Ngingathanda ukwabelana ngolwazi lwami lokuhlanganisa amanethiwekhi ezindlini ezintathu ezikude ngokwendawo, ngayinye esebenzisa imizila ene-OpenWRT njengesango, ibe yinethiwekhi eyodwa evamile. Lapho ukhetha indlela yokuhlanganisa amanethiwekhi phakathi kwe-L3 ne-subnet routing kanye ne-L2 nge-bridging, lapho wonke ama-node enethiwekhi ezoba ku-subnet efanayo, okuthandwayo kwanikezwa indlela yesibili, okunzima kakhulu ukuyilungisa, kodwa inikeza amathuba amakhulu, ngoba ukusetshenziswa okusobala kobuchwepheshe kwahlelwa kunethiwekhi eyakhiwa i-Wake-on-Lan ne-DLNA.
Ingxenye 1: Ingemuva
Iphrothokholi ekhethiwe ukufeza lo msebenzi ekuqaleni yayiwu OpenVPN, ngoba, okokuqala, ingakha idivayisi yokumpompa engangezwa ebhulohweni ngaphandle kwezinkinga, futhi okwesibili, OpenVPN Isekela i-TCP, okwakubalulekile futhi, njengoba kungekho neyodwa yamafulethi eyayinekheli le-IP elikhethekile. Angikwazanga ukusebenzisa i-STUN ngoba i-ISP yami, ngesizathu esithile, ivimba ukuxhumana kwe-UDP okungenayo kusuka kumanethiwekhi ayo. I-TCP ingivumele ukuthi ngidlulisele i-port yeseva ye-VPN ku-VPS eqashiwe ngisebenzisa i-SSH. Nakuba le ndlela idala i-overhead enkulu, njengoba idatha ibethelwe kabili, angifuni ukuhlanganisa i-VPS kunethiwekhi yami yangasese, njengoba kwakukhona ingozi yokuthi abantu besithathu bayilawule. Ngakho-ke, ukuba nedivayisi enjalo kunethiwekhi yami yasekhaya kwakungathandeki kakhulu, ngakho nganquma ukukhokha i-overhead enkulu yokuphepha.
Ukuze ngidlulisele i-port ku-router lapho iseva yayihlelelwe ukuthunyelwa khona, ngisebenzise uhlelo lwe-sshtunnel. Ngeke ngingene emininingwaneni yokucushwa kwayo—kulula kakhulu. Ngizophawula nje ukuthi inhloso yayo kwakuwukudlulisela i-TCP port 1194 kusuka ku-router kuya ku-VPS. Okulandelayo, ngilungiselele iseva. OpenVPN Kudivayisi ye-tap0, eyayixhunywe ebhulohweni le-br-lan. Ngemva kokuhlola uxhumano neseva esanda kudalwa kusuka kwi-laptop yami, kwacaca ukuthi umqondo wokudlulisela imbobo wawusebenzile, futhi i-laptop yami yayibe yilungu lenethiwekhi ye-router, yize yayingeyona ingxenye yayo ngokoqobo.
Okuwukuphela kwento okwakusele ukukwenza kwakuwukusabalalisa amakheli e-IP ezindlini ezahlukene ukuze angangqubuzani futhi kulungiselelwe ama-router njengoba OpenVPN-amaklayenti.
Amakheli e-IP werutha alandelayo nobubanzi beseva ye-DHCP akhethiwe:
- 192.168.10.1 ngobubanzi 192.168.10.2 - 192.168.10.80 okweseva
- 192.168.10.100 ngobubanzi 192.168.10.101 - 192.168.10.149 yerutha efulethini No. 2
- 192.168.10.150 ngobubanzi 192.168.10.151 - 192.168.10.199 yerutha efulethini No. 3
Kwakudingeka futhi ukwabela la makheli kuma-router eklayenti. OpenVPN-server, ngokungeza umugqa olandelayo ekucushweni kwawo:
ifconfig-pool-persist /etc/openvpn/ipp.txt 0futhi wengeza imigqa elandelayo kufayela /etc/openvpn/ipp.txt:
flat1_id 192.168.10.100
flat2_id 192.168.10.150
lapho i-flat1_id kanye ne-flat2_id kungamagama edivayisi acacisiwe lapho kudalwa izitifiketi zokuxhuma ku- OpenVPN
Okulandelayo, ama-router alungiselelwe OpenVPN- amaklayenti, amadivayisi e-tap0 kuwo womabili angeziwe ebhulohweni le-br-lan. Kuleli qophelo, konke kwabonakala kulungile, njengoba wonke amanethiwekhi amathathu ayebonana futhi asebenza njengeyunithi eyodwa. Kodwa-ke, kwavela imininingwane engathandeki: ngezinye izikhathi amadivayisi ayethola ikheli le-IP kusuka ku-router engalungile, kanye nemiphumela elandelayo. Ngesizathu esithile, i-router kwelinye lamafulethi yehlulekile ukuphendula ku-DHCPDISCOVER ngesikhathi, futhi idivayisi yathola ikheli elingalungile. Ngaqaphela ukuthi ngidinga ukuhlunga izicelo ezinjalo ku-tap0 ku-router ngayinye, kodwa njengoba kwavela, ama-iptables awakwazi ukusebenza nedivayisi uma iyingxenye yebhuloho, ngakho-ke kwakudingeka ngisebenzise ama-ebtables. Ngeshwa, i-firmware yami ayizange iyifake, ngakho kwadingeka ngakhe kabusha izithombe zedivayisi ngayinye. Ngemva kokwenza lokhu nokufaka imigqa elandelayo ku-/etc/rc.local ku-router ngayinye, inkinga yaxazululwa:
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
Lokhu kumiswa kwathatha iminyaka emithathu.
Ingxenye 2: Ukwazi WireGuard
Muva nje, kube nenkulumo eyandayo kwi-inthanethi mayelana WireGuard, ngithanda ukulungiselelwa kwayo okulula, isivinini sokudlulisa esiphezulu, i-ping ephansi, kanye nokuphepha okufanayo. Ukusesha ulwazi olwengeziwe ngayo kwembule ukuthi ayisekeli ukwesekwa kwe-protocol yelungu le-bridge noma i-TCP, okwangenza ngakholelwa ukuthi ayikho enye indlela. OpenVPN kimi akukafiki lapho. Ngakho-ke ngakuhlehlisa ukwazi WireGuard.
Ezinsukwini ezimbalwa ezedlule, izindaba zasakazeka ngezinsizakusebenza ezihlobene ne-IT ngandlela thile ukuthi WireGuard ekugcineni kuzofakwa ku-kernel Linux, kusukela kunguqulo 5.6. Izihloko zezindaba, njengenjwayelo, zanconywa WireGuardNgaphinde ngangena ekufuneni izindlela zokufaka esikhundleni sezinto ezindala ezinhle OpenVPNKulokhu ngihlangane . Ikhulume ngokwakha umhubhe we-Ethernet ngaphezulu kwe-L3 usebenzisa i-GRE. Lesi sihloko sanginika ithemba. Kuhlale kungacaci ukuthi kwenziweni ngephrothokholi ye-UDP. Ukusesha kwangiholela ezihlokweni mayelana nokusebenzisa i-socat ngokubambisana nomhubhe we-SSH ukuze udlulisele ichweba le-UDP, noma kunjalo, baphawula ukuthi le ndlela isebenza kuphela kwimodi yokuxhumana eyodwa, okungukuthi, umsebenzi wamaklayenti amaningana we-VPN ngeke kwenzeke. Ngiqhamuke nombono wokufaka iseva ye-VPN ku-VPS nokusethela amaklayenti i-GRE, kodwa njengoba kwavela ukuthi, i-GRE ayikusekeli ukubethela, okuzoholela eqinisweni lokuthi uma abantu besithathu bethola ukufinyelela kuseva. , yonke i-traffic phakathi kwamanethiwekhi ami izoba sezandleni zabo, okwakungangifanele neze.
Nakulokhu, isinqumo senziwe sivuna ukubethela okungafuneki, ngokusebenzisa i-VPN phezu kwe-VPN kusetshenziswa lolu hlelo olulandelayo:
I-VPN yezinga XNUMX:
VPS kuyinto iseva nekheli langaphakathi 192.168.30.1
MC kuyinto iklayenti I-VPS enekheli langaphakathi 192.168.30.2
MK2 kuyinto iklayenti I-VPS enekheli langaphakathi 192.168.30.3
MK3 kuyinto iklayenti I-VPS enekheli langaphakathi 192.168.30.4
I-VPN yezinga lesibili:
MC kuyinto iseva ngekheli langaphandle 192.168.30.2 kanye nelangaphakathi 192.168.31.1
MK2 kuyinto iklayenti MC enekheli elithi 192.168.30.2 futhi ine-IP yangaphakathi 192.168.31.2
MK3 kuyinto iklayenti MC enekheli elithi 192.168.30.2 futhi ine-IP yangaphakathi 192.168.31.3
* MC - router-server efulethini 1, MK2 - router efulethini 2, MK3 - router efulethini 3
* Ukulungiselelwa kwedivayisi kushicilelwa ku-spoiler ekupheleni kwesihloko.
Ngakho-ke, ama-pings asebenza phakathi kwama-node enethiwekhi 192.168.31.0/24, sekuyisikhathi sokuqhubekela phambili ekumiseni umhubhe we-GRE. Ngaphambi kwalokhu, ukuze ungalahlekelwa ukufinyelela kuma-routers, kufanelekile ukusetha imigudu ye-SSH yokudlulisa i-port 22 ku-VPS, ukuze, isibonelo, i-router esuka efulethini 10022 ifinyeleleke ku-port 2 ye-VPS, kanye i-router esuka efulethini 11122 izofinyeleleka ku-port 3 router kusuka efulethini XNUMX. Kungcono kakhulu ukulungisa ukudlulisa usebenzisa i-sshtunnel efanayo, ngoba izobuyisela umhubhe uma ihluleka.
Umhubhe ulungisiwe, ungaxhuma ku-SSH ngembobo edluliselwe:
ssh root@МОЙ_VPS -p 10022Okulandelayo kufanele ukhubaze OpenVPN:
/etc/init.d/openvpn stopManje ake simise umhubhe we-GRE kumzila osuka efulethini 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up
Bese wengeza isikhombimsebenzisi esidaliwe ebhulohweni:
brctl addif br-lan grelan0
Masenze inqubo efanayo kumzila weseva:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up
Futhi engeza isikhombimsebenzisi esidaliwe ebhulohweni:
brctl addif br-lan grelan0
kusukela kulo mzuzu, ama-pings aqala ukuya ngempumelelo kunethiwekhi entsha futhi mina, ngokwaneliseka, ngiya ukuphuza ikhofi. Bese, ukuze ngihlole ukuthi inethiwekhi isebenza kanjani ngakolunye uhlangothi lomugqa, ngizama ukufaka i-SSH kwenye yamakhompiyutha efulethini lesi-2, kodwa iklayenti le-ssh liyaba yiqhwa ngaphandle kokucela iphasiwedi. Ngizama ukuxhuma kule khompyutha nge-telnet ku-port 22 futhi ngibona ulayini engiqonda kuwo ukuthi uxhumano luyasungulwa, iseva ye-SSH iyaphendula, kodwa ngenxa yesizathu esithile ayingifuni ukuba ngingene. phakathi.
$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1
Ngizama ukuyixhuma nge-VNC futhi ngibone isikrini esimnyama. Ngiyaziqinisekisa ukuthi inkinga ikukhompyutha ekude, ngoba ngingakwazi ukuxhuma kalula ku-router kusuka kuleli fulethi usebenzisa ikheli langaphakathi. Kodwa-ke, nginquma ukuxhuma ku-SSH yale khompyutha ngokusebenzisa umzila futhi ngiyamangala ukuthola ukuthi uxhumano luphumelele, futhi ikhompyutha ekude isebenza ngokujwayelekile, kodwa futhi ayikwazi ukuxhuma kukhompyutha yami.
Ngikhipha idivayisi ye-grelan0 ebhulohweni bese ngiyisebenzisa OpenVPN Ku-router efulethini 2, ngiqinisekisile ukuthi inethiwekhi isebenza kahle futhi futhi ukuxhumana bekunganciphi. Ngisesha, ngithole amaforamu lapho abantu babekhala khona ngezinkinga ezifanayo, nalapho belulekwa khona ukuthi baphakamise i-MTU. Akuzange kusheshe kuthiwe kodwa kwenziwe. Kodwa-ke, kuze kube yilapho i-MTU ibekwe phezulu ngokwanele—7000 yamadivayisi e-gretap—ngibone ukuxhumeka kwe-TCP okunciphile noma isivinini sokudlulisa esiphansi. Ngenxa ye-MTU ephezulu ye-gretap, i-MTU yokuxhumeka WireGuard Izinga lokuqala nelesibili labekwa ku-8000 kanye no-7500 ngokulandelana.
Ngenze ukusetha okufanayo kumzila osuka efulethini lesi-3, umehluko kuphela ukuthi isixhumi esibonakalayo sesibili se-gretap okuthiwa i-grelan1 sengezwe kumzila weseva, nawo wengezwa ebhulohweni le-br-lan.
Konke kuyasebenza. Manje usungakwazi ukufaka umhlangano we-gretap ekuqaleni. Kwalokhu:
Ngibeke le migqa kokuthi /etc/rc.local kumzila efulethini 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Kwengezwe lokhu ku-/etc/rc.local kumzila efulethini 3:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Futhi ku-router yeseva:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1
Ngemva kokuqalisa kabusha ama-router eklayenti, ngithole ukuthi ngesizathu esithile ayengaxhumani neseva. Ngemva kokuxhuma kwi-SSH yabo (ngenhlanhla, ngangilungiselele i-sshtunnel yalokhu ngaphambilini), ngithole ukuthi WireGuard Ngesizathu esithile, idala umzila we-endpoint, kodwa ayilungile. Isibonelo, ku-192.168.30.2, ithebula lomzila lichaze umzila nge-interface ye-pppoe-wan, okungukuthi, nge-inthanethi, yize umzila oya kuyo kufanele ngabe uqondiswe nge-interface ye-wg0. Ngemva kokususa lo mzila, uxhumano lubuyiselwe. Ngingayithola yini imiyalelo noma kuphi yokuthi ngingayiphoqa kanjani WireGuard Angikwazanga ukugwema ukudala le mizila. Ngaphezu kwalokho, angizange ngiqonde nokuthi lokhu kwakuyisici se-OpenWRT noma se- WireGuardNgaphandle kokuchitha isikhathi esiningi ngithola inkinga, ngimane ngengeza umugqa kusikripthi esisekelwe kusikhathi kuzo zombili izithutha ezisuse lo mzila:
route del 192.168.30.2
Ukufingqa
Ukwenqatshwa okuphelele OpenVPN Angikakwenzi lokhu okwamanje, njengoba ngezinye izikhathi ngidinga ukuxhuma kunethiwekhi entsha kusuka ku-laptop noma ifoni, futhi ukusetha idivayisi ye-gretap kuzo ngokuvamile akunakwenzeka. Kodwa-ke, naphezu kwalokhu, ngithole ithuba ngesivinini sokudlulisa idatha phakathi kwamafulethi, futhi ukusebenzisa i-VNC, isibonelo, manje akunazinkinga. I-Ping yehlile kancane kodwa isizinzile kakhulu:
Lapho usebenzisa OpenVPN:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms
Lapho usebenzisa WireGuard:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms
Ithinteka kakhulu nge-ping ephezulu ku-VPS, cishe i-61.5 ms
Kodwa-ke, isivinini sikhuphuke kakhulu. Ngakho-ke, efulethini eline-router-server, nginesivinini sokuxhumeka kwe-inthanethi esingu-30 Mbps, kanti kwamanye amafulethi singu-5 Mbps. Ngaphezu kwalokho, ngesikhathi sokusebenzisa OpenVPN Angikwazanga ukufinyelela isivinini sokudlulisa idatha phakathi kwamanethiwekhi angaphezu kuka-3,8 Mbps ngokusho kokufundwa kwe-iperf, ngenkathi WireGuard "ngiyipompe" kuze kufike ku-5 Mbit/sec efanayo.
Ukucushwa WireGuard ku-VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>
[Untanga]
Ukhiye Womphakathi = <VPN_1_MS_PUBLIC_KEY>
Ama-IP avunyelwe = 192.168.30.2/32
[Untanga]
Ukhiye Womphakathi = <VPN_2_MK2_PUBLIC_KEY>
Ama-IP avunyelwe = 192.168.30.3/32
[Untanga]
Ukhiye Womphakathi = <VPN_2_MK3_PUBLIC_KEY>
Ama-IP avunyelwe = 192.168.30.4/32
Ukucushwa WireGuard ku-MS (kungezwe ku-/etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.2/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - сервер
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option listen_port '51821'
list addresses '192.168.31.1/24'
option auto '1'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list allowed_ips '192.168.31.2'
config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list allowed_ips '192.168.31.3'
Ukucushwa WireGuard ku-MK2 (kungezwe ku-/etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.3/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list addresses '192.168.31.2/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Ukucushwa WireGuard ku-MK3 (kungezwe ku-/etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.4/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list addresses '192.168.31.3/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Kuzilungiselelo ezichazwe ze-VPN yezinga lesibili, ngibonisa amakhasimende WireGuard Imbobo 51821. Lokhu akufanele kudingeke, njengoba iklayenti lizosungula uxhumano oluvela kunoma iyiphi imbobo yamahhala, engenamalungelo, kodwa ngikwenze ngale ndlela ukuze ngikwazi ukwenqaba konke ukuxhumana okungenayo kuma-interface e-wg0 awo wonke ama-router, ngaphandle kokuxhumeka kwe-UDP okungenayo kwimbobo 51821.
Ngithemba ukuthi lesi sihloko sizoba usizo kothile.
PS Futhi, ngifuna ukwabelana ngeskripthi sami esingithumelela isaziso se-PUSH efonini yami ohlelweni lokusebenza lwe-WirePusher uma idivayisi entsha ivela kunethiwekhi yami. Nasi isixhumanisi seskripthi: .
UPDATE: Ukucushwa OpenVPN-amaseva namakhasimende
OpenVPN-seva
client-to-client
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key
dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzoOpenVPN-iklayenti
client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind
ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem
comp-lzo
persist-tun
persist-key
verb 3 Ngisebenzise i-easy-rsa ukwenza izitifiketi
Source: www.habr.com
