Ukuqhubela phambili ibali malunga neZeroTier, kwithiyori echazwe kwinqaku "", ndiqhubela phambili nokuzilolonga apho:
- Masidale kwaye siqwalasele isilawuli senethiwekhi yabucala
- Masenze inethiwekhi yenyani
- Masiqwalasele kwaye sidibanise iindawo kuyo
- Makhe sijonge unxibelelwano lwenethiwekhi phakathi kwabo
- Masivale ukufikelela kwi-GUI yomlawuli wenethiwekhi ukusuka ngaphandle
Umlawuli womnatha
Njengoko kukhankanyiwe ngaphambili, ukwenza uthungelwano olubonakalayo, ukulawula, kunye nokudibanisa iindawo, umsebenzisi ufuna umlawuli wenethiwekhi, ujongano lwegraphical (GUI) olukhoyo kwiifom ezimbini:
Iinketho ze-GUI ze-ZeroTier
- Enye evela kumphuhlisi we-ZeroTier, ekhoyo njengesisombululo selifu sikawonke-wonke se-SaaS kunye nezicwangciso ezine zokubhalisa, kubandakanywa simahla, kodwa kunqunyelwe kwinani lezixhobo ezilawulwayo kunye nenqanaba lenkxaso.
- Eyesibini isuka kumphuhlisi ozimeleyo, owenziwe lula ngandlel’ ithile ekusebenzeni, kodwa ekhoyo njengesisombululo somthombo wabucala ovulekileyo wokusetyenziswa kwisiseko okanye kwimithombo yelifu.
Kumsebenzi wam, ndasebenzisa zombini kwaye ngenxa yoko, ekugqibeleni ndahlala kweyesibini. Isizathu soku yayizilumkiso zomphuhlisi.
“Abalawuli bothungelwano basebenza njengabasemagunyeni bokuqinisekisa uthungelwano lweZeroTier. Iifayile ezinezitshixo eziyimfihlo zomlawuli kufuneka zigadwe ngononophelo kwaye zigcinwe ngokukhuselekileyo. Ukuthotyelwa kwabo kuvumela abahlaseli abangagunyaziswanga ukuba benze ulungelelwaniso lwenethiwekhi yobuqhetseba, kwaye ilahleko yabo ikhokelela ekuphulukaneni namandla okulawula nokulawula inethiwekhi, ngokuyinikezela ngokungasebenziyo. "
→
Kwaye kwakhona, iimpawu ze-cybersecurity paranoia :)
- Nokuba iCheburnet iza, kufuneka ndikwazi ukufikelela kumlawuli wam womnatha;
- Kuphela kufuneka ndisebenzise umlawuli wenethiwekhi. Ukuba kuyimfuneko, ukubonelela ngokufikelela kubameli bakho abagunyazisiweyo;
- Kufuneka ukuba kwenzeke ukukhawulela ukufikelela kumlawuli wenethiwekhi ukusuka ngaphandle.
Kweli nqaku, andiyiboni inqaku elininzi lokuhlala ngokwahlukileyo kwindlela yokuthumela umlawuli wenethiwekhi kunye ne-GUI yayo kwisiseko sezinto eziphathekayo okanye ezibonakalayo. Kwaye kukho izizathu ezi-3 zoku:
- kuya kubakho iileta ezininzi kunokuba bekucwangcisiwe
- malunga nale nto kakade kumphuhlisi we-GUI uGitHab
- Umxholo wenqaku umalunga nenye into
Ngoko ke, ukukhetha umendo wokuchasana okuncinci, ndiya kusebenzisa kweli bali umlawuli wenethiwekhi kunye ne-GUI esekelwe kwi-VDS, eyenziwe ngu. , iphuhliswe ngobubele ngoogxa bam baseRuVDS.
Ukusekwa kokuqala
Emva kokudala umncedisi kwi template ekhankanyiweyo, umsebenzisi ufumana ukufikelela kumlawuli we-Web-GUI ngokusebenzisa umkhangeli zincwadi ngokufikelela https:// : 3443
Ngokungagqibekanga, umncedisi sele enesiqiniseko se-TLS/SSL esenziwe ngaphambili. Oku kwanele kum, ekubeni ndivala ukufikelela kuyo ngaphandle. Kwabo banqwenela ukusebenzisa ezinye iintlobo zezatifikethi, zikho kumphuhlisi we-GUI uGitHab.
Xa umsebenzisi engena okokuqala Ngema ngokungena okungagqibekanga kunye negama lokugqitha - admin и inombolo yokuvula:
Icebisa ukutshintsha igama eligqithisiweyo elingagqibekanga libe leliqhelekileyo
Ndiyenza ngokwahlukileyo kancinci- anditshintshi igama eligqithisiweyo lomsebenzisi okhoyo, kodwa dala entsha - Yenza uMsebenzisi.
Ndibeka igama lomsebenzisi omtsha - lomsebenzisi:
Ndiseta igama eligqithisiweyo elitsha - Faka igama lokugqithisa elitsha:
Ndiqinisekisa igama eligqithisiweyo elitsha - Phinda ufake iphasiwedi:
Abalinganiswa obafakayo bakwimeko ebuthathaka - lumka!
Ibhokisi yokukhangela ukuqinisekisa utshintsho lwegama lokugqitha kwigama elilandelayo lokungena - Guqula igama lokugqithisa xa ungena ngokulandelayo: Andibhiyozeli.
Ukuqinisekisa idatha engenisiweyo, cofa Setha iphasiwedi:
Emva koko: ndiphinde ndangena- Phuma / Ngema, sele iphantsi kweziqinisekiso zomsebenzisi omtsha:
Okulandelayo, ndiya kubasebenzisi ithebhu - abasebenzisi kwaye ucime umsebenzisi adminngokunqakraza kwi icon yenkunkuma ebekwe ekhohlo kwegama lakhe.
Kwixesha elizayo, unokutshintsha igama eligqithisiweyo lomsebenzisi ngokucofa nokuba kwigama lakhe okanye kwiseti yokugqitha.
Ukudala inethiwekhi yenyani
Ukwenza inethiwekhi yenyani, umsebenzisi kufuneka aye kwithebhu Yongeza inethiwekhi. Ukusuka kwindawo umsebenzisi oku kunokwenziwa ngephepha Ikhaya - iphepha eliphambili le-Web-GUI, ebonisa idilesi ye-ZeroTier yalo mlawuli wenethiwekhi kwaye iqulethe ikhonkco kwiphepha loluhlu lwamanethiwekhi adalwe ngayo.
Kwiphepha Yongeza inethiwekhi umsebenzisi unika igama kumsebenzi womnatha owenziwe ngokutsha.
Xa usebenzisa idatha yegalelo − Yenza iNethiwekhi umsebenzisi uthathwa asiwe kwiphepha elinoluhlu lothungelwano, oluqulathe:
Igama lenethiwekhi - igama lenethiwekhi ngendlela yekhonkco, xa ucofa kuyo ungatshintsha
Isazisi senethiwekhi - isazisi senethiwekhi
nkcukacha — ikhonkco kwiphepha elineeparamitha ezineenkcukacha zenethiwekhi
ukuseta lula — ikhonkco kwiphepha ukuseta lula
amalungu - ikhonkco kwiphepha lolawulo le-node
Ukuseta ngakumbi landela ikhonkco ukuseta lula. Kwiphepha elivulayo, umsebenzisi uxela uluhlu lweedilesi ze-IPv4 zothungelwano oluyilwayo. Oku kunokwenziwa ngokuzenzekelayo ngokucofa iqhosha Yenza idilesi yenethiwekhi okanye ngesandla ngokungenisa imaski yenethiwekhi kwindawo efanelekileyo I-CIDR.
Xa uqinisekisa ungeniso lwedatha oluyimpumelelo, kufuneka ubuyele kwiphepha kunye noluhlu lwenethiwekhi usebenzisa iqhosha lokubuyela emuva. Ngeli xesha, ukuseta isiseko sothungelwano kunokuqwalaselwa ngokupheleleyo.
Ukuqhagamshela iindawo zenethiwekhi
- Okokuqala, inkonzo ye-ZeroTier One kufuneka ifakwe kwi-node umsebenzisi afuna ukuyidibanisa kwinethiwekhi.
Yintoni iZeroTier One?ZeroTier One yinkonzo eqhutywa kwiilaptops, iidesktops, iiseva, oomatshini ababonakalayo kunye nezikhongozeli ezibonelela ngoqhagamshelo kuthungelwano olunenyani ngezibuko lothungelwano lwenyani, olufana nomxhasi weVPN.
Nje ukuba inkonzo ifakelwe kwaye iqalisiwe, ungaqhagamshela kwiinethiwekhi zenyani usebenzisa iidilesi zabo ezinedijithi ezili-16. Uthungelwano ngalunye lubonakala njengezibuko lothungelwano lwenyani kwinkqubo, eziphatha njengechweba eliqhelekileyo le-Ethernet.
Amakhonkco kunikezelo, kunye nemiyalelo yokuhlohla, inokufumaneka .Unako ukulawula inkonzo efakiweyo ngokusebenzisa i-terminal yomgca womyalelo (CLI) kunye namalungelo olawulo/ingcambu. KwiWindows/MacOS ikwasebenzisa ujongano lwegraphical. Kwi-Android/iOS isebenzisa kuphela iGUI.
- Ukujonga impumelelo yofakelo lwenkonzo:
I-CLI:
zerotier-cli statusIsiphumo:
200 info ebf416fac1 1.4.6 ONLINE
GUI:Inyani yokuba isicelo siyasebenza kunye nobukho kuyo umgca kunye ne-ID yeNode enedilesi yendawo.
- Ukuqhagamshela indawo yothungelwano:
I-CLI:
zerotier-cli join <Network ID>Isiphumo:
200 join OKGUI:
Windows: cofa ekunene kwi icon ZeroTier One kwitreyi yenkqubo nokukhetha into - Joyina iNethiwekhi.
IMacOS: Qalisa isicelo ZeroTier One kwibar menu, ukuba ayikasungulwa. Cofa kwi ⏁ i icon kwaye ukhethe Joyina iNethiwekhi.I-Android/iOS: + (kunye nomfanekiso) kwi-app
Kwintsimi evelayo, faka umlawuli wenethiwekhi ochazwe kwi-GUI Isazisi senethiwekhi, kwaye ucinezele Joyina/Yongeza iNethiwekhi. - Ukwabela idilesi yeIP kumamkeli
Ngoku sibuyela kumlawuli wenethiwekhi kwaye kwiphepha elinoluhlu lwenethiwekhi landela ikhonkco amalungu. Ukuba ubona umfanekiso ofana nalo kwisikrini, oko kuthetha ukuba umlawuli wakho womnatha ufumene isicelo sokuqinisekisa uqhagamshelo kwinethiwekhi ukusuka kwindawo eqhagamshelweyo.
Kweli phepha sishiya yonke into njengoko injalo ngoku kwaye silandele ikhonkco Isabelo se-IP yiya kwiphepha lokwabela idilesi ye-IP kwindawo:
Emva kokwabela idilesi, cofa iqhosha umva buyela kwiphepha loluhlu lweendawo eziqhagamshelweyo kwaye usete igama - Igama lelungu kwaye khangela ibhokisi yokukhangela ukugunyazisa indawo yothungelwano - Ugunyaziwe. Ngendlela, le bhokisi yokukhangela yinto elula kakhulu yokuqhawula / ukudibanisa kwinethiwekhi yenginginya kwixesha elizayo.
Gcina utshintsho usebenzisa iqhosha Vuselela. - Ukujonga ubume boqhagamshelwano lwenodi kuthungelwano:
Ukujonga imeko yoqhagamshelo kwindawo ngokwayo, sebenzisa:
I-CLI:zerotier-cli listnetworksIsiphumo:
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks 2da06088d9f863be My_1st_VLAN be:88:0c:cf:72:a1 OK PRIVATE ethernet_32774 10.10.10.2/24
GUI:Imo yenethiwekhi kufuneka ilungile
Ukudibanisa iindawo eziseleyo, phinda imisebenzi 1-5 nganye kuzo.
Ukujonga uqhagamshelo lwenethiwekhi yeenodi
Ndikwenza oku ngokuqhuba umyalelo i-ping kwisixhobo esiqhagamshelwe kwinethiwekhi endiyilawulayo ngoku.
Kumfanekiso wesikrini somlawuli we-Web-GUI unokubona iindawo ezintathu eziqhagamshelwe kwinethiwekhi:
- ZTNCUI - 10.10.10.1 - umlawuli wam womnatha kunye ne-GUI - VDS kwenye yeRuVDS DCs. Kumsebenzi oqhelekileyo akukho mfuneko yokongeza kwinethiwekhi, kodwa ndenze oku kuba ndifuna ukuvimba ukufikelela kwi-interface yewebhu ngaphandle. Okunye malunga noku kamva.
- MyComp - 10.10.10.2 -ikhompyuter yam yomsebenzi yiPC ebonakalayo
- Ugcino - 10.10.10.3 - VDS kwenye DC.
Ke ngoko, kwikhompyuter yam yomsebenzi ndijonga ubukho bezinye iindawo ezinemiyalelo:
ping 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=14ms TTL=64
Reply from 10.10.10.1: bytes=32 time=4ms TTL=64
Reply from 10.10.10.1: bytes=32 time=7ms TTL=64
Reply from 10.10.10.1: bytes=32 time=2ms TTL=64
Ping statistics for 10.10.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 14ms, Average = 6ms
ping 10.10.10.3
Pinging 10.10.10.3 with 32 bytes of data:
Reply from 10.10.10.3: bytes=32 time=15ms TTL=64
Reply from 10.10.10.3: bytes=32 time=4ms TTL=64
Reply from 10.10.10.3: bytes=32 time=8ms TTL=64
Reply from 10.10.10.3: bytes=32 time=4ms TTL=64
Ping statistics for 10.10.10.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 15ms, Average = 7ms
Umsebenzisi unelungelo lokusebenzisa ezinye izixhobo zokujonga ukufumaneka kwee-nodes kwinethiwekhi, zombini eyakhelwe kwi-OS kunye ne-NMAP, i-Advanced IP Scanner, njl.
Sifihla ukufikelela kwi-GUI yomlawuli wenethiwekhi ukusuka ngaphandle.
Ngokubanzi, ndinokunciphisa amathuba okufikelela okungagunyaziswanga kwi-VDS apho umlawuli wam womnatha ekhoyo usebenzisa i-firewall kwi-akhawunti yam ye-RuVDS. Esi sihloko silindeleke ngakumbi kwinqaku elahlukileyo. Ngoko ke, apha ndiza kubonisa indlela yokubonelela ngokufikelela kumlawuli we-GUI kuphela kwinethiwekhi endiyenzileyo kweli nqaku.
Ukwenza oku, kufuneka uqhagamshele nge-SSH kwi-VDS apho umlawuli akhoyo kwaye uvule ifayile yoqwalaselo usebenzisa lo myalelo:
nano /opt/key-networks/ztncui/.envKwifayile evuliwe, emva komgca "HTTPS_PORT=3443" equlethe idilesi yechweba apho i-GUI ivula khona, kufuneka ungeze umgca owongezelelweyo kunye nedilesi apho i-GUI iya kuvula khona - kwimeko yam HTTPS_HOST=10.10.10.1 .XNUMX.
Okulandelayo ndiya kugcina ifayile
Сtrl+C
Y
Enter
kwaye sebenzisa umyalelo:
systemctl restart ztncuiKwaye yiloo nto, ngoku i-GUI yomlawuli wenethiwekhi yam ifumaneka kuphela kwiinodi zenethiwekhi 10.10.10.0.24.
Endaweni yesiphelo
Apha kulapho ndifuna ukugqiba inxalenye yokuqala yesikhokelo esisebenzayo sokwenza uthungelwano olubonakalayo olusekwe kwiZeroTier. Ndijonge phambili kwizimvo zenu.
Okwangoku, ukuhambisa ixesha kude kube kupapasho lwenxalenye elandelayo, apho ndiya kukuxelela indlela yokudibanisa inethiwekhi ebonakalayo kunye neyomzimba, indlela yokulungelelanisa indlela "yemfazwe yendlela" kunye nenye into, ndicebisa ukuba uzame. ukucwangcisa eyakho inethwekhi enenyani usebenzisa isilawuli somsebenzi womnatha wabucala kunye neGUI esekwe kwiVDS ukusuka kwindawo yentengiso I-RUVDS. Ngaphezu koko, bonke abathengi abatsha banexesha lelingo lasimahla leentsuku ezi-3!
PS Ewe! Ndiphantse ndalibala! Ungayisusa i-node kwinethiwekhi usebenzisa umyalelo kwi-CLI yale node.
zerotier-cli leave <Network ID>
200 leave OK
okanye i Cima umyalelo kumxhasi GUI kwindawo.
->
->
->
umthombo: www.habr.com