Otu esi emepụta sava IPsec VPN nke gị na Linux


Enwere ọtụtụ uru dị na iji chọgharịa ịntanetị na-amaghị aha.

N'isiokwu a, ị ga-amụta otu esi eme ngwa ngwa na-akpaghị aka melite nkesa IPsec/L2TP VPN na nkesa CentOS/RHEL, Ubuntu, na Debian Linux.

  1. CentOS/RHEL ọhụrụ ma ọ bụ Ubuntu/Debian VPS (Ihe nkesa nkeonwe) sitere na ndị na-eweta ọ bụla dị ka Linode.

Ịtọlite IPsec/L2TP VPN Server na Linux

Iji guzobe sava VPN, anyị ga-eji ọmarịcha nchịkọta shei nke Lin Song mebere, nke na-etinye Libreswan dị ka sava IPsec, yana xl2tpd dị ka onye na-eweta L2TP. Onyinye a gụnyekwara scripts ịgbakwunye ma ọ bụ hichapụ ndị ọrụ VPN, kwalite nwụnye VPN na ọtụtụ ndị ọzọ.

Nke mbụ, banye n'ime VPS gị site na SSH, wee mee iwu kwesịrị ekwesị maka nkesa gị ka ịtọlite sava VPN. Site na ndabara, edemede ahụ ga-ewepụta nzere VPN na-enweghị usoro (igodo ekekọrịtara mbụ, aha njirimara VPN na paswọọdụ) maka gị wee gosipụta ha na njedebe nke nrụnye.

Agbanyeghị, ọ bụrụ na ịchọrọ iji nzere nke gị, buru ụzọ mepụta paswọọdụ siri ike na PSK dị ka egosiri.

# openssl rand -base64 10
# openssl rand -base64 16

Na-esote, tọọ ụkpụrụ ndị a emepụtapụtara dịka akọwara n'iwu na-esonụ, ụkpụrụ niile ga-edobe n'ime 'otu nkwuputa' dịka egosiri.

  • VPN_IPSEC_PSK – Igodo ekekọrịtara IPsec mbụ.
  • VPN_USER – Aha njirimara VPN gị.
  • VPN_PASSWORD – paswọọdụ VPN gị.

---------------- On CentOS/RHEL ---------------- 
# wget https://git.io/vpnsetup-centos -O vpnsetup.sh && VPN_IPSEC_PSK='KvLjedUkNzo5gBH72SqkOA==' VPN_USER='tecmint' VPN_PASSWORD='8DbDiPpGbcr4wQ==' sh vpnsetup.sh

---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnsetup -O vpnsetup.sh && VPN_IPSEC_PSK='KvLjedUkNzo5gBH72SqkOA==' VPN_USER='tecmint' VPN_PASSWORD='8DbDiPpGbcr4wQ==' sudo sh vpnsetup.sh

Ihe ngwugwu ndị a ga-etinye bụ bind-utils, net-tools, bison, flex, gcc, libcap-ng-devel, libcurl-devel, libselinux-devel, nspr-devel, nss-devel, pam-devel, xl2tpd, iptables-ọrụ, systemd-devel, fipscheck-devel, libervent-devel, na fail2ban (iji kpuchido SSH), na dabere na ha. Mgbe ahụ ọ na-ebudata, na-achịkọta ma wụnye Libreswan site na isi iyi, na-enyere aka ma malite ọrụ ndị dị mkpa.

Ozugbo echichi mechara, a ga-egosipụta nkọwa VPN dị ka egosiri na nseta ihuenyo na-esonụ.

Na-esote, ịkwesịrị ịtọlite onye ahịa VPN, maka desktọpụ ma ọ bụ laptọọpụ nwere interface njirimara eserese, rụtụ aka na ntuziaka a: Otu esi edozi onye ahịa L2TP/Ipsic VPN na Linux.

Ka ịgbakwunye njikọ VPN na ekwentị mkpanaaka dị ka ekwentị gam akporo, gaa na Ntọala -> Netwọk & Ịntanetị (ma ọ bụ Ikuku & Netwọk -> Ndị ọzọ) -> Di elu -> VPN. Họrọ nhọrọ iji tinye VPN ọhụrụ. Ekwesịrị ịtọ ụdị VPN na IPSec Xauth PSK, wee jiri ọnụ ụzọ VPN na nzere dị n'elu.

Otu esi etinye ma ọ bụ wepu onye ọrụ VPN na Linux

Iji mepụta onye ọrụ VPN ọhụrụ ma ọ bụ jiri paswọọdụ ọhụrụ kwalite onye ọrụ VPN dị adị, budata wee jiri edemede add_vpn_user.sh site na iji iwu wget na-esonụ.

$ wget -O add_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/add_vpn_user.sh
$ sudo sh add_vpn_user.sh 'username_to_add' 'user_password'

Ka ihichapụ onye ọrụ VPN, budata wee jiri edemede del_vpn_user.sh.

$ wget -O del_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/del_vpn_user.sh
$ sudo sh del_vpn_user.sh 'username_to_delete'

Otu esi kwalite nwụnye Libreswan na Linux

Ị nwere ike kwalite nwụnye Libreswan site na iji vpnupgrade.sh ma ọ bụ vpnupgrade_centos.sh script. Jide n'aka na ị dezie SWAN_VER agbanwe na ụdị ịchọrọ ịwụnye, n'ime edemede ahụ.

---------------- On CentOS/RHEL ---------------- 
# wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sh vpnupgrade.sh

---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnupgrade -O vpnupgrade.sh && sudo sh  vpnupgrade.sh

Otu esi ewepu sava VPN na Linux

Iji wepu nwụnye VPN, mee ihe ndị a.

# yum remove xl2tpd

Wee mepee faịlụ nhazi /etc/sysconfig/iptables wee wepụ iwu ndị na-adịghị mkpa wee dezie /etc/sysctl.conf na /etc/rc.local file, wee wepụ ahịrị ahụ mgbe nkwupụta ahụ gasịrị # gbakwunyere hwdsl2 VPN script, na faịlụ abụọ ahụ.

$ sudo apt-get purge xl2tpd

Na-esote, dezie /etc/iptables.rules nhazi faịlụ ma wepụ iwu ọ bụla na-adịghị mkpa. Na mgbakwunye, dezie /etc/iptables/rules.v4 ma ọ bụrụ na ọ dị.

Mgbe ahụ dezie /etc/sysctl.conf na /etc/rc.local faịlụ, wepụ ahịrị ahụ mgbe okwu # gbakwunyere site hwdsl2 VPN script, na abụọ faịlụ. Ewepụla ọpụpụ 0 ma ọ dị.

Nhọrọ, ị nwere ike wepu ụfọdụ faịlụ na akwụkwọ ndekọ aha ndị e kere n'oge VPN melite.

# rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* /etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto 
# rm -rf /etc/ipsec.d /etc/xl2tpd

Ka ịtọlite saịtị gaa na saịtị IPSec VPN nwere Strongwan, lelee ntuziaka anyị:

  1. Otu esi edobe VPN dabere na IPSec na Strongswan na Debian na Ubuntu
  2. Etu esi edobe VPN dabere na IPSec na Strongswan na CentOS/RHEL 8

Ntuziaka: https://github.com/hwdsl2/setup-ipsec-vpn

N'oge a, ihe nkesa VPN gị na-arụ ọrụ. Ị nwere ike ịkekọrịta ajụjụ ọ bụla ma ọ bụ nye anyị nzaghachi site na iji ụdị nkọwa n'okpuru.