Bii o ṣe le Ṣẹda olupin IPsec VPN tirẹ ni Linux

Ọpọlọpọ awọn anfani lo wa ti lilo lilọ kiri lori intanẹẹti laisi ailorukọ.

Ninu nkan yii, iwọ yoo kọ bi o ṣe le yarayara ati ṣeto olupin tirẹ IPsec/L2TP VPN tirẹ ni awọn kaakiri CentOS/RHEL, Ubuntu, ati Debian Linux.

1. CentOS/RHEL tuntun tabi Ubuntu/Debian VPS (Olupin Aladani Foju) lati ọdọ olupese eyikeyi bii Linode.

Ṣiṣeto olupin IPsec/L2TP VPN ni Linux

Lati ṣeto olupin VPN, a yoo lo ikojọpọ iyanu ti awọn iwe afọwọkọ ikarahun ti a ṣẹda nipasẹ Lin Song, ti o fi Libreswan sori ẹrọ bi olupin IPsec, ati xl2tpd bi olupese L2TP. Ẹbun naa tun pẹlu awọn iwe afọwọkọ lati fikun tabi pa awọn olumulo VPN, igbesoke fifi sori VPN ati pupọ diẹ sii.

Ni akọkọ, wọle sinu VPS rẹ nipasẹ SSH, lẹhinna ṣiṣe awọn ofin ti o yẹ fun pinpin rẹ lati ṣeto olupin VPN. Nipa aiyipada, iwe afọwọkọ yoo ṣe agbekalẹ awọn iwe eri VPN laileto (bọtini ti a pin tẹlẹ, orukọ olumulo VPN, ati ọrọ igbaniwọle) fun ọ ki o ṣe afihan wọn ni ipari fifi sori ẹrọ.

Sibẹsibẹ, ti o ba fẹ lo awọn iwe-ẹri tirẹ, akọkọ o nilo lati ṣe agbekalẹ ọrọ igbaniwọle to lagbara ati PSK bi o ti han.

# openssl rand -base64 10
# openssl rand -base64 16

Itele, ṣeto awọn iye ti ipilẹṣẹ wọnyi bi a ṣe ṣalaye ninu aṣẹ atẹle gbogbo awọn iye Gbọdọ wa ni gbe inu ‘awọn agbasọ ẹyọkan’ bi o ti han.

• VPN_IPSEC_PSK - Bọtini ti a pin tẹlẹ ti IPsec rẹ.
• VPN_USER - Orukọ olumulo VPN rẹ.
• VPN_PASSWORD - Ọrọ igbaniwọle VPN rẹ.

---------------- On CentOS/RHEL ---------------- 
# wget https://git.io/vpnsetup-centos -O vpnsetup.sh && VPN_IPSEC_PSK='KvLjedUkNzo5gBH72SqkOA==' VPN_USER='tecmint' VPN_PASSWORD='8DbDiPpGbcr4wQ==' sh vpnsetup.sh

---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnsetup -O vpnsetup.sh && VPN_IPSEC_PSK='KvLjedUkNzo5gBH72SqkOA==' VPN_USER='tecmint' VPN_PASSWORD='8DbDiPpGbcr4wQ==' sudo sh vpnsetup.sh

Awọn idii akọkọ ti yoo fi sii jẹ awọn ohun-elo abuda, awọn irinṣẹ-netiwọki, bison, irọrun, gcc, libcap-ng-devel, libcurl-devel, libselinux-devel, nspr-devel, nss-devel, pam-devel, xl2tpd, awọn iṣẹ iptables, eto-devel, fipscheck-devel, libevent-devel, ati fail2ban (lati daabobo SSH), ati awọn igbẹkẹle ara wọn. Lẹhinna o ṣe igbasilẹ, ṣajọ ati awọn fifi sori ẹrọ Libreswan lati orisun, jẹ ki o bẹrẹ awọn iṣẹ pataki.

Lọgan ti fifi sori ẹrọ ba pari, awọn alaye VPN yoo han bi o ṣe han ninu sikirinifoto atẹle.

Nigbamii ti, o nilo lati ṣeto alabara VPN kan, fun awọn tabili tabi awọn kọǹpútà alágbèéká pẹlu wiwo olumulo ayaworan, tọka si itọsọna yii: Bawo ni Lati Ṣeto L2TP/Ipsec Onibara VPN kan lori Linux.

Lati ṣafikun asopọ VPN ninu ẹrọ alagbeka kan bii foonu Android, lọ si Eto -> Nẹtiwọọki & Intanẹẹti (tabi Alailowaya & Awọn nẹtiwọọki -> Diẹ sii) -> To ti ni ilọsiwaju -> VPN. Yan aṣayan lati ṣafikun VPN tuntun kan. Iru VPN yẹ ki o ṣeto si IPSec Xauth PSK, lẹhinna lo ẹnu-ọna VPN ati awọn iwe-ẹri loke.

Bii o ṣe le Fikun-un tabi Yọ Olumulo VPN ni Lainos

Lati ṣẹda olumulo VPN tuntun tabi ṣe imudojuiwọn olumulo VPN ti o wa pẹlu ọrọigbaniwọle tuntun, ṣe igbasilẹ ati lo iwe afọwọkọ add_vpn_user.sh nipa lilo pipaṣẹ wget atẹle.

$ wget -O add_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/add_vpn_user.sh
$ sudo sh add_vpn_user.sh 'username_to_add' 'user_password'

Lati pa olumulo VPN rẹ, gba lati ayelujara ki o lo iwe afọwọkọ del_vpn_user.sh.

$ wget -O del_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/del_vpn_user.sh
$ sudo sh del_vpn_user.sh 'username_to_delete'

Bii o ṣe le ṣe Igbesoke Fifi sori Libreswan ni Lainos

O le ṣe igbesoke fifi sori Libreswan nipa lilo vpnupgrade.sh tabi iwe afọwọkọ vpnupgrade_centos.sh. Rii daju lati ṣatunkọ oniyipada SWAN_VER si ẹya ti o fẹ fi sii, laarin iwe afọwọkọ naa.

---------------- On CentOS/RHEL ---------------- 
# wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sh vpnupgrade.sh

---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnupgrade -O vpnupgrade.sh && sudo sh  vpnupgrade.sh

Bii o ṣe le Aifi VPN Server kuro ni Lainos

Lati aifi sori ẹrọ fifi sori VPN, ṣe atẹle.

# yum remove xl2tpd

Lẹhinna ṣii/ati be be lo/sysconfig/iptables faili iṣeto ati yọ awọn ofin ti ko wulo ati satunkọ /etc/sysctl.conf ati /etc/rc.local faili, ki o yọ awọn ila naa kuro lẹhin asọye # Afikun nipasẹ hwdsl2 VPN iwe afọwọkọ, ni awọn faili mejeeji.

$ sudo apt-get purge xl2tpd

Nigbamii, satunkọ faili iṣeto /etc/iptables.rules ki o yọ eyikeyi awọn ofin ti ko wulo. Ni afikun, satunkọ /etc/iptables/rules.v4 ti o ba wa.

Lẹhinna ṣatunkọ /etc/sysctl.conf ati /etc/rc.local awọn faili, yọ awọn ila lẹhin asọye # Fikun nipasẹ iwe afọwọkọ hwdsl2 VPN, ni awọn faili mejeeji. Maṣe yọ ijade 0 kuro ti o ba wa.

Ni aṣayan, o le yọ awọn faili kan ati awọn ilana ilana ti a ṣẹda lakoko iṣeto VPN.

# rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* /etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto 
# rm -rf /etc/ipsec.d /etc/xl2tpd

Lati ṣeto ipilẹ IPSec kan-si-aaye IPSec VPN pẹlu Strongswan, ṣayẹwo awọn itọsọna wa:

1. Bii o ṣe le Ṣeto VPN ipilẹ IPSec pẹlu Strongswan lori Debian ati Ubuntu
2. Bii o ṣe le Ṣeto VPN ipilẹ IPSec pẹlu Strongswan lori CentOS/RHEL 8

Itọkasi: https://github.com/hwdsl2/setup-ipsec-vpn

Ni aaye yii, olupin VPN tirẹ ti wa ni oke ati nṣiṣẹ. O le pin eyikeyi awọn ibeere tabi fun wa ni esi nipa lilo fọọmu asọye ni isalẹ.