ProHoster > Blog > Utongi > Bhuku "Linux in Action"

Bhuku "Linux in Action"

Bhuku "Linux in Action" Mhoroi, vagari veKhabro! Mubhuku, David Clinton anotsanangura mapurojekiti gumi nemaviri ehupenyu chaihwo, anosanganisira otomatiki yako backup uye yekudzoreredza sisitimu, kumisikidza Dropbox-maitiro ega faira gore, uye kugadzira yako wega MediaWiki server. Iwe unozoongorora virtualization, kudzoreredza njodzi, chengetedzo, backup, DevOps, uye system kugadzirisa kuburikidza inonakidza nyaya zvidzidzo. Chitsauko chega chega chinopera nekudzokorora kweakanakisa maitiro, dudziro yematemu matsva, uye maekisesaizi.

Chidimbu "10.1. Kugadzira mugero weOpenVPN"

Ndakatotaura zvakawanda nezve encryption mubhuku rino. SSH neSCP inogona kuchengetedza data inotamiswa pamusoro pekubatanidza kure (Chitsauko 3), encryption yefaira inogona kuchengetedza data ichichengetwa paseva (Chitsauko 8), uye zvitupa zveTLS/SSL zvinogona kuchengetedza data inotamiswa pakati pesaiti uye vatengi mabhurawuza (Chitsauko 9) . Asi dzimwe nguva data rako rinoda kuchengetedzwa mukati mehupamhi hwakawanda hwekubatanidza. Semuenzaniso, pamwe dzimwe nhengo dzechikwata chako dzinoshanda mumugwagwa uchibatanidza kuWi-Fi kuburikidza neveruzhinji hotspots. Iwe haufanirwe kufunga kuti ese akadai mapoinzi akachengeteka, asi vanhu vako vanoda nzira yekubatanidza kune zviwanikwa zvekambani-uye ndipo panogona kubatsira VPN.

Yakanyatsogadzirirwa VPN tunnel inopa hukama hwakananga pakati pevatengi vari kure uye sevha nenzira inovanza data sezvainofamba pamusoro pe network isina kuchengeteka. Saka manje? Iwe watoona akawanda maturusi anogona kuita izvi ne encryption. Iko kukosha chaiko kweVPN ndeyekuti nekuvhura mugero, unogona kubatanidza ma network ari kure sekunge ese ari emo. Neimwe nzira, uri kushandisa nzira yokunzvenga napo.

Uchishandisa iyi network yakawedzerwa, vatariri vanogona kuita basa ravo pamaseva avo kubva chero kupi. Asi zvinonyanya kukosha, kambani ine zviwanikwa zvakapararira munzvimbo dzakawanda inogona kuita kuti zvese zvionekwe uye zviwanikwe kumapoka ese anoada, chero kwaanenge ari (Mufananidzo 10.1).

Iyo tunnel pachayo haivimbisi chengetedzo. Asi imwe yeencryption miyero inogona kuverengerwa mune network dhizaini, iyo inowedzera zvakanyanya mwero wekuchengetedza. Tunnels dzakagadzirwa uchishandisa yakavhurika sosi OpenVPN package inoshandisa yakafanana TLS/SSL encryption yawakatoverenga nezvayo. OpenVPN haisiriyo yega tunneling sarudzo iripo, asi ndeimwe yeanonyanya kuzivikanwa. Inofungidzirwa kuti inokurumidza kukurumidza uye yakachengeteka kupfuura imwe Layer 2 tunnel protocol inoshandisa IPsec encryption.

Iwe unoda kuti munhu wese ari muchikwata chako ataurirane zvakachengeteka mumwe nemumwe ari munzira kana kushanda muzvivakwa zvakasiyana? Kuti uite izvi, iwe unofanirwa kugadzira iyo OpenVPN sevha yekubvumidza kugovera application uye kuwana kune server yemunharaunda network nharaunda. Kuti izvi zvishande, zvese zvaunofanirwa kuita kumhanyisa michina miviri kana midziyo miviri: imwe kuita sevhavha/mugamuchiri uye imwe kuita semutengi. Kuvaka VPN haisi nzira yakapusa, saka ingangove yakakosha kutora maminetsi mashoma kuti utore mufananidzo mukuru mupfungwa.

Bhuku "Linux in Action"

10.1.1. OpenVPN Server Configuration

Usati watanga, ndinokupa mazano anobatsira. Kana iwe uchizozviita wega (uye ini ndinokukurudzira kuti uite), ungangozozviwana uchishanda neakawanda terminal windows yakavhurika paDesktop yako, imwe neimwe yakabatana kune imwe muchina. Pane ngozi yokuti pane imwe nguva iwe uchapinza murairo usiri muhwindo. Kuti udzivise izvi, unogona kushandisa iyo hostname command kushandura zita remuchina rinoratidzwa pamutsetse wekuraira kune chimwe chinhu chinokuudza zvakajeka kwauri. Kana uchinge waita izvi, iwe uchafanirwa kubuda kunze kwevhavha uye dzokera kumashure kuti zvigadziriso zvitsva zvitange kushanda. Izvi ndizvo zvazvinoita:

Bhuku "Linux in Action"
Nekutevera nzira iyi uye nekupa mazita akakodzera kune yega yega yemuchina waunoshanda nawo, unogona kuchengeta nyore nyore kwauri.

Mushure mekushandisa zita remuenzi, unogona kusangana nekugumbura Kutadza Kugadzirisa Host OpenVPN-Server mameseji paunenge uchiita inotevera mirairo. Kugadziridza iyo /etc/hosts faira ine rakakodzera nyowani hostname inofanira kugadzirisa nyaya.

Kugadzirira sevha yako yeOpenVPN

Kuti uise OpenVPN pane server yako, unoda mapakeji maviri: openvpn uye nyore-rsa (kubata iyo encryption kiyi yechizvarwa maitiro). Vashandi veCentOS vanofanira kutanga vaise epel-release repository kana zvichidiwa, sezvawakaita muChitsauko 2. Kuti ukwanise kuedza kupinda kune server server, unogonawo kuisa Apache web server (apache2 paUbuntu uye httpd paCentOS).

Paunenge uchigadzira sevha yako, ini ndinokurudzira kumisa firewall inovhara ese madoko kunze kwe22 (SSH) uye 1194 (OpenVPN's default port). Uyu muenzaniso unoratidza kuti ufw ingashanda sei paUbuntu, asi ndine chokwadi chekuti uchiri kurangarira chirongwa cheCentOS firewalld kubva Chitsauko 9:

# ufw enable
# ufw allow 22
# ufw allow 1194

Kugonesa nzira yemukati pakati pe network interfaces pane sevha, unofanirwa kusunungura mutsara mumwe (net.ipv4.ip_forward = 1) mu /etc/sysctl.conf faira. Izvi zvinobvumira vatengi vari kure kuti vadzoserwe sezvinodiwa kana vangobatanidzwa. Kuita kuti sarudzo itsva ishande, mhanya sysctl -p:

# nano /etc/sysctl.conf
# sysctl -p

Yako sevha nharaunda iko zvino yakarongedzerwa zvizere, asi pachine chimwe chinhu chekuita usati wagadzirira: iwe unozofanirwa kupedzisa anotevera matanho (tichaavhara zvakadzama anotevera).

  1. Gadzira seti yeruzhinji kiyi zvivakwa (PKI) encryption makiyi paserver uchishandisa zvinyorwa zvakapihwa nyore-rsa package. Chaizvoizvo, iyo OpenVPN server inoshandawo seyayo chitupa chiremera (CA).
  2. Gadzirira makiyi akakodzera kune mutengi
  3. Gadzirisa server.conf faira reserver
  4. Seta yako OpenVPN mutengi
  5. Tarisa VPN yako

Kugadzira makiyi encryption

Kuti uchengetedze zvinhu zviri nyore, unogona kuseta yako kiyi yezvivakwa pamushini mumwechete uko OpenVPN server iri kushanda. Nekudaro, chengetedzo yakanakisa maitiro anowanzo kurudzira kushandisa yakaparadzana CA server yekugadzira deployments. Maitiro ekugadzira uye kugovera encryption kiyi zviwanikwa zvekushandisa muOpenVPN inoratidzwa muFig. 10.2.

Bhuku "Linux in Action"
Pawakaisa OpenVPN, iyo /etc/openvpn/ dhairekitori yakagadzirwa otomatiki, asi hapana chiri mairi. Iwo openvpn uye ari nyore-rsa mapakeji anouya nemuenzaniso template mafaera aunogona kushandisa sehwaro hwekugadzirisa kwako. Kuti utange maitiro ekupa zvitupa, kopira iyo iri nyore-rsa template dhairekitori kubva / usr/share/ kuenda ku/etc/openvpn uye chinja kune nyore-rsa/ dhairekitori:

# cp -r /usr/share/easy-rsa/ /etc/openvpn
$ cd /etc/openvpn/easy-rsa

Iyo nyore-rsa dhairekitori ikozvino ichave ine akati wandei zvinyorwa. Mutafura 10.1 inonyora maturusi auchashandisa kugadzira makiyi.

Bhuku "Linux in Action"

Izvo zviri pamusoro apa zvinoda maropafadzo emidzi, saka unoda kuva mudzi kuburikidza ne sudo su.

Iro rekutanga faira rauchashanda naro rinonzi vars uye rine magariro akasiyana anoshandiswa nyore-rsa paunenge uchigadzira makiyi. Iwe unofanirwa kugadzirisa iyo faira kuti ushandise yako wega kukosha panzvimbo peiyo default tsika dzatovepo. Izvi ndizvo zvichange zvakaita faira rangu (Kunyora 10.1).

Kunyora 10.1. Zvimedu zvikuru zvefaira /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="CA"
export KEY_PROVINCE="ON"
export KEY_CITY="Toronto"
export KEY_ORG="Bootstrap IT"
export KEY_EMAIL="[email protected]"
export KEY_OU="IT"

Kumhanyisa iyo vars faira kunopfuudza kukosha kwayo kune iyo shell nharaunda, kwainozoverengerwa mune zviri mukati makiyi ako matsva. Sei iyo sudo command isingashande yega? Nekuti padanho rekutanga tinogadzirisa script yakanzi vars tozoishandisa. Kushandisa uye zvinoreva kuti iyo vars faira inopfuudza kukosha kwayo kune iyo shell nharaunda, kwainozoverengerwa mune zviri mukati makiyi ako matsva.

Ita shuwa yekumhanyisazve faira uchishandisa goko idzva kupedzisa iyo isina kupera maitiro. Kana izvi zvaitwa, script ichaita kuti iwe umhanye imwe script, yakachena-zvese, kubvisa chero zvirimo mu /etc/openvpn/easy-rsa/keys/ directory:

Bhuku "Linux in Action"
Nomuzvarirwo, danho rinotevera nderekumhanyisa iyo yakachena-yese script, inoteverwa nekuvaka-ca, iyo inoshandisa pkitool script kugadzira iyo midzi chitupa. Iwe uchakumbirwa kusimbisa zvitupa zvigadziriso zvinopihwa nevars:

# ./clean-all
# ./build-ca
Generating a 2048 bit RSA private key

Inotevera inouya iyo kuvaka-kiyi-server script. Sezvo inoshandisa pkitool script yakafanana pamwe chete nechitupa chemudzi mutsva, iwe uchaona mibvunzo yakafanana kusimbisa kusikwa kwekiyi mbiri. Makiyi achapihwa zita zvichienderana nemakakatanwa aunopfuura, ayo, kunze kwekunge uchimhanyisa maVPN akawanda pamushini uyu, anowanzo kuve sevha, semuenzaniso:

# ./build-key-server server
[...]
Certificate is to be certified until Aug 15 23:52:34 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

OpenVPN inoshandisa ma paramita anogadzirwa neDiffie-Hellman algorithm (ichishandisa build-dh) kutaurirana kuti ndeyechokwadi yekubatanidza kutsva. Iyo faira yakagadzirwa pano haidi kuve yakavanzika, asi inofanirwa kugadzirwa uchishandisa build-dh script yemakiyi eRSA ari kushanda izvozvi. Kana iwe ukagadzira makiyi matsva eRSA mune ramangwana, iwe zvakare uchafanirwa kugadzirisa iyo Diffie-Hellman faira:

# ./build-dh

Sevha yako yepadivi makiyi anozopedzisira apinda mu /etc/openvpn/easy-rsa/kiyi/dhairekitori, asi OpenVPN haizive izvi. Nekutadza, OpenVPN ichatsvaga makiyi mu/etc/openvpn/, saka zvikopa:

# cp /etc/openvpn/easy-rsa/keys/server* /etc/openvpn
# cp /etc/openvpn/easy-rsa/keys/dh2048.pem /etc/openvpn
# cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn

Kugadzirira Client Encryption Keys

Sezvawatoona, TLS encryption inoshandisa mapairi emakiyi ekufananidza: imwe yakaiswa pane server uye imwe yakaiswa pane iri kure mutengi. Izvi zvinoreva kuti uchada makiyi evatengi. Shamwari yedu yekare pkitool ndiyo chaiyo yaunoda kune izvi. Mumuenzaniso uyu, kana isu tichimhanyisa chirongwa mu /etc/openvpn/easy-rsa/ dhairekitori, tinopfuudza iyo nharo yemutengi kugadzira mafaera anonzi client.crt uye client.key:

# ./pkitool client

Iwo maviri mafaera emutengi, pamwe neiyo yekutanga ca.crt faira ichiri mumakiyi/dhairekitori, inofanirwa kuendeswa zvakachengeteka kumutengi wako. Nekuda kwevaridzi uye kodzero dzekuwana, izvi zvinogona kunge zvisiri nyore. Iyo yakapusa nzira ndeyekukopa nemaoko zviri mukati meiyo faira faira (uye hapana asi izvo zvirimo) mune terminal inomhanya paPC yako desktop (sarudza iwo mavara, tinya-kurudyi pairi uye sarudza Kopa kubva kumenyu). Wobva waisa izvi mufaira idzva rine zita rimwechete raunogadzira mune yechipiri terminal yakabatana nemutengi wako.

Asi chero munhu anogona kucheka nekunamira. Pane kudaro, funga semutongi nekuti hauzogara uchiwana iyo GUI uko kuchekwa / kunama mashandiro kunogoneka. Kopa mafaera kudhairekitori remushandisi wako (kuitira kuti scp irikure kushanda ikwanise kuawana), wobva washandisa chown kushandura muridzi wemafaira kubva pamudzi kuenda kune anogara asiri mudzi mushandisi kuitira kuti kure scp chiito chiitwe. Ita shuwa kuti mafaera ako ese akaiswa parizvino uye ari kuwanikwa. Unozoaendesa kumutengi pave paya:

# cp /etc/openvpn/easy-rsa/keys/client.key /home/ubuntu/
# cp /etc/openvpn/easy-rsa/keys/ca.crt /home/ubuntu/
# cp /etc/openvpn/easy-rsa/keys/client.crt /home/ubuntu/
# chown ubuntu:ubuntu /home/ubuntu/client.key
# chown ubuntu:ubuntu /home/ubuntu/client.crt
# chown ubuntu:ubuntu /home/ubuntu/ca.crt

Iine yakazara seti yekuvhara makiyi akagadzirira kuenda, iwe unofanirwa kuudza sevha kuti unoda kugadzira sei VPN. Izvi zvinoitwa uchishandisa server.conf file.

Kuderedza kuwanda kwemakiyi

Pane kutaipa kwakawandisa here? Kuwedzera nemabhuraketi kuchabatsira kuderedza iyi mirairo mitanhatu kusvika pairi. Ndine chokwadi chekuti unogona kudzidza iyi mienzaniso miviri uye kunzwisisa zviri kuitika. Zvinotonyanya kukosha, iwe unozogona kunzwisisa mashandisiro emisimboti iyi kumabasa anosanganisira makumi kana kunyange mazana ezvinhu:

# cp /etc/openvpn/easy-rsa/keys/{ca.crt,client.{key,crt}} /home/ubuntu/
# chown ubuntu:ubuntu /home/ubuntu/{ca.crt,client.{key,crt}}

Kugadzira server.conf file

Ungaziva sei kuti server.conf faira inofanira kutaridzika sei? Rangarira iri nyore-rsa dhairekitori template yawakakopa kubva /usr/share/? Pawakaisa OpenVPN, iwe wakasara uine yakamanikidzwa gadziriso template faira yaunogona kukopa ku /etc/openvpn/. Ini ndichavaka pamusoro pekuti template yakachengetedzwa uye kukuzivisa iwe kune chinobatsira chishandiso: zcat.

Iwe unotoziva nezve kudhinda zvinyorwa zvefaira kune chidzitiro uchishandisa katsi command, asi ko kana faira rikamanikidzwa uchishandisa gzip? Iwe unogona kugara uchivhura iyo faira uye ipapo katsi inoiburitsa nemufaro, asi ndiyo imwe kana maviri mamwe nhanho kupfuura zvakafanira. Pane kudaro, sezvaungave wakafungidzira, unogona kuburitsa zcat kuraira kuti uise iyo isina kurongedzerwa mavara mundangariro mune imwe nhanho. Mumuenzaniso unotevera, pachinzvimbo chekudhinda mameseji kuchiratidziro, unozoiendesa kune itsva faira inonzi server.conf:

# zcat 
  /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz 
  > /etc/openvpn/server.conf
$ cd /etc/openvpn

Ngatiise parutivi zvinyorwa zvakakura uye zvinobatsira zvinouya nefaira uye tione kuti zvingaite sei kana wapedza kugadzirisa. Ziva kuti iyo semicolon (;) inoudza OpenVPN kuti isaverenge kana kuita mutsara unotevera (Kunyora 10.2).

Bhuku "Linux in Action"
Ngatiende kuburikidza nemamwe ezvirongwa izvi.

  • Nokusingaperi, OpenVPN inomhanya pachiteshi 1194. Unogona kushandura izvi, semuenzaniso, kuti uwedzere kuvanza mabasa ako kana kudzivirira kukakavara nemamwe matani anoshanda. Sezvo 1194 ichida kurongeka kushoma nevatengi, zviri nani kuzviita nenzira iyi.
  • OpenVPN inoshandisa kana Transmission Control Protocol (TCP) kana User Datagram Protocol (UDP) kutumira data. TCP inogona kunonoka zvishoma, asi inovimbika uye inogona kunzwisiswa nezvikumbiro zvinomhanya kumativi ese emugero.
  • Iwe unogona kutsanangura dev tun kana iwe uchida kugadzira yakapfava, inoshanda zvakanyanya IP tunnel inotakura zvemukati data uye hapana chimwe chinhu. Kana, kune rimwe divi, iwe unofanirwa kubatanidza akawanda network network (uye network yavanomiririra), kugadzira Ethernet zambuko, uchafanirwa kusarudza dev tap. Kana iwe usinganzwisise kuti izvi zvinorevei, shandisa tun nharo.
  • Mitsetse mina inotevera inopa OpenVPN mazita ematatu echokwadi mafaera ari paseva uye dh2048 sarudzo faira yawakagadzira kare.
  • Iyo sevha mutsara inoseta huwandu uye subnet mask iyo ichashandiswa kugovera IP kero kune vatengi paunopinda.
  • Iyo inosarudzika yekusundira parameter "nzira 10.0.3.0 255.255.255.0" inobvumira vatengi vari kure kuti vakwanise kuwana yakavanzika subnets kuseri kweseva. Kuita basa iri kunodawo kumisikidza network pane server pachayo kuitira kuti yakavanzika subnet izive nezve OpenVPN subnet (10.8.0.0).
  • Iyo port-share localhost 80 mutsara inokubvumira kuti udzorere mutengi traffic anouya pachiteshi 1194 kune yemuno web server inoteerera pachiteshi 80. (Izvi zvichabatsira kana uchizoshandisa sevha yewebhu kuyedza VPN yako.) Izvi zvinoshanda chete. zvino kana tcp protocol yasarudzwa.
  • Mushandisi hapana uye mitsara yeboka nogroup inofanirwa kugoneswa nekubvisa semicolons (;). Kumanikidza vatengi vari kure kuti vamhanye sepasina uye hapana boka kunovimbisa kuti zvikamu paseva hazvina rombo.
  • log inotsanangura kuti mapindiro azvino anonyora zvinyorwa zvekare nguva imwe neimwe OpenVPN painotangwa, nepo log-append inowedzera zvinyorwa zvitsva kune iripo faira regi. Iyo openvpn.log faira pachayo yakanyorwa kune iyo /etc/openvpn/dhairekitori.

Pamusoro pezvo, kukosha kwemutengi-kune-mutengi inowanzowedzerwa kune faira yekumisikidza kuitira kuti vatengi vakawanda vaone mumwe nemumwe kuwedzera kune OpenVPN server. Kana iwe uchigutsikana nekugadzirisa kwako, unogona kutanga OpenVPN server:

# systemctl start openvpn

Nekuda kwekuchinja kwehukama pakati peOpenVPN uye systemd, inotevera syntax dzimwe nguva inogona kudikanwa kuti utange sevhisi: systemctl tanga openvpn@server.

Kumhanya ip addr kunyora sevha yako network network zvinofanirwa kuburitsa chinongedzo kune nyowani interface inonzi tun0. OpenVPN ichaigadzira kuti ishumire vatengi vari kuuya:

$ ip addr
[...]
4: tun0: mtu 1500 qdisc [...]
      link/none
      inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
          valid_lft forever preferred_lft forever

Ungangoda reboot server zvese zvisati zvatanga kushanda zvizere. Inotevera kumira ikombuta yevatengi.

10.1.2. Kugadzirisa mutengi weOpenVPN

Nechinyakare, tunnels inovakwa ine kanenge maviri ekubuda (zvikasadaro tingaidaidza kuti mapako). Yakagadzirirwa zvakanaka OpenVPN pane sevha inotungamira traffic mukati uye kunze kwemugero kune rimwe divi. Asi iwe zvakare unozoda imwe software inomhanya kudivi remutengi, ndiko kuti, kune imwe magumo enzira.

Muchikamu chino, ini ndichatarisa pamaoko kumisikidza imwe mhando yeLinux komputa kuti iite seOpenVPN mutengi. Asi iyi haisi iyo nzira chete iyo mukana uyu unowanikwa. OpenVPN inotsigira zvikumbiro zvevatengi zvinogona kuiswa uye kushandiswa pamatafura uye malaptops anomhanya Windows kana macOS, pamwe neApple uye iOS mafoni uye mahwendefa. Ona openvpn.net kuti uwane ruzivo.

Iyo OpenVPN package inozoda kuiswa pamushini wevatengi sezvayakaisirwa paseva, kunyangwe pasina chikonzero chekureruka-rsa pano sezvo makiyi auri kushandisa atovepo. Iwe unofanirwa kukopa iyo client.conf template faira kune /etc/openvpn/ dhairekitori yawachangobva kugadzira. Panguva ino iyo faira haizovharirwe, saka iyo yenguva dzose cp command ichaita basa nemazvo:

# apt install openvpn
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf 
  /etc/openvpn/

Zvizhinji zvezvigadziriso zviri muclient.conf faira yako zvichave zvakanaka kuzvitsanangura: zvinofanirwa kuenderana nehunhu huri paseva. Sezvauri kuona kubva kumuenzaniso unotevera faira, iyo yakasarudzika parameter iri kure 192.168.1.23 1194, iyo inoudza mutengi IP kero yeserver. Zvekare, ita shuwa kuti iyi ikero yeserver yako. Iwe unofanirwawo kumanikidza komputa yemutengi kuti ione huchokwadi hwesevha setifiketi kudzivirira angangoita murume-pakati-pakati kurwisa. Imwe nzira yekuita izvi ndeyekuwedzera mutsara kure-cert-tls server (Kunyora 10.3).

Bhuku "Linux in Action"
Iwe unogona ikozvino kuenda kune /etc/openvpn/ dhairekitori uye wobvisa makiyi etifiketi kubva kuseva. Tsiva iyo server IP kero kana zita rezita mumuenzaniso nehunhu hwako:

Bhuku "Linux in Action"
Hapana chinonakidza chingangoitika kudzamara wamhanya OpenVPN pane mutengi. Sezvo iwe uchifanira kupfuudza akati wandei nharo, unozviita kubva pamutsetse wekuraira. Iyo --tls-client nharo inoudza OpenVPN kuti iwe uchaita semutengi uye ubatanidze kuburikidza neTLS encryption, uye --config inonongedza kune yako faira yekumisikidza:

# openvpn --tls-client --config /etc/openvpn/client.conf

Verenga zvakabuda zvekuraira zvakanyatsonaka kuti uve nechokwadi chekuti wakabatana nemazvo. Kana chimwe chinhu chisina kumira zvakanaka kekutanga, zvinogona kunge zvichikonzerwa nekusawirirana muzvigadziriso pakati pesevha nemafaira ekugadzirisa mutengi kana network yekubatanidza/firewall nyaya. Heano mamwe mazano ekugadzirisa matambudziko.

  • Nyatsoverenga zvakabuda zveOpenVPN mashandiro pane mutengi. Kazhinji ine mazano anokosha ezvisingagone kuitwa uye nei.
  • Tarisa mameseji ekukanganisa mune openvpn.log uye openvpn-status.log mafaera mu /etc/openvpn/ dhairekitori pane server.
  • Tarisa masisitimu matanda pane sevha uye mutengi kune OpenVPN-ane hukama uye ane nguva mameseji. (journalctl -ce icharatidza zvinyorwa zvichangoburwa.)
  • Ita shuwa kuti une inoshanda network yekubatanidza pakati pesevha nemutengi (zvimwe pane izvi muChitsauko 14).

Nezvomunyori

David Clinton - system administrator, mudzidzisi uye munyori. Akatonga, akanyora nezve, uye akagadzira zvekudzidzisa zvezvakawanda zvakakosha zvehunyanzvi dzidziso, kusanganisira Linux masisitimu, makore komputa (kunyanya AWS), uye matekinoroji emidziyo akadai seDocker. Akanyora bhuku Dzidza Amazon Web Services muMwedzi weLunches (Manning, 2017). Mazhinji emavhidhiyo ake ekudzidzisa makosi anogona kuwanikwa paPluralsight.com, uye zvinongedzo kune mamwe mabhuku ake (paLinux manejimendi uye server virtualization) anowanikwa pa. bootstrap-it.com.

Β» Mamwe mashoko pamusoro pebhuku anogona kuwanikwa pa muparidzi webhusaiti
Β» Tafura yezvinyorwa
Β» Chidimbu

For Khabrozhiteley 25% dhisikaundi uchishandisa kopani - Linux
Pakubhadharwa kwepepa rebhuku rebhuku, bhuku remagetsi richatumirwa ne-e-mail.

Source: www.habr.com

Voeg