ProHoster > Blog > Tsamaiso > Buka "Linux in Action"

Buka "Linux in Action"

Buka "Linux in Action" Lumelang, baahi ba Khabro! Bukeng ena, David Clinton o hlalosa merero ea 12 ea sebele ea bophelo, ho kenyelletsa le ho iketsetsa mokhoa oa hau oa ho boloka le oa ho hlaphoheloa, ho theha leru la lifaele tsa hau tsa Dropbox, le ho iketsetsa seva sa hau sa MediaWiki. U tla hlahloba ts'ebetso, ho hlaphoheloa ha koluoa, ts'ireletso, bekapo, li-DevOps, le ho rarolla mathata a sistimi ka lithuto tse khahlisang. Khaolo ka 'ngoe e qetella ka tlhahlobo ea mekhoa e metle, lethathamo la mantsoe a macha, le boikoetliso.

Setšoantšo sa "10.1. Ho theha kotopo ea OpenVPN"

Ke se ke buile haholo ka encryption bukeng ena. SSH le SCP li ka sireletsa data e fetisitsoeng holim'a likhokahano tse hole (Khaolo ea 3), encryption ea faele e ka sireletsa data ha e ntse e bolokoa ho seva (Khaolo ea 8), le litifikeiti tsa TLS / SSL li ka sireletsa data e fetisitsoeng lipakeng tsa libaka le libatli tsa bareki (Khaolo ea 9) . Empa ka linako tse ling data ea hau e hloka ho sireletsoa ho pholletsa le mefuta e mengata ea likhokahano. Mohlala, mohlomong litho tse ling tsa sehlopha sa hau li sebetsa tseleng ha li ntse li hokela ho Wi-Fi ka libaka tse hotspots tsa sechaba. Ka sebele ha ua lokela ho nahana hore libaka tse joalo tsa phihlello li bolokehile, empa batho ba heno ba hloka mokhoa oa ho hokela lisebelisoa tsa k'hamphani — ke moo VPN e ka thusang.

Tunnel e entsoeng hantle ea VPN e fana ka khokahanyo e tobileng pakeng tsa bareki ba hōle le seva ka tsela e patang data ha e ntse e tsamaea holim'a marang-rang a sa sireletsehang. Joale? U se u bone lisebelisoa tse ngata tse ka etsang sena ka encryption. Bohlokoa ba 'nete ba VPN ke hore ka ho bula kotopo, u ka hokahanya marang-rang a hole joalokaha eka kaofela ke tsa lehae. Ka mantsoe a mang, u sebelisa tsela e ka thōko.

Ka ho sebelisa marang-rang ana a atolositsoeng, batsamaisi ba ka etsa mosebetsi oa bona ho li-server tsa bona ho tloha kae kapa kae. Empa habohlokoa le ho feta, k'hamphani e nang le lisebelisoa tse hasaneng libakeng tse ngata e ka etsa hore kaofela li bonahale 'me li fumanehe ho lihlopha tsohle tse li hlokang, kae kapa kae moo li leng teng (Setšoantšo sa 10.1).

Tonopo ka boeona ha e tiise tšireletso. Empa e 'ngoe ea litekanyetso tsa encryption e ka kenyelletsoa mohahong oa marang-rang, o eketsang haholo boemo ba tšireletso. Lithapo tse entsoeng ho sebelisoa sephutheloana sa OpenVPN sa mohloli o bulehileng li sebelisa encryption e tšoanang ea TLS/SSL eo u seng u balile ka eona. OpenVPN ha se eona feela khetho e fumanehang, empa ke e 'ngoe ea tse tsebahalang haholo. E nkuoa e le lebelo hanyane ebile e bolokehile ho feta protocol ea Layer 2 e sebelisang encryption ea IPsec.

Na u batla hore bohle sehlopheng sa hau ba buisane ba sireletsehile ha ba le tseleng kapa ba sebetsa meahong e fapaneng? Ho etsa sena, o hloka ho theha seva sa OpenVPN ho lumella ho arolelana lits'ebetso le ho fihlella tikolohong ea marang-rang ea sebaka sa seva. Hore sena se sebetse, sohle seo o hlokang ho se etsa ke ho tsamaisa mechini e 'meli ea sebele kapa lijana tse peli: e' ngoe e tla sebetsa joalo ka seva / moamoheli 'me e mong e sebetse joalo ka moreki. Ho aha VPN ha se ts'ebetso e bonolo, kahoo mohlomong ho bohlokoa ho nka metsotso e seng mekae ho nahana ka setšoantšo se seholo.

Buka "Linux in Action"

10.1.1. OpenVPN Server Configuration

Pele u qala, ke tla u fa likeletso tse molemo. Haeba u tla e etsa ka bouena ('me ke u khothaletsa haholo), mohlomong u tla iphumana u sebetsa ka li-terminal tse ngata lifensetere tse bulehileng ho Desktop ea hau, e' ngoe le e 'ngoe e hokahane le mochini o fapaneng. Ho na le kotsi ea hore ka nako e 'ngoe u tla kenya taelo e fosahetseng ka fensetere. Ho qoba sena, o ka sebelisa taelo ea lebitso la moeti ho fetola lebitso la mochini le bontšitsoeng moleng oa taelo ho ntho e u bolellang ka ho hlaka hore na u hokae. Ha u se u entse sena, u tla hloka ho tsoa ka har'a seva ebe u kena hape hore litlhophiso tse ncha li sebetse. Ena ke tsela eo e shebahalang ka eona:

Buka "Linux in Action"
Ka ho latela mokhoa ona le ho fana ka mabitso a loketseng mochining o mong le o mong oo u sebetsang ka ona, u ka boloka tlaleho ea moo u leng teng habonolo.

Kamora ho sebelisa lebitso la moamoheli, o kanna oa kopana le ho khopisa Ha u khone ho Rarolla melaetsa ea Host OpenVPN-Server ha u etsa litaelo tse latelang. Ho nchafatsa faele ea / etc/hosts ka lebitso le lecha la moamoheli ho lokela ho rarolla bothata.

Ho lokisa seva ea hau bakeng sa OpenVPN

Ho kenya OpenVPN ho seva sa hau, o hloka liphutheloana tse peli: openvpn le bonolo-rsa (ho laola ts'ebetso ea tlhahiso ea senotlolo sa encryption). Basebedisi ba CentOS ba lokela ho qala ho kenya polokelo ea epel-release haeba ho hlokahala, joalokaha u entse Khaolong ea 2. E le hore u khone ho hlahloba phihlelo ea kopo ea seva, u ka boela ua kenya Apache web server (apache2 ho Ubuntu le httpd ho CentOS).

Ha o ntse o hlophisa seva ea hau, ke khothaletsa ho kenya tšebetsong firewall e thibelang likou tsohle ntle le 22 (SSH) le 1194 (boema-kepe ba kamehla ba OpenVPN). Mohlala ona o bontša kamoo ufw e ka sebetsang kateng ho Ubuntu, empa ke na le bonnete ba hore u ntse u hopola lenaneo la CentOS firewalld ho tloha Khaolong ea 9:

# ufw enable
# ufw allow 22
# ufw allow 1194

Ho nolofalletsa tsela ea ka hare pakeng tsa marang-rang a marang-rang ho seva, o hloka ho hlakola mohala o le mong (net.ipv4.ip_forward = 1) ho file /etc/sysctl.conf. Sena se tla lumella bareki ba hole hore ba fetisetsoe moo ho hlokahalang hang ha ba se ba hokahantsoe. Ho etsa hore khetho e ncha e sebetse, tsamaisa sysctl -p:

# nano /etc/sysctl.conf
# sysctl -p

Sebaka sa hau sa seva se se se hlophisitsoe ka botlalo, empa ho sa na le ntho e le 'ngoe eo u lokelang ho e etsa pele u itokisetsa: u tla hloka ho tlatsa mehato e latelang (re tla e akaretsa ka botlalo).

  1. Theha sete ea likonopo tsa "public key infrastructure" (PKI) ho sebatli u sebelisa mangolo a fanoeng le sephutheloana se bonolo sa rsa. Ha e le hantle, seva sa OpenVPN le sona se sebetsa e le bolaoli ba setifikeiti sa sona (CA).
  2. Lokisetsa moreki linotlolo tse loketseng
  3. Lokisa faele ea seva.conf bakeng sa seva
  4. Beha moreki oa hau oa OpenVPN
  5. Sheba VPN ea hau

Ho hlahisa linotlolo tsa encryption

Ho boloka lintho li le bonolo, o ka theha lisebelisoa tsa hau tsa bohlokoa mochining o le mong moo seva sa OpenVPN se sebetsang teng. Leha ho le joalo, mekhoa e metle ea ts'ireletso hangata e fana ka maikutlo a ho sebelisa seva e arohaneng ea CA bakeng sa phepelo ea tlhahiso. Mokhoa oa ho hlahisa le ho aba lisebelisoa tsa bohlokoa tsa encryption bakeng sa tšebeliso ea OpenVPN e bonts'itsoe ho Feiga. 10.2.

Buka "Linux in Action"
Ha o kenya OpenVPN, /etc/openvpn/ directory e ile ea bōptjoa ka bo eona, empa ha ho na letho ho eona. Liphutheloana tsa openvpn le tse bonolo-rsa li tla le lifaele tsa mohlala tsa template tseo u ka li sebelisang e le motheo oa tlhophiso ea hau. Ho qala ts'ebetso ea setifikeiti, kopitsa bukana ea template e bonolo ea rsa ho tloha / usr/share/ ho ea / joalo-joalo/openvpn 'me u fetohele ho bonolo-rsa/ directory:

# cp -r /usr/share/easy-rsa/ /etc/openvpn
$ cd /etc/openvpn/easy-rsa

Lenane la bonolo-rsa joale le tla ba le mangolo a mangata. Tafoleng 10.1 e thathamisa lisebelisoa tseo u tla li sebelisa ho etsa linotlolo.

Buka "Linux in Action"

Ts'ebetso e kaholimo e hloka litokelo tsa motso, ka hona o hloka ho ba motso ka sudo su.

Faele ea pele eo u tla sebetsa le eona e bitsoa vars 'me e na le mefuta e fapaneng ea tikoloho eo bonolo-rsa e e sebelisang ha o hlahisa linotlolo. U hloka ho hlophisa faele ho sebelisa litekanyetso tsa hau ho e-na le litekanyetso tsa kamehla tse seng li ntse li le teng. Sena ke kamoo faele ea ka e tla shebahala kateng (Lethathamo la 10.1).

Lenane la 10.1. Likaroloana tse ka sehloohong tsa faele /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="CA"
export KEY_PROVINCE="ON"
export KEY_CITY="Toronto"
export KEY_ORG="Bootstrap IT"
export KEY_EMAIL="[email protected]"
export KEY_OU="IT"

Ho tsamaisa faele ea vars ho tla fetisetsa litekanyetso tsa eona tikolohong ea khetla, moo li tla kenyelletsoa ka har'a linotlolo tsa hau tse ncha. Hobaneng taelo ea sudo ka boeona e sa sebetse? Hobane mohatong oa pele re hlophisa script e bitsoang vars ebe rea e sebelisa. Ho sebelisa mme ho bolela hore faele ea vars e fetisetsa boleng ba eona tikolohong ea khetla, moo e tla kenyelletsoa ka har'a linotlolo tsa hau tse ncha.

Etsa bonnete ba hore o tsamaisa faele hape o sebelisa khetla e ncha ho phethela ts'ebetso e sa phethoang. Ha sena se se se phethiloe, sengoloa se tla u susumelletsa hore u tsamaise script e 'ngoe, hloekisa-tsohle, ho tlosa litaba leha e le life ho /etc/openvpn/easy-rsa/keys/ directory:

Buka "Linux in Action"
Ka tlhaho, mohato o latelang ke ho tsamaisa mongolo o hloekileng, o lateloa ke build-ca, o sebelisang pkitool script ho etsa setifikeiti sa motso. U tla kopuoa ho netefatsa litlhophiso tsa boitsebiso tse fanoeng ke vars:

# ./clean-all
# ./build-ca
Generating a 2048 bit RSA private key

E latelang ho tla script ea build-key-server. Kaha e sebelisa mongolo o tšoanang oa pkitool hammoho le setifikeiti se secha sa motso, u tla bona lipotso tse tšoanang ho netefatsa ho bōptjoa ha para ea bohlokoa. Linotlolo li tla bitsoa ho latela likhang tseo u li fetisang, tseo, ntle le haeba u sebelisa li-VPN tse ngata mochining ona, hangata e tla ba seva, joalo ka mohlala:

# ./build-key-server server
[...]
Certificate is to be certified until Aug 15 23:52:34 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

OpenVPN e sebelisa li-parameter tse hlahisoang ke algorithm ea Diffie-Hellman (e sebelisa build-dh) ho buisana ka bonnete ba likhokahano tse ncha. Faele e entsoeng mona ha e hloke ho ba lekunutu, empa e tlameha ho hlahisoa ho sebelisoa sengoloa sa build-dh bakeng sa linotlolo tsa RSA tse ntseng li sebetsa hajoale. Haeba u theha linotlolo tse ncha tsa RSA nakong e tlang, u tla hloka hape ho nchafatsa faele ea Diffie-Hellman:

# ./build-dh

Linotlolo tsa hau tsa lehlakoreng la seva li tla qetella li le /etc/openvpn/easy-rsa/keys/ directory, empa OpenVPN ha e tsebe sena. Ka kamehla, OpenVPN e tla batla linotlolo ho /etc/openvpn/, kahoo li kopitse:

# cp /etc/openvpn/easy-rsa/keys/server* /etc/openvpn
# cp /etc/openvpn/easy-rsa/keys/dh2048.pem /etc/openvpn
# cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn

Ho Lokisa Linotlolo tsa Encryption ea Client

Joalo ka ha u se u bone, encryption ea TLS e sebelisa lipara tsa linotlolo tse tsamaellanang: e 'ngoe e kentsoe ho seva mme e kentsoe ho moreki ea hole. Sena se bolela hore o tla hloka linotlolo tsa bareki. Pkitool ea rona ea khale ea motsoalle ke sona seo u se hlokang bakeng sa sena. Mohlaleng ona, ha re tsamaisa lenaneo ho /etc/openvpn/easy-rsa/ directory, re e fetisetsa khang ea bareki ho hlahisa lifaele tse bitsoang client.crt le client.key:

# ./pkitool client

Lifaele tse peli tsa bareki, hammoho le faele ea pele ea ca.crt e ntseng e le ka har'a linotlolo/ directory, joale li lokela ho fetisetsoa ho moreki oa hau ka mokhoa o sireletsehileng. Ka lebaka la litokelo tsa bona tsa botho le phihlello, sena se kanna sa se be bonolo. Mokhoa o bonolo ka ho fetisisa ke ho kopitsa ka letsoho litaba tsa faele ea mohloli (mme ha ho letho haese likahare) ho terminal e sebetsang komporong ea komporo ea hau (khetha mongolo, tobetsa ho eona ka ho le letona ebe u khetha Kopitsa ho tsoa ho menu). Ebe u beha sena faeleng e ncha e nang le lebitso le tšoanang le leo u le thehang ho terminal ea bobeli e hokahantsoeng le moreki oa hau.

Empa mang kapa mang a ka khaola le ho peista. Sebakeng seo, nahana joalo ka molaoli hobane u ke ke ua lula u fumana GUI moo ts'ebetso ea ho seha / peista e ka khonehang. Kopitsa lifaele bukeng ea lapeng ea mosebelisi (e le hore ts'ebetso ea scp e hole e ka li fihlela), ebe o sebelisa chown ho fetola botho ba lifaele ho tloha motso ho ea ho mosebelisi ea tloaelehileng eo e seng motso e le hore ketso ea scp e hole e ka etsoa. Etsa bonnete ba hore lifaele tsa hau kaofela li kentsoe ebile lia fumaneha. U tla li fetisetsa ho moreki nakoana hamorao:

# cp /etc/openvpn/easy-rsa/keys/client.key /home/ubuntu/
# cp /etc/openvpn/easy-rsa/keys/ca.crt /home/ubuntu/
# cp /etc/openvpn/easy-rsa/keys/client.crt /home/ubuntu/
# chown ubuntu:ubuntu /home/ubuntu/client.key
# chown ubuntu:ubuntu /home/ubuntu/client.crt
# chown ubuntu:ubuntu /home/ubuntu/ca.crt

Ka sete e felletseng ea linotlolo tsa encryption e se e loketse ho tsamaea, o hloka ho bolella seva hore na u batla ho theha VPN joang. Sena se etsoa ka ho sebelisa faele ea seva.conf.

Ho fokotsa palo ea li-keytroke

Ho na le ho thaepa ho hongata haholo? Ho atolosoa ka li-brackets ho tla thusa ho fokotsa litaelo tse tšeletseng ho tse peli. Kea kholoa u ka ithuta mehlala ena e 'meli 'me ua utloisisa se etsahalang. Habohlokoa le ho feta, u tla khona ho utloisisa mokhoa oa ho sebelisa melaoana ena ts'ebetsong e kenyelletsang likarolo tse mashome kapa tse makholo:

# cp /etc/openvpn/easy-rsa/keys/{ca.crt,client.{key,crt}} /home/ubuntu/
# chown ubuntu:ubuntu /home/ubuntu/{ca.crt,client.{key,crt}}

Ho theha faele ea seva.conf

U ka tseba joang hore na faele ea server.conf e lokela ho shebahala joang? Hopola template e bonolo ea rsa eo u e kopitsitseng ho /usr/share/? Ha u kenya OpenVPN, u ne u siiloe ka faele ea template e hatelitsoeng eo u ka e kopitsang ho /etc/openvpn/. Ke tla haha ​​holim'a taba ea hore template e bolokiloe mme ke u tsebise sesebelisoa se molemo: zcat.

U se u ntse u tseba ka ho hatisa mongolo oa faele skrineng u sebelisa taelo ea katse, empa ho thoe'ng haeba faele e hatelloa ka gzip? U ka notlolla faele ka linako tsohle ebe katse e tla e ntša ka thabo, empa ke mohato o le mong kapa tse peli ho feta kamoo ho hlokahalang. Sebakeng seo, joalo ka ha u ka be u nahanne, u ka fana ka taelo ea zcat ho kenya mongolo o sa phutholohang mohopolong ka mohato o le mong. Mohlaleng o latelang, sebakeng sa ho hatisa mongolo skrineng, o tla o fetisetsa faeleng e ncha e bitsoang server.conf:

# zcat 
  /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz 
  > /etc/openvpn/server.conf
$ cd /etc/openvpn

Ha re behelle ka thoko litokomane tse pharaletseng le tse thusang tse tlang le faele mme re bone hore na e ka shebahala joang ha u qetile ho hlophisa. Hlokomela hore semicolon (;) e bolella OpenVPN hore e se ke ea bala kapa ea phethahatsa mola o latelang (Lethathamo la 10.2).

Buka "Linux in Action"
Ha re hlahlobeng tse ling tsa litlhophiso tsena.

  • Ka ho feletseng, OpenVPN e sebetsa ho port 1194. U ka fetola sena, mohlala, ho tsoela pele ho pata mesebetsi ea hau kapa ho qoba likhohlano le lithanele tse ling tse sebetsang. Kaha 1194 e hloka tšebelisano e fokolang le bareki, ho molemo ho e etsa ka tsela ena.
  • OpenVPN e sebelisa Transmission Control Protocol (TCP) kapa User Datagram Protocol (UDP) ho fetisetsa data. TCP e kanna ea lieha hanyane, empa e ts'epahala haholoanyane ebile e kanna ea utloisisoa ke lits'ebetso tse sebetsang lipheletsong tse peli tsa kotopo.
  • O ka hlakisa dev tun ha o batla ho theha kotopo e bonolo, e sebetsang haholoanyane ea IP e tsamaisang litaba tsa data eseng letho. Haeba, ka lehlakoreng le leng, o hloka ho hokela marang-rang a mangata (le marang-rang ao a a emelang), ho theha borokho ba Ethernet, o tla tlameha ho khetha dev tap. Haeba u sa utloisise hore na sena sohle se bolela eng, sebelisa tun argument.
  • Mehala e mene e latelang e fa OpenVPN mabitso a lifaele tse tharo tsa netefatso ho seva le faele ea khetho ea dh2048 eo u e entseng pejana.
  • Mohala oa seva o beha sebaka le subnet mask e tla sebelisoa ho abela bareki liaterese tsa IP ha u kena.
  • Paramethara ea boikhethelo ea "route 10.0.3.0 255.255.255.0" e lumella bareki ba hole ho fihlella li-subnet tsa lekunutu ka mor'a seva. Ho etsa mosebetsi ona ho boetse ho hloka ho theha marang-rang ho seva ka boeona e le hore subnet e ikemetseng e tsebe ka subnet ea OpenVPN (10.8.0.0).
  • The port-share localhost 80 line e u lumella hore u tsamaise sephethephethe sa bareki se tlang ho port 1194 ho seva sa sebaka sa marang-rang se mametseng ho port 80. (Sena se tla ba molemo haeba u tla sebelisa seva sa marang-rang ho leka VPN ea hau.) Sena se sebetsa feela. joale ha tcp protocol e khethoa.
  • Mosebedisi nobody le methalo ya sehlopha sa nogroup e tlameha ho dumellwa ka ho ntsha semikholone (;). Ho qobella bareki ba hole ho sebetsa joalo ka ha ho motho le sehlopha ho netefatsa hore linako tsa seva ha li na tokelo.
  • log e hlakisa hore likenyelletso tsa hajoale li tla hlakola likenyo tsa khale nako le nako ha OpenVPN e qala, athe log-append e kenyelletsa likenyelletso tse ncha faeleng e teng ea log. Openvpn.log faele ka boeona e ngotsoe ho /etc/openvpn/ directory.

Ho feta moo, boleng ba moreki ho moreki le bona hangata bo eketsoa faeleng ea tlhophiso e le hore bareki ba bangata ba ka bonana ho kenyelletsa seva sa OpenVPN. Haeba u khotsofetse ke tlhophiso ea hau, u ka qala seva sa OpenVPN:

# systemctl start openvpn

Ka lebaka la ho fetoha ha kamano lipakeng tsa OpenVPN le systemd, ka linako tse ling ho ka hlokahala syntax e latelang ho qala ts'ebeletso: systemctl qala openvpn@server.

Ho matha ip addr ho thathamisa marang-rang a marang-rang a seva sa hau joale ho lokela ho hlahisa sehokelo sa sebopeho se secha se bitsoang tun0. OpenVPN e tla e etsa ho sebeletsa bareki ba tlang:

$ ip addr
[...]
4: tun0: mtu 1500 qdisc [...]
      link/none
      inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
          valid_lft forever preferred_lft forever

U ka 'na ua hloka ho tsosolosa seva pele lintho tsohle li qala ho sebetsa ka botlalo. Sebaka se latelang ke komporo ea bareki.

10.1.2. E lokisa moreki oa OpenVPN

Ka tloaelo, lithanele li hahiloe bonyane ka litsela tse peli tsa ho tsoa (ho seng joalo re ka li bitsa mahaha). OpenVPN e hlophisitsoeng hantle ho seva e tsamaisa sephethephethe ho kena le ho tsoa ka kotopong ka lehlakoreng le le leng. Empa hape o tla hloka software e sebetsang ka lehlakoreng la bareki, ke hore, ka lehlakoreng le leng la kotopo.

Karolong ena, ke tla shebana le ho theha mofuta o itseng oa khomphutha ea Linux ho sebetsa joalo ka moreki oa OpenVPN. Empa ena hase eona feela tsela eo monyetla ona o fumanehang ka eona. OpenVPN e ts'ehetsa lits'ebetso tsa bareki tse ka kengoang le ho sebelisoa ho li-desktops le lilaptop tse sebelisang Windows kapa macOS, hammoho le li-smartphones le matlapa a Android le iOS. Sheba openvpn.net bakeng sa lintlha tse ling.

Sephutheloana sa OpenVPN se tla hloka ho kenngoa mochining oa bareki joalo ka ha se kentsoe ho seva, leha ho sa hlokahale hore ho be bonolo-rsa mona kaha linotlolo tseo u li sebelisang li se li le teng. U hloka ho kopitsa faele ea template ea client.conf ho /etc/openvpn/ directory eo u sa tsoa e etsa. Lekhetlong lena faele e ke ke ea koaloa, kahoo taelo ea kamehla ea cp e tla etsa mosebetsi hantle:

# apt install openvpn
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf 
  /etc/openvpn/

Boholo ba litlhophiso tse faeleng ea hau ea client.conf li tla itlhalosa hantle: li lokela ho lumellana le boleng ba seva. Joalokaha u ka bona ho tsoa faeleng e latelang ea mohlala, parameter e ikhethang e hole 192.168.1.23 1194, e bolellang mofani aterese ea IP ea seva. Hape, etsa bonnete ba hore ena ke aterese ea hau ea seva. U lokela hape ho qobella k'homphieutha ea bareki ho netefatsa bonnete ba setifikeiti sa seva ho thibela tlhaselo e ka bang teng ea motho ea bohareng. Mokhoa o mong oa ho etsa sena ke ho kenya mohala oa remote-cert-tls (Lethathamo la 10.3).

Buka "Linux in Action"
Hona joale o ka ea ho /etc/openvpn/ directory ebe o ntša linotlolo tsa setifikeiti ho tsoa ho seva. Tlosa aterese ea IP ea seva kapa lebitso la domain mohlala ka litekanyetso tsa hau:

Buka "Linux in Action"
Ha ho letho le monate le tla etsahala ho fihlela o sebelisa OpenVPN ho moreki. Kaha o hloka ho fetisa likhang tse 'maloa, o tla e etsa ho tsoa molaong oa taelo. Khang ea --tls-client e bolella OpenVPN hore o tla sebetsa joalo ka moreki mme o hokahane ka encryption ea TLS, le --config lintlha ho faele ea hau ea tlhophiso:

# openvpn --tls-client --config /etc/openvpn/client.conf

Bala tlhahiso ea taelo ka hloko ho etsa bonnete ba hore u hokahane ka nepo. Haeba ho na le ho hong ho sa tsamaeeng hantle lekhetlo la pele, e kanna ea ba ka lebaka la ho se lumellane lipakeng tsa li-server le lifaele tsa tlhophiso ea bareki kapa taba ea khokahano ea marang-rang / firewall. Malebela a ho rarolla mathata ke ana.

  • Bala ka hloko tlhahiso ea ts'ebetso ea OpenVPN ho moreki. Hangata e na le keletso ea bohlokoa mabapi le hore na ha e le hantle ke eng e ke keng ea etsoa le hore na ke hobane'ng.
  • Sheba melaetsa ea liphoso lifaeleng tsa openvpn.log le openvpn-status.log ho /etc/openvpn/ directory ho seva.
  • Lekola lits'oants'o tsa sistimi ho seva le moreki bakeng sa melaetsa e amanang le OpenVPN le nako e behiloeng. (journalctl -ce e tla bonts'a lingoloa tsa morao-rao.)
  • Etsa bonnete ba hore o na le khokahano e sebetsang ea marang-rang pakeng tsa seva le moreki (ho feta ka sena Khaolong ea 14).

Mabapi le mongoli

David Clinton - molaoli oa tsamaiso, tichere le mongoli. O tsamaisitse, o ngotse, mme o thehile lisebelisoa tsa thuto bakeng sa lithupelo tse ngata tsa bohlokoa tsa tekheniki, ho kenyeletsoa lits'ebetso tsa Linux, cloud computing (haholo-holo AWS), le theknoloji ea lijana tse kang Docker. O ngotse buka ea Ithute Litšebeletso tsa Webosaete tsa Amazon ka Khoeli ea Lijo tsa Motšehare (Manning, 2017). Lithuto tsa hae tse ngata tsa koetliso ea livideo li ka fumanoa ho Pluralsight.com, 'me lihokela tsa libuka tsa hae tse ling (ka tsamaiso ea Linux le virtualization ea seva) li fumaneha ho. bootstrap-it.com.

» Lintlha tse ling mabapi le buka li ka fumanoa ho webosaete ea mohatisi
» Lethathamo la tse kahare
» Sengoloa

Bakeng sa Khabrozhiteley 25% theolelo o sebelisa setlankane - Linux
Kamora ho lefa mofuta oa pampiri oa buka, buka ea elektroniki e tla romelloa ka e-mail.

Source: www.habr.com

Eketsa ka tlhaloso