Mataupu
Talu ai nei lava, e toʻatele e leʻi iloa pe faʻapefea le galue mai le fale. O le faʻamaʻi ua matua suia ai le tulaga i le lalolagi; ua amata ona faʻafetaui tagata uma i tulaga o loʻo i ai nei, e pei o le mea moni ua matua le saogalemu le alu ese mai le fale. Ma o le toʻatele na tatau ona vave faʻatulagaina galuega mai le fale mo a latou tagata faigaluega.
Ae ui i lea, o le le lava o se auala agavaa i le filifilia o fofo mo galuega mamao e mafai ona oʻo atu ai i le le toe faʻaaogaina. E mafai ona gaoia upu fa'aoga a le tagata, ma o le a mafai ai e le tagata osofa'i ona feso'ota'i ma le le pulea i le feso'otaiga ma punaoa IT a le atina'e.
O le mafuaʻaga lea ua faʻateleina ai le manaʻoga mo le fausiaina o fesoʻotaʻiga VPN faʻalagolago. O le a ou ta'u atu ia te oe faatuatuaina, безопасной и faigofie i le faʻaaogaina o se VPN network.
E galue e tusa ai ma le polokalame IPsec / L2TP, lea e faʻaogaina ai ki e le mafai ona toe maua mai ma tusi faamaonia o loʻo teuina i luga o faʻailoga e faʻamaonia ai tagata faʻatau, ma tuʻuina atu faʻamatalaga i luga o le upega tafaʻilagi i faʻailoga faʻailoga.
O se 'auʻaunaga ma CentOS 7 (tuatusi: centos.vpn.server.ad) ma se tagata faʻatau ma Ubuntu 20.04, faʻapea foʻi ma se tagata faʻatau ma Windows 10, na faʻaaogaina e avea ma faʻataʻitaʻiga e tu mo le faʻatulagaina.
Faʻamatalaga Faʻamatalaga
O le a galue le VPN e tusa ai ma le polokalame IPSec + L2TP + PPP. Polokalama Polokalama Fa'ailoga-i-Point (PPP) o lo'o fa'agaoioia i le fa'asologa o feso'ota'iga fa'amaumauga o le fa'ata'ita'iga OSI ma tu'uina atu le fa'amaoniga a le tagata fa'aoga ma le fa'ailoga o fa'amatalaga tu'uina atu. O ana faʻamatalaga o loʻo faʻapipiʻiina i faʻamatalaga o le L2TP protocol, lea e mautinoa moni ai le fatuina o se fesoʻotaʻiga i le VPN network, ae le tuʻuina atu le faʻamaoniga ma le faʻailoga.
L2TP faʻamaumauga o loʻo faʻapipiʻiina i le IPSec, lea e tuʻuina atu ai foʻi le faʻamaonia ma le faʻamalamalamaga, ae le pei o le PPP, faʻamaonia ma faʻamalamalamaga e tupu i le tulaga o le masini, ae le o le faʻaogaina.
O lenei vaega e mafai ai e oe ona faʻamaonia tagata faʻaoga naʻo nisi masini. O le a matou faʻaogaina le IPSec protocol e pei ona i ai ma faʻatagaina le faʻamaoniaina o tagata mai soʻo se masini.
O le faʻamaoniga a le tagata faʻaoga e faʻaaoga ai kata atamai o le a faia i le PPP protocol level e faʻaaoga ai le EAP-TLS protocol.
E mafai ona maua nisi faʻamatalaga auiliili e uiga i le faʻaogaina o lenei matagaluega i totonu .
Aisea e ausia ai e lenei polokalame mana'oga uma e tolu o se feso'otaiga VPN lelei?
- O le faʻamaoni o lenei polokalame ua faʻataʻitaʻiina e le taimi. Ua faʻaaogaina e faʻapipiʻi ai fesoʻotaʻiga VPN talu mai le 2000.
- O le fa'amaoniaina o tagata fa'aoga saogalemu e tu'uina atu e le PPP protocol. e le maua ai se tulaga lelei o le saogalemu, aua Mo le faʻamaoni, i le tulaga sili ona lelei, faʻamaonia e faʻaaoga ai le saini ma le upega tafaʻilagi e faʻaaogaina. Matou te iloa uma lava e mafai ona vaʻavaʻai, mateina pe gaoia se upu faʻaulu. Ae ui i lea, mo se taimi umi i le taimi nei le atinaʻe в O lenei faʻasalalauga na faʻasaʻoina lenei mataupu ma faʻaopoopoina le mafai ona faʻaogaina faʻamaumauga e faʻavae i luga ole faʻailoga faʻailoga, e pei ole EAP-TLS, mo le faʻamaoni. E le gata i lea, na ia faʻaopoopoina le mafai ona faʻaogaina kata atamai mo le faʻamaoni, lea na sili atu ai le saogalemu o le faiga.
I le taimi nei, o loʻo faʻagasolo feutanaiga e tuʻufaʻatasia nei poloketi e lua ma e mafai ona e mautinoa e le o toe mamao pe mulimuli ane o le a tupu lenei mea. Mo se faʻataʻitaʻiga, o se faʻasologa o le PPP sa i totonu o le Fedora repositories mo se taimi umi, faʻaaogaina faʻamaumauga malupuipuia mo le faʻamaoni. - Seia oʻo mai talu ai nei, o lenei fesoʻotaʻiga e mafai ona faʻaaogaina e tagata faʻaoga Windows, ae o matou uo mai le Moscow State University Vasily Shokov ma Alexander Smirnov na maua. ma suia. Faʻatasi, matou faʻapipiʻiina le tele o bug ma faʻaletonu i le galuega a le kalani, faʻafaigofie le faʻapipiʻiina ma le faʻatulagaina o le faiga, e tusa lava pe fausia mai le punavai. O le sili ona taua o latou:
- Fa'atonu fa'afitauli o feso'ota'iga a le tagata fa'atau tuai ma le fa'aogaina o lomiga fou o openssl ma qt.
- Aveese le pppd mai le pasiina o le PIN faʻailoga i se faila le tumau.
- Fa'amauina le sa'o fa'alauiloa ole polokalame ole talosaga mo upu fa'apolokalame e ala ile fa'aata fa'ata. Na faia lenei mea e ala i le faʻapipiʻiina o le siosiomaga saʻo mo le xl2tpd auaunaga.
- O le fausiaina o le L2tpIpsecVpn daemon o loʻo faʻatinoina nei faʻatasi ma le fausiaina o le kalani lava ia, lea e faʻafaigofie ai le fausiaina ma le faʻatulagaina o faiga.
- Mo le faigofie o le atinaʻe, o le Azure Pipelines system e fesoʻotaʻi e suʻe le saʻo o le fausiaina.
- Faʻaopoopo le mafai e faʻamalosia faʻalalo i le tulaga o openssl. E aoga lenei mo le lagolagoina saʻo o faiga faʻaogaina fou lea e seti ai le tulaga saogalemu tulaga i le 2, faʻatasi ai ma fesoʻotaʻiga VPN e faʻaogaina tusi faamaonia e le fetaui ma tulaga saogalemu o lenei tulaga. O lenei filifiliga o le a aoga mo le galulue ai ma fesoʻotaʻiga VPN tuai.
E mafai ona maua le fa'asa'oga i totonu .
E lagolagoina e lenei tagata o tausia le faʻaogaina o kata atamai mo le faʻamaoni, ma natia foʻi i le tele e mafai ai faigata ma faigata uma o le faʻatulagaina o lenei polokalame i lalo o Linux, faʻafaigofie ma vave le setiina o tagata.
O le mea moni, mo se fesoʻotaʻiga faigofie i le va o le PPP ma le GUI o loʻo faʻatau, e le mafai e aunoa ma ni faʻaopoopoga faʻaopoopo i poloketi taʻitasi, ae ui i lea na faʻaititia ma faʻaititia i se mea maualalo:
- Faʻaleleia
- Faʻaleleia . O lenei mea sese na le mafai ai ona matou utaina se mea mai le /etc/ppp/openssl.cnf configuration file vagana ai faʻamatalaga e uiga i masini openssl mo le galue i kata atamai, o se faʻalavelave matuia pe afai, mo se faʻataʻitaʻiga, faʻaopoopo i faʻamatalaga e uiga i afi, sa matou mananao e seti se isi mea. Mo se faʻataʻitaʻiga, faʻapipiʻi le tulaga saogalemu pe a faʻavaeina se fesoʻotaʻiga.
O lea e mafai ona e amata fa'atulaga.
Fa'atonu a le 'au'aunaga
Tatou fa'apipi'i uma afifi e mana'omia.
Fa'apipi'i le strongswan (IPsec)
Muamua, seʻi o tatou faʻatulagaina le pa puipui mo le faʻaogaina o le ipsec
sudo firewall-cmd --permanent --add-port=1701/{tcp,udp}
sudo firewall-cmd --permanent --add-service=ipsec
sudo firewall-cmd --reloadOna tatou amata faʻapipiʻi
sudo yum install epel-release ipsec-tools dnf
sudo dnf install strongswanA maeʻa faʻapipiʻi, e tatau ona e faʻapipiʻi le malosi (o se tasi o faʻatinoga IPSec). Ina ia faia lenei mea, faʻasaʻo le faila /etc/strongswan/ipsec.conf :
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=%any
leftprotoport=udp/1701
right=%any
rightprotoport=udp/%any
ike=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024
esp=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024O le a matou setiina foi se password login masani. O le upu fa'asoa fa'asoa e tatau ona iloa e tagata uma o feso'ota'iga mo le fa'amaoni. O lenei metotia e manino lava e le talitonuina, aua e mafai ona faigofie ona iloa lenei upu faataga i tagata taitoatasi tatou te le mananao e tuuina atu i ai le avanoa i le fesootaiga.
Ae ui i lea, e oʻo lava i lenei mea moni o le a le afaina ai le saogalemu o le fesoʻotaʻiga, aua Fa'amaufa'ailoga fa'amaumauga autu ma fa'amaoniga fa'aoga e fa'atinoina e le PPP protocol. Ae i le saʻo, e taua le matauina o le strongswan e lagolagoina tekinolosi sili atu ona malupuipuia mo le faʻamaoni, mo se faʻataʻitaʻiga, faʻaaogaina ki patino. E iai foʻi le malosi o Strongswan e tuʻuina atu ai faʻamaoniga e faʻaaoga ai kata atamai, ae o le taimi nei e naʻo se faʻatapulaʻaina o masini e lagolagoina ma o le mea lea o le faʻamaoni e faʻaaoga ai faʻailoga Rutoken ma kata atamai e faigata pea. Tatou seti se upu faataga lautele e ala i le faila /etc/strongswan/ipsec.secrets:
# ipsec.secrets - strongSwan IPsec secrets file
%any %any : PSK "SECRET_PASSPHRASE"Tatou toe amata le strongswan:
sudo systemctl enable strongswan
sudo systemctl restart strongswanFa'apipi'i le xl2tp
sudo dnf install xl2tpdTatou fetuutuunai e ala i le faila /etc/xl2tpd/xl2tpd.conf:
[global]
force userspace = yes
listen-addr = 0.0.0.0
ipsec saref = yes
[lns default]
exclusive = no
; определяет статический адрес сервера в виртуальной сети
local ip = 100.10.10.1
; задает диапазон виртуальных адресов
ip range = 100.10.10.1-100.10.10.254
assign ip = yes
refuse pap = yes
require authentication = yes
; данную опцию можно отключить после успешной настройки сети
ppp debug = yes
length bit = yes
pppoptfile = /etc/ppp/options.xl2tpd
; указывает адрес сервера в сети
name = centos.vpn.server.adTatou toe amata le auaunaga:
sudo systemctl enable xl2tpd
sudo systemctl restart xl2tpdFa'atonu PPP
E fautuaina e faʻapipiʻi le lomiga lata mai o le pppd. Ina ia faia lenei mea, faʻatino le faʻasologa o poloaiga:
sudo yum install git make gcc openssl-devel
git clone "https://github.com/jjkeijser/ppp"
cd ppp
./configure --prefix /usr
make -j4
sudo make installTusi i faila /etc/ppp/options.xl2tpd mea nei (pe a iai ni mea taua iina, e mafai ona e tapeina):
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
ms-dns 1.1.1.1
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000Matou te tuʻuina atu le root certificate ma le server certificate:
#директория с сертификатами пользователей, УЦ и сервера
sudo mkdir /etc/ppp/certs
#директория с закрытыми ключами сервера и УЦ
sudo mkdir /etc/ppp/keys
#запрещаем любой доступ к этой дирректории кроме администатора
sudo chmod 0600 /etc/ppp/keys/
#генерируем ключ и выписываем сертификат УЦ
sudo openssl genrsa -out /etc/ppp/keys/ca.pem 2048
sudo openssl req -key /etc/ppp/keys/ca.pem -new -x509 -out /etc/ppp/certs/ca.pem -subj "/C=RU/CN=L2TP CA"
#генерируем ключ и выписываем сертификат сервера
sudo openssl genrsa -out /etc/ppp/keys/server.pem 2048
sudo openssl req -new -out server.req -key /etc/ppp/keys/server.pem -subj "/C=RU/CN=centos.vpn.server.ad"
sudo openssl x509 -req -in server.req -CAkey /etc/ppp/keys/ca.pem -CA /etc/ppp/certs/ca.pem -out /etc/ppp/certs/server.pem -CAcreateserialO le mea lea, ua maeʻa matou i le seti faʻapipiʻi autu. O le isi vaega o le fa'atulagaina o le 'au'aunaga e aofia ai le fa'aopoopoina o tagata fou.
Fa'aopoopoina se kalani fou
Ina ia fa'aopoopo se kalani fou i le feso'ota'iga, e tatau ona e fa'aopoopoina lana tusi fa'amaonia i le lisi o tagata fa'atuatuaina mo lenei kalani.
Afai e manaʻo se tagata faʻaoga e avea ma sui o se VPN network, na te fatuina se paga autu ma se tusi tusi talosaga mo lenei tagata faʻatau. Afai e faʻatuatuaina le tagata faʻaoga, ona mafai lea ona sainia lenei talosaga, ma e mafai ona tusi le tusi faamaonia i le tusi tusi tusi:
sudo openssl x509 -req -in client.req -CAkey /etc/ppp/keys/ca.pem -CA /etc/ppp/certs/ca.pem -out /etc/ppp/certs/client.pem -CAcreateserialSe'i o tatou fa'aopoopoina se laina i le faila /etc/ppp/eaptls-server e fetaui ma le igoa ole tagata o tausia ma lona tusi faamaonia:
"client" * /etc/ppp/certs/client.pem /etc/ppp/certs/server.pem /etc/ppp/certs/ca.pem /etc/ppp/keys/server.pem *FAAMATALAGA
Ina ia aloese mai le fenumiai, e sili atu le: Igoa masani, igoa faila faila ma le igoa o le tagata e tulaga ese.
E taua foi le siakiina o le igoa o le tagata faʻaoga matou te faʻaopoopoina e le o iai i soo se mea i isi faila faʻamaonia, a leai o le ai ai faʻafitauli i le auala e faʻamaonia ai le tagata faʻaoga.
O le tusi faamaonia lava e tasi e tatau ona toe faafoi atu i le tagata faʻaoga.
Fausiaina o se paga autu ma se tusi faamaonia
Mo fa'amaoniga manuia, e tatau i le kalani:
- faia se paga autu;
- maua se tusi faamaonia a'a CA;
- maua se tusi faamaonia mo lau paga autu saini e le root CA.
mo tagata o tausia ile Linux
Muamua, se'i o tatou faia se paga autu i luga o le faailoga ma fai se talosaga mo le tusi faamaonia:
#идентификатор ключа (параметр --id) можно заменить на любой другой.
pkcs11-tool --module /usr/lib/librtpkcs11ecp.so --keypairgen --key-type rsa:2048 -l --id 45
openssl
OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:librtpkcs11ecp.so
...
OpenSSL> req -engine pkcs11 -new -key 45 -keyform engine -out client.req -subj "/C=RU/CN=client"Auina atu le talosaga client.req e aliali mai ile CA. O le taimi lava e te maua ai se tusi faamaonia mo lau paga ki, tusi i se faailoga e tutusa id ma le ki:
pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -l -y cert -w ./client.pem --id 45mo Windows ma Linux tagata fa'atau (sili atu auala lautele)
O lenei metotia e sili atu ona lautele, aua fa'atagaina oe e fa'atupuina se ki ma se tusi fa'amaonia o le a fa'ailoaina ma le manuia e tagata fa'aoga Windows ma Linux, ae mana'omia se masini Windows e fa'atino ai le fa'agasologa autu o le fa'atupuina.
Aʻo leʻi faia ni talosaga ma faʻaulufale mai tusi pasi, e tatau ona e faʻaopoopoina le aʻa o le VPN network i le lisi o tagata faʻatuatuaina. Ina ia faia lenei mea, tatala ma i le faamalama e matala, filifili le "Install certificate" filifiliga:
I le faamalama e matala, filifili le faʻapipiʻiina o se tusi faamaonia mo le tagata faʻaoga i le lotoifale:
Se'i o tatou fa'apipi'i le tusipasi i le faleoloa fa'atuatuaina a'a a le CA:
A maeʻa nei gaioiga uma, matou te malilie i isi manatu uma. Ua fa'atulaga nei le faiga.
Sei o tatou fatuina se faila cert.tmp ma mea nei:
[NewRequest]
Subject = "CN=client"
KeyLength = 2048
KeySpec = "AT_KEYEXCHANGE"
ProviderName = "Microsoft Base Smart Card Crypto Provider"
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"
KeyUsageProperty = "NCRYPT_ALLOW_DECRYPT_FLAG"
RequestType = PKCS10
SMIME = FALSEA maeʻa lenei, o le a matou fatuina se paga autu ma faia se talosaga mo le tusi faamaonia. Ina ia faia lenei mea, tatala le powershell ma ulufale i le poloaiga lenei:
certreq.exe -new -pin $PIN .cert.tmp .client.reqAuina atu le client.req talosaga na faia i lau CA ma fa'atali mo le mauaina o le tusipasi client.pem. E mafai ona tusia i se faʻailoga ma faʻaopoopo i le faleoloa tusi faamaonia a Windows e faʻaaoga ai le poloaiga lenei:
certreq.exe -accept .client.pemE taua le maitauina e mafai ona toe faʻaleleia gaioiga faʻapena e faʻaaoga ai le faʻataʻitaʻiga faʻataʻitaʻi o le polokalame mmc, ae o lenei metotia e sili atu le taimi ma faʻaitiitia le faʻaogaina.
Fa'atulaga le tagata fa'atau Ubuntu
FAAMATALAGA
O le faʻatulagaina o se tagata faʻatau i luga o Linux o loʻo alu i le taimi nei, aua ... mana'omia le fausiaina o polokalame eseese mai le puna. O le a matou taumafai e faʻamautinoa o loʻo aofia uma suiga i totonu o faleteuoloa aloaia i se taimi lata mai.
Ina ia mautinoa le fesoʻotaʻiga i le tulaga IPSec i le 'auʻaunaga, o loʻo faʻaaogaina le pusa malosi ma le xl2tp daemon. Ina ia faʻafaigofie le fesoʻotaʻi i le fesoʻotaʻiga e faʻaaoga ai kata atamai, o le a matou faʻaogaina le l2tp-ipsec-vpn afifi, lea e maua ai se atigi faʻataʻitaʻi mo le faʻapipiʻiina o fesoʻotaʻiga faigofie.
Sei o tatou amata faʻapipiʻi elemene i lea laʻasaga, ae muamua o le a tatou faʻapipiʻi uma pusa talafeagai mo le VPN e galue saʻo:
sudo apt-get install xl2tpd strongswan libp11-3Fa'apipi'i polokalame mo le galue ma fa'ailoga
Fa'apipi'i le faletusi librtpkcs11ecp.so lata mai mai , ma faletusi mo le galue i kata atamai:
sudo apt-get install pcscd pcsc-tools opensc libengine-pkcs11-opensslFaʻafesoʻotaʻi Rutoken ma siaki o loʻo iloa e le faiga:
pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -O -lFa'apipi'i ppp
sudo apt-get -y install git make gcc libssl-dev
git clone "https://github.com/jjkeijser/ppp"
cd ppp
./configure --prefix /usr
make -j4
sudo make installFa'apipi'i le tagata fa'atau L2tpIpsecVpn
I le taimi nei, e manaʻomia foʻi e le kalani le tuʻufaʻatasia mai le code source. E faia lenei mea e faʻaaoga ai le faʻasologa o poloaiga:
sudo apt-get -y install git qt5-qmake qt5-default build-essential libctemplate-dev libltdl-dev
git clone "https://github.com/Sander80/l2tp-ipsec-vpn"
cd l2tp-ipsec-vpn
make -j4
sudo make installFa'atulaga le L2tpIpsecVpn client
Tatala le tagata fa'apipi'i:
A maeʻa le faʻalauiloaina, e tatau ona tatala le applet L2tpIpsecVPN. Kiliki-matau i luga ma fetuutuunai le sootaga:
Ina ia galue i faʻailoga, muamua lava, matou te faʻaalia le ala i le afi tatala o le OpenSSL engine ma le faletusi PKCS #11. Ina ia faia lenei mea, tatala le "Preferences" tab e faʻapipiʻi ai laina tatala openssl:
.
Tatou tapuni le fa'amalama fa'atulagaina o le OpenSSL ma aga'i atu i le setiina o feso'ota'iga. Se'i o tatou fa'aopoopoina se feso'otaiga fou e ala i le kiliki i le Add... button i le fa'atulagaina o le laulau ma ulufale i le igoa feso'ota'iga:
A maeʻa lenei mea, o le a maua lenei fesoʻotaʻiga i le laulau faʻatulagaina. Fa'alua-matau-kiliki i luga o le feso'otaiga fou e fa'atulaga ai. I luga o le laupepa muamua e te manaʻomia le faia o faʻatulagaga IPsec. Sei o tatou seti le tuatusi server ma le ki lautele:
A maeʻa lenei, alu i le PPP settings tab ma faʻaalia iina le igoa o le tagata faʻaoga lea tatou te manaʻo e maua ai le fesoʻotaʻiga:
A maeʻa lea, tatala le Properties tab ma faʻamaonia le ala i le ki, tusi faamaonia a le tagata o tausia ma le CA:
Sei o tatou tapuni lenei laupepa ma faia tulaga mulimuli; ia faia lenei mea, tatala le "IP settings" tab ma siaki le pusa i tafatafa o le "Otometi le mauaina o le tuatusi DNS server" filifiliga:
O lenei filifiliga o le a mafai ai e le kalani ona maua se tuatusi IP patino i totonu o le upega tafailagi mai le server.
A maeʻa faʻatulagaga uma, tapuni uma laupepa ma toe amata le kalani:
Fesoʻotaʻi i le upega tafailagi
A maeʻa faʻatulagaga, e mafai ona e faʻafesoʻotaʻi i le fesoʻotaʻiga. Ina ia faia lenei mea, tatala le applet tab ma filifili le fesoʻotaʻiga matou te manaʻo e faʻafesoʻotaʻi ai:
I le faagasologa o le faʻavaeina o fesoʻotaʻiga, o le a fai mai le kalani matou te ulufale i le Rutoken PIN code:
Afai e aliali mai se faʻamatalaga i le tulaga o le fesoʻotaʻiga ua faʻamautuina lelei, o lona uiga na manuia le seti:
A leai, e aoga le suʻeina pe aisea na le faʻavaeina ai le fesoʻotaʻiga. Ina ia faia lenei mea, e tatau ona e vaʻai i le log log e ala i le filifilia o le "Faʻamatalaga fesoʻotaʻiga" poloaiga i le applet:
Fa'atulaga le Windows client
O le setiina o se tagata o tausia i luga o Windows e sili atu ona faigofie nai lo Linux, aua... O polokalama uma e mana'omia ua uma ona fausia i totonu o le polokalama.
Seti faiga
Matou te faʻapipiʻi uma avetaʻavale talafeagai mo le galulue faʻatasi ma Rutokens e ala i le siiina mai .
Fa'aulufaleina mai o se tusi a'a mo le fa'amaoni
Sii mai le tusi faamaonia a'a server ma faapipii i luga o le faiga. Ina ia faia lenei mea, tatala ma i le faamalama e matala, filifili le "Install certificate" filifiliga:
I le faamalama e matala, filifili le faʻapipiʻiina o se tusi faamaonia mo le tagata faʻaoga i le lotoifale. Afai e te manaʻo e avanoa le tusi faamaonia i tagata uma i luga o le komepiuta, e tatau ona e filifili e faʻapipiʻi le tusi faamaonia i luga o le komepiuta i le lotoifale:
Se'i o tatou fa'apipi'i le tusipasi i le faleoloa fa'atuatuaina a'a a le CA:
A maeʻa nei gaioiga uma, matou te malilie i isi manatu uma. Ua fa'atulaga nei le faiga.
Fa'atulaga se feso'ota'iga VPN
Ina ia setiina se fesoʻotaʻiga VPN, alu i le laulau faʻatonutonu ma filifili le filifiliga e fai ai se fesoʻotaʻiga fou.
I le faʻamalama pop-up, filifili le filifiliga e fai ai se fesoʻotaʻiga e faʻafesoʻotaʻi i lau fale faigaluega:
I le isi faamalama, filifili se VPN sootaga:
ma ulufale i faʻamatalaga fesoʻotaʻiga VPN, ma faʻamaonia foi le filifiliga e faʻaaoga ai se kata atamai:
E le'i mae'a le seti. Pau lava le mea o loʻo totoe o le faʻamaonia lea o le ki fefaʻasoaaʻi mo le IPsec protocol; e fai lenei mea, alu i le "Network connection settings" tab ona alu lea i le "Properties for this connection" tab:
I le faʻamalama e matala, alu i le "Security" tab, faʻamaonia "L2TP/IPsec Network" e pei o le ituaiga fesoʻotaʻiga ma filifili "Advanced Settings":
I le faamalama e matala, faʻamaonia le faʻasoa IPsec ki:
Подключение
A mae'a le seti, e mafai ona e taumafai e fa'afeso'ota'i ile feso'otaiga:
I le faagasologa o fesoʻotaʻiga, o le a manaʻomia ona matou ulufale i le faʻailoga PIN code:
Ua matou setiina se VPN saogalemu ma faʻamautinoa e le faigata.
Faʻafetai
Ou te toe faʻafetai atu ia matou uo Vasily Shokov ma Alexander Smirnov mo le galuega na latou faia faʻatasi e faʻafaigofie ai le fausiaina o fesoʻotaʻiga VPN mo tagata Linux.
puna: www.habr.com