I-OpenVPN ingenye yezinketho ze-VPN (inethiwekhi yangasese ebonakalayo noma amanethiwekhi angokoqobo ama-Virtual), okuvumela ukuthi usebenzise ukudluliswa kwedatha esiteshini esibethelwe ngokukhethekile. Ngakho-ke, ungaxhuma amakhompyutha amabili noma wakhe inethiwekhi emaphakathi neseva namaklayenti amaningana. Kulesi sihloko, sizofunda ukudala iseva enjalo bese siyibeka.
Lungiselela iseva ye-OpenVPN
Njengoba kushiwo ngenhla, ngosizo lwezobuchwepheshe, singadlulisa imininingwane esiteshini sokuxhumana esivikelekile. Kungaba ukwabelana ngamafayela noma ukufinyelela okuphephile kwe-Intanethi ngeseva eyisango elijwayelekile. Ukudala, ngeke sidinge imishini eyengeziwe nolwazi olukhethekile - konke kwenziwa kukhompyutha ehlelelwe ukusetshenziswa njengeseva ye-VPN.Ngomsebenzi owengeziwe, kuzodingeka futhi kudingeke ukumisa ingxenye yeklayenti kwimishini yomsebenzisi wenethiwekhi. Wonke umsebenzi wehlela ukudala izinkinobho nezitifiketi ezidluliselwa kumakhasimende. Lawa mafayela akuvumela ukuthi uthole ikheli le-IP uma uxhumeke kwiseva bese udala isiteshi esibethelwe ngenhla. Yonke imininingwane edluliselwe yi-IT ingafundwa kuphela uma kukhona ukhiye. Lesi sici sikuvumela ukuthi uthuthukise kakhulu ukuphepha futhi uqinisekise ukuphepha kwemininingwane.
Faka i-OpenVPN kwiseva yomshini
Ukufakwa kuyinqubo evamile enama-nuances athile, azokhuluma okuningi.
- Okokuqala, udinga ukulanda uhlelo kusixhumanisi esingezansi.
Landa i-OpenVPN.
- Okulandelayo, sebenzisa isifaki bese ufinyelela iwindi lokukhetha ingxenye. Lapha sizodinga ukubeka ithangi eliseduze nephuzu ngegama elithi "EleasrSA", elizokuvumela ukuthi udale amafayela wesitifiketi namakhilogremu, futhi ubaphathe.
- Isinyathelo esilandelayo ukukhetha indawo ongayifaka. Ukuze kube lula, faka uhlelo empandeni yediski yesistimu s :. Ukuze wenze lokhu, vele ususe kakhulu. Kufanele kusebenze
C: \ openvpn
Sikwenza ukuze sigweme ukwehluleka lapho sibulala imibhalo, ngoba izikhala ezisendleleni azivunyelwe. Yebo, ungabathatha ngezingcaphuno, kepha ukuqaphela kungafinyelela futhi unameze, futhi ubheke amaphutha kwikhodi - icala akulula.
- Ngemuva kwayo yonke izilungiselelo, faka uhlelo ngemodi ejwayelekile.
Ukulungiselela Ingxenye Yeseva
Lapho wenza izenzo ezilandelayo kufanele zinake ngangokunokwenzeka. Noma imaphi amaphutha azoholela ekungaqinisekisweni kweseva. Enye imfuneko - i-akhawunti yakho kumele ibe namalungelo omqondisi.
- Siya kukhathalogu "i-Easy-RSA", okuyinto esezingeni lethu itholakala ku-
C: \ OpenVPN \ Easy-RSA
Thola ifayela le-vars.bat.Sample.
Qamba kabusha ukuze i-vars.bat (Sisusa igama elithi "Isampula" kanye nephuzu).
Vula leli fayela kusihleli se-Notepad ++. Lokhu kubalulekile, ngoba yile ncwajana evumela ukuthi uhlele kahle futhi ugcine amakhodi, asiza ukugwema amaphutha lapho enza.
- Okokuqala, sisusa yonke imibono eyabelwe luhlaza - bazophazamisa kuphela. Sithola okulandelayo:
- Okulandelayo, shintsha indlela eya kwifolda ye- "Easy-RSA" kulokho esikucacisile ngesikhathi sokufakwa. Kulokhu, umane ususe okuguquguqukayo% uhlelo% bese ulushintsha ku-C :.
- Amapharamitha amane alandelayo ashiywe engashintshiwe.
- Imigqa esele igcwalisa ngokunqumela. Isibonelo esikrinini.
- Gcina ifayili.
- Udinga futhi ukuhlela amafayela alandelayo:
- Yakha-CA.BAT.
- Ukwakha-dh.bat.
- Ukwakha-key.bat.
- Yakha-Key-Pass.bat
- Yakha-Key-PKCS12.Bat
- Yakha-Key-Server.bat
Badinga ukuguqula iqembu
I-OpenSSL.
Endleleni ephelele kwifayela elihambisanayo le-OpenS.EXE. Ungakhohlwa ukonga izinguquko.
- Manje vula ifolda ye- "Easy-RSA", i-Clamp Shift bese uqhafaza kwi-PCM endaweni yamahhala (hhayi kumafayela). Kumenyu yokuqukethwe, khetha into ethi "Open Command Window".
I- "Commant Line" iqala ngokushintshwa kwesikhombisi esiqondiwe esivele senziwa.
- Sifaka umyalo ochazwe ngezansi bese uqhafaza u-Enter.
vars.bat.
- Okulandelayo, qalisa elinye "ifayela le-batch".
Hlanza-konke.Bat.
- Siphinda umyalo wokuqala.
- Isinyathelo esilandelayo ukudala amafayela adingekayo. Ukuze wenze lokhu, sebenzisa iqembu
Yakha-CA.BAT.
Ngemuva kokukhipha uhlelo, luzonikeza ukuqinisekisa idatha esifake ifayela le-vars.bat. Vele ucindezele u-Enter amahlandla ambalwa kuze kube yilapho intambo yasekuqaleni ivela.
- Dala ukhiye we-DH usebenzisa isiqalo sefayela
Ukwakha-dh.bat.
- Dala isitifiketi sengxenye yeseva. Kunephuzu elilodwa elibalulekile lapha. Udinga ukunikeza igama esilibhalisile ku-vars.bat emugqeni we- "Key_name". Esibonelweni sethu, yi-Lucics. Umyalo ubukeka kanjena:
Yakha-Key-Server.bat Lucics
Kudinga futhi ukuqinisekisa idatha usebenzisa ukhiye we-ENTER, futhi kufakwe kabili incwadi "y" (yebo), lapho kuzodingeka khona-ke (bheka isithombe-skrini). Umugqa womyalo ungavalwa.
- Kukhathalogi yethu "Easy-RSA" ifolda entsha yavela ngesihloko esithi "Keys".
- Okuqukethwe kwalo kumele kukopishwe futhi kunamathiselwe kwifolda ye- "SSL", ofuna ukudala kwisikhombi sezimpande sohlelo.
Bheka ifolda ngemuva kokufaka amafayela akopishiwe:
- Manje siya kwikhathalogu
C: \ OpenVPN \ Config
Dala idokhumenti yombhalo lapha (PCM - Dala - Idokhumenti yombhalo), Qamba kabusha kwiseva.OVPN bese uyivula ku-Notepad ++. Sethula ikhodi elandelayo:
Port 443.
Proto udp.
I-dev tun.
I-Dev-Node "VPN Lucics"
DH C: \\ OpenVPN \\ SSL \\ DH2048.pem
I-CA C: \\ OpenVPN \\ SSL \\ CA.CRT
Cert C: \\ openvpn \\ ssl \\ lumplics.crt
Ukhiye C: \\ OpenVPN \\ SSL \\ LUMPICS.Key
Iseva 172.16.10.0 255.255.255.0.
Amaklayenti amaMax 32
I-Gcinalive 10 120.
Client-to-Client
Comp-lzo.
Ukhiye.
Ezitolo.
Cipher des-cbc
Isimo C: \\ OpenVPN \\ log \ that.log
Ngena c: \\ OpenVPN \\ log \\ openvpn.log
Isenzo 4.
Mte 20.
Uyacelwa ukuthi wazi ukuthi amagama ezitifiketi kanye nezinkinobho kufanele afane nefolda ye- "SSL".
- Okulandelayo, vula "iphaneli yokulawula" bese uya ku- "Network Management Center".
- Chofoza kusixhumanisi esithi "Ukuguqula Izilungiselelo ze-Adapter".
- Lapha sidinga ukuthola ukuxhumana nge- "Tap-Windows Adapter V9". Ungakwenza lokhu ngokuchofoza ekuxhumekeni kwe-PCM bese uphendukela ezakhiweni zawo.
- Qamba kabusha ku "VPN Lucics" ngaphandle kwezingcaphuno. Leli gama kufanele lihambisane nepharamitha "dev-node" kufayela leseva.OVPN.
- Isigaba sokugcina - Service Launch. Cindezela inhlanganisela ye-Win + R Keys, faka intambo echazwe ngezansi bese uqhafaza u-Enter.
Izinsizakalo.msc.
- Sithola insizakalo ngegama elithi "OpenVPNSERVICE", chofoza i-PKM bese uya ezakhiweni zalo.
- Qala ukuthayipha ushintsho ku- "ngokuzenzakalelayo", gijima insizakalo bese uqhafaza "Faka isicelo".
- Uma sonke senziwa ngendlela efanele, khona-ke iRed Cross yilashs eduzane ne-adaptha. Lokhu kusho ukuthi ukuxhumana kulungele ukusebenza.
Ukusetha ingxenye yeklayenti
Ngaphambi kokuqala ukusetha kwamakhasimende, kufanele wenze izinyathelo eziningana kumshini weseva - ukukhiqiza okhiye kanye nesitifiketi ukumisa ukuxhumana.
- Siya ku-Directory "Easy-RSA", bese kufolda ye- "Keys" bese uvula ifayela le-Index.TXT.
- Vula ifayela, susa konke okuqukethwe bese uligcina.
- Buyela emuva ku- "Easy-RSA" bese usebenzisa "umyalo we-" (i-Shift + PCM - vula iwindi lemiyalo).
- Okulandelayo, Launch Vars.bat, bese udala isitifiketi seklayenti.
Yakha-Key.bat VPN-Client
Lesi isitifiketi esijwayelekile sayo yonke imishini kunethiwekhi. Ukuze uthuthukise ukuphepha, ungakhiqiza amafayela akho kwikhompyutha ngayinye, kepha ubabize ngendlela ehlukile (hhayi "iklayenti le-VPN-Client", kodwa "VPN-Client1" nokunye). Kulokhu, kuzodingeka ukuthi ukuphinda zonke izenzo, ziqala ngokuhlanzwa kwe-Index.txt.
- Isenzo sokugcina - Ukudluliswa kwamafayela we-VPN-Client.CRT, i-VPN-Client.key, CCRT ne-DH2048.PEM kwiklayenti. Ungakwenza lokhu nganoma iyiphi indlela elula, ngokwesibonelo, ukubhala e-USB Flash Drayivu noma udlulise kwinethiwekhi.
Imisebenzi edinga ukwenziwa emshinini wamakhasimende:
- Faka i-OpenVPN ngendlela ejwayelekile.
- Vula umkhombandlela ngohlelo olufakiwe bese uya kufolda ethi "Config". Udinga ukufaka amafayela weSitifiketi namakhilogremu ethu.
- Kulolder efanayo, dala ifayela lombhalo bese uliqamba kabusha nge-config.ovpn.
- Vula ikhodi elandelayo kuMhleli futhi unqume:
Iklayenti.
Phinda uzame ngokungapheli
Nobunye.
Ikude ngo-192.168.0.15 443.
Proto udp.
I-dev tun.
Comp-lzo.
CA CA.CRT.
Cert vpn-Client.crt
Iklayenti le-vpn eliyisihluthulelo.KEY
Dh dh2048.pem.
thwala amaphiko
Cipher des-cbc
I-Gcinalive 10 120.
Ukhiye.
Ezitolo.
Isenzo 0.
Emugqeni "ekude", ungabhalisa ikheli langaphandle lomshini weseva - ngakho-ke sizothola ukufinyelela kwi-Intanethi. Uma ushiya yonke into njengoba injalo, kuzokwazi ukuxhuma kuphela kuseva esiteshini esibethelwe.
- Sigijimisa i-OpenVPN GUI egameni lomlawuli usebenzisa isinqamuleli kwideskithophu, bese wengeza isithonjana esifanele ku-tray, cindezela i-PCM bese ukhetha into yokuqala ngegama elithi "xhuma".
Lokhu ukucushwa kweseva kanye neklayenti le-OpenVPN eliqediwe.
Ukugcina
Le nhlangano yenethiwekhi yayo ye-VPN izokuvumela ukuthi wandise imininingwane edlulisiwe, futhi wenze ukuba i-Intanethi i-Intanethi iphephe kakhudlwana. Into esemqoka ukuqikelela lapho ulungiselela iseva nengxenye yeklayenti, ungasebenzisa zonke izinzuzo zenethiwekhi yangasese yangasese.