Yadda ake Shigar da Sanya OpenVPN Server a CentOS 8/7
Cibiyar Sadarwar Mai Zaman Kanta Mai Mahimmanci wata hanyar fasaha ce da ake amfani da ita don samar da sirri da tsaro don haɗin yanar gizo. Shahararriyar shari'ar da aka fi sani ta ƙunshi mutanen da ke haɗawa da uwar garken nesa tare da zirga-zirgar ababen hawa ta hanyar sadarwar jama'a ko mara tsaro (kamar Intanet).
Hotunan abubuwan da ke faruwa:
A cikin wannan labarin, za mu yi bayanin yadda ake saita uwar garken VPN a cikin akwatin RHEL/CentOS 8/7 ta amfani da OpenVPN, ƙaƙƙarfan ƙaƙƙarfan aikace-aikacen rami mai sassauƙa wanda ke amfani da ɓoyayyen ɓoyayyen ɓoyayye, tantancewa, da fasalulluka na takaddun shaida na ɗakin karatu na OpenSSL. Don sauƙi, kawai za mu yi la'akari da shari'ar inda uwar garken OpenVPN ke aiki azaman amintacciyar ƙofar Intanet ga abokin ciniki.
Don wannan saitin, mun yi amfani da inji guda uku, na farko yana aiki azaman uwar garken OpenVPN, sauran biyun kuma (Linux da Windows) suna aiki azaman abokin ciniki don haɗawa zuwa uwar garken OpenVPN mai nisa.
A wannan shafi
- Shigar da OpenVPN Server a cikin CentOS 8
- Shigar da Abokin ciniki na OpenVPN a cikin Linux
- Shigar da Abokin ciniki na OpenVPN a cikin Windows
Lura: Umarni iri ɗaya kuma suna aiki akan tsarin RHEL 8/7 da Fedora.
1. Don shigar da OpenVPN a cikin uwar garken RHEL/CentOS 8/7, za ku fara kunna ma'ajiyar EPEL sannan ku shigar da kunshin. Wannan ya zo tare da duk abubuwan dogaro da ake buƙata don shigar da kunshin OpenVPN.
# yum update # yum install epel-release
2. Na gaba, za mu zazzage rubutun shigarwa na OpenVPN kuma mu kafa VPN. Kafin zazzagewa da gudanar da rubutun, yana da mahimmanci ku nemo adireshin IP na Jama'a na uwar garken saboda wannan zai zo da amfani yayin kafa sabar OpenVPN.
Hanya mai sauƙi don yin hakan ita ce amfani da umarnin curl kamar yadda aka nuna:
$ curl ifconfig.me
A madadin, zaku iya kiran umarnin tono kamar haka:
$ dig +short myip.opendns.com @resolver1.opendns.com
Idan kun shiga cikin kuskure dig: umarni ba a samo ba shigar da utility ta hanyar aiwatar da umarnin:
$ sudo yum install bind-utils
Wannan yakamata ya warware matsalar.
Sabar gajimare yawanci za su sami nau'ikan adiresoshin IP guda biyu:
- Adireshin IP na Jama'a guda ɗaya: Idan kuna da VPS akan dandamalin Cloud kamar Linode, Cloudcone, ko Digital Ocean, yawanci zaku sami adireshin IP ɗaya na Jama'a a maƙala dashi.
- Adireshin IP mai zaman kansa a bayan NAT tare da IP na jama'a: Wannan shine yanayin misali na EC2 akan AWS ko misalin lissafi akan Google Cloud.
Ko wane tsarin adireshin IP, rubutun OpenVPN zai gano saitin hanyar sadarwar ku ta atomatik ta VPS kuma duk abin da za ku yi shi ne samar da adireshin IP na Jama'a ko Mai zaman kansa.
3. Yanzu bari mu ci gaba da zazzage rubutun shigarwa na OpenVPN, gudanar da umarnin da aka nuna.
$ wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh
4. Lokacin da zazzagewar ta cika, sanya izinin aiwatar da aiwatar da rubutun harsashi kamar yadda aka nuna.
$ sudo chmod +x openvpn-install.sh $ sudo ./openvpn-install.sh
Mai sakawa yana ɗaukar ku ta cikin jerin faɗakarwa:
5. Da farko, za a sa ka samar da adireshin IP na jama'a na uwar garken. Bayan haka, ana ba da shawarar tafiya tare da zaɓuɓɓukan tsoho kamar lambar tashar tashar jiragen ruwa ta asali (1194) da yarjejeniya don amfani (UDP).
6. Na gaba, zaɓi tsoffin masu gyara DNS kuma zaɓi Babu zaɓi ( n ) don duka matsawa da saitunan ɓoyewa.
7. Da zarar an gama, rubutun zai fara saitin uwar garken OpenVPN tare da shigar da sauran fakitin software da abin dogaro.
8. A ƙarshe, za a samar da fayil ɗin daidaitawar abokin ciniki ta amfani da fakitin RSA mai sauƙi wanda shine kayan aikin layin umarni da ake amfani da shi don sarrafa takaddun shaida na tsaro.
Kawai samar da sunan abokin ciniki kuma tafi tare da tsoffin zaɓuɓɓuka. Za a adana fayil ɗin abokin ciniki a cikin gidan ku tare da tsawo na fayil na .ovpn.
9. Da zarar an gama rubutun saitin uwar garken OpenVPN da ƙirƙirar fayil ɗin daidaitawar abokin ciniki, za a sami hanyar haɗin rami tun0. Wannan sigar kama-da-wane ce inda duk zirga-zirga daga PC ɗin abokin ciniki za a haɗa su zuwa uwar garken.
10. Yanzu, zaku iya farawa da duba matsayin uwar garken OpenVPN kamar yadda aka nuna.
$ sudo systemctl start [email $ sudo systemctl status [email
11. Yanzu kai kan tsarin abokin ciniki kuma shigar da ma'ajin EPEL da fakitin software na OpenVPN.
$ sudo dnf install epel-release -y $ sudo dnf install openvpn -y
12. Da zarar an shigar, kuna buƙatar kwafin fayil ɗin daidaitawar abokin ciniki daga uwar garken OpenVPN zuwa tsarin abokin cinikin ku. Kuna iya yin wannan ta amfani da umarnin scp kamar yadda aka nuna
$ sudo scp -r [email :/home/tecmint/tecmint01.ovpn .
13. Da zarar an sauke fayil ɗin abokin ciniki zuwa tsarin Linux ɗin ku, yanzu zaku iya fara haɗi zuwa uwar garken VPN, ta amfani da umarnin:
$ sudo openvpn --config tecmint01.ovpn
Za ku sami fitarwa kwatankwacin abin da muke da shi a ƙasa.
14. An ƙirƙiri sabon tebur na tuƙi kuma an kafa haɗi tare da uwar garken VPN. Bugu da ƙari, an ƙirƙiri hanyar mu'amalar mahaɗar mahaɗar mahaɗar mahaɗar mahallin tun0 akan tsarin abokin ciniki.
Kamar yadda aka ambata a baya, wannan shine keɓantaccen hanyar da za ta ratsa duk zirga-zirga cikin aminci zuwa uwar garken OpenVPN ta hanyar rami SSL. An ba da adireshin IP ɗin a hankali ta uwar garken VPN. Kamar yadda kuke gani, tsarin Linux abokin cinikinmu an sanya adireshin IP na 10.8.0.2 ta uwar garken OpenVPN.
$ ifconfig
15. Don kawai tabbatar da cewa an haɗa mu zuwa uwar garken OpenVPN, za mu tabbatar da IP na jama'a.
$ curl ifconfig.me
Kuma voila! Tsarin abokin cinikinmu ya zaɓi IP ɗin jama'a na VPN yana mai tabbatar da cewa lallai an haɗa mu da sabar OpenVPN. A madadin, zaku iya kunna burauzarku da binciken Google \Mene ne adireshin IP na don tabbatar da cewa IP ɗin ku na jama'a ya canza zuwa na sabar OpenVPN.
16. A kan Windows, kuna buƙatar saukar da hukuma ta OpenVPN Community Edition binaries waɗanda suka zo tare da GUI.
17. Na gaba, zazzage fayil ɗin daidaitawar .ovpn cikin C:\Faylolin Shirin OpenVP
18. Yanzu kunna wani browser da bude http://whatismyip.org/ kuma ya kamata ka ga IP na OpenVPN uwar garken maimakon jama'a IP samar da your ISP:
Takaitawa
A cikin wannan labarin, mun yi bayanin yadda ake saitawa da daidaita sabar VPN ta amfani da OpenVPN, da kuma yadda ake saita abokan ciniki biyu masu nisa (akwatin Linux da injin Windows). Yanzu zaku iya amfani da wannan uwar garken azaman ƙofar VPN don kiyaye ayyukan binciken yanar gizon ku. Tare da ɗan ƙaramin ƙoƙari (da kuma wani uwar garken nesa akwai) kuma kuna iya saita amintaccen sabar fayil/uwar garken bayanai, don suna 'yan misalai.
Muna jiran ji daga gare ku, don haka jin daɗin sauke mana bayanin kula ta amfani da fom ɗin da ke ƙasa. Sharhi, shawarwari, da tambayoyi game da wannan labarin an fi maraba da su.