Ukuqhubeka nendaba mayelana ne-ZeroTier, kusukela kumbono ochazwe esihlokweni esithi "", ngiqhubekela phambili ngizilolonge lapho:
- Masidale futhi silungiselele isilawuli senethiwekhi eyimfihlo
- Masidale inethiwekhi ebonakalayo
- Ake silungiselele futhi sixhume ama-node kuyo
- Ake sihlole ukuxhumana kwenethiwekhi phakathi kwabo
- Masivimbe ukufinyelela ku-GUI yesilawuli senethiwekhi kusukela ngaphandle
Isilawuli Senethiwekhi
Njengoba kushiwo ngaphambili, ukudala amanethiwekhi abonakalayo, ukuwaphatha, kanye nokuxhuma ama-node, umsebenzisi udinga isilawuli senethiwekhi, i-graphical interface (GUI) ekhona ngezindlela ezimbili:
Izinketho ze-ZeroTier GUI
- Eyodwa evela kunjiniyela i-ZeroTier, etholakala njengesixazululo sefu somphakathi se-SaaS esinezinhlelo ezine zokubhaliselwe, okuhlanganisa mahhala, kodwa kukhawulelwe enanini lamadivayisi aphethwe kanye nezinga lokusekelwa.
- Eyesibili isuka kunjiniyela ozimele, owenziwe lula ngandlela thile ekusebenzeni, kodwa etholakala njengesixazululo esiyimfihlo somthombo ovulekile ozosetshenziswa endaweni noma ezinsizeni zamafu.
Ekuqeqesheni kwami, ngasebenzisa kokubili futhi ngenxa yalokho, ekugcineni ngahlala kweyesibili. Isizathu salokhu kwakuyizixwayiso zonjiniyela.
“Abalawuli benethiwekhi basebenza njengeziphathimandla zokunikeza izitifiketi zamanethiwekhi abonakalayo we-ZeroTier. Amafayela aqukethe okhiye abayimfihlo besilawuli kufanele agadwe ngokucophelela futhi afakwe kungobo yomlando ngokuvikelekile. Ukufaka kwabo engozini kuvumela abahlaseli abangagunyaziwe ukuthi bakhe izilungiselelo zenethiwekhi eziwumgunyathi, futhi ukulahlekelwa kwabo kuholela ekulahlekelweni amandla okulawula nokuphatha inethiwekhi, okuyenza ingakwazi ukusetshenziswa. "
→
Futhi, izimpawu ze-cybersecurity paranoia yakho :)
- Ngisho noma i-Cheburnet iza, kufanele ngisakwazi ukufinyelela isilawuli sami senethiwekhi;
- Yimina kuphela okufanele ngisebenzise isilawuli senethiwekhi. Uma kunesidingo, ukunikeza ukufinyelela kubameleli bakho abagunyaziwe;
- Kufanele kwenzeke ukukhawulela ukufinyelela kusilawuli senethiwekhi kusuka ngaphandle.
Kulesi sihloko, angiboni iphuzu eliningi lokuhlala ngokuhlukana kokuthi ungasifaka kanjani isilawuli senethiwekhi kanye ne-GUI yayo phezu kwezinsiza ezibonakalayo noma ezibonakalayo. Futhi kunezizathu ezi-3 zalokhu:
- kuzoba nezincwadi eziningi kunalokho obekuhleliwe
- mayelana nalokhu kakade kunjiniyela we-GUI GitHab
- isihloko sendatshana sikhuluma ngokunye
Ngakho-ke, ukukhetha indlela yokumelana okuncane, ngizosebenzisa kule ndaba isilawuli senethiwekhi esine-GUI esekelwe ku-VDS, eyenziwe ngu. , ithuthukiswe ngomusa ozakwethu bakwa-RuVDS.
Ukusetha kokuqala
Ngemva kokudala iseva kusukela kusifanekiso esishiwo, umsebenzisi uthola ukufinyelela kusilawuli se-Web-GUI ngesiphequluli ngokungena ku-https:// :3443
Ngokuzenzakalelayo, iseva isivele iqukethe isitifiketi se-TLS/SSL esizisayinise ngaphambili. Lokhu kwanele kimi, njengoba ngivimba ukufinyelela kukho ngaphandle. Kulabo abafisa ukusebenzisa ezinye izinhlobo zezitifiketi, zikhona kunjiniyela we-GUI GitHab.
Uma umsebenzisi engena okokuqala Ngena ngemvume ngokungena okuzenzakalelayo nephasiwedi - admin и iphasiwedi:
Iphakamisa ukushintsha iphasiwedi ezenzakalelayo ibe ngokwezifiso
Ngikwenza ngokuhlukile kancane - angishintshi iphasiwedi yomsebenzisi okhona, kodwa dala entsha - Dala Umsebenzisi.
Ngisetha igama lomsebenzisi omusha - Igama lomsebenzisi:
Ngisethe iphasiwedi entsha - Faka iphasiwedi entsha:
Ngiqinisekisa iphasiwedi entsha - Faka futhi iphasiwedi:
Izinhlamvu ozifakayo zibucayi kakhulu - qaphela!
Ibhokisi lokuhlola ukuze uqinisekise ukushintshwa kwephasiwedi ekungeneni ngemvume okulandelayo - Shintsha iphasiwedi ekungeneni okulandelayo: Angigubhi.
Ukuqinisekisa idatha efakiwe, cindezela Setha iphasiwedi:
Bese: Ngingena kabusha - Phuma / Ngena ngemvume, kakade ngaphansi kwemininingwane yomsebenzisi omusha:
Okulandelayo, ngiya kuthebhu yabasebenzisi - Abasebenzisi bese ususa umsebenzisi adminngokuchofoza isithonjana sekani likadoti esitholakala kwesokunxele segama lakhe.
Ngokuzayo, ungashintsha iphasiwedi yomsebenzisi ngokuchofoza egameni lakhe noma ku-set password.
Ukudala inethiwekhi ebonakalayo
Ukuze udale inethiwekhi ebonakalayo, umsebenzisi udinga ukuya kuthebhu Faka inethiwekhi. Kusukela iphuzu User lokhu kungenziwa ngekhasi Ikhaya — ikhasi eliyinhloko le-Web-GUI, elibonisa ikheli le-ZeroTier lalesi silawuli senethiwekhi futhi liqukethe isixhumanisi sekhasi sohlu lwamanethiwekhi adalwe ngalo.
Ekhasini Faka inethiwekhi umsebenzisi unikeza igama kunethiwekhi esanda kwakhiwa.
Lapho usebenzisa idatha yokufaka − Dala Inethiwekhi umsebenzisi uyiswa ekhasini elinohlu lwamanethiwekhi, oluqukethe:
Igama lenethiwekhi — igama lenethiwekhi ngendlela yesixhumanisi, uma uchofoza kuso ungalishintsha
I-ID yenethiwekhi - isihlonzi senethiwekhi
imininingwane — xhuma ekhasini elinamapharamitha enethiwekhi anemininingwane
ukusetha okulula — isixhumanisi ekhasini ukuze usethe kalula
amalungu — isixhumanisi ekhasini lokuphatha lenodi
Ukuze uthole ukusetha okwengeziwe landela isixhumanisi ukusetha okulula. Ekhasini elivulayo, umsebenzisi ucacisa ibanga lamakheli e-IPv4 enethiwekhi edalwayo. Lokhu kungenziwa ngokuzenzakalelayo ngokucindezela inkinobho Khiqiza ikheli lenethiwekhi noma ngokwenza ngokufaka imaski yenethiwekhi endaweni efanele I-CIDR.
Uma uqinisekisa ukufakwa kwedatha okuyimpumelelo, kufanele ubuyele ekhasini nohlu lwamanethiwekhi usebenzisa inkinobho ethi Emuva. Kuleli qophelo, ukusethwa kwenethiwekhi okuyisisekelo kungabhekwa njengokuqediwe.
Ixhuma amanodi enethiwekhi
- Okokuqala, isevisi ye-ZeroTier One kufanele ifakwe ku-node umsebenzisi afuna ukuyixhuma kunethiwekhi.
Iyini i-ZeroTier One?I-ZeroTier One iyisevisi esebenza kumakhompyutha aphathekayo, amadeskithophu, amaseva, imishini ebonakalayo neziqukathi ezihlinzeka ngoxhumo kunethiwekhi ebonakalayo ngokusebenzisa imbobo yenethiwekhi ebonakalayo, efana neklayenti le-VPN.
Uma isevisi isifakiwe futhi isiqalile, ungaxhuma kumanethiwekhi abonakalayo usebenzisa amakheli awo anezinhlamvu eziyi-16. Inethiwekhi ngayinye ibonakala njengembobo yenethiwekhi ebonakalayo ohlelweni, esebenza njengembobo ye-Ethernet evamile.
Izixhumanisi zokusabalalisa, kanye nemiyalo yokufaka, ingatholakala .Ungaphatha isevisi efakiwe ngokusebenzisa itheminali yomugqa womyalo (CLI) enamalungelo okuphatha/impande. Ku-Windows/MacOS kusetshenziswa isixhumi esibonakalayo esinesithombe. Ku-Android/iOS kusetshenziswa i-GUI kuphela.
- Ihlola impumelelo yokufakwa kwesevisi:
I-CLI:
zerotier-cli statusUmphumela:
200 info ebf416fac1 1.4.6 ONLINE
I-GUI:Lona kanye iqiniso lokuthi uhlelo lokusebenza luyasebenza kanye nokuba khona kulo komugqa one-Node ID enekheli le-node.
- Ukuxhuma i-node kunethiwekhi:
I-CLI:
zerotier-cli join <Network ID>Umphumela:
200 join OKI-GUI:
Windows: chofoza kwesokudla kusithonjana I-ZeroTier One kuthreyi yesistimu bese ukhetha into - Joyina Inethiwekhi.
IMacOS: Yethula uhlelo lokusebenza I-ZeroTier One kumenyu yebha, uma ingakaqaliwe kakade. Chofoza ⏁ isithonjana bese ukhetha Joyina Inethiwekhi.I-Android/iOS: + (kanye nesithombe) kuhlelo lokusebenza
Emkhakheni ovelayo, faka isilawuli senethiwekhi esishiwo ku-GUI I-ID yenethiwekhi, bese ucindezela Joyina/Engeza Inethiwekhi. - Ukunikeza ikheli le-IP kumsingathi
Manje sibuyela kusilawuli senethiwekhi futhi ekhasini elinohlu lwamanethiwekhi landela isixhumanisi amalungu. Uma ubona isithombe esifana nalesi esikrinini, kusho ukuthi isilawuli senethiwekhi yakho sithole isicelo sokuqinisekisa ukuxhumana nenethiwekhi kusuka endaweni exhunyiwe.
Kuleli khasi sishiya yonke into njengoba injalo manje bese silandela isixhumanisi Isabelo se-IP iya ekhasini lokunikeza ikheli le-IP endaweni:
Ngemva kokunikeza ikheli, chofoza inkinobho Emuva buyela ekhasini lohlu lwama-node axhunyiwe bese usetha igama - Igama lelungu bese ubheka ibhokisi lokuhlola ukuze ugunyaze indawo kunethiwekhi - Ugunyaziwe. Nokho, leli bhokisi likaqhwishi liyinto elula kakhulu yokunqamula/ukuxhuma kunethiwekhi yomsingathi ngokuzayo.
Londoloza izinguquko usebenzisa inkinobho Vuselela. - Ihlola isimo sokuxhuma kwenodi kunethiwekhi:
Ukuze uhlole isimo sokuxhuma ku-node ngokwayo, sebenzisa:
I-CLI:zerotier-cli listnetworksUmphumela:
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks 2da06088d9f863be My_1st_VLAN be:88:0c:cf:72:a1 OK PRIVATE ethernet_32774 10.10.10.2/24
I-GUI:Isimo senethiwekhi kufanele silunge
Ukuxhuma ama-node asele, phinda imisebenzi 1-5 ngayinye yazo.
Ihlola ukuxhumeka kwenethiwekhi yamanodi
Ngenza lokhu ngokugijima umyalo ping kudivayisi exhunywe kunethiwekhi engiyiphethe njengamanje.
Kusithombe-skrini sesilawuli se-Web-GUI ungabona izindawo ezintathu ezixhunywe kunethiwekhi:
- ZTNCUI - 10.10.10.1 - isilawuli sami senethiwekhi nge-GUI - VDS kwenye ye-RuVDS DCs. Ngomsebenzi ojwayelekile asikho isidingo sokuyengeza kunethiwekhi, kodwa ngenze lokhu ngoba ngifuna ukuvimba ukufinyelela ku-interface yewebhu kusuka ngaphandle. Okuningi ngalokhu kamuva.
- I-MyComp - 10.10.10.2 - Ikhompyutha yami yomsebenzi iyi-PC ebonakalayo
- Isipele - 10.10.10.3 - VDS kwenye DC.
Ngakho-ke, ekhompyutheni yami yomsebenzi ngibheka ukutholakala kwamanye ama-node ngemiyalo:
ping 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=14ms TTL=64
Reply from 10.10.10.1: bytes=32 time=4ms TTL=64
Reply from 10.10.10.1: bytes=32 time=7ms TTL=64
Reply from 10.10.10.1: bytes=32 time=2ms TTL=64
Ping statistics for 10.10.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 14ms, Average = 6ms
ping 10.10.10.3
Pinging 10.10.10.3 with 32 bytes of data:
Reply from 10.10.10.3: bytes=32 time=15ms TTL=64
Reply from 10.10.10.3: bytes=32 time=4ms TTL=64
Reply from 10.10.10.3: bytes=32 time=8ms TTL=64
Reply from 10.10.10.3: bytes=32 time=4ms TTL=64
Ping statistics for 10.10.10.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 15ms, Average = 7ms
Umsebenzisi unelungelo lokusebenzisa amanye amathuluzi okuhlola ukutholakala kwamanodi kunethiwekhi, omabili akhelwe ku-OS nanjenge-NMAP, Advanced IP Scanner, njll.
Sifihla ukufinyelela ku-GUI yesilawuli senethiwekhi ngaphandle.
Ngokuvamile, ngingakwazi ukunciphisa amathuba okufinyelela okungagunyaziwe ku-VDS lapho isilawuli senethiwekhi yami sitholakala sisebenzisa i-firewall ku-akhawunti yami yomuntu siqu ye-RuVDS. Lesi sihloko maningi amathuba okuba sendatshana ehlukile. Ngakho-ke, lapha ngizobonisa indlela yokunikeza ukufinyelela kusilawuli se-GUI kuphela kunethiwekhi engiyidalile kulesi sihloko.
Ukuze wenze lokhu, udinga ukuxhuma nge-SSH ku-VDS lapho isilawuli sikhona futhi uvule ifayela lokumisa usebenzisa umyalo:
nano /opt/key-networks/ztncui/.envEfayeleni elivuliwe, ngemva komugqa othi “HTTPS_PORT=3443” oqukethe ikheli lechweba lapho i-GUI ivula khona, udinga ukwengeza umugqa owengeziwe nekheli lapho i-GUI izovula khona - kimina HTTPS_HOST=10.10.10.1 .XNUMX.
Okulandelayo ngizogcina ifayela
Сtrl+C
Y
Enter
bese ugijima umyalo:
systemctl restart ztncuiFuthi yilokho, manje i-GUI yesilawuli sami senethiwekhi itholakala kuphela kumanodi enethiwekhi 10.10.10.0.24.
Esikhundleni isiphetho
Yilapho ngifuna ukuqeda ingxenye yokuqala yomhlahlandlela osebenzayo wokudala amanethiwekhi abonakalayo asuselwa ku-ZeroTier. Ngibheke ngabomvu imibono yenu.
Okwamanje, ukudlulisa isikhathi kuze kushicilelwe ingxenye elandelayo, lapho ngizokutshela ukuthi ungahlanganisa kanjani inethiwekhi ebonakalayo neyomzimba, indlela yokuhlela imodi "yeqhawe lomgwaqo" nokunye, ngiphakamisa ukuthi uzame. ukuhlela inethiwekhi yakho ebonakalayo usebenzisa isilawuli senethiwekhi yangasese ene-GUI esuselwe ku-VDS kusukela endaweni yemakethe kuqhubeke I-RUVDS. Ngaphezu kwalokho, wonke amaklayenti amasha anesikhathi sesivivinyo samahhala sezinsuku ezi-3!
PS Yebo! Sengicishe ngakhohlwa! Ungasusa inodi kunethiwekhi usebenzisa umyalo ku-CLI yale nodi.
zerotier-cli leave <Network ID>
200 leave OK
noma umyalo Susa ku-GUI yeklayenti ku-node.
->
->
->
Source: www.habr.com