I-SSTP VPN: Yonke into ongathanda ukuyazi
Mar 07, 2022 • Ifayilishwe ku: UFikelelo kwiWebhu engaziwa • Izisombululo eziqinisekisiweyo
I-SSTP bubuxhakaxhaka betekhnoloji eyaphuhliswa ekuqaleni nguMicrosoft. Imele iProtocol yeSecure Socket Tunneling kwaye yaziswa okokuqala kwiMicrosoft Vista. Ngoku, unokuqhagamshela ngokulula kwi-SSTP VPN kwiinguqulelo ezidumileyo zeWindows (kunye neLinux). Ukuseta i-SSTP ye-VPN Ubuntu yeWindows akukho nzima kakhulu. Kwesi sikhokelo, siya kukufundisa indlela yokuseta i-SSTP ye-VPN Mikrotik kwaye uyithelekise kunye nezinye iiprothokholi ezidumileyo ngokunjalo.
Icandelo 1: Yintoni iSSTP VPN?
IProthokholi ye-Tunneling ye-Socket ekhuselekileyo yiprotocol esetyenziswa ngokubanzi enokuthi isetyenziswe ukwenza i-VPN yakho. Itekhnoloji yaphuhliswa nguMicrosoft kwaye inokuhanjiswa kunye nomzila owukhethileyo, njengeMikrotik SSTP VPN.
- • Isebenzisa iPort 443, ekwasetyenziswa luqhagamshelo lwe-SSL. Ke ngoko, inokusombulula imiba ye-NAT yomlilo eyenzeka kwi-OpenVPN ngamanye amaxesha.
- • I-SSTP VPN isebenzisa isatifikethi sokungqinisisa esizinikeleyo kunye ne-2048-bit encryption, iyenza ibe yenye yeendlela ezikhuselekileyo.
- • Iyakwazi ukugqitha ngokulula iindonga zomlilo kwaye ibonelele ngenkxaso yoMfihlo oPheleleyo oPhambili (PFS).
- • Endaweni ye-IPSec, ixhasa ukuhanjiswa kwe-SSL. Oku kwenze ukuba uzulazule endaweni yosasazo nje ukuya kwindawo ukuya kwindawo yedatha.
- • I-drawback kuphela ye-SSTP ye-VPN kukuba ayiboneleli ngenkxaso yezixhobo eziphathwayo ezifana ne-Android kunye ne-iPhone.
Kwi-SSTP ye-VPN Ubuntu ye-Windows, i-port 443 isetyenziswa njengoko ungqinisiso lwenzeka ekupheleni komxhasi. Emva kokufumana isatifikethi somncedisi, uqhagamshelwano luyasekwa. Iipakethi ze-HTTPS kunye ne-SSTP zithunyelwa kumxhasi, ezikhokelela kwingxoxo ye-PPP. Nje ukuba ujongano lwe-IP lunikezelwe, iseva kunye nomxhasi banokudlulisela ngaphandle komthungo iipakethi zedatha.
Isigaba 2: Uyiseta njani iVPN nge-SSTP?
Ukuseta i-SSTP ye-VPN Ubuntu okanye iWindows yahluke kancinane kwi-L2TP okanye i-PPTP. Nangona itekhnoloji ivela kwiWindows, kuya kufuneka uqwalasele iMikrotik SSTP VPN. Ungasebenzisa nayiphi na enye i-router ngokunjalo. Nangona, kwesi sifundo, sithathele ingqalelo ukuseta i-SSTP VPN Mikrotik Windows 10. Le nkqubo iyafana nezinye iinguqulelo zeWindows kunye ne-SSTP VPN Ubuntu nazo.
Inyathelo 1: Ukufumana iSatifikethi sokuQinisekisa koMthengi
Njengoko usazi, ukuze usete iMikrotik SSTP VPN, kufuneka senze izatifikethi ezizinikeleyo. Ukwenza oku, yiya kwisistim> Izatifikethi kwaye ukhethe ukwenza isatifikethi esitsha. Apha, unganikeza igama le-DNS ukuseta i-SSTP VPN. Kwakhona, umhla wokuphelelwa kufuneka usebenze kwiintsuku ezingama-365 ezilandelayo. Ubungakanani obuphambili kufuneka bube yi-2048 bit.
Emva koko, yiya kwiSitshixo sokuSetyenziswa thebhu kwaye uvule kuphela uphawu lwe-crl kunye nesitshixo secert. sayina iinketho.
Gcina utshintsho lwakho ngokucofa iqhosha elithi "Faka". Oku kuya kukuvumela ukuba wenze isatifikethi somncedisi we-SSTP VPN Mikrotik nayo.
Inyathelo 2: Yenza iSatifikethi somncedisi
Ngendlela efanayo, kufuneka wenze isatifikethi somncedisi ngokunjalo. Nika igama elifanelekileyo kwaye usethe ubungakanani obuphambili kwi-2048. Ubude bunokuba nantoni na ukusuka kwi-0 ukuya kwi-3650.
Ngoku, yiya kuSetyenziso olungundoqo isithuba kwaye uqinisekise ukuba akukho nanye kwiinketho ezenziweyo.
Cofa nje kwiqhosha elithi "Faka" kwaye uphume kwifestile.
Inyathelo lesi-3: Sayina isatifikethi
Ukuze uqhubeke, kufuneka utyikitye isatifikethi sakho wedwa. Vula nje iSatifikethi kwaye ucofe ku "Sayina" ukhetho. Nika igama le-DNS okanye idilesi ye-IP engatshintshiyo kwaye ukhethe ukuzisayina ngokwakho isatifikethi.
Emva kokusayina, awuzukwazi ukwenza naluphi na utshintsho kwisatifikethi.
Inyathelo 4: Sayina isatifikethi somncedisi
Ngendlela efanayo, unokusayina isatifikethi somncedisi ngokunjalo. Unokufuna isitshixo esongezelelweyo sabucala ukuze ulenze likhuseleke ngakumbi.
Inyathelo 5: Vula iseva
Ngoku, kufuneka uvule iseva ye-SSTP yeVPN kwaye wenze iMfihlo. Yiya ngokulula kwiinketho zePPP kwaye wenze iseva ye-SSTP. Ungqinisiso kufuneka lube “mschap2” kuphela. Kwakhona, khubaza ukhetho lwesatifikethi somthengi wokuqinisekisa phambi kokugcina olu tshintsho.
Ngaphaya koko, yenza iMfihlo yePPP entsha. Nika igama lakho lomsebenzisi, igama lokugqitha kunye nedilesi ye-LAN yerutha yakho yeMikrotik. Kwakhona, ungakhankanya idilesi ye IP yomxhasi okude apha.
Inyathelo lesi-6: Ukuthunyelwa ngaphandle kwesatifikethi
Ngoku, kufuneka sithumele ngaphandle isatifikethi sokuQinisekisa koMthengi. Ngaphambili, qiniseka ukuba i-port 443 ivuliwe.
Qalisa ngokulula ujongano lweRouter yakho elinye ixesha elingakumbi. Khetha isatifikethi se-CA kwaye ucofe iqhosha elithi "Thumela ngaphandle". Misela ibinzana lokugqithisa elinamandla lokuThumela ngaphandle.
Kakhulu! Sesikufutshane. Yiya kwi-router interface kwaye ukopishe-uncamathisele isiqinisekiso se-CA kwi-Windows drive.
Emva koko, unokuphehlelela iwizard yokuThutha ngaphandle kweSatifikethi esitsha. Khetha umatshini wendawo njengomthombo.
Ukusuka apha, ungakhangela isatifikethi osenzileyo. Ungaphinda usebenzise "certlm.msc" kwaye ufake isatifikethi sakho apho.
Inyathelo 7: Yenza i-SSTP VPN
Ekugqibeleni, ungaya kwiPhaneli yoLawulo> Inethiwekhi kunye noSeto kwaye ukhethe ukwenza iVPN entsha. Nika igama leseva kwaye uqinisekise ukuba uhlobo lweVPN ludweliswe njenge-SSTP.
Nje ukuba i-SSTP VPN yenziwe, ungaya kwi-interface ye-Mikrotik. Ukusuka apha, unokujonga iMikrotik SSTP VPN eyongeziweyo. Ngoku ungaqhagamshela kule SSTP VPN Mikrotik nangaliphi na ixesha.
Icandelo 3: I-SSTP vs. PPTP
Njengoko usazi, i-SSTP yahluke kakhulu kwiPPTP. Umzekelo, i-PPTP iyafumaneka phantse kuwo onke amaqonga aphambili (kubandakanya i-Android kunye ne-iOS). Kwelinye icala, i-SSTP ivela kwiWindows.
I-PPTP ikwayiprothokholi yokuhambisa ngokukhawuleza xa ithelekiswa ne-SSTP. Nangona, i-SSTP lukhetho olukhuseleke ngakumbi. Kuba isekwe kwizibuko elingazange livalwe ziifirewall, inokudlula ngokulula ukhuseleko lwe-NAT kunye neendonga zomlilo. Okufanayo akunakusetyenziswa kwiPPTP.
Ukuba ukhangele i-protocol ye-VPN kwiimfuno zakho zobuqu, ngoko unokuhamba kunye ne-PPTP. Isenokungakhuseleki njenge-SSTP, kodwa kulula kakhulu ukuyicwangcisa. Kukwakho iiseva zePPTP zeVPN ezifumaneka simahla.
Icandelo 4: I-SSTP vs. OpenVPN
Ngelixa i-SSTP kunye ne-PPTP zahluke kakhulu, i-OpenVPN kunye ne-SSTP zabelana ngokufana okuninzi. Umahluko omkhulu kukuba i-SSTP yeye-Microsoft kwaye isebenza kakhulu kwiinkqubo zeWindows. Ngakolunye uhlangothi, i-OpenVPN yitekhnoloji yomthombo ovulekileyo kwaye isebenza phantse kuwo onke amaqonga amakhulu (kubandakanya idesktop kunye neenkqubo zeselula).
I-SSTP inokugqitha kuzo zonke iintlobo zomlilo, kuquka nezo zivimba i-OpenVPN. Ungayiqwalasela ngokulula inkonzo ye-OpenVPN ngokusebenzisa ufihlo olukhethileyo. Zombini, i-OpenVPN kunye ne-SSTP zikhuselekile. Nangona, unokwenza ngokwezifiso i-OpenVPN ngokotshintsho kwinethiwekhi yakho, engenakufikelelwa lula kwi-SSTP.
Ukongeza, i-OpenVPN inokwenza i-UDP kunye neenethiwekhi ngokunjalo. Ukuseta i-OpenVPN, uya kudinga isoftware yomntu wesithathu ngelixa ukuseta i-SSTP VPN kwiWindows kulula.
Ngoku xa usazi iziseko ze-SSTP VPN kunye nendlela yokuseta iMikrotik SSTP VPN, unokuhlangabezana ngokulula neemfuno zakho. Yiya ngokulula ngeprotocol yeVPN oyikhethileyo kwaye uqiniseke ukuba unamava okukhangela akhuselekileyo.
VPN
- Uphononongo lweVPN
- Uluhlu oluphezulu lweVPN
- Iindlela zeVPN
UJames Davis
abasebenzi Umhleli