Setha i-OpenVPN Server kuWindows

I-OpenVPN ingenye yezinketho ze-VPN (inethiwekhi yangasese ebonakalayo noma amanethiwekhi angokoqobo ama-Virtual), okuvumela ukuthi usebenzise ukudluliswa kwedatha esiteshini esibethelwe ngokukhethekile. Ngakho-ke, ungaxhuma amakhompyutha amabili noma wakhe inethiwekhi emaphakathi neseva namaklayenti amaningana. Kulesi sihloko, sizofunda ukudala iseva enjalo bese siyibeka.

Lungiselela iseva ye-OpenVPN

Njengoba kushiwo ngenhla, ngosizo lwezobuchwepheshe, singadlulisa imininingwane esiteshini sokuxhumana esivikelekile. Kungaba ukwabelana ngamafayela noma ukufinyelela okuphephile kwe-Intanethi ngeseva eyisango elijwayelekile. Ukudala, ngeke sidinge imishini eyengeziwe nolwazi olukhethekile - konke kwenziwa kukhompyutha ehlelelwe ukusetshenziswa njengeseva ye-VPN.

Ngomsebenzi owengeziwe, kuzodingeka futhi kudingeke ukumisa ingxenye yeklayenti kwimishini yomsebenzisi wenethiwekhi. Wonke umsebenzi wehlela ukudala izinkinobho nezitifiketi ezidluliselwa kumakhasimende. Lawa mafayela akuvumela ukuthi uthole ikheli le-IP uma uxhumeke kwiseva bese udala isiteshi esibethelwe ngenhla. Yonke imininingwane edluliselwe yi-IT ingafundwa kuphela uma kukhona ukhiye. Lesi sici sikuvumela ukuthi uthuthukise kakhulu ukuphepha futhi uqinisekise ukuphepha kwemininingwane.

Faka i-OpenVPN kwiseva yomshini

Ukufakwa kuyinqubo evamile enama-nuances athile, azokhuluma okuningi.

1. Okokuqala, udinga ukulanda uhlelo kusixhumanisi esingezansi.

   Landa i-OpenVPN.

   

2. Okulandelayo, sebenzisa isifaki bese ufinyelela iwindi lokukhetha ingxenye. Lapha sizodinga ukubeka ithangi eliseduze nephuzu ngegama elithi "EleasrSA", elizokuvumela ukuthi udale amafayela wesitifiketi namakhilogremu, futhi ubaphathe.

   

3. Isinyathelo esilandelayo ukukhetha indawo ongayifaka. Ukuze kube lula, faka uhlelo empandeni yediski yesistimu s :. Ukuze wenze lokhu, vele ususe kakhulu. Kufanele kusebenze

   C: \ openvpn

   

   Sikwenza ukuze sigweme ukwehluleka lapho sibulala imibhalo, ngoba izikhala ezisendleleni azivunyelwe. Yebo, ungabathatha ngezingcaphuno, kepha ukuqaphela kungafinyelela futhi unameze, futhi ubheke amaphutha kwikhodi - icala akulula.

4. Ngemuva kwayo yonke izilungiselelo, faka uhlelo ngemodi ejwayelekile.

Ukulungiselela Ingxenye Yeseva

Lapho wenza izenzo ezilandelayo kufanele zinake ngangokunokwenzeka. Noma imaphi amaphutha azoholela ekungaqinisekisweni kweseva. Enye imfuneko - i-akhawunti yakho kumele ibe namalungelo omqondisi.

1. Siya kukhathalogu "i-Easy-RSA", okuyinto esezingeni lethu itholakala ku-

   C: \ OpenVPN \ Easy-RSA

   Thola ifayela le-vars.bat.Sample.

   

   Qamba kabusha ukuze i-vars.bat (Sisusa igama elithi "Isampula" kanye nephuzu).

   

   Vula leli fayela kusihleli se-Notepad ++. Lokhu kubalulekile, ngoba yile ncwajana evumela ukuthi uhlele kahle futhi ugcine amakhodi, asiza ukugwema amaphutha lapho enza.

   

2. Okokuqala, sisusa yonke imibono eyabelwe luhlaza - bazophazamisa kuphela. Sithola okulandelayo:

   

3. Okulandelayo, shintsha indlela eya kwifolda ye- "Easy-RSA" kulokho esikucacisile ngesikhathi sokufakwa. Kulokhu, umane ususe okuguquguqukayo% uhlelo% bese ulushintsha ku-C :.

   

4. Amapharamitha amane alandelayo ashiywe engashintshiwe.

   

5. Imigqa esele igcwalisa ngokunqumela. Isibonelo esikrinini.

   

6. Gcina ifayili.

   

7. Udinga futhi ukuhlela amafayela alandelayo:
   • Yakha-CA.BAT.
   • Ukwakha-dh.bat.
   • Ukwakha-key.bat.
   • Yakha-Key-Pass.bat
   • Yakha-Key-PKCS12.Bat
   • Yakha-Key-Server.bat

   

   Badinga ukuguqula iqembu

   I-OpenSSL.

   Endleleni ephelele kwifayela elihambisanayo le-OpenS.EXE. Ungakhohlwa ukonga izinguquko.

   

8. Manje vula ifolda ye- "Easy-RSA", i-Clamp Shift bese uqhafaza kwi-PCM endaweni yamahhala (hhayi kumafayela). Kumenyu yokuqukethwe, khetha into ethi "Open Command Window".

   

   I- "Commant Line" iqala ngokushintshwa kwesikhombisi esiqondiwe esivele senziwa.

   

9. Sifaka umyalo ochazwe ngezansi bese uqhafaza u-Enter.

   vars.bat.

   

10. Okulandelayo, qalisa elinye "ifayela le-batch".

    Hlanza-konke.Bat.

    

11. Siphinda umyalo wokuqala.

    

12. Isinyathelo esilandelayo ukudala amafayela adingekayo. Ukuze wenze lokhu, sebenzisa iqembu

    Yakha-CA.BAT.

    Ngemuva kokukhipha uhlelo, luzonikeza ukuqinisekisa idatha esifake ifayela le-vars.bat. Vele ucindezele u-Enter amahlandla ambalwa kuze kube yilapho intambo yasekuqaleni ivela.

    

13. Dala ukhiye we-DH usebenzisa isiqalo sefayela

    Ukwakha-dh.bat.

    

14. Dala isitifiketi sengxenye yeseva. Kunephuzu elilodwa elibalulekile lapha. Udinga ukunikeza igama esilibhalisile ku-vars.bat emugqeni we- "Key_name". Esibonelweni sethu, yi-Lucics. Umyalo ubukeka kanjena:

    Yakha-Key-Server.bat Lucics

    Kudinga futhi ukuqinisekisa idatha usebenzisa ukhiye we-ENTER, futhi kufakwe kabili incwadi "y" (yebo), lapho kuzodingeka khona-ke (bheka isithombe-skrini). Umugqa womyalo ungavalwa.

    

15. Kukhathalogi yethu "Easy-RSA" ifolda entsha yavela ngesihloko esithi "Keys".

    

16. Okuqukethwe kwalo kumele kukopishwe futhi kunamathiselwe kwifolda ye- "SSL", ofuna ukudala kwisikhombi sezimpande sohlelo.

    

    Bheka ifolda ngemuva kokufaka amafayela akopishiwe:

    

17. Manje siya kwikhathalogu

    C: \ OpenVPN \ Config

    Dala idokhumenti yombhalo lapha (PCM - Dala - Idokhumenti yombhalo), Qamba kabusha kwiseva.OVPN bese uyivula ku-Notepad ++. Sethula ikhodi elandelayo:

    Port 443.

    Proto udp.

    I-dev tun.

    I-Dev-Node "VPN Lucics"

    DH C: \\ OpenVPN \\ SSL \\ DH2048.pem

    I-CA C: \\ OpenVPN \\ SSL \\ CA.CRT

    Cert C: \\ openvpn \\ ssl \\ lumplics.crt

    Ukhiye C: \\ OpenVPN \\ SSL \\ LUMPICS.Key

    Iseva 172.16.10.0 255.255.255.0.

    Amaklayenti amaMax 32

    I-Gcinalive 10 120.

    Client-to-Client

    Comp-lzo.

    Ukhiye.

    Ezitolo.

    Cipher des-cbc

    Isimo C: \\ OpenVPN \\ log \ that.log

    Ngena c: \\ OpenVPN \\ log \\ openvpn.log

    Isenzo 4.

    Mte 20.

    Uyacelwa ukuthi wazi ukuthi amagama ezitifiketi kanye nezinkinobho kufanele afane nefolda ye- "SSL".

    

18. Okulandelayo, vula "iphaneli yokulawula" bese uya ku- "Network Management Center".

    

19. Chofoza kusixhumanisi esithi "Ukuguqula Izilungiselelo ze-Adapter".

    

20. Lapha sidinga ukuthola ukuxhumana nge- "Tap-Windows Adapter V9". Ungakwenza lokhu ngokuchofoza ekuxhumekeni kwe-PCM bese uphendukela ezakhiweni zawo.

    

21. Qamba kabusha ku "VPN Lucics" ngaphandle kwezingcaphuno. Leli gama kufanele lihambisane nepharamitha "dev-node" kufayela leseva.OVPN.

    

22. Isigaba sokugcina - Service Launch. Cindezela inhlanganisela ye-Win + R Keys, faka intambo echazwe ngezansi bese uqhafaza u-Enter.

    Izinsizakalo.msc.

    

23. Sithola insizakalo ngegama elithi "OpenVPNSERVICE", chofoza i-PKM bese uya ezakhiweni zalo.

    

24. Qala ukuthayipha ushintsho ku- "ngokuzenzakalelayo", gijima insizakalo bese uqhafaza "Faka isicelo".

    

25. Uma sonke senziwa ngendlela efanele, khona-ke iRed Cross yilashs eduzane ne-adaptha. Lokhu kusho ukuthi ukuxhumana kulungele ukusebenza.

    

Ukusetha ingxenye yeklayenti

Ngaphambi kokuqala ukusetha kwamakhasimende, kufanele wenze izinyathelo eziningana kumshini weseva - ukukhiqiza okhiye kanye nesitifiketi ukumisa ukuxhumana.

1. Siya ku-Directory "Easy-RSA", bese kufolda ye- "Keys" bese uvula ifayela le-Index.TXT.

   

2. Vula ifayela, susa konke okuqukethwe bese uligcina.

   

3. Buyela emuva ku- "Easy-RSA" bese usebenzisa "umyalo we-" (i-Shift + PCM - vula iwindi lemiyalo).
4. Okulandelayo, Launch Vars.bat, bese udala isitifiketi seklayenti.

   Yakha-Key.bat VPN-Client

   

   Lesi isitifiketi esijwayelekile sayo yonke imishini kunethiwekhi. Ukuze uthuthukise ukuphepha, ungakhiqiza amafayela akho kwikhompyutha ngayinye, kepha ubabize ngendlela ehlukile (hhayi "iklayenti le-VPN-Client", kodwa "VPN-Client1" nokunye). Kulokhu, kuzodingeka ukuthi ukuphinda zonke izenzo, ziqala ngokuhlanzwa kwe-Index.txt.

5. Isenzo sokugcina - Ukudluliswa kwamafayela we-VPN-Client.CRT, i-VPN-Client.key, CCRT ne-DH2048.PEM kwiklayenti. Ungakwenza lokhu nganoma iyiphi indlela elula, ngokwesibonelo, ukubhala e-USB Flash Drayivu noma udlulise kwinethiwekhi.

   

Imisebenzi edinga ukwenziwa emshinini wamakhasimende:

1. Faka i-OpenVPN ngendlela ejwayelekile.
2. Vula umkhombandlela ngohlelo olufakiwe bese uya kufolda ethi "Config". Udinga ukufaka amafayela weSitifiketi namakhilogremu ethu.

   

3. Kulolder efanayo, dala ifayela lombhalo bese uliqamba kabusha nge-config.ovpn.

   

4. Vula ikhodi elandelayo kuMhleli futhi unqume:

   Iklayenti.

   Phinda uzame ngokungapheli

   Nobunye.

   Ikude ngo-192.168.0.15 443.

   Proto udp.

   I-dev tun.

   Comp-lzo.

   CA CA.CRT.

   Cert vpn-Client.crt

   Iklayenti le-vpn eliyisihluthulelo.KEY

   Dh dh2048.pem.

   thwala amaphiko

   Cipher des-cbc

   I-Gcinalive 10 120.

   Ukhiye.

   Ezitolo.

   Isenzo 0.

   Emugqeni "ekude", ungabhalisa ikheli langaphandle lomshini weseva - ngakho-ke sizothola ukufinyelela kwi-Intanethi. Uma ushiya yonke into njengoba injalo, kuzokwazi ukuxhuma kuphela kuseva esiteshini esibethelwe.

5. Sigijimisa i-OpenVPN GUI egameni lomlawuli usebenzisa isinqamuleli kwideskithophu, bese wengeza isithonjana esifanele ku-tray, cindezela i-PCM bese ukhetha into yokuqala ngegama elithi "xhuma".

   

Lokhu ukucushwa kweseva kanye neklayenti le-OpenVPN eliqediwe.

Ukugcina

Le nhlangano yenethiwekhi yayo ye-VPN izokuvumela ukuthi wandise imininingwane edlulisiwe, futhi wenze ukuba i-Intanethi i-Intanethi iphephe kakhudlwana. Into esemqoka ukuqikelela lapho ulungiselela iseva nengxenye yeklayenti, ungasebenzisa zonke izinzuzo zenethiwekhi yangasese yangasese.