Sawubona wonke umntu!
Ndiyazi ukuba izihloko ezininzi ezinoseto lwe-OpenVPN zenziwe. Nangona kunjalo, mna ngokwam ndadibana nenyaniso yokuba, ngokomgaqo, akukho lwazi lucwangcisiweyo kwisihloko sentloko kwaye ndagqiba ukwabelana ngamava am ngokukodwa kunye nabo bangengabo i-gurus kulawulo lwe-OpenVPN, kodwa bangathanda ukufezekisa uxhulumaniso olukude. iisubnets zohlobo lwesiza-ukuya-kwisiza kwi-NAS Synology. Kwangaxeshanye, shiya inqaku lakho njengesikhumbuzo.
Ngoko. Ndine-Synology DS918+ NAS kunye nephakheji ye-VPN Server efakiweyo, elungiselelwe nge-OpenVPN kunye nabasebenzisi abanokudibanisa neseva ye-VPN. Andiyi kungena kwiinkcukacha zokuseta umncedisi kwi-interface ye-DSM (i-NAS ye-server yewebhu portal). Olu lwazi luyafumaneka kwiwebhusayithi yomenzi.
Ingxaki kukuba i-interface ye-DSM (njengomhla wokupapashwa kwenguqulo 6.2.3) inenani elilinganiselwe lemimiselo yokulawula iseva ye-OpenVPN. Kwimeko yethu, isicwangciso soxhumo lwesayithi ukuya kwindawo siyadingeka, okt. Iinginginya ze-subnet yomxhasi we-VPN kufuneka zibone iinginginya ze-subnet yeseva ye-VPN kwaye ngokuphambeneyo. Iisetingi ezingagqibekanga ezifumanekayo kwiNAS zikuvumela ukuba uqwalasele ufikelelo kuphela ukusuka kwinginginya zomxhasi we-subnet ye-VPN kwiinginginya ze-subnet zeseva.
Ukuqwalasela ukufikelela kwi-subnets ye-VPN yomxhasi kwi-subnet ye-VPN, kufuneka singene kwi-NAS nge-SSH kwaye siqwalasele ifayile ye-OpenVPN yokucwangcisa iseva ngesandla.
Ukuhlela iifayile kwi-NAS nge-SSH, ilunge ngakumbi kum ukuba ndisebenzise iCommander Midnight. Ukwenza oku, ndidibanise umthombo kwiPackage Centre
Ngena nge-SSH kwi-NAS phantsi kweakhawunti enamalungelo omlawuli.
Sichwetheza i-sudo su kwaye sichaza igama eligqithisiweyo lomlawuli kwakhona:
Sichwetheza i-mc yomyalelo kwaye siqhube uMphathi wobusuku:
Emva koko, yiya kwi/var/packages/VPNCenter/etc/openvpn/ directory kwaye ufumane ifayile openvpn.conf:
Ngokomsebenzi, kufuneka sidibanise ii-subnets ezikude ezi-2. Ukwenza oku, senza ii-akhawunti kwi-NAS ngokusebenzisa i-DSM 2 kunye namalungelo alinganiselwe kuzo zonke iinkonzo ze-NAS kwaye sinika ukufikelela kuphela kwi-VPN uxhulumaniso kwiisetingi zeSeva ye-VPN. Kumxhasi ngamnye, kufuneka siqwalasele i-IP engatshintshiyo eyabelwe iseva yeVPN kunye nendlela ngale traffic ye-IP ukusuka kwi-subnet yomncedisi we-VPN ukuya kwi-subnet ye-VPN yomxhasi.
Idatha yokuqala:
I-subnet yeseva yeVPN: 192.168.1.0/24.
Idili yedilesi yeseva ye-OpenVPN yi-10.8.0.0/24. Iseva ye-OpenVPN ngokwayo ifumana idilesi 10.8.0.1.
Umxhasi we-1 VPN subnet (umsebenzisi we-VPN): 192.168.10.0/24, kufuneka afumane idilesi emileyo 10.8.0.5 kwiseva ye-OpenVPN
Umxhasi we-2 VPN subnet (umsebenzisi we-VPN-GUST): 192.168.5.0/24, kufuneka afumane idilesi ye-static 10.8.0.4 kwiseva ye-OpenVPN
Kuluhlu lwezicwangciso, yenza ifolda ye-ccd kwaye wenze iifayile zezicwangciso ezinamagama ahambelana nokungena komsebenzisi.
Kumsebenzisi weVPN, bhala ezi zicwangciso zilandelayo kwifayile:
Kumsebenzisi we-VPN-GUST, bhala oku kulandelayo kwifayile:
Kuhlala kuphela ukunyenyisa uqwalaselo lweseva ye-OpenVPN-yongeza iparameter yokufunda useto lomxumi kwaye wongeze indlela kwii-subnets zabaxhasi:
Kumfanekiso wekhusi ongentla, imigca emi-2 yokuqala yoqwalaselo iqwalaselwe kusetyenziswa ujongano lweDSM (ukukhangela "Vumela abathengi ukuba bafikelele kwinethiwekhi yendawo yomncedisi" ukhetho kwiisetingi zeseva ye-OpenVPN).
Umxhasi-config-dir ccd umgca uxela ukuba izicwangciso zomxhasi zikwi ccd ulawulo.
Okulandelayo, imigca emi-2 yoqwalaselo yongeza iindlela kwii-subnets zabaxhasi ngokusebenzisa amasango e-OpenVPN ahambelanayo.
Ekugqibeleni, i-subnet topology kufuneka isetyenziswe ukuze isebenze ngokufanelekileyo.
Asizibambi zonke ezinye izicwangciso kwifayile.
Emva kokumisela useto, ungalibali ukuqalisa kwakhona inkonzo ye-VPN kumphathi wephakheji. Kwinginginya okanye kwisango lenginginya ze-subnet yomncedisi, bhalisa iindlela ukuya kumxhasi we-subnets nge-NAS.
Kwimeko yam, isango lemikhosi yonke kwi-subnet apho i-NAS ikhona (i-IP 192.168.1.3) yayiyi-router (192.168.1.1). Kule router, ndongeze amangeniso omzila kwiinethiwekhi 192.168.5.0/24 kunye ne-192.168.10.0/24 kwisango 192.168.1.3 (NAS) kwitheyibhile yendlela ye-static.
Ungalibali ukuba nge-firewall enikwe amandla kwi-NAS, kuya kufuneka uyiqwalasele nayo. Ngaphezu koko, i-firewall inokwenziwa ukuba isebenze kwicala lomxhasi, nayo iya kufuneka iqwalaselwe.
PS. Andingobuchwephesha bobuchwephesha bothungelwano kwaye ngakumbi ekusebenzeni ne-OpenVPN, ndabelana ngamava am kwaye ndipapashe izicwangciso endizenzileyo, ezindivumeleyo ukuba ndilungiselele unxibelelwano lwendawo ukuya kwindawo phakathi kwe-subnets. Mhlawumbi kukho ulungiselelo olulula kunye / okanye oluchanekileyo, ndiya konwaba kuphela ukuba wabelana ngamava akho kumagqabantshintshi.
umthombo: www.habr.com