Chinyorwa chinotsanangura kumisikidza sevha yeOpenVPN kuti igone kugonesa-zvinhu-mbiri kuvimbiswa neTeregiramu bot iyo inotumira chikumbiro chekusimbisa kana uchibatanidza.
OpenVPN inozivikanwa, yemahara, yakavhurika-sosi yeVPN server iyo inoshandiswa zvakanyanya kuronga yakachengeteka yevashandi kuwana kune zvemukati zvesangano zviwanikwa.
Sehuchokwadi hwekubatanidza kune server yeVPN, musanganiswa wekiyi uye mushandisi login / password inowanzoshandiswa. Panguva imwecheteyo, iyo password yakachengetwa pamutengi inoshandura iyo yese seti kuita chinhu chimwe chete chisingapi nhanho yakakodzera yekuchengetedza. Anorwisa, awana mukana kune mutengi komputa, zvakare anowana mukana kune VPN server. Izvi ndezvechokwadi kunyanya kune zvinongedzo kubva kumichina inoshandisa Windows.
Kushandisa chinhu chechipiri kunoderedza njodzi yekuwanikwa isina mvumo ne99% uye haiomese nzira yekubatanidza yevashandisi zvachose.
Rega ndiite chengetedzo ipapo: kuti ushandise iwe uchafanirwa kubatanidza yechitatu-party authentication server multifactor.ru, umo iwe unogona kushandisa yemahara mutero kune zvaunoda.
Ainoita
- OpenVPN inoshandisa openvpn-plugin-auth-pam plugin yekusimbisa
- Iyo plugin inotarisa password yemushandisi pane sevha uye inokumbira yechipiri chinhu kuburikidza neRADIUS protocol muMultifactor sevhisi.
- Multifactor inotumira meseji kumushandisi kuburikidza neTeregiramu bot inosimbisa kuwana
- Mushandisi anosimbisa chikumbiro chekuwana muTeregiramu chat uye anobatana neVPN
Kuisa OpenVPN server
Pane zvakawanda zvinyorwa paInternet zvinotsanangura maitiro ekuisa nekugadzirisa OpenVPN, saka hatizozvidzokorora. Kana iwe uchida rubatsiro, kune akati wandei ma link kune tutorials pakupera kwechinyorwa.
Kugadzira iyo Multifactor
Enda ku
Kana wangosikwa, uchave nesarudzo mbiri dziripo kwauri: NAS-IDdentifier ΠΈ Yakagovaniswa Chakavanzika, ivo vanozodiwa kune inotevera configuration.
Muchikamu che "Mapoka", enda kune "Vashandisi Vese" marongero eboka uye bvisa iyo "Zvose zviwanikwa" mureza kuitira kuti vashandisi verimwe boka chete vabatane neVPN server.
Gadzira boka idzva "vashandisi veVPN", dzima nzira dzese dzechokwadi kunze kweTeregiramu uye ratidza kuti vashandisi vanokwanisa kuwana iyo yakagadzirwa VPN sosi.
Muchikamu che "Vashandisi", gadzira vashandisi vachawana mukana weVPN, vawedzere kuboka re "VPN vashandisi" uye vatumire chinongedzo chekugadzirisa chechipiri chechokwadi. Kupinda kwemushandisi kunofanirwa kuenderana nekupinda paVPN server.
Kumisikidza OpenVPN server
Vhura faira /etc/openvpn/server.conf uye wedzera plugin yekusimbisa uchishandisa PAM module
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
Iyo plugin inogona kuwanikwa mudhairekitori /usr/lib/openvpn/plugins/ kana /usr/lib64/openvpn/plugins/ zvinoenderana nehurongwa hwako.
Tevere iwe unofanirwa kuisa iyo pam_radius_auth module
$ sudo yum install pam_radius
Vhura faira rekugadzirisa /etc/pam_radius.conf uye tsanangura kero yeRADIUS server yeMultifactor
radius.multifactor.ru shared_secret 40
kupi:
- radius.multifactor.ru - server kero
- shared_secret - kopi kubva kune inoenderana VPN zvigadziriso parameter
- 40 seconds - nguva yekumirira yekukumbira ine margin yakakura
Masevha asara anofanira kudzimwa kana kutaurwa (isa semicolon pakutanga)
Tevere, gadzira faira yebasa-rudzi openvpn
$ sudo vi /etc/pam.d/openvpn
uye nyora mukati
auth required pam_radius_auth.so skip_passwd client_id=[NAS-IDentifier]
auth substack password-auth
account substack password-auth
Mutsetse wekutanga unobatanidza PAM module pam_radius_auth nemaparamita:
- skip_passwd - inodzima kuendesa password yemushandisi kune RADIUS Multifactor server (haafanire kuzviziva).
- client_id - tsiva [NAS-Identifier] neparameter inoenderana kubva kuVPN zviwanikwa.
Zvese zvinogoneka parameters zvinotsanangurwa mukatizvinyorwa zvemodule .
Yechipiri uye yechitatu mitsetse inosanganisira kusimbiswa kwehurongwa hwekupinda, password uye kodzero dzevashandisi pane server yako pamwe neyechipiri yekusimbisa chinhu.
Tangazve OpenVPN
$ sudo systemctl restart openvpn@server
Client setup
Sanganisira chikumbiro chekushandisa mushandisi uye password mune iyo mutengi yekumisikidza faira
auth-user-pass
kuonorora
Tanga OpenVPN mutengi, batanidza kune sevha, isa zita rako rekushandisa uye password. Iyo Telegraph bot inotumira chikumbiro chekuwana nemabhatani maviri
Bhatani rimwe rinobvumira kupinda, rechipiri rinorivharira.
Iye zvino iwe unogona kuchengetedza password yako zvakachengeteka pamutengi; chechipiri chinhu chichachengetedza nekuvimbika OpenVPN server yako kubva kune isina mvumo.
Kana chimwe chinhu chisingashande
Sequentially tarisa kuti hapana chawapotsa:
- Pane mushandisi pane sevha ine OpenVPN ine password set
- Sevha inokwanisa kuwana kuburikidza neUDP port 1812 kune kero radius.multifactor.ru
- Iyo NAS-Identifier uye Yakagoverwa Chakavanzika paramita inotsanangurwa nemazvo
- Mushandisi ane login yakafanana akagadzirwa muMultifactor system uye akapihwa mukana kune boka revashandisi reVPN
- Mushandisi akagadzira nzira yechokwadi kuburikidza neTeregiramu
Kana usati wamisa OpenVPN kare, verenga
Iyo mirairo inogadzirwa nemienzaniso paCentOS 7.
Source: www.habr.com