Ama-athikili wangempela azalwa ngezinhlamvu eziya ku-Tucha support technical. Isibonelo, iklayenti lisanda kusibuza ngesicelo sokucacisa ukuthi kwenzekani phakathi nokuxhumeka ngaphakathi komhubhe we-VPN phakathi kwehhovisi lomsebenzisi nendawo yamafu, kanye naphakathi kokuxhumeka ngaphandle komhubhe we-VPN. Ngakho-ke, wonke umbhalo ongezansi uyincwadi yangempela esiyithumele kwelinye lamakhasimende ethu siphendula umbuzo walo. Impela, amakheli e-IP ashintshiwe ukuze kungaveli igama leklayenti. Kodwa, yebo, ukwesekwa kwezobuchwepheshe kwe-Tucha kudume ngempela ngezimpendulo zayo ezinemininingwane nama-imeyili afundisayo. π
Yebo, siyaqonda ukuthi kwabaningi lesi sihloko ngeke sibe isambulo. Kodwa, njengoba izindatshana zabaphathi bezimfundamakhwela zivela kuHabr ngezikhathi ezithile, futhi njengoba lesi sihloko sivela encwadini yangempela siya kuklayenti langempela, sisazokwabelana ngalolu lwazi lapha. Kunamathuba amaningi okuthi kuzoba usizo kumuntu.
Ngakho-ke, sichaza ngokuningiliziwe ukuthi kwenzekani phakathi kweseva efwini nasehhovisi uma zixhunywe inethiwekhi yesayithi kuya kusayithi. Qaphela ukuthi ezinye izinsiza zitholakala ehhovisi kuphela, kanti ezinye zitholakala noma yikuphi ku-inthanethi.
Masichaze ngokushesha ukuthi iklayenti lethu lalifunani kuseva I-192.168.A.1 ungaqhamuka noma yikuphi nge-RDP, uxhumeke ku AAA2:13389, kanye nokufinyelela kwezinye izinsiza ehhovisi kuphela (192.168.B.0/24)ixhumeke nge-VPN. Futhi, iklayenti ekuqaleni yayiyilungiselele ukuthi imoto I-192.168.B.2 ehhovisi kwakungenzeka futhi ukusebenzisa i-RDP noma yikuphi, ukuxhuma BBB1:11111. Sisize ukuhlela ukuxhumana kwe-IPSec phakathi kwefu nehhovisi, futhi uchwepheshe we-IT wekhasimende waqala ukubuza imibuzo mayelana nokuthi kuzokwenzekani kulokhu noma kuleso simo. Ukuze siphendule yonke le mibuzo, empeleni, sambhalela konke ongakufunda ngezansi.
Manje ake sibheke lezi zinqubo ngokuningiliziwe.
Isikhundla sokuqala
Uma okuthile kuthunyelwe kusuka 192.168.B.0/24 Π² 192.168.A.0/24 noma kusuka 192.168.A.0/24 Π² 192.168.B.0/24, ingena ku-VPN. Okusho ukuthi, leli phakethe liphinde libethelwe futhi lidluliselwe phakathi BBB1 ΠΈ AAA1, kodwa I-192.168.A.1 ubona iphakheji ncamashi kusuka I-192.168.B.1. Bangakwazi ukuxhumana bodwa besebenzisa noma iyiphi iphrothokholi. Izimpendulo ezibuyayo zithunyelwa ngendlela efanayo nge-VPN, okusho ukuthi iphakethe lisuka I-192.168.A.1 ngoba I-192.168.B.1 izothunyelwa njengedathagram ye-ESP kusuka AAA1 on BBB1, lapho i-router izokwembuleka ngalolo hlangothi, khipha lelo phakethe kulo bese ulithumela kulo I-192.168.B.1 njengephakheji evela I-192.168.A.1.
Isibonelo esiqondile:
1) I-192.168.B.1 ibhekisela ku I-192.168.A.1, ifuna ukusungula uxhumano lwe-TCP nge 192.168.A.1:3389;
2) I-192.168.B.1 ithumela isicelo sokuxhuma kusuka 192.168.B.1:55555 (ukhetha inombolo yembobo ukuze aphendule ngokwakhe; ngemva kwalokhu sizosebenzisa inombolo engu-55555 njengesibonelo senombolo yembobo ekhethwa uhlelo lapho kwakhiwa uxhumano lwe-TCP) 192.168.A.1:3389;
3) isistimu yokusebenza esebenza kukhompuyutha enekheli I-192.168.B.1, inquma ukudlulisela leli phakethe ekhelini lesango le-router (I-192.168.B.254 kithi), ngoba ezinye, izindlela eziqondile kakhulu ze I-192.168.A.1, ayinayo, ngakho-ke, idlulisela iphakethe ngomzila ozenzakalelayo (0.0.0.0/0);
4) ngalokhu izama ukuthola ikheli le-MAC lekheli le-IP I-192.168.B.254 kuthebula le-cache yephrothokholi ye-ARP. Uma ingatholwa, ithumela isuka ekhelini I-192.168.B.1 sakaza ukuthi ubani onesicelo kunethiwekhi 192.168.B.0/24... Nini I-192.168.B.254 ekuphenduleni, ithumela ikheli layo le-MAC, uhlelo ludlulisela iphakethe le-Ethernet kulo futhi lufaka lolu lwazi etafuleni layo le-cache;
5) i-router ithola leli phakethe bese inquma ukuthi izolidlulisela kuphi: inenqubomgomo ebhaliwe okufanele ithumele wonke amaphakethe phakathi kwayo. 192.168.B.0/24 ΠΈ 192.168.A.0/24 dlulisa ngoxhumano lwe-VPN phakathi BBB1 ΠΈ AAA1;
6) umzila ukhiqiza idathagram ye-ESP kusuka BBB1 on AAA1;
7) umzila unquma ukuthi uzothumela bani leli phakethe, lithumele kuye, lithi, BBB254 (Isango le-ISP) ngoba kunemizila eqondile eya AAA1, kuno-0.0.0.0/0, ayinayo;
8) ngokufana ncamashi njengoba sekushiwo, ithola ikheli le-MAC BBB254 bese idlulisela iphakethe esangweni le-ISP;
9) Abahlinzeki be-inthanethi badlulisela idathagram ye-ESP kusuka BBB1 on AAA1;
10) irutha ebonakalayo ivuliwe AAA1 ithola le datagram, iyisuse ekubhaleni kwayo bese ithola iphakethe kuyo 192.168.B.1:55555 ngoba 192.168.A.1:3389;
11) irutha ebonakalayo ihlola ukuthi izoyidlulisela kubani, ithola inethiwekhi kuthebula lomzila 192.168.A.0/24 bese uyithumela ku- I-192.168.A.1, ngoba inokuxhumana 192.168.A.254/24;
12) kulokhu, irutha ebonakalayo ithola ikheli le-MAC I-192.168.A.1 futhi idlulisela leli phakethe kuye ngenethiwekhi ye-Ethernet ebonakalayo;
13) I-192.168.A.1 ithola leli phakethe ku-port 3389, ivuma ukusungula uxhumano futhi ikhiqize iphakethe njengempendulo evela 192.168.A.1:3389 on 192.168.B.1:55555;
14) uhlelo lwakhe ludlulisela leli phakethe ekhelini lesango le-router ebonakalayo (I-192.168.A.254 kithi), ngoba ezinye, izindlela eziqondile kakhulu ze I-192.168.B.1, ayinayo, ngakho-ke, kufanele idlulisele iphakethe ngomzila ozenzakalelayo (0.0.0.0/0);
15) okufanayo nakwezimo ezidlule, isistimu esebenza kuseva enekheli I-192.168.A.1, ithola ikheli le-MAC I-192.168.A.254, njengoba ikunethiwekhi efanayo nesixhumi esibonakalayo sayo 192.168.A.1/24;
16) irutha ebonakalayo ithola leli phakethe bese inquma ukuthi izolidlulisela kuphi: inomgomo obhaliwe okufanele ithumele ngawo wonke amaphakethe phakathi kwayo. 192.168.A.0/24 ΠΈ 192.168.B.0/24 dlulisa ngoxhumano lwe-VPN phakathi AAA1 ΠΈ BBB1;
17) irutha ebonakalayo ikhiqiza idathagram ye-ESP kusuka AAA1 ngoba BBB1;
18) irutha ebonakalayo inquma ukuthi leli phakethe lingathumela kubani, lithumele kuye AAA254 (Isango le-ISP, kulesi simo, yithi futhi), ngoba kunemizila eqondile kakhulu BBB1, kuno-0.0.0.0/0, ayinayo;
19) Abahlinzeki be-inthanethi badlulisela idathagram ye-ESP ngamanethiwekhi abo nge AAA1 on BBB1;
20) irutha ivuliwe BBB1 ithola le datagram, iyisuse ekubhaleni kwayo bese ithola iphakethe kuyo 192.168.A.1:3389 ngoba 192.168.B.1:55555;
21) uyaqonda ukuthi kufanele idluliselwe ku I-192.168.B.1, njengoba ekunethiwekhi efanayo naye, ngakho-ke, unokungena okuhambisanayo etafuleni lomzila, okumphoqa ukuthi athumele amaphakethe kuwo wonke. 192.168.B.0/24 ngqo;
22) umzila uthola ikheli le-MAC I-192.168.B.1 bese emnikeza leli phakethe;
23) uhlelo lokusebenza kukhompyutha enekheli I-192.168.B.1 ithola iphakheji evela 192.168.A.1:3389 ngoba 192.168.B.1:55555 futhi iqala izinyathelo ezilandelayo zokusungula uxhumano lwe-TCP.
Lesi sibonelo kafushane futhi kalula (futhi lapha ungakhumbula inqwaba yeminye imininingwane) sichaza okwenzekayo ezingeni 2-4. Amazinga 1, 5-7 awabhekwa.
Isikhundla sesibili
Uma nge 192.168.B.0/24 into ithunyelwa ngqo kuyo AAA2, ayiyi ku-VPN, kodwa ngokuqondile. Okusho ukuthi, uma umsebenzisi evela ekhelini I-192.168.B.1 ibhekisela ku AAA2:13389, leli phakethe livela ekhelini BBB1, dlula AAA2, bese umzila uyawemukela bese uwudlulisela ku I-192.168.A.1. I-192.168.A.1 akazi lutho ngayo I-192.168.B.1,abone iphasela eliphuma BBB1, ngoba wamthola. Ngakho-ke, impendulo yalesi sicelo ilandela umzila ojwayelekile, ivela ekhelini ngendlela efanayo AAA2 bese eya ku BBB1, futhi leyo router ithumela le mpendulo kuyo I-192.168.B.1,uyayibona impendulo AAA2, ebhekise kuye.
Isibonelo esiqondile:
1) I-192.168.B.1 ibhekisela ku AAA2, ifuna ukusungula uxhumano lwe-TCP nge AAA2:13389;
2) I-192.168.B.1 ithumela isicelo sokuxhuma kusuka 192.168.B.1:55555 (le nombolo, njengesibonelo sangaphambilini, ingase yehluke) ku AAA2:13389;
3) isistimu yokusebenza esebenza kukhompuyutha enekheli I-192.168.B.1, inquma ukudlulisela leli phakethe ekhelini lesango le-router (I-192.168.B.254 kithi), ngoba ezinye, izindlela eziqondile kakhulu ze AAA2, ayinayo, okusho ukuthi idlulisela iphakethe ngomzila ozenzakalelayo (0.0.0.0/0);
4) kulokhu, njengoba sishilo esibonelweni sangaphambilini, izama ukuthola ikheli le-MAC lekheli le-IP I-192.168.B.254 kuthebula le-cache yephrothokholi ye-ARP. Uma ingatholwa, ithumela isuka ekhelini I-192.168.B.1 sakaza ukuthi ubani onesicelo kunethiwekhi 192.168.B.0/24... Nini I-192.168.B.254 ekuphenduleni, ithumela ikheli layo le-MAC, uhlelo ludlulisela iphakethe le-Ethernet kulo futhi lufaka lolu lwazi etafuleni layo le-cache;
5) i-router ithola leli phakethe bese inquma ukuthi izolidlulisela kuphi: inenqubomgomo ebhaliwe okufanele idlulisele ngayo (ishintsha ikheli lokubuyisela) wonke amaphakethe avela. 192.168.B.0/24 kwezinye izindawo ze-inthanethi;
6) njengoba le nqubomgomo isikisela ukuthi ikheli lokubuyisela kufanele lifane nekheli eliphansi kusixhumi esibonakalayo lapho leli phakethe lizothunyelwa khona, umzila uqala ngokunquma ukuthi ubani ngempela okufanele athumele leli phakethe, futhi yena, njengasesibonelweni sangaphambilini, kufanele alithumele. ku BBB254 (Isango le-ISP) ngoba kunemizila eqondile eya AAA2, kuno-0.0.0.0/0, ayinayo;
7) ngakho-ke, i-router ingena esikhundleni sekheli lokubuyisela lephakethe, kusukela manje iphakethe livela BBB1:44444 (inombolo yembobo, yebo, ingase yehluke) ukuze AAA2:13389;
8) umzila ukhumbula okwenzile, okusho ukuthi nini AAA2:13389 ΠΊ BBB1:44444 impendulo ifika, uzokwazi ukuthi kufanele ashintshe ikheli lendawo kanye nechweba 192.168.B.1:55555.
9) manje umzila kufanele uwudlulisele kunethiwekhi ye-ISP nge BBB254ngakho-ke, njengoba sesishilo kakade, ithola ikheli le-MAC BBB254 bese idlulisela iphakethe esangweni le-ISP;
10) Abahlinzeki be-inthanethi bathumela amaphakethe kusuka BBB1 on AAA2;
11) irutha ebonakalayo ivuliwe AAA2 ithola leli phakethe ethekwini 13389;
12) kunomthetho kumzila obonakalayo obeka ukuthi amaphakethe atholwe kunoma yimuphi umthumeli kulesi sikhumulo kufanele adluliselwe 192.168.A.1:3389;
13) irutha ebonakalayo ithola inethiwekhi kuthebula lomzila 192.168.A.0/24 futhi uyithumele ngqo 192.168.A.1 ngoba ine-interface 192.168.A.254/24;
14) kulokhu, irutha ebonakalayo ithola ikheli le-MAC I-192.168.A.1 futhi idlulisela leli phakethe kuye ngenethiwekhi ye-Ethernet ebonakalayo;
15) I-192.168.A.1 ithola leli phakethe ku-port 3389, ivuma ukusungula uxhumano futhi ikhiqize iphakethe njengempendulo evela 192.168.A.1:3389 on BBB1:44444;
16) uhlelo lwakhe ludlulisela leli phakethe ekhelini lesango le-router ebonakalayo (I-192.168.A.254 kithi), ngoba ezinye, izindlela eziqondile kakhulu ze BBB1, ayinayo, ngakho-ke, kufanele idlulisele iphakethe ngomzila ozenzakalelayo (0.0.0.0/0);
17) ngokufana ncamashi nakwezimo ezidlule, isistimu esebenza kuseva enekheli I-192.168.A.1, ithola ikheli le-MAC I-192.168.A.254, njengoba ikunethiwekhi efanayo nesixhumi esibonakalayo sayo 192.168.A.1/24;
18) irutha ebonakalayo ithola leli phakethe. Kumele kuqashelwe ukuthi ukhumbula lokho akuthola kukho AAA2:13389 iphakethe kusuka BBB1:44444 futhi washintsha ikheli lomamukeli kanye nechweba kwaba 192.168.A.1:3389, ngakho-ke, iphakheji evela 192.168.A.1:3389 ngoba BBB1:44444 ishintsha ikheli lomthumeli kuye AAA2:13389;
19) irutha ebonakalayo inquma ukuthi leli phakethe lingathumela kubani, lilithumele kuye AAA254 (Isango le-ISP, kulesi simo, yithi futhi), ngoba kunemizila eqondile kakhulu BBB1, kuno-0.0.0.0/0, ayinayo;
20) Abahlinzeki be-inthanethi bathumela iphakethe nge AAA2 on BBB1;
21) irutha ivuliwe BBB1 uthola leli phakethe bese ekhumbula ukuthi ngesikhathi ethumela iphakethe kusuka 192.168.B.1:55555 ngoba AAA2:13389, washintsha ikheli lakhe kanye nechweba lomthumeli kwaba BBB1:44444, khona-ke lena impendulo okufanele ithunyelwe kuyo 192.168.B.1:55555 (eqinisweni, kukhona amanye amasheke amaningana lapho, kodwa asingene sijule kulokho);
22) uyaqonda ukuthi kufanele idluliselwe ngqo ku I-192.168.B.1, njengoba ekunethiwekhi efanayo naye, ngakho-ke, unokungena okuhambisanayo etafuleni lomzila, okumphoqa ukuthi athumele amaphakethe kuwo wonke. 192.168.B.0/24 ngqo;
23) umzila uthola ikheli le-MAC I-192.168.B.1 bese emnikeza leli phakethe;
24) uhlelo lokusebenza kukhompyutha enekheli I-192.168.B.1 ithola iphakheji evela AAA2:13389 ngoba 192.168.B.1:55555 futhi iqala izinyathelo ezilandelayo zokusungula uxhumano lwe-TCP.
Kufanele kuqashelwe ukuthi kuleli cala ikhompuyutha enekheli I-192.168.B.1 akazi lutho mayelana neseva enekheli I-192.168.A.1, uxhumana naye kuphela AAA2. Ngokufanayo, iseva enekheli I-192.168.A.1 akazi lutho ngekhompyutha enekheli I-192.168.B.1. Ukholelwa ukuthi uxhunywe ekhelini BBB1, futhi akukho okunye akwaziyo, ngomqondo ongokomfanekiso.
Kufanele futhi kuqashelwe ukuthi uma le khompyutha ifinyelela AAA2:1540, uxhumo ngeke lusungulwe ngoba ukudluliselwa kokuxhumeka ku-port 1540 akulungiselelwe kumzila obonakalayo, ngisho noma kunoma yiziphi iziphakeli kunethiwekhi ebonakalayo. 192.168.A.0/24 (ngokwesibonelo, kuseva enekheli I-192.168.A.1) futhi kukhona ezinye izinsiza ezilinde ukuxhumeka kulesi sikhumulo. Uma umsebenzisi wekhompyutha enekheli I-192.168.B.1 Kubalulekile ukusungula uxhumano kule sevisi, kufanele isebenzise i-VPN, i.e. thintana ngqo 192.168.A.1:1540.
Kufanele kugcizelelwe ukuthi noma yimuphi umzamo ukusungula ukuxhumana AAA1 (ngaphandle kokuxhumeka kwe-IPSec kusuka ku- BBB1 ngeke aphumelele. Noma yimiphi imizamo yokusungula ukuxhumana nayo AAA2, ngaphandle kokuxhunywa ku-port 13389, ngeke futhi iphumelele.
Siyaqaphela futhi ukuthi uma AAA2 Uma omunye umuntu esebenza (ngokwesibonelo, i-CCCC), konke okuvezwe ezigabeni 10-20 kuzosebenza nakuye. Kwenzekani ngaphambi nangemva kwalokhu kuncike ekutheni yini ngempela engemuva kwale CCCC Asinalo ulwazi olunjalo, ngakho-ke sikweluleka ukuthi uxhumane nabaphathi be-node ngekheli le-CCCC.
Isikhundla sesithathu
Futhi, ngokuphambene, uma nge I-192.168.A.1 okuthile kuthunyelwa kwelinye ichweba elihlelelwe ukudlulisela ngaphakathi ku-BBB1 (isibonelo, 11111), futhi akugcini ku-VPN, kodwa kuvele kugeleze kusuka AAA1 futhi ingena BBB1, futhi usevele eyidlulisela ndawana thize, athi, 192.168.B.2:3389. Uyalibona leli phakethe elingasuki I-192.168.A.1, futhi kusuka AAA1. Futhi nini I-192.168.B.2 izimpendulo, iphakethe livela BBB1 on AAA1, futhi kamuva ifika kumqalisi wokuxhumana - I-192.168.A.1.
Isibonelo esiqondile:
1) I-192.168.A.1 ibhekisela ku BBB1, ifuna ukusungula uxhumano lwe-TCP nge BBB1:11111;
2) I-192.168.A.1 ithumela isicelo sokuxhuma kusuka 192.168.A.1:55555 (le nombolo, njengesibonelo sangaphambilini, ingase yehluke) ku BBB1:11111;
3) isistimu yokusebenza esebenza kuseva enekheli I-192.168.A.1, inquma ukudlulisela leli phakethe ekhelini lesango le-router (I-192.168.A.254 kithi), ngoba ezinye, izindlela eziqondile kakhulu ze BBB1, ayinayo, ngakho-ke, idlulisela iphakethe ngomzila ozenzakalelayo (0.0.0.0/0);
4) kulokhu, njengoba sishilo ezibonelweni ezedlule, izama ukuthola ikheli le-MAC lekheli le-IP I-192.168.A.254 kuthebula le-cache yephrothokholi ye-ARP. Uma ingatholwa, ithumela isuka ekhelini I-192.168.A.1 sakaza ukuthi ubani onesicelo kunethiwekhi 192.168.A.0/24... Nini I-192.168.A.254 ephendula, umthumelela ikheli lakhe le-MAC, uhlelo ludlulisela iphakethe le-Ethernet kulo futhi lufaka lolu lwazi etafuleni layo lenqolobane;
5) irutha ebonakalayo ithola leli phakethe bese inquma ukuthi izolidlulisela kuphi: inenqubomgomo ebhaliwe okufanele idlulisele ngayo (ishintsha ikheli lokubuyisela) wonke amaphakethe 192.168.A.0/24 kwezinye izindawo ze-inthanethi;
6) njengoba le nqubomgomo ithatha ngokuthi ikheli lokubuyisela kufanele lifane nekheli eliphansi kusixhumi esibonakalayo lapho leli phakethe lizothunyelwa khona, irutha ebonakalayo inquma kuqala ukuthi ubani ngempela okufanele athumele leli phakethe, futhi yena, njengasesibonelweni sangaphambilini, kufanele athumele. ivuliwe AAA254 (Isango le-ISP, kulesi simo, yithi futhi), ngoba kunemizila eqondile kakhulu BBB1, kuno-0.0.0.0/0, ayinayo;
7) lokhu kusho ukuthi i-router ebonakalayo ingena esikhundleni sekheli lokubuya lephakethe, kusukela manje kuqhubeke iphakethe elivela. AAA1:44444 (inombolo yembobo, yebo, ingase yehluke) ukuze BBB1:11111;
8) irutha ebonakalayo ikhumbula ekwenzile, ngakho-ke, lapho isuka BBB1:11111 ngoba AAA1:44444 impendulo ifika, uzokwazi ukuthi kufanele ashintshe ikheli lendawo kanye nechweba 192.168.A.1:55555.
9) manje irutha ebonakalayo kufanele iyidlulisele kunethiwekhi ye-ISP nge AAA254, njengoba sesishilo kakade, ithola ikheli le-MAC AAA254 bese idlulisela iphakethe esangweni le-ISP;
10) Abahlinzeki be-inthanethi bathumela amaphakethe kusuka AAA1 ukuze BBB1;
11) irutha ivuliwe BBB1 ithola leli phakethe ethekwini 11111;
12) kunomthetho kumzila obonakalayo obeka ukuthi amaphakethe afike evela kunoma yimuphi umthumeli kulesi sikhumulo kufanele adluliselwe 192.168.B.2:3389;
13) i-router ithola inethiwekhi etafuleni lomzila 192.168.B.0/24 bese uyithumela ku- I-192.168.B.2, ngoba inokuxhumana 192.168.B.254/24;
14) kulokhu, irutha ebonakalayo ithola ikheli le-MAC I-192.168.B.2 futhi idlulisela leli phakethe kuye ngenethiwekhi ye-Ethernet ebonakalayo;
15) I-192.168.B.2 ithola leli phakethe ku-port 3389, ivuma ukusungula uxhumano futhi ikhiqize iphakethe njengempendulo evela 192.168.B.2:3389 on AAA1:44444;
16) uhlelo lwakhe ludlulisela leli phakethe ekhelini lesango le-router (I-192.168.B.254 kithi), ngoba ezinye, izindlela eziqondile kakhulu ze AAA1, ayinayo, ngakho-ke, kufanele idlulisele iphakethe ngomzila ozenzakalelayo (0.0.0.0/0);
17) ngendlela efanayo nakwezimo ezidlule, uhlelo olusebenza kukhompyutha enekheli I-192.168.B.2, ithola ikheli le-MAC I-192.168.B.254, njengoba ikunethiwekhi efanayo nesixhumi esibonakalayo sayo 192.168.B.2/24;
18) irutha ithola leli phakethe. Kumele kuqashelwe ukuthi ukhumbula lokho akuthola kukho BBB1:11111 iphakethe kusuka AAA1 futhi washintsha ikheli lomamukeli kanye nechweba kwaba 192.168.B.2:3389, ngakho-ke, iphakheji evela 192.168.B.2:3389 ngoba AAA1:44444 ishintsha ikheli lomthumeli kuye BBB1:11111;
19) umzila uyanquma ukuthi uzothumela bani leli phakethe. Uyayithumela kuye, athi, BBB254 (Isango le-ISP, ikheli okuyilona esingalazi), ngoba ayisekho imizila eqondile eya kuyo AAA1, kuno-0.0.0.0/0, ayinayo;
20) Abahlinzeki be-inthanethi bathumela iphakethe nge BBB1 on AAA1;
21) irutha ebonakalayo ivuliwe AAA1 uthola leli phakethe bese ekhumbula ukuthi ngesikhathi ethumela iphakethe kusuka 192.168.A.1:55555 ngoba BBB1:11111, washintsha ikheli lakhe kanye nechweba lomthumeli kwaba AAA1:44444. Lokhu kusho ukuthi lena yimpendulo okumele ithunyelwe kuyo 192.168.A.1:55555 (empeleni, njengoba sishilo esibonelweni esandulele, kukhona namasheke amaningana, kodwa kulokhu asingeni ekujuleni nawo);
22) uyaqonda ukuthi kufanele idluliselwe ngqo ku I-192.168.A.1, njengoba ekunethiwekhi efanayo naye, kusho ukuthi unokufaka okuhambisanayo etafuleni lomzila okumphoqa ukuthi athumele amaphakethe kuwo wonke. 192.168.A.0/24 ngqo;
23) umzila uthola ikheli le-MAC I-192.168.A.1 bese emnikeza leli phakethe;
24) uhlelo lokusebenza kuseva enekheli I-192.168.A.1 ithola iphakheji evela BBB1:11111 ngoba 192.168.A.1:55555 futhi iqala izinyathelo ezilandelayo zokusungula uxhumano lwe-TCP.
Ngokufana ncamashi nasesimweni sangaphambilini, kulokhu iseva enekheli I-192.168.A.1 akazi lutho ngekhompyutha enekheli I-192.168.B.1, uxhumana naye kuphela BBB1. Ikhompyutha enekheli I-192.168.B.1 futhi akazi lutho mayelana neseva enekheli I-192.168.A.1. Ukholelwa ukuthi uxhunywe ekhelini AAA1, kanti okunye kufihliwe kuye.
isiphetho
Yile ndlela yonke into eyenzekayo ekuxhumekeni ngaphakathi komhubhe we-VPN phakathi kwehhovisi leklayenti nendawo yamafu, kanye nokuxhuma ngaphandle komhubhe we-VPN. Futhi uma unemibuzo noma udinga usizo lwethu ekuxazululeni izinkinga zamafu,
Source: www.habr.com