Hello vose!
Ndinoziva kuti madingindira ane marongero OpenVPN Zvakawanda zvakaitwa. Zvisinei, ini pachangu ndakasangana nekushaikwa kweruzivo rwakarongwa pamusoro wenyaya iyi, uye ndakasarudza kugovana ruzivo rwangu kunyanya nevaya vasiri nyanzvi dzezvekutonga. OpenVPN, asi ndinoda kuwana kubatana kwewebsite-to-site kune ma subnet ari kure paSynology NAS. Ndingadawo kunyora izvi ndega.
Saka, ndine Synology DS918+ NAS ine package yakaiswa. VPN Sevha yakagadzirirwa OpenVPN uye vashandisi vanogona kubatana neVPN server. Handizonyatsotaura zvakadzama nezvekugadzika server muDSM interface (web portal yeNAS server). Ruzivo urwu runowanikwa pawebsite yemugadziri.
Dambudziko nderekuti DSM interface (vhezheni 6.2.3 kubva pazuva rekuburitswa) ine marongero mashoma ekutarisira. OpenVPN Seva. Muchiitiko chedu, panodiwa kubatana kwewebsite-to-site, zvichireva kuti mahost ari paVPN client subnet anofanira kukwanisa kuona mahost ari paVPN server subnet uye zvinopesana. Magadzirirwo anowanikwa paNAS anobvumira chete kupinda kubva kumahost ari paVPN client subnet kuenda kumahost ari paVPN server subnet.
Kuti tigadzirise mukana wekuwana maVPN client subnet kubva kuVPN server subnet, tichafanira kupinda muNAS kuburikidza neSSH uye kugadzirisa faira rekugadzirisa. OpenVPN maseva nemaoko.
Kugadzirisa mafaera paNAS kuburikidza neSSH, zviri nyore kwandiri kushandisa Midnight Commander. Kuti ndiite izvi, ndakabatanidza sosi muPackage Center uye akaisa Midnight Commander package.
Pinda kuburikidza neSSH kuNAS pasi peakaundi ine kodzero dzemaneja.
Isu tinonyora sudo su uye tsanangura password yemutungamiriri zvakare:
Isu tinonyora murairo mc uye tinomhanya Midnight Commander:
Tevere, enda ku /var/packages/VPNCenter/etc/openvpn/dhairekitori uye tsvaga iyo openvpn.conf faira:
Zvinoenderana nebasa racho, isu tinofanirwa kubatanidza 2 kure subnets. Kuti tiite izvi, tinogadzira maakaundi paNAS kuburikidza neDSM 2 iine kodzero shoma kune ese masevhisi eNAS uye tinopa mukana weiyo VPN yekubatanidza muVPN Server marongero. Kune mutengi wega wega, isu tinofanirwa kugadzirisa iyo static IP yakagoverwa neVPN server uye nzira kuburikidza neiyi IP traffic kubva kuVPN server's subnet kuenda kumutengi VPN subnet.
Pakutanga data:
VPN server subnet: 192.168.1.0/24.
Dziva rekero OpenVPN sevha 10.8.0.0/24. Ini pachangu OpenVPN Seva inogamuchira kero 10.8.0.1.
Mutengi weVPN 1 (mushandisi weVPN) subnet: 192.168.10.0/24, inofanira kugashirwa pa OpenVPN sevha ine kero isingachinji 10.8.0.5
VPN client 2 subnet (mushandisi weVPN-GUST): 192.168.5.0/24, inofanira kugashirwa pa OpenVPN sevha ine kero isingachinji 10.8.0.4
Mune dhairekitori rezvigadziriso, gadzira ccd folda uye gadzira mafaera ezvigadziriso ane mazita anoenderana nemashandisi emushandisi.
Kune mushandisi weVPN, nyora zvinotevera mufaira:
Kune VPN-GUST mushandisi, nyora zvinotevera mufaira:
Chinongosara chete kugadzirisa magadzirirwo acho OpenVPN maseva - wedzera paramita yekuverenga marongero emutengi uye wedzera nzira yekuendesa kune ma subnets emutengi:
Mumufananidzo wakapihwa, mitsara miviri yekutanga yemagadzirirwo inogadziriswa uchishandisa DSM interface (kutarisa bhokisi rinoti "Bvumira vatengi kuti vasvike kunetiweki yemuno yeseva" mumagadzirirwo) OpenVPN maseva).
Mutengi-config-dir ccd mutsara unotsanangura kuti zvigadziriso zvemutengi zviri muccd folda.
Tevere, mitsetse miviri yekugadzirisa inowedzera nzira kuma subnet evatengi kuburikidza nemagedhi anoenderana. OpenVPN.
Chekupedzisira, iyo subnet topology inofanirwa kushandiswa kuti ishande nemazvo.
Isu hatibati mamwe ese magadzirirwo mufaira.
Mushure mekutaura zvigadziriso, usakanganwa kutangazve VPN Server sevhisi mupakeji maneja. Pamahosi kana kuti gedhi revanotambira sevha subnet, nyoresa nzira kuenda kune mutengi subnets kuburikidza neNAS.
Muchiitiko changu, gedhi remauto ose pane subnet umo NAS iripo (yayo IP 192.168.1.3) yaiva router (192.168.1.1). Pane router iyi, ini ndakawedzera routing zvinyorwa kune network 192.168.5.0/24 uye 192.168.10.0/24 kune gedhi 192.168.1.3 (NAS) mune static nzira tafura.
Usakanganwa kuti nefirewall yakagoneswa paNAS, iwe unozofanirwa kuigadzirisa zvakare. Uyezve, firewall inogona kugoneswa padivi remutengi, iyo inodawo kugadzirwa.
P.S. Handisi nyanzvi mune tekinoroji ye network uye kunyanya mukushanda ne OpenVPNNdiri kungogovana ruzivo rwangu uye kuburitsa marongero andakaita akandibvumira kugadzira kutaurirana pakati pema subnet. Pamwe pane imwe nzira iri nyore uye/kana kuti yakarurama, uye ndingafara kana mukataurawo zvakaitika kwamuri mumashoko enyu.
Source: www.habr.com
