasitomala kukhala kosavuta komanso mwachangu momwe mungathere.
Zachidziwikire, kuti mulumikizane bwino pakati pa PPP ndi kasitomala GUI, sikunali kotheka popanda zosintha zina pama projekiti aliwonse, komabe zidachepetsedwa ndikuchepetsedwa pang'ono:
- Zokhazikika
- Zokhazikika . Cholakwika ichi sichinatilole kukweza chirichonse kuchokera ku fayilo /etc/ppp/openssl.cnf kasinthidwe kameneko kupatula zambiri za injini za openssl zogwirira ntchito ndi makadi anzeru, zomwe zinali zovuta kwambiri ngati, mwachitsanzo, kuwonjezera pa chidziwitso cha injini, ife timafuna kukhazikitsa chinachake. Mwachitsanzo, konzani mulingo wachitetezo mukakhazikitsa kulumikizana.
Tsopano mukhoza kuyamba kukhazikitsa.
Kukonza Seva
Tiyeni tiyike mapepala onse ofunikira.
Kuyika strongswan (IPsec)
Choyamba, tiyeni tikonze firewall kuti ipsec ntchito
sudo firewall-cmd --permanent --add-port=1701/{tcp,udp}
sudo firewall-cmd --permanent --add-service=ipsec
sudo firewall-cmd --reloadNdiye tiyeni tiyambe unsembe
sudo yum install epel-release ipsec-tools dnf
sudo dnf install strongswanPambuyo kukhazikitsa, muyenera kukonza strongswan (imodzi mwamachitidwe a IPSec). Kuti muchite izi, sinthani fayilo /etc/strongswan/ipsec.conf :
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=%any
leftprotoport=udp/1701
right=%any
rightprotoport=udp/%any
ike=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024
esp=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024Tidzakhazikitsanso mawu achinsinsi olowera. Mawu achinsinsi omwe adagawana nawo ayenera kudziwika kwa onse omwe atenga nawo gawo pa intaneti kuti atsimikizidwe. Njirayi mwachiwonekere ndi yosadalirika, chifukwa mawu achinsinsiwa amatha kudziwika mosavuta kwa anthu omwe sitikufuna kuti azitha kulumikizana nawo.
Komabe, ngakhale izi sizidzakhudza chitetezo cha intaneti, chifukwa Kubisa kwa data ndi kutsimikizika kwa ogwiritsa ntchito kumachitika ndi protocol ya PPP. Koma mwachilungamo, ndizoyenera kudziwa kuti strongswan imathandizira matekinoloje otetezeka kwambiri kuti atsimikizire, mwachitsanzo, kugwiritsa ntchito makiyi achinsinsi. Strongswan amakhalanso ndi mwayi wopereka chitsimikizo pogwiritsa ntchito makhadi anzeru, koma mpaka pano pali zipangizo zochepa chabe zomwe zimathandizidwa ndipo chifukwa chake kutsimikiziridwa pogwiritsa ntchito zizindikiro za Rutoken ndi makadi anzeru akadali ovuta. Tiyeni tiyike mawu achinsinsi kudzera pafayilo /etc/strongswan/ipsec.secrets:
# ipsec.secrets - strongSwan IPsec secrets file
%any %any : PSK "SECRET_PASSPHRASE"Tiyeni tiyambenso strongswan:
sudo systemctl enable strongswan
sudo systemctl restart strongswanKukhazikitsa xl2tp
sudo dnf install xl2tpdTiyeni tiyikonze kudzera pa fayilo /etc/xl2tpd/xl2tpd.conf:
[global]
force userspace = yes
listen-addr = 0.0.0.0
ipsec saref = yes
[lns default]
exclusive = no
; ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠ΅Ρ ΡΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ Π°Π΄ΡΠ΅Ρ ΡΠ΅ΡΠ²Π΅ΡΠ° Π² Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΠΎΠΉ ΡΠ΅ΡΠΈ
local ip = 100.10.10.1
; Π·Π°Π΄Π°Π΅Ρ Π΄ΠΈΠ°ΠΏΠ°Π·ΠΎΠ½ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΡ
Π°Π΄ΡΠ΅ΡΠΎΠ²
ip range = 100.10.10.1-100.10.10.254
assign ip = yes
refuse pap = yes
require authentication = yes
; Π΄Π°Π½Π½ΡΡ ΠΎΠΏΡΠΈΡ ΠΌΠΎΠΆΠ½ΠΎ ΠΎΡΠΊΠ»ΡΡΠΈΡΡ ΠΏΠΎΡΠ»Π΅ ΡΡΠΏΠ΅ΡΠ½ΠΎΠΉ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ ΡΠ΅ΡΠΈ
ppp debug = yes
length bit = yes
pppoptfile = /etc/ppp/options.xl2tpd
; ΡΠΊΠ°Π·ΡΠ²Π°Π΅Ρ Π°Π΄ΡΠ΅Ρ ΡΠ΅ΡΠ²Π΅ΡΠ° Π² ΡΠ΅ΡΠΈ
name = centos.vpn.server.adTiyeni tiyambitsenso ntchito:
sudo systemctl enable xl2tpd
sudo systemctl restart xl2tpdKupanga kwa PPP
Ndikoyenera kukhazikitsa mtundu waposachedwa wa pppd. Kuti muchite izi, tsatirani malamulo otsatirawa:
sudo yum install git make gcc openssl-devel
git clone "https://github.com/jjkeijser/ppp"
cd ppp
./configure --prefix /usr
make -j4
sudo make installLembani ku fayilo /etc/ppp/options.xl2tpd zotsatirazi (ngati pali zofunika pamenepo, mutha kuzichotsa):
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
ms-dns 1.1.1.1
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000Timapereka satifiketi ya mizu ndi satifiketi ya seva:
#Π΄ΠΈΡΠ΅ΠΊΡΠΎΡΠΈΡ Ρ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ°ΠΌΠΈ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ, Π£Π¦ ΠΈ ΡΠ΅ΡΠ²Π΅ΡΠ°
sudo mkdir /etc/ppp/certs
#Π΄ΠΈΡΠ΅ΠΊΡΠΎΡΠΈΡ Ρ Π·Π°ΠΊΡΡΡΡΠΌΠΈ ΠΊΠ»ΡΡΠ°ΠΌΠΈ ΡΠ΅ΡΠ²Π΅ΡΠ° ΠΈ Π£Π¦
sudo mkdir /etc/ppp/keys
#Π·Π°ΠΏΡΠ΅ΡΠ°Π΅ΠΌ Π»ΡΠ±ΠΎΠΉ Π΄ΠΎΡΡΡΠΏ ΠΊ ΡΡΠΎΠΉ Π΄ΠΈΡΡΠ΅ΠΊΡΠΎΡΠΈΠΈ ΠΊΡΠΎΠΌΠ΅ Π°Π΄ΠΌΠΈΠ½ΠΈΡΡΠ°ΡΠΎΡΠ°
sudo chmod 0600 /etc/ppp/keys/
#Π³Π΅Π½Π΅ΡΠΈΡΡΠ΅ΠΌ ΠΊΠ»ΡΡ ΠΈ Π²ΡΠΏΠΈΡΡΠ²Π°Π΅ΠΌ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ Π£Π¦
sudo openssl genrsa -out /etc/ppp/keys/ca.pem 2048
sudo openssl req -key /etc/ppp/keys/ca.pem -new -x509 -out /etc/ppp/certs/ca.pem -subj "/C=RU/CN=L2TP CA"
#Π³Π΅Π½Π΅ΡΠΈΡΡΠ΅ΠΌ ΠΊΠ»ΡΡ ΠΈ Π²ΡΠΏΠΈΡΡΠ²Π°Π΅ΠΌ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ ΡΠ΅ΡΠ²Π΅ΡΠ°
sudo openssl genrsa -out /etc/ppp/keys/server.pem 2048
sudo openssl req -new -out server.req -key /etc/ppp/keys/server.pem -subj "/C=RU/CN=centos.vpn.server.ad"
sudo openssl x509 -req -in server.req -CAkey /etc/ppp/keys/ca.pem -CA /etc/ppp/certs/ca.pem -out /etc/ppp/certs/server.pem -CAcreateserialChifukwa chake, tamaliza ndi kukhazikitsa koyambira kwa seva. Kukonzekera kwa seva kumaphatikizapo kuwonjezera makasitomala atsopano.
Kuwonjeza kasitomala watsopano
Kuti muwonjezere kasitomala watsopano ku netiweki, muyenera kuwonjezera satifiketi yake pamndandanda wa odalirika kwa kasitomala uyu.
Ngati wogwiritsa ntchito akufuna kukhala membala wa netiweki ya VPN, amapanga makiyi awiri ndi ntchito ya satifiketi ya kasitomala uyu. Ngati wogwiritsa ntchitoyo ndi wodalirika, ndiye kuti pulogalamuyi ikhoza kusaina, ndipo satifiketi yotsatiridwayo ikhoza kulembedwa ku chikwatu cha satifiketi:
sudo openssl x509 -req -in client.req -CAkey /etc/ppp/keys/ca.pem -CA /etc/ppp/certs/ca.pem -out /etc/ppp/certs/client.pem -CAcreateserialTiyeni tiwonjezere mzere ku fayilo ya /etc/ppp/eaptls-server kuti igwirizane ndi dzina la kasitomala ndi satifiketi yake:
"client" * /etc/ppp/certs/client.pem /etc/ppp/certs/server.pem /etc/ppp/certs/ca.pem /etc/ppp/keys/server.pem *ZINDIKIRANI
Kuti mupewe chisokonezo, ndibwino kuti: Dzina Lodziwika, dzina la fayilo ya satifiketi ndi dzina la ogwiritsa ntchito zikhale zosiyana.
Ndikoyeneranso kuyang'ana kuti dzina la wogwiritsa ntchito lomwe tikuwonjezera silikuwoneka paliponse m'mafayilo ena ovomerezeka, apo ayi padzakhala mavuto ndi momwe wogwiritsa ntchitoyo amavomerezera.
Satifiketi yomweyi iyenera kutumizidwanso kwa wogwiritsa ntchito.
Kupanga makiyi awiri ndi satifiketi
Kuti atsimikizire bwino, kasitomala ayenera:
- kupanga makiyi awiri;
- kukhala ndi satifiketi ya mizu ya CA;
- khalani ndi satifiketi ya makiyi anu osainidwa ndi mizu CA.
kwa kasitomala pa Linux
Choyamba, tiyeni tipange makiyi awiri pa chizindikiro ndikupanga ntchito ya satifiketi:
#ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ ΠΊΠ»ΡΡΠ° (ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡ --id) ΠΌΠΎΠΆΠ½ΠΎ Π·Π°ΠΌΠ΅Π½ΠΈΡΡ Π½Π° Π»ΡΠ±ΠΎΠΉ Π΄ΡΡΠ³ΠΎΠΉ.
pkcs11-tool --module /usr/lib/librtpkcs11ecp.so --keypairgen --key-type rsa:2048 -l --id 45
openssl
OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:librtpkcs11ecp.so
...
OpenSSL> req -engine pkcs11 -new -key 45 -keyform engine -out client.req -subj "/C=RU/CN=client"Tumizani pulogalamu ya client.req yomwe ikuwoneka ku CA. Mukalandira satifiketi ya makiyi anu, lembani ku chizindikiro chokhala ndi id yofanana ndi kiyi:
pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -l -y cert -w ./client.pem --id 45kwa makasitomala a Windows ndi Linux (njira yapadziko lonse lapansi)
Njira iyi ndi yapadziko lonse lapansi, chifukwa amakulolani kuti mupange kiyi ndi satifiketi yomwe idzazindikiridwe bwino ndi ogwiritsa ntchito Windows ndi Linux, koma pamafunika makina a Windows kuti akwaniritse njira yopangira makiyi.
Musanapange zopempha ndikulowetsa satifiketi, muyenera kuwonjezera satifiketi ya mizu ya VPN pamndandanda wa odalirika. Kuti muchite izi, tsegulani ndipo pazenera lomwe limatseguka, sankhani njira ya "Ikani satifiketi":
Pazenera lomwe limatsegulidwa, sankhani kukhazikitsa satifiketi ya wogwiritsa ntchito kwanuko:
Tiyeni tiyike satifiketi mu sitolo ya satifiketi yodalirika ya CA:
Pambuyo pazochitika zonsezi, timagwirizana ndi mfundo zina zonse. Dongosololi tsopano lakonzedwa.
Tiyeni tipange fayilo ya cert.tmp yokhala ndi izi:
[NewRequest]
Subject = "CN=client"
KeyLength = 2048
KeySpec = "AT_KEYEXCHANGE"
ProviderName = "Microsoft Base Smart Card Crypto Provider"
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"
KeyUsageProperty = "NCRYPT_ALLOW_DECRYPT_FLAG"
RequestType = PKCS10
SMIME = FALSEPambuyo pake, tipanga makiyi awiri ndikupanga pulogalamu ya satifiketi. Kuti muchite izi, tsegulani Powershell ndikulowetsa lamulo ili:
certreq.exe -new -pin $PIN .cert.tmp .client.reqTumizani pulogalamu yomwe idapangidwa client.req ku CA yanu ndikudikirira kuti satifiketi ya client.pem ilandilidwe. Itha kulembedwa ku chizindikiro ndikuwonjezedwa ku sitolo ya satifiketi ya Windows pogwiritsa ntchito lamulo ili:
certreq.exe -accept .client.pemNdizofunikira kudziwa kuti zochita zofananira zitha kupangidwanso pogwiritsa ntchito mawonekedwe azithunzi a pulogalamu ya mmc, koma njira iyi ndiyowononga nthawi komanso yocheperako.
Kukhazikitsa kasitomala wa Ubuntu
ZINDIKIRANI
Kukhazikitsa kasitomala pa Linux pakali pano kumatenga nthawi, chifukwa ... imafuna kupanga mapulogalamu osiyana ndi gwero. Tidzayesa kuwonetsetsa kuti zosintha zonse zikuphatikizidwa m'malo ovomerezeka posachedwa.
Kuti muwonetsetse kulumikizana pamlingo wa IPSec ku seva, phukusi la strongswan ndi xl2tp daemon zimagwiritsidwa ntchito. Kuti muchepetse kulumikizana ndi netiweki pogwiritsa ntchito makhadi anzeru, tidzagwiritsa ntchito phukusi la l2tp-ipsec-vpn, lomwe limapereka chipolopolo chosavuta cholumikizira kulumikizana.
Tiyeni tiyambe kusonkhanitsa zinthu pang'onopang'ono, koma izi zisanachitike tikhazikitsa mapaketi onse ofunikira kuti VPN igwire ntchito mwachindunji:
sudo apt-get install xl2tpd strongswan libp11-3Kukhazikitsa mapulogalamu ogwirira ntchito ndi ma tokeni
Ikani laibulale yaposachedwa ya librtpkcs11ecp.so kuchokera , komanso malaibulale ogwiritsira ntchito makadi anzeru:
sudo apt-get install pcscd pcsc-tools opensc libengine-pkcs11-opensslLumikizani Rutoken ndikuwonetsetsa kuti imadziwika ndi dongosolo:
pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -O -lKukhazikitsa patched ppp
sudo apt-get -y install git make gcc libssl-dev
git clone "https://github.com/jjkeijser/ppp"
cd ppp
./configure --prefix /usr
make -j4
sudo make installKuyika kasitomala wa L2tpIpsecVpn
Pakadali pano, kasitomala amafunikanso kupangidwa kuchokera ku code source. Izi zimachitika pogwiritsa ntchito ndondomeko zotsatirazi:
sudo apt-get -y install git qt5-qmake qt5-default build-essential libctemplate-dev libltdl-dev
git clone "https://github.com/Sander80/l2tp-ipsec-vpn"
cd l2tp-ipsec-vpn
make -j4
sudo make installKukhazikitsa kasitomala wa L2tpIpsecVpn
Yambitsani kasitomala woyika:
Pambuyo poyambitsa, pulogalamu ya L2tpIpsecVPN iyenera kutsegulidwa. Dinani kumanja pa izo ndi kukonza kugwirizana:
Kuti tigwire ntchito ndi zizindikiro, choyamba, timasonyeza njira yopita ku injini ya OpenSSL ya injini ya OpenSSL ndi laibulale ya PKCS#11. Kuti muchite izi, tsegulani tabu "Zokonda" kuti musinthe magawo a openssl:
.
Tiyeni titseke zenera la zoikamo za OpenSSL ndikupita patsogolo ndikukhazikitsa netiweki. Tiyeni tiwonjezere netiweki yatsopano podina batani la Add... pagawo lokhazikitsira ndikulowetsa dzina la netiweki:
Pambuyo pake, netiweki iyi ipezeka mugawo lokhazikitsira. Dinani kumanja-kumanja pa netiweki yatsopano kuti muyikonze. Pa tabu yoyamba muyenera kupanga IPsec zoikamo. Tiyeni tiyike adilesi ya seva ndi kiyi yapagulu:
Pambuyo pake, pitani ku zoikamo za PPP ndikuwonetsa dzina la ogwiritsa ntchito lomwe tikufuna kulowa nawo pa intaneti:
Pambuyo pake, tsegulani tabu ya Properties ndikulongosola njira yopita ku kiyi, satifiketi ya kasitomala ndi CA:
Tiyeni titseke tabu iyi ndikuchita zosintha zomaliza; kuti muchite izi, tsegulani tabu ya "IP zoikamo" ndikusankha bokosi lomwe lili pafupi ndi "Pezani adilesi ya seva ya DNS yokha":
Izi zipangitsa kuti kasitomala alandire adilesi yake ya IP mkati mwa netiweki kuchokera pa seva.
Pambuyo pa zoikamo zonse, tsekani ma tabo onse ndikuyambitsanso kasitomala:
Kulumikiza ndi netiweki
Pambuyo pazikhazikiko, mutha kulumikizana ndi netiweki. Kuti muchite izi, tsegulani tabu ya applet ndikusankha netiweki yomwe tikufuna kulumikizana nayo:
Pakukhazikitsa kulumikizana, kasitomala adzatifunsa kuti tilowetse nambala ya PIN ya Rutoken:
Ngati chidziwitso chikuwoneka mu bar yolumikizira kuti kulumikizana kwakhazikitsidwa bwino, zikutanthauza kuti kukhazikitsidwako kwapambana:
Apo ayi, ndi bwino kulingalira chifukwa chake kugwirizana sikunakhazikitsidwe. Kuti muchite izi, muyenera kuyang'ana chipika cha pulogalamuyo posankha lamulo la "Connection Information" mu applet:
Kukhazikitsa Windows kasitomala
Kukhazikitsa kasitomala pa Windows ndikosavuta kuposa pa Linux, chifukwa ... Mapulogalamu onse ofunikira amamangidwa kale mu dongosolo.
Kukonzekera Kwadongosolo
Tikhazikitsa madalaivala onse ofunikira kuti tigwire ntchito ndi Rutokens powatsitsa kuchokera .
Kulowetsa chiphaso cha mizu kuti chitsimikizidwe
Tsitsani satifiketi ya mizu ya seva ndikuyiyika padongosolo. Kuti muchite izi, tsegulani ndipo pazenera lomwe limatseguka, sankhani njira ya "Ikani satifiketi":
Pazenera lomwe limatsegulidwa, sankhani kukhazikitsa satifiketi ya wogwiritsa ntchito kwanuko. Ngati mukufuna kuti satifiketi ipezeke kwa onse ogwiritsa ntchito pakompyuta, ndiye kuti musankhe kukhazikitsa satifiketiyo pakompyuta yanu:
Tiyeni tiyike satifiketi mu sitolo ya satifiketi yodalirika ya CA:
Pambuyo pazochitika zonsezi, timagwirizana ndi mfundo zina zonse. Dongosololi tsopano lakonzedwa.
Kupanga kulumikizana kwa VPN
Kuti mukhazikitse kulumikizana kwa VPN, pitani kugawo lowongolera ndikusankha njira yopangira kulumikizana kwatsopano.
Pazenera la pop-up, sankhani njira yopangira kulumikizana kuti mulumikizane ndi malo anu antchito:
Pazenera lotsatira, sankhani kulumikizana kwa VPN:
ndipo lowetsani zambiri za kulumikizana kwa VPN, ndikutchulanso mwayi wogwiritsa ntchito khadi lanzeru:
Kukhazikitsa sikunathe. Chotsalira ndikutchula kiyi yogawana ya protocol ya IPsec; kuti muchite izi, pitani ku tabu ya "Network Connection Settings" ndiyeno pitani ku tabu ya "Properties for this connection":
Pazenera lomwe limatsegulidwa, pitani ku tabu ya "Security", tchulani "L2TP/IPsec Network" monga mtundu wa netiweki ndikusankha "Zosintha Zapamwamba":
Pazenera lomwe limatsegulidwa, tchulani kiyi yogawana ya IPsec:
Kulumikizana
Mukamaliza kukhazikitsa, mutha kuyesa kulumikizana ndi netiweki:
Panthawi yolumikizana, tidzafunika kuyika nambala ya PIN:
Takhazikitsa maukonde otetezedwa a VPN ndikuwonetsetsa kuti sizovuta.
Zothokoza
Ndikufuna kuthokozanso anzathu Vasily Shokov ndi Alexander Smirnov chifukwa cha ntchito yomwe achitira limodzi kuti achepetse kupanga ma VPN kwa makasitomala a Linux.
Source: www.habr.com