Qee cov neeg siv tau xav tsim kom muaj kev sib koom ua lag luam ntawm ob lub tshuab computer. Muab cov hauj lwm nrog kev pab los ntawm VPN technology (Virtual Private Network). Qhov kev txuas ntawd yog siv los ntawm cov kev pabcuam thiab cov kev pab cuam. Tom qab kev txhim kho kev lag luam thiab cov qauv ntawm tag nrho cov khoom, cov txheej txheem yuav suav tau tias ua tiav, thiab kev sib txuas - ruaj ntseg. Tsis tas li ntawd, peb xav tham txog qhov kev nqis tes ua ntawm kev siv technology los ntawm OpenVPN tus neeg siv nyob rau hauv kev khiav hauj lwm raws li lub tshuab Linux.
Nruab OpenVPN ntawm Linux
Txij li feem ntau cov neeg siv cov distributions ntawm Ubuntu, hnub no cov lus qhia yuav ua raws li cov qauv no. Lwm cov teeb meem, qhov sib txawv ntawm qhov kev tsim thiab kev tsim kho ntawm OpenVPN koj yuav tsis pom, tshwj tsis yog koj tau ua raws li cov syntax ntawm qhov faib, uas koj tuaj yeem nyeem txog cov ntaub ntawv ntawm koj lub cev. Peb muab rau koj kom koj paub koj tus kheej nrog rau tag nrho cov txheej txheem kauj ruam ntawm kauj ruam thiaj li to taub txhua yam.
Nco ntsoov nco ntsoov tias kev khiav haujlwm ntawm OpenVPN tshwm sim los ntawm ob lub pob (lub computer los yog tus neeg saib xyuas), uas txhais tau hais tias qhov kev txhim kho thiab kev txhim kho siv rau tag nrho cov neeg koom nrog kev txuas. Peb qhov kev qhia tom ntej no yuav tsom mus rau kev ua haujlwm nrog ob qhov chaw.
Kauj Ruam 1: Nruab OpenVPN
Tau kawg, koj yuav tsum pib los ntawm kev ntxiv tag nrho cov tsev qiv ntawv tsim nyog rau cov computers. Npaj kom paub tseeb tias qhov hauj lwm siv yuav raug tshwj xeeb los ua rau hauv OS. "Terminal".
- Qhib cov zaub mov thiab tso tawm qhov kev sib tw. Koj tuaj yeem ua tau qhov no los ntawm nias qhov tseem ceeb ua ke Ctrl + Alt + T.
- Sau npe pab neeg
sudo apt nruab openvpn yooj yim-rsa
txhawm rau nruab tag nrho cov khoom tsim nyog. Tom qab nkag mus Sau. - Qhia kom meej rau lo lus zais rau tus account superuser. Cov cim ntawm kev ntaus tsis tshwm nyob rau hauv lub thawv.
- Tshawb xyuas ntxiv cov ntaub ntawv tshiab los ntawm kev xaiv qhov kev tsim nyog.
Mus rau kauj ruam tom ntej nkaus xwb thaum lub installation tiav rau ob qho khoom siv.
Kauj Ruam 2: Tsim thiab Txhim Kho Tus Neeg Ua Ntaub Ntawv Pom Zoo
Lub chav nruab nrab yog lub luag hauj lwm rau kev tshawb xyuas cov pej xeem hauv lub lag luam thiab muab kev ruaj khov kho. Nws yog tsim rau cov cuab yeej ua rau lwm cov neeg siv yuav txuas tom qab, qhib lub console ntawm lub PC xav tau thiab ua raws li cov kauj ruam:
- Ib daim nplaub tshev rau txhua tus yuam sij khaws cia yog tsim ua ntej. Koj tuaj yeem tso nws nyob qhov twg, tab sis nws yog qhov zoo dua los nrhiav qhov chaw zoo. Siv rau cov lus txib no
sudo mkdir / etc / openvpn / yooj yim-rsa
qhov twg / etc / openvpn / yooj yim-rsa - Ib qho chaw tsim ib phau ntawv qhia. - Ntxiv rau hauv daim nplaub tshev nws yuav tsum tso cov ntawv sau yooj yim dua, thiab qhov no yog ua tiav
sudo cp -R / usr / sib qhia / yooj yim-rsa / etc / openvpn /
. - Ib qhov chaw muab ntawv pov thawj yog tsim nyob rau hauv phau ntawv sau npaj tseg. Ua ntej mus rau qhov no.
cd / etc / openvpn / yooj yim-rsa /
. - Ces paste cov lus txib nram qab no rau hauv lub tshav pob:
sudo -i
# qhov chaw. / vars
# ./clean-all
# ./build-ca
Thaum lub computer neeg tuaj yeem tso nyob ib leeg thiab tsiv mus rau cov neeg siv khoom.
Kauj Ruam 3: Configure Client Certificates
Cov kev qhia, uas koj yuav paub nrog rau hauv qab no, yuav tsum tau ua ntawm txhua tus neeg siv lub tshuab computer kom muaj kev ruaj ntseg zoo sib xws.
- Qhib ib qho kev nplij thiab sau ib lo lus txib rau.
sudo cp -R / usr / sib qhia / yooj yim-rsa / etc / openvpn /
los luam tag nrho cov ntawv sau tseg. - Ua ntej, ib daim ntawv pov thawj cais daim ntawv raug tsim nyob rau hauv lub PC neeg rau zaub mov. Tam sim no nws xav kom muab luam tawm thiab muab tso rau hauv daim nplaub tshev nrog lwm cov khoom. Qhov yoojyim tshaj los ua qhov no yog los ntawm kev hais kom ua.
sudo scp username @ host: /etc/openvpn/easy-rsa/keys/ca.crt / etc / openvpn / easy-rsa / keys
qhov twg username @ host - qhov chaw nyob ntawm cov khoom siv los mus download tau. - Nws tshua tsuas yog tsim los ua ib qho tseem ceeb ntawm tus kheej zais thiaj li hais tias yav tom ntej nws yuav raug txuas los ntawm nws. Ua li no los ntawm cov ntawv sau cia.
cd / etc / openvpn / yooj yim-rsa /
. - Txhawm rau tsim cov ntaub ntawv, siv qhov lus txib:
sudo -i
# qhov chaw. / vars
# build-req LumpicsLumpics nyob rau hauv rooj plaub no, daim ntawv teev npe lub npe. Qhov tseem ceeb generated yuav tsum tau nyob hauv tib phau ntawv nrog lwm tus yawm sij.
- Nws tshua tsuas yog xa ib qhov tseem ceeb npaj rau tus neeg rau zaub mov kom paub tseeb tias qhov tseeb ntawm nws qhov kev sib txuas. Qhov no yog ua tiav nrog kev pab los ntawm tib lo lus txib los ntawm kev uas lub download tau ua. Koj yuav tsum nkag mus
scp /etc/openvpn/easy-rsa/keys/Lumpics.csr username @ host: ~ /
qhov twg username @ host - lub npe ntawm lub computer xa, thiab Lumpics.csr - lub npe ntawm cov ntaub ntawv nrog tus yuam sij. - Nyob rau hauv PC neeg rau zaub mov, paub meej tias tus yuam sij ntawm
./sign-req ~ / Lumpics
qhov twg Lumpics - cov ntaub ntawv npe. Tom qab ntawd, rov qab xa daim ntawv rov qabsudo scp username @ host: /home/Lumpics.crt / etc / openvpn / easy-rsa / keys
.
Qhov no yog qhov kawg ntawm tag nrho cov kev ua haujlwm ua ntej, txhua qhov uas tseem tshuav yog los coj OpenVPN nws tus kheej rau lub xeev thiab koj tuaj yeem pib siv ntiag tug encrypted nrog ib lossis ntau tus neeg.
Kauj Ruam 4: Configure OpenVPN
Cov txheej txheem hauv qab no yuav siv rau tus neeg tau txais kev pab thiab tus neeg rau zaub mov. Peb yuav faib txhua yam raws li cov kev ua thiab ceeb toom txog kev hloov ntawm cov cav tov, yog li koj tsuas yog ua raws li cov lus qhia.
- Ua ntej, tsim ib cov ntaub ntawv teeb tseg ntawm tus neeg siv khoom PC siv qhov kev hais kom ua
zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
. Thaum sib kho cov neeg siv khoom, cov ntaub ntawv no tseem yuav tsum tau tsim nyias. - Nyeem tus qauv qhov tseem ceeb. Raws li koj tau pom, qhov chaw nres nkoj thiab cov txheej txheem yog tib yam li cov qauv sawv cev, tab sis tsis muaj kev txwv ntxiv.
- Khiav qhov generated configuration ntaub ntawv los ntawm tus editor
sudo nano /etc/openvpn/server.conf
. - Peb yuav tsis mus rau hauv cov ntsiab lus ntawm kev hloov tag nrho cov kev muaj nqis, txij thaum qee qhov lawv yog tus neeg, tab sis cov kab hauv cov ntaub ntawv yuav tsum muaj tam sim no, tiam sis zoo li daim duab zoo li no:
chaw nres nkoj 1194
proto udp
comp-lzo
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/ca.crt
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
topology subnet
neeg rau zaub mov 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txtTom qab tag nrho cov kev hloov puv tiav, txuag cov chaw thiab kaw cov ntaub ntawv.
- Ua haujlwm nrog cov neeg ua hauj lwm ua tiav. Khiav OpenVPN los ntawm cov ntaub ntawv tsim tawm
openvpn /etc/openvpn/server.conf
. - Tam sim no peb yuav pib pab kiag li lawm. Raws li twb tau hais lawm, cov ntaub ntawv cov ntaub ntawv tseem tsim ntawm no, tab sis lub sij hawm no nws tsis yog unpacked, yog li cov lus txib muaj cov nram qab no daim ntawv:
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf/etc/openvpn/client.conf
. - Khiav cov ntaub ntawv tib yam li hais saum toj no thiab muab cov kab hauv qab no rau:
tus neeg mob
.
dev tun
proto udp
tej thaj chaw deb 194.67.215.125 1194
rov ua dua tshiab dua
tsis muaj dab tsi
persist-tseem ceeb
mob siab
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Sergiy.crt
qhov tseem ceeb /etc/openvpn/easy-rsa/keys/Sergiy.key
tls-auth ta.key 1
comp-lzo
zaj lus qhia 3Thaum kho kom tiav, pib OpenVPN:
openvpn /etc/openvpn/client.conf
. - Sau npe pab neeg
ifconfig
kom paub tseeb tias qhov system ua haujlwm. Ntawm tag nrho cov qhov pom tau, yuav tsum muaj ib qho interface tun0.
Los txhim kho tsheb thiab qhib kev siv Internet rau txhua tus neeg tau txais kev pab ntawm PC, koj yuav tau qhib cov lus txib hauv qab no ib zaug.
sysctl -w net.ipv4.ip_forward = 1
iptables - A INPUT -p udp - ua ntej 1194 -j ACCEPT
iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
iptables-kuv FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Hauv tsab ntawv hnub no, koj tau nkag mus rau qhov kev txhim kho thiab kev sib txuas ntawm OpenVPN ntawm tus neeg rau zaub mov thiab tus neeg sab nraud. Peb xav kom koj them sai sai rau cov ntawv ceeb toom tau teev tseg "Terminal" thiab kuaj xyuas cov cim yuam kev, yog tias muaj. Cov kev ua zoo li no yuav pab kom tsis txhob muaj teebmeem ntxiv nrog kev sib txuas, vim hais tias kev daws teeb meem ntawm qhov teeb meem ua rau tsis pom qhov teeb meem ntawm lwm yam teeb meem tshwm sim.