ProHoster > Blog > Tsamaiso > Ho etsahalang ka likhokahano kahare le kantle ho kotopo ea VPN

Ho etsahalang ka likhokahano kahare le kantle ho kotopo ea VPN

Lingoliloeng tsa 'nete li tsoa ho mangolo ho ea ho tšehetso ea tekheniki ea Tucha. Mohlala, moreki o sa tsoa tla ho rona ka kopo ea ho hlakisa se etsahalang nakong ea likhokahano ka har'a kotopo ea VPN lipakeng tsa ofisi ea mosebelisi le tikoloho ea maru, hammoho le nakong ea likhokahano kantle ho kotopo ea VPN. Ka hona, temana eohle e ka tlase ke lengolo la sebele leo re le rometseng ho e mong oa bareki ba rona ho arabela potso ea hae. Ehlile, liaterese tsa IP li ile tsa fetoloa hore li se ke tsa hlakisa moreki lebitso. Empa, ee, tšehetso ea tekheniki ea Tucha e hlile e tumme ka likarabo tsa eona tse qaqileng le li-imeile tse rutang. 🙂

Ha e le hantle, rea utloisisa hore ho ba bangata sehlooho sena e ke ke ea e-ba tšenolo. Empa, kaha lingoliloeng tsa batsamaisi ba li-novice li hlaha ho Habr nako le nako, hape kaha sengoloa sena se hlahile ho tsoa lengolong la 'nete ho ea ho moreki oa nnete, re ntse re tla arolelana tlhahisoleseling ena mona. Ho na le monyetla o moholo oa hore e tla ba molemo ho motho e mong.
Ka hona, re hlalosa ka ho qaqileng se etsahalang pakeng tsa seva ka leru le ofisi haeba li kopantsoe ke marang-rang a sebaka sa marang-rang. Hlokomela hore litšebeletso tse ling li fumaneha feela ofising, 'me tse ling li fumaneha kae kapa kae Inthaneteng.

A re hlaloseng hang-hang hore na moreki oa rona o ne a batla eng ho seva 192.168.A.1 o ka tsoa kae kapa kae ka RDP, o hokela ho AAA2:13389, le ho fumana litšebeletso tse ling ho tsoa ofising feela (192.168.B.0/24)e hokahane ka VPN. Hape, moreki qalong o ne a e lokiselitse hore koloi 192.168.B.2 ofising ho ne ho boetse ho khoneha ho sebelisa RDP ho tloha kae kapa kae, ho hokela ho BBB1:11111. Re thusitse ho hlophisa likhokahano tsa IPSec lipakeng tsa leru le ofisi, mme setsebi sa IT sa moreki se ile sa qala ho botsa lipotso mabapi le se tla etsahala tabeng ena kapa eane. Ho araba lipotso tsena kaofela, ha e le hantle, re ile ra mo ngolla ntho e 'ngoe le e 'ngoe eo u ka e balang ka tlase.

Ho etsahalang ka likhokahano kahare le kantle ho kotopo ea VPN

Joale a re shebeng lits'ebetso tsena ka botlalo.

Boemo ba pele

Ha ntho e romelwa hotswa ho 192.168.B.0/24 в 192.168.A.0/24 kapa ho tloha 192.168.A.0/24 в 192.168.B.0/24, e kena ho VPN. Ka mantsoe a mang, pakete ena e boetse e ngotsoe ka mokhoa o patehileng le ho fetisoa pakeng tsa BBB1 и AAA1, empa 192.168.A.1 e bona sephutheloana hantle ho tloha 192.168.B.1. Ba ka buisana ba sebelisa protocol efe kapa efe. Likarabo tsa ho khutlisa li fetisoa ka mokhoa o ts'oanang ka VPN, ho bolelang hore pakete e tsoa 192.168.A.1 etsoe 192.168.B.1 e tla romelloa e le datagram ea ESP ho tloha AAA1 mabapi le BBB1, eo router e tla e bula ka lehlakoreng le leng, ntša pakete eo ho eona ebe u e romela ho eona 192.168.B.1 e le sephutheloana se tsoang ho 192.168.A.1.

Mohlala o khethehileng:

1) 192.168.B.1 boipiletso ho 192.168.A.1, e batla ho theha khokahano ea TCP le 192.168.A.1:3389;

2) 192.168.B.1 e romella kopo ea khokahano ho tsoa ho 192.168.B.1:55555 (o khetha nomoro ea boema-kepe bakeng sa maikutlo ka boeena; ka mor'a moo re tla sebelisa nomoro ea 55555 e le mohlala oa nomoro ea boema-kepe eo tsamaiso e e khethang ha e theha khokahano ea TCP) 192.168.A.1:3389;

3) sistimi e sebetsang e sebetsang khomphuteng e nang le aterese 192.168.B.1, e etsa qeto ea ho fetisetsa pakete ena ho aterese ea heke ea router (192.168.B.254 molemong oa rona), hobane tse ling, litsela tse khethehileng bakeng sa 192.168.A.1, ha e na, ka hona, e fetisetsa pakete ka tsela ea kamehla (0.0.0.0/0);

4) bakeng sa sena e leka ho fumana aterese ea MAC bakeng sa aterese ea IP 192.168.B.254 tafoleng ea cache ea protocol ea ARP. Haeba e sa fumanwe, e romela ho tswa ho aterese 192.168.B.1 kgaso ya nang le kopo ho marangrang 192.168.B.0/24. Ha 192.168.B.254 ha e arabela, e e romella aterese ea eona ea MAC, tsamaiso e fetisetsa pakete ea Ethernet bakeng sa eona ebe e kenya boitsebiso bona tafoleng ea eona ea cache;

5) router e amohela pakete ena mme e etsa qeto ea hore na e tla e fetisetsa hokae: e na le leano le ngotsoeng ho latela hore na e tlameha ho romela lipakete tsohle pakeng tsa 192.168.B.0/24 и 192.168.A.0/24 fetisa ka khokahano ea VPN lipakeng tsa BBB1 и AAA1;

6) router e hlahisa datagram ea ESP ho tloha BBB1 mabapi le AAA1;

7) router e etsa qeto ea hore na e tla romela pakete ena ho mang, e e romella ho, e re, BBB254 (ISP gateway) hobane ho na le litsela tse khethehileng tsa ho AAA1, ho feta 0.0.0.0/0, ha e na;

8) hantle joalo ka ha ho se ho boletsoe, e fumana aterese ea MAC bakeng sa BBB254 ebe o fetisetsa pakete ho ISP hekeng;

9) Bafani ba Inthanete ba fetisetsa datagram ea ESP ho tloha BBB1 mabapi le AAA1;

10) router ea sebele e buletsoe AAA1 e amohela datagraph ena, ea e hlakola ebe e amohela pakete ho tsoa ho 192.168.B.1:55555 etsoe 192.168.A.1:3389;

11) router ea sebele e hlahloba hore na e fetisetsoa ho mang, e fumana marang-rang tafoleng ea ho tsamaisa 192.168.A.0/24 ebe e romela ka kotloloho ho 192.168.A.1, hobane e na le sebopeho 192.168.A.254/24;

12) bakeng sa sena, router ea sebele e fumana aterese ea MAC bakeng sa 192.168.A.1 mme o fetisetsa pakete ena ho eena ka marang-rang a Ethernet;

13) 192.168.A.1 e amohela pakete ena boema-kepeng ba 3389, e lumela ho theha khokahano mme e hlahisa pakete ho arabela 192.168.A.1:3389 mabapi le 192.168.B.1:55555;

14) sistimi ea hae e fetisetsa pakete ena atereseng ea heke ea router e fumanehang (192.168.A.254 molemong oa rona), hobane tse ling, litsela tse khethehileng bakeng sa 192.168.B.1, ha e na, ka hona, e tlameha ho fetisetsa pakete ka tsela ea kamehla (0.0.0.0/0);

15) ho ts'oana le maemong a fetileng, sistimi e sebetsang ho seva e nang le aterese 192.168.A.1, e fumana aterese ea MAC 192.168.A.254, kaha e marang-rang a tšoanang le sebopeho sa eona 192.168.A.1/24;

16) router ea sebele e amohela pakete ena mme e etsa qeto ea hore na e tla e fetisetsa hokae: e na le leano le ngotsoeng ho latela hore na e lokela ho romela lipakete tsohle pakeng tsa 192.168.A.0/24 и 192.168.B.0/24 fetisa ka khokahano ea VPN lipakeng tsa AAA1 и BBB1;

17) router ea sebele e hlahisa datagram ea ESP ho tloha AAA1 etsoe BBB1;

18) router ea sebele e etsa qeto ea hore na e tla romela pakete ena ho mang, e e romella ho AAA254 (ISP heke, tabeng ena, ke rona le rona), hobane ho na le litsela tse khethehileng tsa ho BBB1, ho feta 0.0.0.0/0, ha e na;

19) Bafani ba Marang-rang ba fetisetsa datagram ea ESP holim'a marang-rang a bona ka AAA1 mabapi le BBB1;

20) router e bulehile BBB1 e amohela datagraph ena, ea e hlakola ebe e amohela pakete ho tsoa ho 192.168.A.1:3389 etsoe 192.168.B.1:55555;

21) oa utloisisa hore e lokela ho fetisetsoa ka ho khetheha ho 192.168.B.1, kaha o le marang-rang a tšoanang le eena, ka hona, o na le ho kena ho lumellanang le tafole ea ho tsamaisa, e leng se mo qobellang ho romela lipakete bakeng sa bohle. 192.168.B.0/24 ka ho toba;

22) router e fumana aterese ea MAC bakeng sa 192.168.B.1 ebe o mo fa sephutheloana sena;

23) sistimi e sebetsang khomphuteng e nang le aterese 192.168.B.1 e amohela sephutheloana ho tsoa ho 192.168.A.1:3389 etsoe 192.168.B.1:55555 mme e qala mehato e latelang ho theha khokahano ea TCP.

Mohlala ona ka bokhutšoanyane le ka mokhoa o bonolo (mme mona o ka hopola lintlha tse ling tse ngata) o hlalosa se etsahalang maemong a 2-4. Maemo a 1, 5-7 ha a nkoe.

Boemo ba bobeli

Haeba le 192.168.B.0/24 ntho e rometsoeng ka kotloloho ho AAA2, ha e ee ho VPN, empa ka ho toba. Ke hore, haeba mosebedisi ho tloha atereseng 192.168.B.1 boipiletso ho AAA2:13389, pakete ena e tsoa atereseng BBB1, ea fetela pele AAA2, ebe router ea e amohela ebe e e fetisetsa ho 192.168.A.1. 192.168.A.1 ha e tsebe letho ka 192.168.B.1, o bona sephutheloana se tsoang BBB1, hobane o mo fumane. Ka hona, karabo ea kopo ena e latela tsela e akaretsang, e tsoa ho aterese ka tsela e ts'oanang AAA2 ebe o ea ho BBB1, mme router eo e romella karabo ena ho 192.168.B.1, o bona karabo e tsoang ho AAA2, bao a neng a bua le bona.

Mohlala o khethehileng:

1) 192.168.B.1 boipiletso ho AAA2, e batla ho theha khokahano ea TCP le AAA2:13389;

2) 192.168.B.1 e romella kopo ea khokahano ho tsoa ho 192.168.B.1:55555 (nomoro ena, joalo ka mohlaleng o fetileng, e kanna ea fapana) ho AAA2:13389;

3) sistimi e sebetsang e sebetsang khomphuteng e nang le aterese 192.168.B.1, e etsa qeto ea ho fetisetsa pakete ena ho aterese ea heke ea router (192.168.B.254 molemong oa rona), hobane tse ling, litsela tse khethehileng bakeng sa AAA2, ha e na e le 'ngoe, ho bolelang hore e fetisetsa pakete ka tsela ea kamehla (0.0.0.0/0);

4) bakeng sa sena, joalo ka ha re boletse mohlaleng o fetileng, e leka ho fumana aterese ea MAC bakeng sa aterese ea IP 192.168.B.254 tafoleng ea cache ea protocol ea ARP. Haeba e sa fumanwe, e romela ho tswa ho aterese 192.168.B.1 kgaso ya nang le kopo ho marangrang 192.168.B.0/24. Ha 192.168.B.254 ha e arabela, e e romella aterese ea eona ea MAC, tsamaiso e fetisetsa pakete ea Ethernet bakeng sa eona ebe e kenya boitsebiso bona tafoleng ea eona ea cache;

5) router e amohela pakete ena mme e etsa qeto ea hore na e tla e fetisetsa hokae: e na le leano le ngotsoeng ho latela hore na le tlameha ho fetisa (ho nkela aterese ea ho khutlisa) lipakete tsohle ho tloha. 192.168.B.0/24 ho li-node tse ling tsa Marang-rang;

6) kaha pholisi ena e fana ka maikutlo a hore aterese ea ho khutla e tlameha ho lumellana le aterese e tlaase ho sebopeho seo pakete ena e tla fetisoa ka eona, router e qala ho etsa qeto ea hore na ke mang ea hlileng a lokelang ho romela pakete ena, 'me eena, joaloka mohlala o fetileng, o tlameha ho e romela. ho BBB254 (ISP gateway) hobane ho na le litsela tse khethehileng tsa ho AAA2, ho feta 0.0.0.0/0, ha e na;

7) ka hona, router e nka sebaka sa aterese ea ho khutla ea pakete, ho tloha joale pakete e tsoa BBB1:44444 (nomoro ea boema-kepe, ehlile, e ka fapana) ho AAA2:13389;

8) router e hopola seo e se entseng, e bolelang neng AAA2:13389 к BBB1:44444 karabo e fihla, o tla tseba hore o lokela ho fetola aterese ea moo a eang teng le koung ho 192.168.B.1:55555.

9) hona joale router e lokela ho e fetisetsa marang-rang a ISP ka BBB254ka hona, joalo ka ha re se re boletse, e fumana aterese ea MAC bakeng sa BBB254 ebe o fetisetsa pakete ho ISP hekeng;

10) Bafani ba Inthanete ba fetisetsa lipakete ho tloha BBB1 mabapi le AAA2;

11) router ea sebele e buletsoe AAA2 e amohela pakete ena boema-kepeng 13389;

12) ho na le molao ho router ea sebele o bolelang hore lipakete tse amoheloang ho tsoa ho motho leha e le ofe ea romelang boema-kepeng bona li lokela ho fetisetsoa ho 192.168.A.1:3389;

13) router ea sebele e fumana marang-rang tafoleng ea ho tsamaisa 192.168.A.0/24 le ho e romela ka kotloloho 192.168.A.1 hobane e na le sebopeho 192.168.A.254/24;

14) bakeng sa sena, router ea sebele e fumana aterese ea MAC bakeng sa 192.168.A.1 mme o fetisetsa pakete ena ho eena ka marang-rang a Ethernet;

15) 192.168.A.1 e amohela pakete ena boema-kepeng ba 3389, e lumela ho theha khokahano mme e hlahisa pakete ho arabela 192.168.A.1:3389 mabapi le BBB1:44444;

16) sistimi ea hae e fetisetsa pakete ena atereseng ea heke ea router e fumanehang (192.168.A.254 molemong oa rona), hobane tse ling, litsela tse khethehileng bakeng sa BBB1, ha e na, ka hona, e tlameha ho fetisetsa pakete ka tsela ea kamehla (0.0.0.0/0);

17) ka tsela e ts'oanang le maemong a fetileng, sistimi e sebetsang ho seva e nang le aterese 192.168.A.1, e fumana aterese ea MAC 192.168.A.254, kaha e marang-rang a tšoanang le sebopeho sa eona 192.168.A.1/24;

18) router ea sebele e amohela pakete ena. Ho ke ho hlokomeloe hore o hopola seo a ileng a se amohela ho AAA2:13389 sephutheloana ho tloha BBB1:44444 mme a fetola aterese ya moamohedi le boemakepe ho 192.168.A.1:3389, ka hona, sephutheloana se tsoang ho 192.168.A.1:3389 etsoe BBB1:44444 e fetola aterese ea motho ea e romelang ho AAA2:13389;

19) router ea sebele e etsa qeto ea hore na e tla romela pakete ena ho mang, e e romella ho AAA254 (ISP heke, tabeng ena, ke rona le rona), hobane ho na le litsela tse khethehileng tsa ho BBB1, ho feta 0.0.0.0/0, ha e na;

20) Bafani ba Inthanete ba fetisetsa pakete ka AAA2 mabapi le BBB1;

21) router e bulehile BBB1 amohela pakete ena 'me a hopola hore ha a romela pakete ho tloha 192.168.B.1:55555 etsoe AAA2:13389, o ile a fetola aterese ea hae le boema-kepe ba motho ea romelang ho BBB1:44444, joale karabo ke ena e lokelang ho romelloa ho 192.168.B.1:55555 (ha e le hantle, ho na le licheke tse ling tse 'maloa moo, empa ha re kenelle ho seo);

22) oa utloisisa hore e lokela ho fetisoa ka kotloloho ho 192.168.B.1, kaha o le marang-rang a tšoanang le eena, ka hona, o na le ho kena ho lumellanang le tafole ea ho tsamaisa, e leng se mo qobellang ho romela lipakete bakeng sa bohle. 192.168.B.0/24 ka ho toba;

23) router e fumana aterese ea MAC bakeng sa 192.168.B.1 ebe o mo fa sephutheloana sena;

24) sistimi e sebetsang khomphuteng e nang le aterese 192.168.B.1 e amohela sephutheloana ho tsoa ho AAA2:13389 etsoe 192.168.B.1:55555 mme e qala mehato e latelang ho theha khokahano ea TCP.

Re lokela ho hlokomela hore tabeng ena k'homphieutha e nang le aterese 192.168.B.1 ha e tsebe letho ka seva e nang le aterese 192.168.A.1, o buisana le eena feela AAA2. Ka mokhoa o ts'oanang, seva e nang le aterese 192.168.A.1 ha a tsebe letho ka komporo e nang le aterese 192.168.B.1. O lumela hore o ne a amana le aterese BBB1, ’me ha a tsebe letho le leng, ka tsela ea tšoantšetso.

Hape hoa lokela ho hlokomeloa hore haeba khomphuta ena e fihlella AAA2:1540, khokahanyo e ke ke ea thehoa hobane khokahanyo ea ho fetisetsa ho port 1540 ha e e-s'o lokisoe ho router ea sebele, esita le haeba e le ho li-server leha e le life tsa marang-rang. 192.168.A.0/24 (mohlala, ho seva e nang le aterese 192.168.A.1) mme ho na le lits'ebeletso tse emetseng likhokahano boema-kepeng bona. Haeba mosebelisi oa komporo ea nang le aterese 192.168.B.1 Hoa hlokahala ho theha khokahano ea ts'ebeletso ena, e tlameha ho sebelisa VPN, ke hore. ikopanye ka kotloloho 192.168.A.1:1540.

E lokela ho totobatsoa hore boiteko leha e le bofe ba ho theha kamano le AAA1 (ntle le khokahano ea IPSec e tsoang ho BBB1 e ke ke ea atleha. Boiteko bofe kapa bofe ba ho theha likhokahano le AAA2, ntle le likhokahano ho port 13389, le eona e ke ke ea atleha.
Re boetse re hlokomela hore haeba ho AAA2 Haeba motho e mong a sebetsa (ka mohlala, CCCC), ntho e ’ngoe le e ’ngoe e bontšitsoeng lirapeng tsa 10-20 e tla sebetsa le ho eena. Ho etsahala'ng pele le ka mor'a sena ho itšetlehile ka hore na hantle-ntle se ka morao ho CCCC ena Ha re na boitsebiso bo joalo, kahoo re u eletsa hore u buisane le batsamaisi ba node le aterese ea CCCC.

Boemo ba boraro

'Me, ka lehlakoreng le leng, haeba le 192.168.A.1 ntho e romelloa boema-kepeng bo bong bo lokiselitsoeng ho fetisetsa ka hare ho BBB1 (mohlala, 11111), hape ha e felle ka VPN, empa e phalla feela ho tloha AAA1 ebe o kena BBB1, 'me o se a ntse a e fetisetsa kae-kae, a re, 192.168.B.2:3389. O bona sephutheloana sena ha se tsoe 192.168.A.1, le ho tloha AAA1. Mme neng 192.168.B.2 likarabo, sephutheloana se tsoa BBB1 mabapi le AAA1, mme hamorao o fihla ho mothehi oa khokahano - 192.168.A.1.

Mohlala o khethehileng:

1) 192.168.A.1 boipiletso ho BBB1, e batla ho theha khokahano ea TCP le BBB1:11111;

2) 192.168.A.1 e romella kopo ea khokahano ho tsoa ho 192.168.A.1:55555 (nomoro ena, joalo ka mohlaleng o fetileng, e kanna ea fapana) ho BBB1:11111;

3) sistimi e sebetsang e sebetsang ho seva e nang le aterese 192.168.A.1, e etsa qeto ea ho fetisetsa pakete ena ho aterese ea heke ea router (192.168.A.254 molemong oa rona), hobane tse ling, litsela tse khethehileng bakeng sa BBB1, ha e na, ka hona, e fetisetsa pakete ka tsela ea kamehla (0.0.0.0/0);

4) bakeng sa sena, joalo ka ha re boletse mehlaleng e fetileng, e leka ho fumana aterese ea MAC bakeng sa aterese ea IP 192.168.A.254 tafoleng ea cache ea protocol ea ARP. Haeba e sa fumanwe, e romela ho tswa ho aterese 192.168.A.1 kgaso ya nang le kopo ho marangrang 192.168.A.0/24. Ha 192.168.A.254 ha a arabela, o mo romella aterese ea hae ea MAC, tsamaiso e fetisetsa pakete ea Ethernet bakeng sa eona ebe e kenya boitsebiso bona tafoleng ea eona ea cache;

5) router ea sebele e amohela pakete ena 'me e etsa qeto ea hore na e tla e fetisetsa hokae: e na le leano le ngotsoeng ho latela hore na e tlameha ho fetisa (ho nkela aterese ea ho khutlisa) lipakete tsohle ho tloha. 192.168.A.0/24 ho li-node tse ling tsa Marang-rang;

6) kaha pholisi ena e nka hore aterese ea ho khutlisa e tlameha ho lumellana le aterese e tlaase ho sebopeho seo pakete ena e tla fetisoa ka eona, router ea sebele e qala ho etsa qeto ea hore na ke mang ea lokelang ho romela pakete ena ho eena, 'me eena, joaloka mohlala o fetileng, o tlameha ho romela. ho AAA254 (ISP heke, tabeng ena, ke rona le rona), hobane ho na le litsela tse khethehileng tsa ho BBB1, ho feta 0.0.0.0/0, ha e na;

7) sena se bolela hore router ea sebele e nkela aterese ea ho khutla ea pakete sebaka, ho tloha joale ho ea pele ke pakete e tsoang. AAA1:44444 (nomoro ea boema-kepe, ehlile, e ka fapana) ho BBB1:11111;

8) router ea sebele e hopola seo e se entseng, ka hona, ha e tsoa BBB1:11111 etsoe AAA1:44444 karabo e fihla, o tla tseba hore o lokela ho fetola aterese ea moo a eang teng le koung ho 192.168.A.1:55555.

9) hona joale router ea sebele e lokela ho e fetisetsa marang-rang a ISP ka AAA254, joalo ka ha re se re boletse, e fumana aterese ea MAC bakeng sa AAA254 ebe o fetisetsa pakete ho ISP hekeng;

10) Bafani ba Inthanete ba fetisetsa lipakete ho tloha AAA1 ho ea ho BBB1;

11) router e bulehile BBB1 e amohela pakete ena boema-kepeng 11111;

12) ho na le molao ho router ea sebele o bolelang hore lipakete tse tsoang ho motho leha e le ofe ea romelang boema-kepeng bona li lokela ho fetisetsoa ho 192.168.B.2:3389;

13) router e fumana marang-rang tafoleng ea ho tsamaisa 192.168.B.0/24 ebe e romela ka kotloloho ho 192.168.B.2, hobane e na le sebopeho 192.168.B.254/24;

14) bakeng sa sena, router ea sebele e fumana aterese ea MAC bakeng sa 192.168.B.2 mme o fetisetsa pakete ena ho eena ka marang-rang a Ethernet;

15) 192.168.B.2 e amohela pakete ena boema-kepeng ba 3389, e lumela ho theha khokahano mme e hlahisa pakete ho arabela 192.168.B.2:3389 mabapi le AAA1:44444;

16) sistimi ea hae e fetisetsa pakete ena ho aterese ea heke ea router (192.168.B.254 molemong oa rona), hobane tse ling, litsela tse khethehileng bakeng sa AAA1, ha e na, ka hona, e tlameha ho fetisetsa pakete ka tsela ea kamehla (0.0.0.0/0);

17) ka tsela e ts'oanang le maemong a fetileng, sistimi e sebetsang khomphuteng e nang le aterese 192.168.B.2, e fumana aterese ea MAC 192.168.B.254, kaha e marang-rang a tšoanang le sebopeho sa eona 192.168.B.2/24;

18) router e amohela pakete ena. Ho ke ho hlokomeloe hore o hopola seo a ileng a se amohela ho BBB1:11111 sephutheloana ho tloha AAA1 mme a fetola aterese ya moamohedi le boemakepe ho 192.168.B.2:3389, ka hona, sephutheloana se tsoang ho 192.168.B.2:3389 etsoe AAA1:44444 e fetola aterese ea motho ea e romelang ho BBB1:11111;

19) router e etsa qeto ea hore na o tla romela pakete ena ho mang. O e romela ho, ho re, BBB254 (ISP heke, aterese e tobileng eo re sa e tsebeng), hobane ha ho sa na litsela tse tobileng tsa ho AAA1, ho feta 0.0.0.0/0, ha e na;

20) Bafani ba Inthanete ba fetisetsa pakete ka BBB1 mabapi le AAA1;

21) router ea sebele e buletsoe AAA1 amohela pakete ena 'me a hopola hore ha a romela pakete ho tloha 192.168.A.1:55555 etsoe BBB1:11111, o ile a fetola aterese ea hae le boema-kepe ba motho ea romelang ho AAA1:44444. Sena se bolela hore ena ke karabo e lokelang ho romelloa 192.168.A.1:55555 (ha e le hantle, joalokaha re boletse mohlaleng o fetileng, ho boetse ho na le licheke tse ling tse 'maloa, empa lekhetlong lena ha re kenelle ka botebo le tsona);

22) oa utloisisa hore e lokela ho fetisoa ka kotloloho ho 192.168.A.1, kaha o ne a le marang-rang a tšoanang le eena, ho bolela hore o na le ho kena ho lumellanang le tafole ea routing e mo qobellang ho romela lipakete ho bohle. 192.168.A.0/24 ka ho toba;

23) router e fumana aterese ea MAC bakeng sa 192.168.A.1 ebe o mo fa sephutheloana sena;

24) sistimi e sebetsang ho seva e nang le aterese 192.168.A.1 e amohela sephutheloana ho tsoa ho BBB1:11111 bakeng sa 192.168.A.1:55555 mme e qala mehato e latelang ho theha khokahano ea TCP.

Ho tšoana hantle le tabeng e fetileng, tabeng ena seva se nang le aterese 192.168.A.1 ha a tsebe letho ka komporo e nang le aterese 192.168.B.1, o buisana le eena feela BBB1. Khomphuta e nang le aterese 192.168.B.1 hape ha a tsebe letho ka seva e nang le aterese 192.168.A.1. O lumela hore o ne a amana le aterese AAA1, mme tse ding di patetswe yena.

fihlela qeto e

Ena ke tsela eo ntho e 'ngoe le e' ngoe e etsahalang ka eona bakeng sa likhokahano ka har'a kotopo ea VPN lipakeng tsa ofisi ea moreki le tikoloho ea leru, hammoho le likhokahano tse kantle ho kotopo ea VPN. 'Me haeba u na le lipotso kapa u hloka thuso ea rona ho rarolla mathata a maru, ikopanye le rona 24x7.

Source: www.habr.com

Eketsa ka tlhaloso