Yadda zaka Kirkiri Sabbin IPsec na VPN a Linux


Akwai fa'idodi da yawa na amfani da lilo a intanet ba tare da suna ba.

A cikin wannan labarin, zaku koya yadda zaku saita saitunan ku na IPsec/L2TP VPN a cikin CentOS/RHEL, Ubuntu, da Debian Linux.

  1. Wani sabo ne CentOS/RHEL ko Ubuntu/Debian VPS (Virtual Private Server) daga kowane mai bada sabis kamar Linode.

Kafa Sabar IPsec/L2TP VPN Server a cikin Linux

Don saita uwar garken VPN, zamuyi amfani da tarin ban mamaki na rubutun harsashi wanda Lin Song ya kirkira, wanda ke girka Libreswan azaman uwar garken IPsec, kuma xl2tpd azaman mai ba da L2TP. Hadayar ta hada da rubutun don karawa ko share masu amfani da VPN, haɓaka shigarwar VPN da ƙari.

Da farko, shiga cikin VPS ɗin ku ta hanyar SSH, sannan kuyi umarni masu dacewa don rarrabawarku don saita sabar VPN. Ta hanyar tsoho, rubutun zai samar da takaddun shaidar bazuwar VPN (mabuɗin da aka riga aka raba, sunan mai amfani na VPN, da kalmar wucewa) a gare ku kuma ku nuna su a ƙarshen shigarwa.

Koyaya, idan kuna son amfani da takardun shaidarku, da farko kuna buƙatar ƙirƙirar kalmar sirri mai ƙarfi da PSK kamar yadda aka nuna.

# openssl rand -base64 10
# openssl rand -base64 16

Na gaba, saita waɗannan ƙimomin da aka kirkira kamar yadda aka bayyana a cikin umarni mai zuwa duk valuesimomin DOLO ne a sanya su a ciki 'ƙididdiga guda' kamar yadda aka nuna.

  • VPN_IPSEC_PSK - Maballin da kuka rigaya ya raba na IPsec.
  • VPN_USER - Sunan mai amfani na ku na VPN.
  • VPN_PASSWORD - Kalmar wucewa ta VPN.

---------------- On CentOS/RHEL ---------------- 
# wget https://git.io/vpnsetup-centos -O vpnsetup.sh && VPN_IPSEC_PSK='KvLjedUkNzo5gBH72SqkOA==' VPN_USER='tecmint' VPN_PASSWORD='8DbDiPpGbcr4wQ==' sh vpnsetup.sh

---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnsetup -O vpnsetup.sh && VPN_IPSEC_PSK='KvLjedUkNzo5gBH72SqkOA==' VPN_USER='tecmint' VPN_PASSWORD='8DbDiPpGbcr4wQ==' sudo sh vpnsetup.sh

Babban kunshin da za'a girka sune kayan aiki, kayan aiki, bison, lankwasawa, gcc, libcap-ng-devel, libcurl-devel, libselinux-devel, nspr-devel, nss-devel, pam-devel, xl2tpd, ayyuka masu mahimmanci, tsarin tsari, fipscheck-devel, sassauƙa, da gaza2ban (don kare SSH), da masu dogaro da su. Sannan yana zazzagewa, tattarawa da girka Libreswan daga tushe, yana kunnawa da fara ayyukan da ake buƙata.

Da zarar an gama shigarwar, za a nuna bayanan VPN kamar yadda aka nuna a cikin hoton da ke gaba.

Na gaba, kuna buƙatar saita abokin cinikin VPN, don tebur ko kwamfutar tafi-da-gidanka tare da zane mai amfani da hoto, koma zuwa wannan jagorar: Yadda Ake saita L2TP/Ipsec VPN Abokin Ciniki akan Linux.

Don ƙara haɗin VPN a cikin na'urar hannu kamar wayar Android, je zuwa Saituna -> Hanyar Sadarwa & Intanit (ko Mara waya & Hanyoyin Sadarwar -> Moreari) -> Na ci gaba -> VPN. Zaɓi zaɓi don ƙara sabon VPN. Ya kamata a saita nau'in VPN zuwa IPSec Xauth PSK, sannan amfani da ƙofar VPN da takardun shaidarka a sama.

Yadda ake Add ko Cire Mai amfani na VPN a cikin Linux

Don ƙirƙirar sabon mai amfani na VPN ko sabunta mai amfani na VPN mai amfani tare da sabon kalmar sirri, zazzage kuma yi amfani da rubutun add_vpn_user.sh ta amfani da umarnin wget mai zuwa.

$ wget -O add_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/add_vpn_user.sh
$ sudo sh add_vpn_user.sh 'username_to_add' 'user_password'

Don share mai amfani na VPN, zazzage kuma yi amfani da rubutun del_vpn_user.sh.

$ wget -O del_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/del_vpn_user.sh
$ sudo sh del_vpn_user.sh 'username_to_delete'

Yadda ake Haɓaka Girkawar Libreswan a cikin Linux

Kuna iya haɓaka shigarwar Libreswan ta amfani da vpnupgrade.sh ko vpnupgrade_centos.sh rubutun. Tabbatar da gyara SWAN_VER mai canji zuwa sigar da kuke son girkawa, a cikin rubutun.

---------------- On CentOS/RHEL ---------------- 
# wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sh vpnupgrade.sh

---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnupgrade -O vpnupgrade.sh && sudo sh  vpnupgrade.sh

Yadda ake Cire Uwar garken VPN a cikin Linux

Don cirewa shigarwar VPN, yi haka.

# yum remove xl2tpd

Sannan bude/sauransu/sysconfig/iptables fayil din daidaitawa sannan ka cire dokokin da basu dace ba sannan ka gyara /etc/sysctl.conf da /etc/rc.local, sannan ka cire layukan bayan sharhin # Added by hwdsl2 VPN script, a duka files din.

$ sudo apt-get purge xl2tpd

Na gaba, gyara /etc/iptables.rules fayil ɗin daidaitawa kuma cire duk wasu ƙa'idodi marasa buƙata. Allyari, gyara /etc/iptables/rules.v4 idan ya wanzu.

Sannan gyara fayilolin /etc/sysctl.conf da /etc/rc.local, cire layukan bayan bayanan # Added da hwdsl2 VPN rubutun, a duka fayiloli. Kar a cire fitowar 0 idan akwai.

Zaɓi, zaku iya cire wasu fayiloli da kundayen adireshi waɗanda aka ƙirƙira yayin saita VPN.

# rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* /etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto 
# rm -rf /etc/ipsec.d /etc/xl2tpd

Don saita shafin yanar gizo na IPSec mai tushen IPSec tare da Strongswan, bincika jagororinmu:

  1. Yadda za a saita VPN mai tushen IPSec tare da Strongswan akan Debian da Ubuntu
  2. Yadda za a saita VPN mai tushen IPSec tare da Strongswan akan CentOS/RHEL 8

Tunani: https://github.com/hwdsl2/setup-ipsec-vpn

A wannan lokacin, sabar ku ta VPN tana aiki kuma tana gudana. Kuna iya raba kowace tambaya ko ba mu amsa ta amfani da fom ɗin sharhi da ke ƙasa.