Yadda ake Shigar da Sanya BuɗeVPN Server a cikin CentOS 8/7

Hanyar Sadarwar Kamfanoni Masu zaman kansu hanyar fasaha ce wacce ake amfani da ita don samar da sirri da tsaro don haɗin yanar gizo. Sanannen sanannen shari'ar ya ƙunshi mutanen da ke haɗawa zuwa uwar garken nesa tare da zirga-zirga ta hanyar jama'a ko hanyar sadarwa mara tsaro (kamar Intanet).

Hoto da wadannan hanyar al'amura:

A cikin wannan labarin, za mu bayyana yadda za a saita uwar garken VPN a cikin akwatin RHEL/CentOS 8/7 ta amfani da BuɗeVPN, aikace-aikacen rami mai ƙarfi mai sauƙin gaske wanda ke amfani da ɓoyewa, tabbatarwa, da kuma takaddun shaida na ɗakin karatu na OpenSSL. Don sauki, kawai zamuyi la'akari da shari'ar da OpenVPN uwar garken ke aiki azaman amintaccen ƙofar Intanet don abokin ciniki.

Don wannan saitin, munyi amfani da inji guda uku, na farko yana aiki azaman uwar garken OpenVPN, sauran biyun kuma (Linux da Windows) suna aiki ne a matsayin kwastomomi don haɗuwa da OpenVPN Server mai nisa.

A wannan shafin

  • Shigar da Buɗe Server a cikin CentOS 8
  • Sanya BuɗeVPN Abokin ciniki a cikin Linux
  • Sanya BuɗeVPN Abokin ciniki a Windows

Lura: Umurnin iri ɗaya suna aiki akan RHEL 8/7 da tsarin Fedora.

1. Don girka OpenVPN a cikin uwar garken RHEL/CentOS 8/7, da farko za a kunna wurin ajiyar EPEL sannan a sanya kunshin. Wannan yazo tare da duk masu dogaro da ake buƙata don shigar da fakitin OpenVPN.

# yum update
# yum install epel-release

2. Na gaba, zamu zazzage rubutun shigarwa na OpenVPN kuma saita VPN. Kafin saukarwa da gudanar da rubutun, yana da mahimmanci ka nemo adireshin IP na Jama'a na uwar garkenka saboda wannan zai zo da amfani yayin kafa uwar garken OpenVPN.

Hanya mai sauƙi don yin hakan shine amfani da umarnin curl kamar yadda aka nuna:

$ curl ifconfig.me

A madadin, zaku iya kiran umarnin tona kamar haka:

$ dig +short myip.opendns.com @resolver1.opendns.com

Idan kun shiga cikin kuskure "tono: ba a samo umarni ba" shigar da maɓallin tona ta hanyar tafiyar da umarnin:

$ sudo yum install bind-utils

Wannan ya kamata a magance matsalar.

Sabis na girgije yawanci yana da nau'ikan adiresoshin IP guda 2:

  • Adireshin IP na Jama'a guda ɗaya: Idan kuna da VPS akan dandamali na Cloud kamar Linode, Cloudcone, ko Digital Ocean, yawanci zaku sami adireshin IP ɗin jama'a ɗaya a haɗe da shi.
  • Adireshin IP na sirri a bayan NAT tare da IP na jama'a: Wannan shine batun tare da misalin EC2 akan AWS ko lissafin misali akan Google Cloud.

Kowane tsarin magance IP, rubutun OpenVPN zai gano saitin hanyar sadarwar ku na VPS kai tsaye kuma duk abin da za ku yi shi ne samar da haɗin adireshin IP na Jama'a ko Mai zaman kansa.

3. Yanzu bari mu ci gaba da zazzage rubutun shigarwa na OpenVPN, gudanar da umarnin da aka nuna.

$ wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh

4. Lokacin da saukarwar ta kammala, sanya aiwatar da izini da gudanar da rubutun harsashi kamar yadda aka nuna.

$ sudo chmod +x openvpn-install.sh
$ sudo ./openvpn-install.sh

Mai sakawa yana ɗaukar ka ta hanyar jerin tsokana:

5. Da farko, za a sa ka samar da adireshin IP na uwar garkenka na jama'a. Bayan haka, an ba da shawarar tafiya tare da zaɓuɓɓukan tsoho kamar tsoffin tashar tashar jiragen ruwa (1194) da yarjejeniya don amfani (UDP).

6. Na gaba, zaɓi tsoffin masu warware DNS kuma zaɓi Babu zaɓi (n) don matsi biyu da saitunan ɓoyewa.

7. Da zarar an gama, rubutun zai fara kafa saitin uwar garken OpenVPN tare da girka na sauran fakitoci da dogaro.

8. Aƙarshe, za a samar da fayil ɗin daidaitawar abokin ciniki ta amfani da kunshin-RSA mai sauƙi wanda shine kayan aikin layin umarni da ake amfani dashi don gudanar da takaddun tsaro.

Kawai samar da sunan abokin harka sannan ka tafi tare da zababbun tsoffin. Za'a adana fayil ɗin abokin ciniki a cikin kundin adireshin gidanka tare da ƙarin fayil ɗin .ovpn.

9. Da zarar an gama rubutun kafa uwar garken OpenVPN da kuma ƙirƙirar fayil ɗin kwastomomin abokin ciniki, za a ɓullo da wata tunga tun0 . Wannan ƙirar keɓaɓɓe ce inda duk zirga-zirga daga PC abokin ciniki za a saka ta cikin sabar.

10. Yanzu, zaku iya farawa ku duba matsayin uwar garken OpenVPN kamar yadda aka nuna.

$ sudo systemctl start [email 
$ sudo systemctl status [email 

11. Yanzu ka koma ga tsarin kwastomomi ka girka wurin ajiyar EPEL da fakitin software na OpenVPN.

$ sudo dnf install epel-release -y
$ sudo dnf install openvpn -y

12. Da zarar an girka, kana buƙatar kwafa fayil ɗin kwastomomi daga uwar garken OpenVPN zuwa tsarin abokin ka. Kuna iya yin wannan ta amfani da umarnin scp kamar yadda aka nuna

$ sudo scp -r [email :/home/tecmint/tecmint01.ovpn .

13. Da zarar an sauke fayil ɗin abokin ciniki zuwa tsarin Linux ɗinku, yanzu zaku iya fara haɓaka haɗi zuwa sabar VPN, ta amfani da umarnin:

$ sudo openvpn --config tecmint01.ovpn

Za ku sami fitarwa kwatankwacin abin da muke da shi a ƙasa.

14. An ƙirƙiri sabon teburin sarrafawa kuma an kafa haɗin tare da sabar VPN. Bugu da ƙari, ƙirar keɓaɓɓiyar hanyar tunel tun0 an ƙirƙire akan tsarin abokin ciniki.

Kamar yadda aka ambata a baya, wannan shine ƙirar da za ta rufe dukkan zirga-zirga cikin aminci ga uwar garken OpenVPN ta hanyar ramin SSL. An ba da keɓaɓɓiyar adireshin adireshin IP da sauri ta uwar garken VPN. Kamar yadda kake gani, an sanya tsarin abokin cinikinmu na Linux adireshin IP na 10.8.0.2 ta hanyar sabar OpenVPN.

$ ifconfig

15. Don tabbatar da cewa muna haɗe da uwar garken OpenVPN, zamu tabbatar da IP ɗin jama'a.

$ curl ifconfig.me

Kuma voila! tsarin abokin cinikinmu ya tsinci IP na jama'a na IP yana tabbatar da cewa hakika muna haɗe da uwar garken OpenVPN. A madadin haka, zaku iya yin amfani da wutar bincikenku da binciken Google\"Menene adireshin IP na" don tabbatar da cewa IP ɗinku na jama'a sun canza zuwa na uwar garken OpenVPN.

16. A kan Windows, kuna buƙatar saukar da hukuma OpenVPN Community Edition binaries wanda ya zo tare da GUI.

17. Na gaba, zazzage fayil ɗin sanyi na .ovpn a cikin adireshin C:\Fayilolin Shirye-shiryen BuɗeVPN\jeri kuma a matsayin mai Gudanarwa, fara OpenVPN GUI daga Fara -> Duk shirye-shiryen -> BuɗeVPN, kuma za a ƙaddamar da shi a bango.

18. Yanzu kunna wuta a burauzar ka bude http://whatismyip.org/ kuma yakamata ka ga IP na sabarka OpenVPN maimakon IP din jama'a da ISP dinka ta bayar:

Takaitawa

A cikin wannan labarin, munyi bayanin yadda ake saitawa da saita sabar VPN ta amfani da BuɗeVPN, da kuma yadda za a kafa abokan cinikin biyu (akwatin Linux da na Windows). Yanzu zaku iya amfani da wannan sabar azaman ƙofar VPN don amintar da ayyukan binciken yanar gizonku. Tare da ɗan ƙarin ƙoƙari (da kuma wata sabar mai nisa) kuna kuma iya saita amintaccen fayil/uwar garken rumbun adana bayanai, don suna 'yan misalai.

Muna fatan jin daga gare ku, don haka ku kyauta ku bar mana takarda ta amfani da fom ɗin da ke ƙasa. Sharhi, shawarwari, da tambayoyi game da wannan labarin ana maraba dasu sosai.