Nkhaniyi ikufotokoza kukhazikitsa seva ya OpenVPN kuti iwonetsetse kutsimikizika kwazinthu ziwiri ndi Telegraph bot yomwe itumiza pempho lotsimikizira mukalumikizidwa.
OpenVPN ndi seva yodziwika bwino, yaulere, yotseguka ya VPN yomwe imagwiritsidwa ntchito kwambiri kukonza zotetezedwa za ogwira ntchito kuzinthu zamkati zabungwe.
Monga chitsimikiziro cholumikizira ku seva ya VPN, kuphatikiza kiyi ndi kulowa / mawu achinsinsi nthawi zambiri amagwiritsidwa ntchito. Pa nthawi yomweyi, mawu achinsinsi omwe amasungidwa pa kasitomala amatembenuza seti yonse kukhala chinthu chimodzi chomwe sichimapereka chitetezo choyenera. Wowukira, atapeza mwayi pakompyuta yamakasitomala, amapezanso seva ya VPN. Izi ndizowona makamaka pamalumikizidwe ochokera pamakina omwe ali ndi Windows.
Kugwiritsa ntchito chinthu chachiwiri kumachepetsa chiopsezo cha mwayi wosaloledwa ndi 99% ndipo sikusokoneza njira yolumikizira kwa ogwiritsa ntchito konse.
Ndiroleni ndikusungitseni nthawi yomweyo: kuti mugwiritse ntchito muyenera kulumikiza seva yotsimikizira ya chipani chachitatu multifactor.ru, momwe mungagwiritsire ntchito mtengo waulere pazosowa zanu.
Momwe ntchito
- OpenVPN imagwiritsa ntchito pulogalamu yowonjezera ya openvpn-plugin-auth-pam kutsimikizira
- Pulagi imayang'ana mawu achinsinsi a wogwiritsa ntchito pa seva ndikupempha chinthu chachiwiri kudzera pa protocol ya RADIUS mu Multifactor service.
- Multifactor imatumiza uthenga kwa wogwiritsa ntchito kudzera pa Telegraph bot yotsimikizira kupezeka
- Wogwiritsa amatsimikizira pempho lofikira mu Telegraph chat ndikulumikizana ndi VPN
Kuyika seva ya OpenVPN
Pali zolemba zambiri pa intaneti zofotokozera momwe mungakhazikitsire ndikusintha OpenVPN, kotero sitidzazibwereza. Ngati mukufuna thandizo, pali maulalo angapo ophunzirira kumapeto kwa nkhaniyi.
Kupanga Multifactor
Pitani ku , pitani ku gawo la "Zothandizira" ndikupanga VPN yatsopano.
Mukapangidwa, mudzakhala ndi njira ziwiri zomwe mungasankhe: NAS-Identifier ΠΈ Chinsinsi Chogawana, adzafunika kusinthidwa kotsatira.
Mu gawo la "Magulu", pitani ku zoikamo za gulu la "Ogwiritsa onse" ndikuchotsa mbendera ya "Zonse zothandizira" kuti ogwiritsa ntchito gulu linalake agwirizane ndi seva ya VPN.
Pangani gulu latsopano "ogwiritsa ntchito VPN", zimitsani njira zonse zotsimikizira kupatula Telegalamu ndikuwonetsa kuti ogwiritsa ntchito ali ndi mwayi wogwiritsa ntchito VPN yomwe idapangidwa.
Mu gawo la "Ogwiritsa", pangani ogwiritsa ntchito omwe adzakhale ndi mwayi wopeza VPN, onjezani ku gulu la "ogwiritsa ntchito VPN" ndikuwatumizira ulalo kuti akonzenso chinthu chachiwiri chotsimikizika. Kulowa kwa wosuta kuyenera kufanana ndi kulowa kwa seva ya VPN.
Kukhazikitsa seva ya OpenVPN
Tsegulani fayilo /etc/openvpn/server.conf ndikuwonjezera pulogalamu yowonjezera kuti mutsimikizire pogwiritsa ntchito gawo la PAM
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpnPulogalamu yowonjezera ikhoza kupezeka m'ndandanda /usr/lib/openvpn/mapulagini/ kapena /usr/lib64/openvpn/plugins/ kutengera dongosolo lanu.
Kenako muyenera kukhazikitsa pam_radius_auth module
$ sudo yum install pam_radiusTsegulani fayilo kuti musinthe /etc/pam_radius.conf ndipo tchulani adilesi ya seva ya RADIUS ya Multifactor
radius.multifactor.ru shared_secret 40kumene:
- radius.multifactor.ru - adilesi ya seva
- shared_secret - koperani kuchokera pazikhazikiko zofananira za VPN
- Masekondi 40 - kutha kwa nthawi yodikirira pempho lokhala ndi malire akulu
Ma seva otsalawo ayenera kuchotsedwa kapena kuperekedwa ndemanga (ikani semicolon kumayambiriro)
Kenako, pangani fayilo ya mtundu wa service openvpn
$ sudo vi /etc/pam.d/openvpnndi kulembamo
auth required pam_radius_auth.so skip_passwd client_id=[NAS-IDentifier]
auth substack password-auth
account substack password-authMzere woyamba umalumikiza gawo la PAM pam_radius_auth ndi magawo:
- skip_passwd - imalepheretsa kutumiza achinsinsi kwa wogwiritsa ntchito RADIUS Multifactor seva (safunikira kudziwa).
- client_id - sinthani [NAS-Identifier] ndi gawo lofananira kuchokera pazokonda za VPN.
Ma parameter onse omwe angathe kufotokozedwa mu .
Mzere wachiwiri ndi wachitatu umaphatikizapo kutsimikizira kwa malowedwe, mawu achinsinsi ndi ufulu wa ogwiritsa ntchito pa seva yanu pamodzi ndi chinthu chachiwiri chotsimikizira.
Yambitsaninso OpenVPN
$ sudo systemctl restart openvpn@serverKukonzekera kwa kasitomala
Phatikizani pempho lolowera ndi mawu achinsinsi mufayilo yosinthira kasitomala
auth-user-passkuyendera
Tsegulani kasitomala wa OpenVPN, kulumikizana ndi seva, lowetsani dzina lanu lolowera ndi mawu achinsinsi. Telegraph bot itumiza pempho lofikira ndi mabatani awiri
Batani limodzi limalola kulowa, lachiwiri limatchinga.
Tsopano mutha kusunga mawu anu achinsinsi pa kasitomala; chachiwiri chidzateteza seva yanu ya OpenVPN mosavomerezeka.
Ngati chinachake sichigwira ntchito
Onetsetsani kuti simunaphonye chilichonse:
- Pali wosuta pa seva ndi OpenVPN yokhala ndi mawu achinsinsi
- Seva ili ndi mwayi kudzera pa doko la UDP 1812 kupita ku adilesi radius.multifactor.ru
- Magawo a NAS-Identifier ndi Shared Secret amatchulidwa molondola
- Wogwiritsa ntchito kulowa komweko adapangidwa mu Multifactor system ndipo wapatsidwa mwayi wopita ku gulu la ogwiritsa ntchito VPN
- Wogwiritsa wakonza njira yotsimikizira kudzera pa Telegraph
Ngati simunakhazikitse OpenVPN kale, werengani .
Malangizowa amapangidwa ndi zitsanzo pa CentOS 7.
Source: www.habr.com