ProHoster > Блог > Maamulka > Ka beddelashada OpenVPN una gudub WireGuard si aad isugu geyso shabakadaha hal shabakad L2

Ka beddelashada OpenVPN una gudub WireGuard si aad isugu geyso shabakadaha hal shabakad L2

Ka beddelashada OpenVPN una gudub WireGuard si aad isugu geyso shabakadaha hal shabakad L2

Waxaan jeclaan lahaa inaan la wadaago waayo-aragnimadayda isku dhafka shabakadaha saddex guri oo juqraafi ahaan fogfog, mid kasta oo ka mid ah waxay u isticmaashaa OpenWRT router ahaan albaab ahaan, hal shabakad wadaag ah. Markaad dooranayso habka isku dhafka shabakadaha u dhexeeya L3 oo leh marin-hawleed hoose iyo L2 oo leh isku-xirid, marka dhammaan qanjidhada shabakadu ay ku jiri doonaan isla subnet, doorbidid ayaa la siiyay habka labaad, taas oo aad u adag in la habeeyo, laakiin waxay bixisaa fursado waaweyn, tan iyo markii isticmaalka hufan ee tignoolajiyada ayaa la qorsheeyay in shabakada la abuuray Wake-on-Lan iyo DLNA.

Qaybta 1: Taariikhda

OpenVPN ayaa markii hore loo doortay hab-maamuuska fulinta hawshan, maadaama, marka hore, ay abuuri karto qalab qasabad ah oo lagu dari karo buundada dhib la'aan, iyo marka labaad, OpenVPN waxay taageertaa hawlgalka TCP borotokoolka, taas oo sidoo kale muhiim ahayd, sababtoo ah midna ma jiro. Guryaha gurigu waxay lahaayeen cinwaan IP gaar ah, mana awoodin inaan isticmaalo STUN, maadaama bixiyahaygu sababo jira awgood u xannibay isku xirka UDP ee ka imanaya shabakadooda, halka borotokoolka TCP uu ii oggolaaday inaan u gudbiyo dekedda serverka VPN si aan u kiraysto VPS anigoo isticmaalaya SSH. Haa, habkani wuxuu siinayaa culeys weyn, tan iyo markii xogta la sifeeyay laba jeer, laakiin ma aanan dooneynin inaan ku soo bandhigo VPS shabakadayda gaarka ah, maadaama ay weli jirto halis ah in dhinacyo saddexaad ay gacanta ku dhigaan, sidaas darteed, haysashada qalabkan oo kale. Shabakadda gurigeyga waxay ahayd mid aan loo baahnayn waxaana la go'aamiyay in la bixiyo kharashka amniga oo leh duleel weyn.

Si loogu gudbiyo dekedda router kaas oo la qorsheeyay in la geeyo server-ka, barnaamijka sshtunnel ayaa la isticmaalay. Ma sharxi doono qallafsanaanta qaabeynta - si fudud ayaa loo sameeyay, kaliya waxaan ogaan doonaa in hawsheedu ay ahayd inay u gudbiso TCP dekedda 1194 router-ka VPS. Marka xigta, server-ka OpenVPN waxaa lagu habeeyay aaladda tap0, kaas oo ku xirnaa buundada br-lan. Ka dib markii la hubiyay xiriirka server-ka cusub ee laga sameeyay laptop-ka, waxaa caddaatay in fikradda gudbinta dekeddu ay xaq tahay iyo laptop-kaygu wuxuu noqday xubin ka mid ah shabakadda router, inkasta oo uusan jir ahaan ku jirin.

Waxaa jiray hal shay oo yar oo kaliya in la sameeyo: waxay ahayd lagama maarmaan in loo qaybiyo cinwaannada IP-ga guryaha kala duwan si aysan isku dhicin oo aysan u habeynin router-yada macaamiisha OpenVPN.
Ciwaanka IP-ga ee soo socda iyo tirada server-ka DHCP ayaa la doortay:

  • 192.168.10.1 leh kala duwan 192.168.10.2 - 192.168.10.80 loogu talagalay server-ka
  • 192.168.10.100 leh kala duwan 192.168.10.101 - 192.168.10.149 loogu talagalay router-ka guriga No. 2
  • 192.168.10.150 leh kala duwan 192.168.10.151 - 192.168.10.199 loogu talagalay router-ka guriga No. 3

Waxa kale oo lagama maarmaan ahayd in si sax ah loogu meeleeyo ciwaanadan macmiilka macmiilka ee server-ka OpenVPN iyada oo lagu daro khadka qaabaynta:

ifconfig-pool-persist /etc/openvpn/ipp.txt 0

oo lagu daro khadadka soo socda faylka /etc/openvpn/ipp.txt:

flat1_id 192.168.10.100
flat2_id 192.168.10.150

halka flat1_id iyo flat2_id ay yihiin magacyada aaladaha lagu tilmaamay marka la abuurayo shahaadooyinka ku xidhida OpenVPN

Marka xigta, macaamiisha OpenVPN ayaa lagu habeeyay router-ka, aaladaha tap0 ee labadaba waxaa lagu daray buundada br-lan. Marxaladdan, wax walbaa waxay u muuqdeen inay wanaagsan yihiin maadaama dhammaan seddexda shabakadood ay is arki karaan oo ay u shaqeyn karaan hal mid. Si kastaba ha ahaatee, faahfaahin aan aad u wanaagsanayn ayaa soo baxday: mararka qaarkood aaladaha waxay heli karaan ciwaanka IP-ga ee aan ka helin routerkooda, oo leh dhammaan cawaaqibka soo socda. Sababaha qaar, router-ka ku jira mid ka mid ah guryaha ma helin wakhti uu kaga jawaabo DHCPDISCOVER waqtigii loogu talagalay oo qalabku wuxuu helay ciwaan khaldan. Waxaan xaqiiqsaday inaan u baahanahay inaan ku shaandheeyo codsiyadan oo kale tap0 mid kasta oo ka mid ah router-yada, laakiin sida ay noqotay, iptables kuma shaqayn karaan aaladda haddii ay qayb ka tahay buundada iyo ebtables waa inay ii caawiyaan. Waan ka xumahay, kuma jirin firmware-kayga oo waa inaan dib u dhisaa sawirada qalab kasta. Marka la sameeyo tan oo lagu daro khadadkan /etc/rc.local ee router kasta dhibaatada waa la xaliyay:

ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP

Qaabayntani waxay socotay muddo saddex sano ah.

Qeybta 2: Soo Bandhigida WireGuard

Dhawaan, dadka internetka ayaa si sii kordheysa u bilaabay inay ka hadlaan WireGuard, iyagoo u riyaaqaya fududaynta qaabeynta, xawaaraha gudbinta sare, ping hooseeya oo leh ammaan la mid ah. Raadinta macluumaad dheeraad ah oo ku saabsan waxa ay caddaysay in midna aan ka shaqaynayn xubin buundada ah ama ka shaqaynta borotokoolka TCP aysan taageersanayn, taas oo iga dhigtay in aan u malaynayo in aanay wali ii jirin wax beddel ah oo ii furan OpenVPN. Markaa waan iska joojiyay inaan barto WireGuard.

Maalmo ka hor, wararka ayaa ku faafay kheyraadka hal dhinac ama mid kale oo la xiriira IT in WireGuard ugu dambeyntii lagu dari doono kernel Linux, laga bilaabo nooca 5.6. Maqaallada wararka, sida had iyo jeer, ayaa ammaanay WireGuard. Waxaan mar kale dhexda u galay raadinta siyaabo lagu beddelo OpenVPN-kii hore ee wanaagsanaa. Markan waan ku dhex yaacay maqaalkan. Waxay ka hadashay abuurista tunnel Ethernet ka badan L3 iyadoo la adeegsanayo GRE. Maqaalkani waxa uu i siiyay rajo. Ma cadda waxa lagu sameeyo nidaamka UDP. Baadhitaanku wuxuu ii horseeday maqaallo ku saabsan isticmaalka socat ee la xidhiidha tunnel SSH si loogu gudbiyo dekedda UDP, si kastaba ha ahaatee, waxay xuseen in habkani uu ku shaqeeyo kaliya hal qaab oo isku xiran, taas oo ah, shaqada macaamiil badan oo VPN ah ayaa noqon doonta mid aan macquul ahayn. Waxaan la yimid fikradda ah in lagu rakibo server-ka VPN VPS iyo dejinta GRE ee macaamiisha, laakiin sida ay soo baxday, GRE ma taageerto sirta, taas oo horseedi doonta xaqiiqda ah in haddii qolo saddexaad ay galaan server-ka. , Dhammaan gaadiidka u dhexeeya shabakadahaygu waxay ku jiri doonaan gacmahooda, taas oo aan aniga igu habboonayn.

Mar labaad, go'aanka waxaa loo doortay sirta qarsoodiga ah, iyadoo la adeegsanayo VPN ka badan VPN iyadoo la adeegsanayo nidaamka soo socda:

Heerka XNUMX VPN:
VPS Waa server oo leh ciwaanka gudaha 192.168.30.1
MS Waa macmiilka VPS oo leh ciwaanka gudaha 192.168.30.2
MK2 Waa macmiilka VPS oo leh ciwaanka gudaha 192.168.30.3
MK3 Waa macmiilka VPS oo leh ciwaanka gudaha 192.168.30.4

Heerka labaad VPN:
MS Waa server oo leh ciwaanka dibadda 192.168.30.2 iyo gudaha 192.168.31.1
MK2 Waa macmiilka MS oo leh ciwaanka 192.168.30.2 oo wata IP gudaha 192.168.31.2
MK3 Waa macmiilka MS oo leh ciwaanka 192.168.30.2 oo wata IP gudaha 192.168.31.3

* MS - router-server guriga 1, MK2 - router guriga 2, MK3 - router guriga dhexdiisa 3
* Habaynta aaladaha waxaa lagu daabacaa qaswadayaasha dhamaadka maqaalka.

Oo sidaas daraaddeed, pings waxay u dhexeeyaan noodhka shabakada 192.168.31.0/24, waa waqtigii loo gudbi lahaa dejinta tunnel GRE. Taas ka hor, si aysan u lumin marinka router-ka, waxaa habboon in la dejiyo tunnel-ka SSH si loogu gudbiyo dekedda 22 ee VPS, si, tusaale ahaan, router ka soo baxa guriga 10022 ayaa laga heli karaa dekedda 2 ee VPS, iyo router ka Apartment 11122 waxaa laga heli karaa on dekedda 3 router ka Apartment XNUMX. Waxaa fiican in la habeeyo gudbinta isticmaalaya sshtunnel la mid ah, maadaama ay soo celin doonaa tunnel haddii ay ku guuldareystaan.

Tunnelka waa la habeeyey, waxaad ku xidhi kartaa SSH adigoo u maraya dekedda la soo gudbiyay:

ssh root@МОЙ_VPS -p 10022

Marka xigta waa inaad joojisaa OpenVPN:

/etc/init.d/openvpn stop

Hadda aan u dejinno tunnel GRE router-ka guriga 2:

ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up

Oo ku dar interface-ka la abuuray buundada:

brctl addif br-lan grelan0

Aynu ku samayno hab la mid ah serverka router:

ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up

Oo weliba ku dar interface-ka la abuuray buundada:

brctl addif br-lan grelan0

laga bilaabo wakhtigan, pings waxay bilaabaan inay si guul leh u tagaan shabakada cusub, aniga oo ku qanacsan, waxaan u tagaa inaan cabbo qaxwaha. Kadib, si loo qiimeeyo sida shabakadu uga shaqeyso dhinaca kale ee khadka, waxaan isku dayaa inaan SSH ku galo mid ka mid ah kombiyuutarada ku jira Apartment 2, laakiin macmiilka ssh wuu qaboojiyaa isagoon ku kicin furaha sirta ah. Waxaan isku dayayaa in aan ku xidho kombuyuutarkan telnet ee dekedda 22 waxaanan arkay khad aan ka fahmi karo in xidhiidhka la sameeyay, server-ka SSH ayaa ka jawaabaya, laakiin sababo jira kaliya iguma kicinayso inaan galo gudaha

$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1

Waxaan isku dayayaa inaan ku xiro VNC oo aan arko shaashad madow. Waxaan naftayda ku qanciyaa in dhibaatadu ay tahay kombuyuutarka fog, sababtoo ah waxaan si sahlan ugu xiri karaa router gurigan anigoo isticmaalaya cinwaanka gudaha. Si kastaba ha ahaatee, waxaan go'aansaday in aan ku xidho SSH ee kombiyuutarkan iyada oo loo marayo router waxaana la yaabay in la ogaado in xiriirku uu guulaystay, kombuyuutarka foguna si caadi ah ayuu u shaqeeyaa, laakiin sidoo kale kuma xidhi karo kombuyuutarkayga.

Waxaan ka saaraa qalabka grelan0 ee buundada oo waxaan ku shaqeeyaa OpenVPN router-ka guriga 2 waxaanan hubiyaa in shabakadu u shaqeyso sidii la filayay mar kale oo aan la dhicin isku-xirnaanta. Raadinta waxaan la kulmaa golayaal ay dadku ka cawdaan dhibaatooyin isku mid ah, halkaasoo lagula taliyay inay kor u qaadaan MTU. Wax degdeg ah looma sheego. Si kastaba ha ahaatee, ilaa MTU la dhigay meel sare oo ku filan - 7000 ee qalabka gretap, mid ka mid ah isku xirka TCP hoos u dhacay ama heerarka wareejinta hooseeya ayaa la arkay. Sababtoo ah MTU-ga sare ee gretap, MTU-yada loogu talagalay Lakabka 8000 iyo Lakabka 7500 WireGuard isku xirka ayaa loo dejiyay XNUMX iyo XNUMX siday u kala horreeyaan.

Waxaan sameeyay hab la mid ah router-ka oo ka yimid dabaqa 3, iyada oo farqiga kaliya ee uu yahay in interface gretap labaad oo loo yaqaan grelan1 lagu daray server-ka, kaas oo sidoo kale lagu daray buundada br-lan.

Wax walba way shaqaynayaan. Hadda waxaad gelin kartaa kulanka gretap bilowga. Tan awgeed:

Waxaan dhigay khadadkan gudaha /etc/rc.local routerka guriga 2:

ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0

Tan waxaa lagu daray /etc/rc.local on the router in apartment 3:

ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0

Iyo router serverka:

ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0

ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1

Kadib dib-u-kicinta router-ka macmiilka, waxaan ogaaday in sababo jira aysan ku xirneyn server-ka. Markii aan ku xiray SSH-na (nasiib wanaag, waxaan hore u habeeyey sshtunnel tan), waxaa la ogaaday in WireGuard sabab uun ay u abuurayso waddo loogu talagalay dhamaadka dhamaadka, laakiin sax maaha. Marka, 192.168.30.2, miiska dariiqa wuxuu tilmaamay dariiqa loo maro pppoe-wan interface, taas oo ah, iyada oo loo marayo internetka, inkasta oo dariiqa loo marayo ay ahayd in la mariyo interface wg0. Ka dib markii la tirtiray jidkan, xiriirkii waa la soo celiyay. Ma awoodin inaan helo tilmaamo meel kasta oo ku saabsan sida loogu qasbo WireGuard inaysan abuurin waddooyinkan. Intaa waxaa dheer, xitaa ma fahmin in tani ay tahay sifo OpenWRT ama WireGuard lafteeda. Aniga oo aan wax ka qaban dhibaatadan muddo dheer, waxaan si fudud ugu daray khad labada router qoraal waqtiyeysan oo tirtiray jidkan: 

route del 192.168.30.2

Soo koobid

Wali ma aanan gaarin in gabi ahaanba laga tago OpenVPN, maadaama aan mararka qaarkood u baahanahay inaan ku xidho shabakad cusub laptop ama taleefan, iyo sameynta aaladaha gretap iyaga guud ahaan waa wax aan macquul aheyn, laakiin iyadoo taasi jirto, waxaan helay faa'iido xawaaraha. wareejinta xogta ee guryaha iyo, tusaale ahaan, isticmaalka VNC hadda dhib ma aha. Ping wax yar ayuu hoos u dhacay, laakiin waxa uu noqday mid deggan:

Markaad isticmaalayso OpenVPN:

[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms

--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms

Markaad isticmaalayso WireGuard:

[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms

Waxaa aad u saameeya ping-ga sare ee VPS, kaas oo qiyaastii ah 61.5 ms

Si kastaba ha ahaatee, xawaaruhu aad buu u kordhay. Sidaa darteed, guri dabaq ah oo leh router server-ka waxaan ku leeyahay xawaaraha isku xirka internetka 30 Mbit/sek, guryaha kalena waa 5 Mbit/sec. Isla mar ahaantaana, markii aan isticmaalayey OpenVPN, ma awoodin inaan gaaro xawaaraha wareejinta xogta ee shabakadaha ka badan 3,8 Mbit / sec marka loo eego akhrinta iperf, halka WireGuard uu "kor u qaaday" isla 5 Mbit / sec.

Qaabeynta WireGuard ee VPS[Interface] Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>

[Peer] PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_1_МС>
AllowedIPs = 192.168.30.2/32

[Peer] PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2>
AllowedIPs = 192.168.30.3/32

[Peer] PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3>
AllowedIPs = 192.168.30.4/32

Qaabeynta WireGuard ee MS (waxaa lagu daray /etc/config/network)

#VPN первого уровня - клиент
config interface 'wg0'
        option proto 'wireguard'
        list addresses '192.168.30.2/24'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
        option auto '1'
        option mtu '8000'

config wireguard_wg0
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
        option endpoint_port '51820'
        option route_allowed_ips '1'
        option persistent_keepalive '25'
        list allowed_ips '192.168.30.0/24'
        option endpoint_host 'IP_АДРЕС_VPS'

#VPN второго уровня - сервер
config interface 'wg1'
        option proto 'wireguard'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
        option listen_port '51821'
        list addresses '192.168.31.1/24'
        option auto '1'
        option mtu '7500'

config wireguard_wg1
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
        list allowed_ips '192.168.31.2'

config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3

        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
        list allowed_ips '192.168.31.3'

Qaabeynta WireGuard ee MK2 (oo lagu daray /etc/config/network)

#VPN первого уровня - клиент
config interface 'wg0'
        option proto 'wireguard'
        list addresses '192.168.30.3/24'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
        option auto '1'
        option mtu '8000'

config wireguard_wg0
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
        option endpoint_port '51820'
        option persistent_keepalive '25'
        list allowed_ips '192.168.30.0/24'
        option endpoint_host 'IP_АДРЕС_VPS'

#VPN второго уровня - клиент
config interface 'wg1'
        option proto 'wireguard'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
        list addresses '192.168.31.2/24'
        option auto '1'
        option listen_port '51821'
        option mtu '7500'

config wireguard_wg1
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
        option endpoint_host '192.168.30.2'
        option endpoint_port '51821'
        option persistent_keepalive '25'
        list allowed_ips '192.168.31.0/24'

Qaabeynta WireGuard ee MK3 (oo lagu daray /etc/config/network)

#VPN первого уровня - клиент
config interface 'wg0'
        option proto 'wireguard'
        list addresses '192.168.30.4/24'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
        option auto '1'
        option mtu '8000'

config wireguard_wg0
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
        option endpoint_port '51820'
        option persistent_keepalive '25'
        list allowed_ips '192.168.30.0/24'
        option endpoint_host 'IP_АДРЕС_VPS'

#VPN второго уровня - клиент
config interface 'wg1'
        option proto 'wireguard'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
        list addresses '192.168.31.3/24'
        option auto '1'
        option listen_port '51821'
        option mtu '7500'

config wireguard_wg1
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
        option endpoint_host '192.168.30.2'
        option endpoint_port '51821'
        option persistent_keepalive '25'
        list allowed_ips '192.168.31.0/24'

Qaababka lagu sharraxay ee loogu talagalay heerka labaad ee VPN, waxaan u tilmaamayaa macaamiisha WireGuard dekedda 51821. Aragti ahaan, tani maahan lagama maarmaan, maaddaama macmiilku uu dhisi doono xiriir ka yimid deked kasta oo aan faa'iido lahayn, laakiin waxaan u sameeyay si ay suurtogal u tahay in la mamnuuco. Dhammaan xiriirada soo galaya ee wg0 interfaces ee dhammaan router-yada marka laga reebo xiriirinta UDP ee soo galaya ee dekedda 51821.

Waxaan rajeynayaa in maqaalku uu noqon doono mid waxtar u leh qof.

PS Sidoo kale, waxaan rabaa in aan la wadaago qoraalkayga ogaysiinta PUSH ee teleefankayga ku jira codsiga WirePusher marka qalab cusub uu ka soo muuqdo shabakadayda. Waa kan isku xirka qoraalka: github.com/r0ck3r/device_discover.

WARSIDAHA: Isku xirka OpenVPN server iyo macaamiisha

Furaha VPN

client-to-client

ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key

dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzo

OpenVPN macmiilka

client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind

ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem

comp-lzo
persist-tun
persist-key
verb 3

Waxaan isticmaalay Easy-rsa si aan u soo saaro shahaadooyin

Source: www.habr.com

Add a comment